Anumite programe nu au acces la internet. help
Last Updated: Jun 28 2013 01:52, Started by
Katalos
, Jun 26 2013 22:25
·
0
#1
Posted 26 June 2013 - 22:25
Dupa ce am oprit aseara pc-ul si l-am repornit astazi nu mai merge internetul in browsere (Chrome, Firefox) dar in Int. Explorer si Waterfox merge! Tot odata nici Yahoo Mess. si nici Team Viewer nu mai merge ! Daca vreau sa intru in BitTorrent imi scoate eroarea asta "wsastartup() failed or you have the incorrect version of winsock installed" , mentionez ca am Windows 7 Home Premium SP1 original cu actualizarile la zi si tot odata am si Bitdefender Internet Security 2013 original cu actualizarile la zi! Am scanat cu Bitdefender toc sistemul si nu a gasit nimic. Pe urma am dezinstalat antivirusl si am instalat Microsoft Security nici ala nu a gasit nimic. Am instalat si Malwarebytes dar nu il lasa sa faca actualizare pentru ca nu il lasa sa aiba acces la inernet si cu ultimul sau update a gasit ca KMS (Activatorul Office) ar fi ceva dubios. La bagat in carantina pe urma dupa restart tot asa nu a rezolvat nimic. L-am dezinstalat si pe acela. Ce imi mai ramane de facut ??? Help!
|
#2
Posted 26 June 2013 - 22:34
Cauta pe arie , ce recomanda userul MhG_40 -> http://forum.softped.../#entry13384824
Scaneaza cu RogueKiller si Adwcleaner , pui logurile . |
#3
Posted 26 June 2013 - 23:16
RogueKiller V8.6.1 _x64_ [Jun 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : hxxp://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Katalin [Admin rights] Mode : Scan -- Date : 06/27/2013 00:09:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : Viber ("C:\Users\Katalin\AppData\Local\Viber\Viber.exe" StartMinimized [-][x]) -> FOUND [RUN][SUSP PATH] HKUS\S-1-5-21-2946525647-1517530458-274711146-1000\[...]\Run : Viber ("C:\Users\Katalin\AppData\Local\Viber\Viber.exe" StartMinimized [-][x]) -> FOUND [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 2 ¤¤¤ [FF][PROXY] u4piu2py.default : user_pref("network.proxy.hxxp", "86.123.226.93"); -> FOUND [FF][PROXY] u4piu2py.default : user_pref("network.proxy.hxxp_port", 8080); -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR STM3250310AS ATA Device +++++ --- User --- [MBR] 9aca2658f75683c2728c34f70f028296 [BSP] af0e732dda90774f07d6854bba2405aa : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 136900 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 280578048 | Size: 101343 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: MAXTOR STM3250310AS ATA Device +++++ --- User --- [MBR] 7e7a7ac098948e33699e4cf30bcb6f39 [BSP] 71142dc6ba33ed90c2770b65e2387897 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: MAXTOR STM3250310AS ATA Device +++++ --- User --- [MBR] 20aa2f58f8a5aa9127fbda218ef38e0f [BSP] 46364c0343a9641c4485752a03dce1fa : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 131060 Mo 1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 268414020 | Size: 345868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: MAXTOR STM3250310AS ATA Device +++++ --- User --- [MBR] 09e82b1e8b1c28fc5414a73c54025ea4 [BSP] 7e2e87a78aa0f9019853f32ea5831f53 : MBR Code unknown Partition table: 0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 3856 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_06272013_000944.txt >> RKreport[0]_S_06262013_235003.txt;RKreport[0]_S_06272013_000306.txt -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- # Adwcleaner v2.303 - Logfile created 06/26/2013 at 23:55:24 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Katalin - KATALIN-PC # Boot Mode : Normal # Running from : C:\Users\Katalin\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search ***** [Registry] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v19.0 (en-US) File : C:\Users\Katalin\AppData\Roaming\Mozilla\Firefox\Profiles\u4piu2py.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.116 File : C:\Users\Katalin\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5367 octets] - [26/06/2013 18:46:36] AdwCleaner[R2].txt - [951 octets] - [26/06/2013 23:55:24] AdwCleaner[S1].txt - [5554 octets] - [26/06/2013 18:47:24] ########## EOF - C:\AdwCleaner[R2].txt - [1070 octets] ########## Edited by Katalos, 26 June 2013 - 23:16. |
#4
Posted 26 June 2013 - 23:29
Ruleaza programele respective , urmeaza pasi recomandati de userul Mhg_40 , adica dupa ce dai scanare cu ele , sa dai "delete" !
Ia si scaneaza cu Mbar -> http://www.malwareby.../products/mbar/ La fel pt a a repara/sterge reg , tem , cookies , etc , programe free toolwiz care si privazer !! |
#6
Posted 27 June 2013 - 00:23
Vezi sa nu ai setat un proxy pe undeva, iti distrugi sistemul degeaba..
Ce e asta? Quote [FF][PROXY] u4piu2py.default : user_pref("network.proxy.hxxp", "86.123.226.93"); -> FOUND [FF][PROXY] u4piu2py.default : user_pref("network.proxy.hxxp_port", 8080); -> FOUND Edited by TinCup, 27 June 2013 - 00:24. |
#8
Posted 27 June 2013 - 06:51
1. Ruleaza din nou RogueKiller.exe.
Asteapta pana Prescan-ul a terminat. Click pe "Scan". Asteapta pana ce in Status box apare "Scan Finished". Click pe "Delete". Cand in Status box apare "Deleting Finished". Click pe "Fix Proxy" Click pe "Report" si copy/paste aici. [ http://s11.postimg.org/jj3662z5f/RK1.jpg - Pentru incarcare in pagina (embed) Click aici ] 2. Descarca: ComboFix si salveaza-l pe Desktop. Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI. 3. Descarca si ruleaza OTL. Bifezi ca in imagine. [ http://s11.postimg.org/jaand9soj/otl1.jpg - Pentru incarcare in pagina (embed) Click aici ] Posteaza loguri aici. |
#9
Posted 27 June 2013 - 14:53
RogueKiller V8.6.1 _x64_ [Jun 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : hxxp://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Katalin [Admin rights] Mode : Remove -- Date : 06/27/2013 14:47:03 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : Viber ("C:\Users\Katalin\AppData\Local\Viber\Viber.exe" StartMinimized [-][x]) -> DELETED [RUN][SUSP PATH] HKUS\S-1-5-21-2946525647-1517530458-274711146-1000\[...]\Run : Viber ("C:\Users\Katalin\AppData\Local\Viber\Viber.exe" StartMinimized [-][x]) -> [0x2] The system cannot find the file specified. [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR STM3250310AS ATA Device +++++ --- User --- [MBR] 9aca2658f75683c2728c34f70f028296 [BSP] af0e732dda90774f07d6854bba2405aa : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 136900 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 280578048 | Size: 101343 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: MAXTOR STM3250310AS ATA Device +++++ --- User --- [MBR] 7e7a7ac098948e33699e4cf30bcb6f39 [BSP] 71142dc6ba33ed90c2770b65e2387897 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: MAXTOR STM3250310AS ATA Device +++++ --- User --- [MBR] 20aa2f58f8a5aa9127fbda218ef38e0f [BSP] 46364c0343a9641c4485752a03dce1fa : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 131060 Mo 1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 268414020 | Size: 345868 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_06272013_144703.txt >> RKreport[0]_S_06262013_235003.txt;RKreport[0]_S_06272013_000306.txt;RKreport[0]_S_06272013_000944.txt RKreport[0]_S_06272013_144631.txt --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ComboFix 13-06-27.01 - Katalin 06/27/2013 14:53:37.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.2471 [GMT 3:00] Running from: c:\users\Katalin\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - Windows: deleted 192 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\frapsvid.dll c:\windows\SysWow64\muzapp.exe c:\windows\Uninstall-TvPlugin-5.9 . . ((((((((((((((((((((((((( Files Created from 2013-05-27 to 2013-06-27 ))))))))))))))))))))))))))))))) . . 2013-06-27 11:35 . 2013-06-27 11:35 -------- d-----w- c:\users\Katalin\AppData\Roaming\SUPERAntiSpyware.com 2013-06-27 11:35 . 2013-06-27 11:35 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-06-27 11:35 . 2013-06-27 11:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-06-26 23:20 . 2013-06-26 23:20 52992 ----a-w- c:\windows\system32\drivers\KSafeDISK.sys 2013-06-26 23:20 . 2013-06-26 23:20 33024 ----a-w- c:\windows\system32\drivers\BTOWSFF.sys 2013-06-26 23:20 . 2013-06-26 23:20 -------- d-----w- C:\TOOLWIZ 2013-06-26 23:20 . 2013-06-26 23:20 59648 ----a-w- c:\windows\system32\drivers\BTOWSVF.sys 2013-06-26 23:20 . 2013-06-26 23:30 -------- d-----w- c:\users\Katalin\AppData\Local\ToolwizCareFree 2013-06-26 23:20 . 2013-06-26 23:20 -------- d-----w- c:\program files (x86)\ToolwizCareFree 2013-06-26 21:56 . 2013-06-26 23:26 -------- d-----w- c:\users\Katalin\AppData\Local\privazer 2013-06-26 21:56 . 2013-06-26 21:57 -------- d-----w- c:\program files (x86)\PrivaZer 2013-06-26 21:55 . 2013-06-26 21:55 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-06-26 17:51 . 2013-06-26 17:51 -------- d-----w- c:\programdata\Kaspersky Lab 2013-06-26 17:45 . 2013-06-26 17:45 -------- d-----w- c:\program files (x86)\ESET 2013-06-26 17:45 . 2013-06-26 17:45 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D229D39-EEB1-4F0C-B86B-0A0E3E66684C}\gapaengine.dll 2013-06-26 17:45 . 2013-06-11 17:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62E5F1B4-04B9-42C9-BBA7-008CB9FCFDC5}\mpengine.dll 2013-06-26 17:39 . 2013-06-26 17:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-06-26 17:39 . 2013-06-26 17:39 -------- d-----w- c:\program files\Microsoft Security Client 2013-06-26 16:35 . 2013-06-26 16:35 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4BE5552-D0AB-4FBF-B200-BA112E700820}\offreg.dll 2013-06-26 16:09 . 2013-06-26 16:09 -------- d-----w- c:\windows\ERUNT 2013-06-26 16:09 . 2013-06-26 16:09 -------- d-----w- C:\JRT 2013-06-26 15:47 . 2013-06-26 15:47 121 ----a-w- c:\windows\DeleteOnReboot.bat 2013-06-26 15:08 . 2013-06-27 02:30 -------- d-----w- c:\users\fffff 2013-06-26 14:32 . 2013-06-26 14:32 -------- d-----w- c:\users\Katalin\AppData\Roaming\Malwarebytes 2013-06-26 14:32 . 2013-06-26 14:32 -------- d-----w- c:\programdata\Malwarebytes 2013-06-26 00:55 . 2013-06-26 00:55 -------- d-----w- c:\programdata\Codemasters 2013-06-26 00:55 . 2013-06-26 00:55 -------- d-----w- c:\programdata\Steam 2013-06-25 11:57 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4BE5552-D0AB-4FBF-B200-BA112E700820}\mpengine.dll 2013-06-23 19:51 . 2013-06-23 19:52 -------- d-----w- c:\programdata\Blizzard Entertainment 2013-06-20 10:34 . 2013-06-12 18:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-18 15:19 . 2013-06-18 15:19 -------- d-----w- c:\users\Katalin\AppData\Roaming\LolClient 2013-06-18 14:06 . 2008-07-12 05:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2013-06-18 14:06 . 2008-07-12 05:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2013-06-18 14:06 . 2008-07-12 05:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2013-06-15 19:25 . 2013-06-15 19:25 -------- d-----w- c:\windows\{F54C909C-D60B-4ED0-BC59-134B0A6D7B31} 2013-06-08 02:09 . 2013-06-08 02:09 -------- d-----w- c:\programdata\BlueStacks 2013-06-08 00:44 . 2013-06-08 00:44 -------- d-----w- c:\users\Katalin\apktool 2013-06-06 20:39 . 2013-06-06 20:41 -------- d-----w- c:\programdata\Sony Corporation 2013-06-06 20:01 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpipreset 2013-06-06 20:01 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.copy 2013-06-06 19:23 . 2013-06-06 19:23 -------- d-----w- c:\windows\SysWow64\Adobe 2013-06-06 19:20 . 2013-06-24 18:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-06 19:20 . 2013-06-24 18:14 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-06 19:04 . 2013-06-06 19:04 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2013-06-05 02:55 . 2013-06-05 02:55 -------- d-----w- c:\users\Katalin\AppData\Local\Intel_Corporation 2013-06-05 02:53 . 2013-06-05 02:53 -------- d-----w- c:\program files (x86)\Intel Corporation 2013-06-05 02:42 . 2013-06-05 02:42 -------- d-----w- c:\program files\Avatron 2013-06-05 02:33 . 2013-06-05 02:33 -------- d-----w- c:\users\Katalin\AppData\Local\AirParrot 2013-06-05 02:33 . 2013-06-05 02:33 -------- d-----w- c:\programdata\AirParrot 2013-06-05 02:29 . 2013-06-05 02:29 -------- d-----w- c:\programdata\StarApp 2013-06-05 02:07 . 2013-06-05 02:07 -------- d-----w- c:\users\Katalin\AppData\Local\AVG SafeGuard toolbar 2013-06-05 02:06 . 2013-06-05 02:05 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-06-05 02:05 . 2013-06-05 02:05 -------- d--h--w- c:\programdata\Common Files 2013-06-05 01:23 . 2013-06-23 18:33 -------- d-----w- c:\users\Katalin\AppData\Roaming\vlc 2013-06-05 01:20 . 2013-06-05 01:20 -------- d-----w- c:\program files (x86)\VideoLAN 2013-06-04 06:15 . 2013-06-04 06:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2013-06-04 06:15 . 2013-06-04 06:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-05-31 14:54 . 2013-05-31 14:54 -------- d-----w- c:\users\Katalin\AppData\Roaming\Yahoo! 2013-05-31 01:02 . 2013-05-31 01:02 -------- d-----w- c:\users\Katalin\AppData\Local\NVIDIA 2013-05-30 22:32 . 2013-06-27 04:29 -------- d-----w- c:\users\Administrator 2013-05-30 15:47 . 2013-05-30 15:47 -------- d-----w- C:\logs 2013-05-29 12:48 . 2013-05-29 12:48 -------- d-----w- c:\program files\Easeware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-26 17:30 . 2013-03-17 02:59 25640 ----a-w- c:\windows\gdrv.sys 2013-06-23 00:31 . 2013-03-17 23:13 25640 ----a-w- c:\windows\etdrv.sys 2013-06-23 00:31 . 2013-03-17 03:00 30528 ----a-w- c:\windows\GVTDrv64.sys 2013-06-12 18:48 . 2013-03-23 12:05 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-12 18:48 . 2013-03-23 12:05 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-11 18:54 . 2013-05-14 22:13 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-06-03 15:16 . 2013-03-17 03:03 75898224 ----a-w- c:\windows\system32\MRT.exe 2013-05-31 01:39 . 2010-11-21 03:24 312320 ----a-w- c:\windows\system32\msv1_0.dll 2013-05-31 00:22 . 2009-07-14 00:33 1402880 ----a-w- c:\windows\system32\Utilman.exe 2013-05-28 02:14 . 2013-05-28 02:14 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2013-05-28 02:14 . 2013-05-28 02:14 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys 2013-05-17 02:01 . 2013-05-17 02:01 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys 2013-05-17 01:15 . 2013-05-17 01:15 46080 ----a-w- c:\windows\SysWow64\whcdll.dll 2013-05-17 01:15 . 2013-05-17 01:15 25952 ----a-w- c:\windows\SysWow64\drivers\wnsdrvr.sys 2013-05-15 19:18 . 2013-05-15 19:18 2870272 ----a-w- c:\windows\explorer2.exe 2013-05-14 10:56 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-12 21:42 . 2013-03-26 19:32 12426216 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-05-12 21:42 . 2013-03-26 19:32 2597344 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-05-12 21:42 . 2013-03-19 23:00 15143904 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-05-12 21:42 . 2013-03-17 23:33 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-05-12 21:42 . 2013-03-17 23:33 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-05-12 21:42 . 2013-02-25 22:32 2935696 ----a-w- c:\windows\system32\nvapi64.dll 2013-05-12 21:42 . 2009-07-13 21:59 15910736 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-05-12 20:34 . 2013-03-17 23:34 6491936 ----a-w- c:\windows\system32\nvcpl.dll 2013-05-12 20:34 . 2013-03-17 23:34 3514656 ----a-w- c:\windows\system32\nvsvc64.dll 2013-05-12 20:34 . 2013-03-17 23:34 884512 ----a-w- c:\windows\system32\nvvsvc.exe 2013-05-12 20:34 . 2013-03-17 23:34 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-05-12 20:34 . 2013-03-17 23:34 237856 ----a-w- c:\windows\system32\nvmctray.dll 2013-05-12 12:43 . 2013-05-12 12:43 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 17:13 . 2013-04-26 17:13 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-04-26 17:13 . 2013-04-26 17:13 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2013-04-20 13:45 . 2013-04-20 13:45 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin 2013-04-19 13:38 . 2013-04-19 13:38 25600 ----a-w- c:\windows\SysWow64\MediaDB.dll 2013-04-19 13:37 . 2013-04-19 13:37 704000 ----a-w- c:\windows\SysWow64\ContentDirectoryPresenter.dll 2013-04-18 16:08 . 2013-03-18 04:03 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll 2013-04-18 16:06 . 2013-03-18 04:03 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll 2013-04-15 15:53 . 2013-04-15 15:53 46592 ----a-w- c:\windows\SysWow64\boost_thread-vc90-mt-1_47.dll 2013-04-15 15:53 . 2013-04-15 15:53 38912 ----a-w- c:\windows\SysWow64\boost_date_time-vc90-mt-1_47.dll 2013-04-15 15:52 . 2013-04-15 15:52 227840 ----a-w- c:\windows\SysWow64\boost_serialization-vc90-mt-1_47.dll 2013-04-15 15:52 . 2013-04-15 15:52 704000 ----a-w- c:\windows\SysWow64\boost_regex-vc90-mt-1_47.dll 2013-04-15 15:52 . 2013-04-15 15:52 12800 ----a-w- c:\windows\SysWow64\boost_system-vc90-mt-1_47.dll 2013-04-15 15:52 . 2013-04-15 15:52 130048 ----a-w- c:\windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll 2013-04-15 15:52 . 2013-04-15 15:52 918016 ----a-w- c:\windows\system32\boost_regex-vc90-mt-1_47.dll 2013-04-15 15:52 . 2013-04-15 15:52 158720 ----a-w- c:\windows\system32\boost_filesystem-vc90-mt-1_47.dll 2013-04-15 15:52 . 2013-04-15 15:52 58880 ----a-w- c:\windows\system32\boost_thread-vc90-mt-1_47.dll 2013-04-15 15:52 . 2013-04-15 15:52 49152 ----a-w- c:\windows\system32\boost_date_time-vc90-mt-1_47.dll 2013-04-15 15:52 . 2013-04-15 15:52 299520 ----a-w- c:\windows\system32\boost_serialization-vc90-mt-1_47.dll 2013-04-15 15:52 . 2013-04-15 15:52 16896 ----a-w- c:\windows\system32\boost_system-vc90-mt-1_47.dll 2013-04-13 05:49 . 2013-05-15 19:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 19:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 19:24 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 19:24 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 19:24 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 19:24 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 11:32 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-15 19:28 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-15 19:28 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-15 19:28 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-03-30 05:04 . 2013-03-30 05:04 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744] "Facebook Update"="c:\users\Katalin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-05-03 138096] "MouseServer"="c:\program files (x86)\MouseServer\MouseServer.exe" [2013-02-07 240128] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928] "ToolwizCareFree"="c:\program files (x86)\ToolwizCareFree\ToolwizCares.exe" [2013-06-26 5191936] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-01-27 337432] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152] "UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 WnsDrvr;WnsDrvr; [x] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [x] R4 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x] R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [x] R4 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe;c:\windows\SYSNATIVE\lxdicoms.exe [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x] R4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x] R4 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x] R4 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x] S0 BTOWSVF;BTOWSVF;c:\windows\System32\Drivers\BTOWSVF.sys;c:\windows\SYSNATIVE\Drivers\BTOWSVF.sys [x] S0 KSafeDISK;KSafeDISK;c:\windows\System32\Drivers\KSafeDISK.sys;c:\windows\SYSNATIVE\Drivers\KSafeDISK.sys [x] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x] S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 BTOWSFF;BTOWSFF;c:\windows\System32\Drivers\BTOWSFF.sys;c:\windows\SYSNATIVE\Drivers\BTOWSFF.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - SASDIFSV [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [BU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-20 11:08 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-06 18:14] . 2013-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2946525647-1517530458-274711146-1000Core.job - c:\users\Katalin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-03 12:57] . 2013-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2946525647-1517530458-274711146-1000UA.job - c:\users\Katalin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-03 12:57] . 2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-18 03:38] . 2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-18 03:38] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 13:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 13:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 13:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 13:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Samsung Link"="c:\program files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe" [2013-05-09 407384] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Katalin\AppData\Roaming\Mozilla\Firefox\Profiles\u4piu2py.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . AddRemove-SopCast Tv Plugin 5.9 Setup - c:\windows\Uninstall-TvPlugin-5.9 . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2946525647-1517530458-274711146-1000\Software\SecuROM\License information*] "datasecu"=hex:98,9f,bf,f0,65,db,1d,71,74,b4,f0,10,9c,43,3a,a8,69,12,dd,d8,4b, 51,77,2b,14,00,5d,89,97,4a,11,5f,e9,5a,f8,01,d2,fd,12,b8,3d,e8,b2,25,6b,85,\ "rkeysecu"=hex:b8,5d,b0,e4,ee,51,4f,d1,0c,88,3c,92,6a,c6,bc,af . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:ae,87,a7,8d,f8,6d,45,ef,0a,91,a8,56,86,6d,53,bb,d3,f0,7f,41,3b, 39,5d,48,4c,57,9e,a8,9c,38,b3,b8,54,e0,08,da,00,ec,b9,46,fa,06,e5,48,be,95,\ . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:ae,87,a7,8d,f8,6d,45,ef,0a,91,a8,56,86,6d,53,bb,d3,f0,7f,41,3b, 39,5d,48,4c,57,9e,a8,9c,38,b3,b8,54,e0,08,da,00,ec,b9,46,fa,06,e5,48,be,95,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel Pair & Share\PairAndShare.exe c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\vmnat.exe c:\windows\SysWOW64\vmnetdhcp.exe . ************************************************************************** . Completion time: 2013-06-27 15:16:48 - machine was rebooted ComboFix-quarantined-files.txt 2013-06-27 12:16 ComboFix2.txt 2013-06-26 17:19 . Pre-Run: 12,006,371,328 bytes free Post-Run: 11,731,353,600 bytes free . - - End Of File - - 43A763523AD5CE99EBDC84A4548DBCB7 A36C5E4F47E84449FF07ED3517B43A31 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- OTL a scos 2 raporturi: Primu raport OTL logfile created on: 6/27/2013 3:32:19 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katalin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.99 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 67.28% Memory free 7.98 Gb Paging File | 6.26 Gb Available in Paging File | 78.42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 133.69 Gb Total Space | 11.02 Gb Free Space | 8.24% Space Free | Partition Type: NTFS Drive D: | 98.97 Gb Total Space | 83.20 Gb Free Space | 84.07% Space Free | Partition Type: NTFS Drive F: | 232.88 Gb Total Space | 75.44 Gb Free Space | 32.39% Space Free | Partition Type: NTFS Drive G: | 127.99 Gb Total Space | 105.22 Gb Free Space | 82.21% Space Free | Partition Type: NTFS Drive H: | 166.02 Gb Total Space | 47.42 Gb Free Space | 28.56% Space Free | Partition Type: NTFS Drive K: | 171.75 Gb Total Space | 97.05 Gb Free Space | 56.51% Space Free | Partition Type: NTFS Computer Name: KATALIN-PC | User Name: Katalin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/27 14:38:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katalin\Downloads\OTL.exe PRC - [2013/06/27 02:20:37 | 005,191,936 | ---- | M] (Toolwiz) -- C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe PRC - [2013/05/11 03:01:45 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013/04/26 20:13:41 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013/02/26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2013/02/26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2012/03/01 15:47:56 | 000,167,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Pair & Share\PairAndShare.exe ========== Modules (No Company Name) ========== MOD - [2013/05/16 02:08:03 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll MOD - [2013/05/15 23:12:16 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll MOD - [2013/05/15 23:11:52 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll MOD - [2013/05/15 23:11:42 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013/05/15 23:11:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013/03/19 17:39:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013/03/19 17:36:17 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/03/19 17:36:14 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/03/19 17:36:10 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/23 23:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:64bit: - [2013/05/03 14:25:36 | 000,405,896 | ---- | M] (Samsung) [Disabled | Stopped] -- C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe -- (AllShare Framework DMS) SRV:64bit: - [2013/03/25 19:08:30 | 000,230,408 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8) SRV:64bit: - [2013/02/08 21:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007/06/11 11:15:08 | 000,876,976 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device) SRV - [2013/06/24 21:14:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/13 12:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013/05/16 17:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/05/12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013/05/11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/26 20:13:41 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013/04/03 21:45:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/02/26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2013/02/26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2013/02/26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2012/12/17 16:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012/10/11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011/06/30 15:50:10 | 001,191,408 | ---- | M] (Seagate) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/10/13 17:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Disabled | Stopped] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock) SRV - [2009/06/17 17:13:06 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service) SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/06/11 11:14:52 | 000,517,040 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWOW64\lxdicoms.exe -- (lxdi_device) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | System | Stopped] -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys -- (BdfNdisf) DRV:64bit: - [2013/06/27 02:20:50 | 000,052,992 | ---- | M] (Toolwiz.com) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\KSafeDISK.sys -- (KSafeDISK) DRV:64bit: - [2013/06/27 02:20:49 | 000,033,024 | ---- | M] (Toolwiz.com) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BTOWSFF.sys -- (BTOWSFF) DRV:64bit: - [2013/06/27 02:20:48 | 000,059,648 | ---- | M] (Toolwiz.com) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BTOWSVF.sys -- (BTOWSVF) DRV:64bit: - [2013/06/27 00:55:01 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon) DRV:64bit: - [2013/06/05 05:05:43 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2013/06/04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013/06/04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013/05/28 05:14:44 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2013/05/28 05:14:44 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2013/05/17 05:01:33 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:64bit: - [2013/03/20 17:20:18 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2013/03/20 17:20:05 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr) DRV:64bit: - [2013/03/20 17:19:57 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53) DRV:64bit: - [2013/03/20 17:19:51 | 000,275,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2013/02/26 03:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2013/02/26 03:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2013/02/26 03:28:04 | 000,031,824 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport) DRV:64bit: - [2013/02/26 03:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2013/02/26 03:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2013/02/26 03:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2013/02/07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2013/01/27 16:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2013/01/03 11:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2013/01/03 11:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2012/10/24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:64bit: - [2012/10/24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2012/10/11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2012/08/23 17:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 17:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 17:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2011/09/29 12:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/07/22 19:26:56 | 000,014,928 | ---- | M] (SUPER*****er.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/13 00:55:18 | 000,012,368 | ---- | M] (SUPER*****er.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 16:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010/11/20 16:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010/11/20 14:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010/11/20 14:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010/11/20 14:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010/11/19 05:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/11/19 05:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/05/20 16:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000) DRV:64bit: - [2010/04/27 12:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2009/09/21 01:43:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm) DRV:64bit: - [2009/09/21 01:43:52 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus) DRV:64bit: - [2009/09/21 01:43:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl) DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013/06/26 20:30:50 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2013/06/23 03:31:42 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2013/06/23 03:31:30 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2013/05/17 04:15:27 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\wnsdrvr.sys -- (WnsDrvr) DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2946525647-1517530458-274711146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2946525647-1517530458-274711146-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2946525647-1517530458-274711146-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR IE - HKU\S-1-5-21-2946525647-1517530458-274711146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== Firefox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: %7Bf13b157f-b174-47e7-a34d-4815ddfdfeb8%7D:0.9.89 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..network.proxy.backup.ftp: "89.46.100.104" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "89.46.100.104" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "89.46.100.104" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "86.123.226.93" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "86.123.226.93" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "86.123.226.93" FF - prefs.js..network.proxy.ssl_port: 8080 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Katalin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\FinalVideoDownloader\Firefox [2013/04/03 14:15:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/03/18 06:51:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/25 17:37:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/17 05:16:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Components: C:\Program Files\\Waterfox\components [2013/03/18 02:32:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Plugins: C:\Program Files\\Waterfox\plugins [2013/06/06 22:04:16 | 000,000,000 | ---D | M] [2013/03/18 05:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katalin\AppData\Roaming\Mozilla\Extensions [2013/05/10 00:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katalin\AppData\Roaming\Mozilla\Firefox\Profiles\u4piu2py.default\extensions [2013/05/10 00:52:07 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Katalin\AppData\Roaming\Mozilla\Firefox\Profiles\u4piu2py.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/03/23 15:07:22 | 000,210,138 | ---- | M] () (No name found) -- C:\Users\Katalin\AppData\Roaming\Mozilla\Firefox\Profiles\u4piu2py.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2013/04/04 23:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/02/16 03:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/02/16 03:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/02/16 03:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://google.ro/ CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: AVG SiteSafety plugin (Disabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll CHR - plugin: Google Update (Disabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U25 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Disabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Disabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Disabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Nitro PDF plugin for Firefox and Chrome (Disabled) = C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll CHR - plugin: Pando Web Plugin (Disabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Samsung Link PC Plugin (Disabled) = C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Disabled) = C:\Users\Katalin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Disabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Google Docs = C:\Users\Katalin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Katalin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Katalin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: ***** Plus = C:\Users\Katalin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\ CHR - Extension: Google Search = C:\Users\Katalin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Logitech SetPoint = C:\Users\Katalin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\ CHR - Extension: Gmail = C:\Users\Katalin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/06/27 15:05:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Samsung Link] C:\Program Files\SAMSUNG\Samsung Link\utils\Samsung Link Launcher.exe (Samsung Electronics) O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-2946525647-1517530458-274711146-1000..\Run: [Facebook Update] C:\Users\Katalin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2946525647-1517530458-274711146-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-2946525647-1517530458-274711146-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-2946525647-1517530458-274711146-1000..\Run: [MouseServer] C:\Program Files (x86)\MouseServer\MouseServer.exe (wifimouse.necta.us) O4 - HKU\S-1-5-21-2946525647-1517530458-274711146-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-2946525647-1517530458-274711146-1000..\Run: [ToolwizCareFree] C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe (Toolwiz) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2946525647-1517530458-274711146-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2946525647-1517530458-274711146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2946525647-1517530458-274711146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bit...qsax/qsax64.cab (Bitdefender QuickScan Control) O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A09EB86A-A69F-4C04-B587-D7430500C58D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE6106BE-30F0-4176-AB40-B8A9403DA063}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC9B0C5C-CC17-465A-945C-EC043BF54B14}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/27 15:17:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/06/27 15:06:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/06/27 14:52:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/06/27 14:52:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/06/27 14:52:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/06/27 14:35:54 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Roaming\SUPERAntiSpyware.com [2013/06/27 14:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013/06/27 14:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013/06/27 14:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/06/27 02:20:50 | 000,052,992 | ---- | C] (Toolwiz.com) -- C:\Windows\SysNative\drivers\KSafeDISK.sys [2013/06/27 02:20:49 | 000,033,024 | ---- | C] (Toolwiz.com) -- C:\Windows\SysNative\drivers\BTOWSFF.sys [2013/06/27 02:20:49 | 000,000,000 | ---D | C] -- C:\TOOLWIZ [2013/06/27 02:20:48 | 000,059,648 | ---- | C] (Toolwiz.com) -- C:\Windows\SysNative\drivers\BTOWSVF.sys [2013/06/27 02:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree [2013/06/27 02:20:42 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Local\ToolwizCareFree [2013/06/27 02:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ToolwizCareFree [2013/06/27 00:57:01 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer [2013/06/27 00:56:50 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Local\privazer [2013/06/27 00:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivaZer [2013/06/27 00:52:35 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Desktop\mbar [2013/06/27 00:47:02 | 185,044,872 | ---- | C] (Kaspersky Lab) -- C:\Users\Katalin\Desktop\KAV13.0.1.4190_ROG.exe [2013/06/26 23:43:46 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Desktop\RK_Quarantine [2013/06/26 20:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013/06/26 20:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/06/26 20:39:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013/06/26 20:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/06/26 20:37:04 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/06/26 20:37:04 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/06/26 20:37:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/06/26 20:37:04 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/06/26 20:37:04 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/06/26 20:37:04 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/06/26 20:37:04 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/06/26 20:06:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/26 20:06:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/06/26 19:09:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/06/26 19:09:03 | 000,000,000 | ---D | C] -- C:\JRT [2013/06/26 17:32:55 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Roaming\Malwarebytes [2013/06/26 17:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/06/26 14:20:31 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Desktop\scoala [2013/06/26 03:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2013/06/26 03:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam [2013/06/26 03:55:31 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Documents\My Games [2013/06/23 23:18:15 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Documents\StarCraft II [2013/06/23 22:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013/06/23 21:21:17 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Desktop\23 iun 13 - Copa Copana Park [2013/06/20 13:34:30 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/06/20 13:34:27 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/06/20 13:34:27 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/06/20 13:34:27 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/06/18 18:19:59 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Roaming\LolClient [2013/06/18 17:06:42 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2013/06/18 17:06:42 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2013/06/18 17:06:41 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2013/06/18 17:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1 [2013/06/15 22:25:59 | 000,000,000 | ---D | C] -- C:\Windows\{F54C909C-D60B-4ED0-BC59-134B0A6D7B31} [2013/06/15 01:53:51 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Desktop\NIKE [2013/06/12 02:14:54 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/06/12 02:14:54 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/06/12 02:14:50 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013/06/12 02:14:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013/06/12 02:14:41 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/06/12 02:14:33 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013/06/12 02:14:32 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013/06/12 02:14:32 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013/06/12 02:14:32 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013/06/12 02:14:32 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013/06/12 02:14:32 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013/06/12 02:14:22 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/06/12 02:14:22 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/06/09 02:27:49 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Desktop\8.iun.13 [2013/06/08 05:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup [2013/06/08 05:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks [2013/06/08 03:44:57 | 000,000,000 | ---D | C] -- C:\Users\Katalin\apktool [2013/06/08 03:31:03 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Desktop\New folder (2) [2013/06/06 23:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2013/06/06 23:01:04 | 001,913,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tcpipreset [2013/06/06 23:01:04 | 001,913,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tcpip.copy [2013/06/06 22:23:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013/06/06 22:20:38 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/06/06 22:20:38 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/06/06 19:36:15 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Desktop\Wi-Fi [2013/06/06 07:05:48 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Desktop\Music (Mai-Iun) [2013/06/06 06:54:58 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Desktop\Andra - Inevitabil va fi bine [2013/06/06 05:17:27 | 000,000,000 | ---D | C] -- C:\Users\Katalin\Desktop\Deepcentral - O Stea [2013/06/05 05:55:52 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Local\Intel_Corporation [2013/06/05 05:53:49 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel Corporation [2013/06/05 05:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel Corporation [2013/06/05 05:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avatron [2013/06/05 05:33:13 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Local\AirParrot [2013/06/05 05:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AirParrot [2013/06/05 05:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp [2013/06/05 05:07:15 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Local\AVG SafeGuard toolbar [2013/06/05 05:06:11 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013/06/05 05:05:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013/06/05 04:23:14 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Roaming\vlc [2013/06/05 04:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/06/05 04:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013/06/04 09:15:02 | 000,103,448 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013/06/04 09:15:00 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013/06/02 00:00:53 | 000,000,000 | R--D | C] -- C:\Users\Katalin\Documents\Notes [2013/05/31 17:54:51 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Roaming\Yahoo! [2013/05/31 04:02:32 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Local\NVIDIA [2013/05/31 03:39:01 | 027,775,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013/05/31 03:39:01 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013/05/31 03:39:01 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013/05/31 03:39:01 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013/05/31 03:39:01 | 013,403,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013/05/31 03:39:01 | 009,233,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013/05/31 03:39:01 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013/05/31 03:39:01 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013/05/31 03:39:01 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013/05/31 03:39:01 | 002,942,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013/05/31 03:39:01 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013/05/31 03:39:01 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013/05/31 03:39:01 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013/05/31 03:39:01 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll [2013/05/31 03:39:01 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll [2013/05/31 03:39:01 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll [2013/05/31 03:39:01 | 000,518,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll [2013/05/31 03:39:01 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll [2013/05/31 03:39:01 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll [2013/05/30 18:47:00 | 000,000,000 | ---D | C] -- C:\logs [2013/05/29 15:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware [2013/05/29 15:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy ========== Files - Modified Within 30 Days ========== [2013/06/27 15:12:52 | 000,022,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/27 15:12:52 | 000,022,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/27 15:08:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/06/27 15:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/27 15:05:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/06/27 15:05:19 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/06/27 15:05:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/27 15:04:58 | 3214,483,456 | -HS- | M] () -- C:\hiberfil.sys [2013/06/27 14:40:30 | 000,316,507 | ---- | M] () -- C:\Users\Katalin\Desktop\ssasasasa.png [2013/06/27 14:35:52 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/06/27 14:12:05 | 004,912,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/06/27 07:02:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2946525647-1517530458-274711146-1000UA.job [2013/06/27 02:20:50 | 000,052,992 | ---- | M] (Toolwiz.com) -- C:\Windows\SysNative\drivers\KSafeDISK.sys [2013/06/27 02:20:49 | 000,033,024 | ---- | M] (Toolwiz.com) -- C:\Windows\SysNative\drivers\BTOWSFF.sys [2013/06/27 02:20:48 | 000,059,648 | ---- | M] (Toolwiz.com) -- C:\Windows\SysNative\drivers\BTOWSVF.sys [2013/06/27 02:20:42 | 000,001,078 | ---- | M] () -- C:\Users\Katalin\Desktop\Toolwiz Care.lnk [2013/06/27 00:57:13 | 000,001,909 | ---- | M] () -- C:\Users\Katalin\Application Data\Microsoft\Internet Explorer\Quick Launch\PrivaZer.lnk [2013/06/27 00:57:13 | 000,001,885 | ---- | M] () -- C:\Users\Katalin\Desktop\PrivaZer.lnk [2013/06/27 00:55:01 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013/06/26 23:39:39 | 000,875,026 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/06/26 23:39:39 | 000,729,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/06/26 23:39:39 | 000,147,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/06/26 20:39:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/06/26 20:30:50 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2013/06/26 19:23:03 | 000,001,437 | ---- | M] () -- C:\Users\Katalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/06/26 18:55:31 | 000,018,189 | ---- | M] () -- C:\Users\Katalin\Desktop\anti.png [2013/06/26 18:47:33 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/06/25 16:02:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2946525647-1517530458-274711146-1000Core.job [2013/06/24 21:14:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/06/24 21:14:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/06/23 03:31:42 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\etdrv.sys [2013/06/23 03:31:30 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [2013/06/22 18:51:37 | 000,005,120 | -H-- | M] () -- C:\Users\Katalin\Desktop\photothumb.db [2013/06/19 15:31:12 | 000,045,668 | ---- | M] () -- C:\Users\Katalin\Desktop\lol.png [2013/06/18 17:06:45 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2013/06/16 19:37:23 | 009,052,964 | ---- | M] () -- C:\Users\Katalin\Desktop\Avicii - Wake Me Up.m4a [2013/06/12 21:48:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013/06/12 21:48:17 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/06/12 21:47:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/06/12 21:43:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/06/12 21:43:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/06/12 21:43:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/06/12 02:51:11 | 000,871,004 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/06/12 02:40:30 | 000,000,184 | ---- | M] () -- C:\Windows\AutoKMS.ini [2013/06/11 21:54:48 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013/06/06 22:04:34 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2013/06/05 06:04:57 | 000,012,029 | ---- | M] () -- C:\Users\Katalin\AppData\Local\WiDiSetupLog.20130605.060437.wdl [2013/06/05 06:02:53 | 000,011,613 | ---- | M] () -- C:\Users\Katalin\AppData\Local\WiDiSetupLog.20130605.060242.wdl [2013/06/05 05:06:43 | 000,001,209 | ---- | M] () -- C:\Users\Katalin\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk [2013/06/05 05:05:43 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013/06/04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013/06/04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013/05/31 03:22:58 | 001,402,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Utilman.exe ========== Files Created - No Company Name ========== [2013/06/27 14:52:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/06/27 14:52:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/06/27 14:52:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/06/27 14:52:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/06/27 14:52:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/06/27 14:40:29 | 000,316,507 | ---- | C] () -- C:\Users\Katalin\Desktop\ssasasasa.png [2013/06/27 14:35:52 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/06/27 14:11:49 | 004,912,408 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/06/27 02:20:42 | 000,001,078 | ---- | C] () -- C:\Users\Katalin\Desktop\Toolwiz Care.lnk [2013/06/27 00:57:13 | 000,001,909 | ---- | C] () -- C:\Users\Katalin\Application Data\Microsoft\Internet Explorer\Quick Launch\PrivaZer.lnk [2013/06/27 00:57:13 | 000,001,885 | ---- | C] () -- C:\Users\Katalin\Desktop\PrivaZer.lnk [2013/06/27 00:57:01 | 000,001,915 | ---- | C] () -- C:\Users\Katalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk [2013/06/27 00:55:01 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013/06/26 20:39:59 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/06/26 20:39:43 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/06/26 19:23:03 | 000,001,409 | ---- | C] () -- C:\Users\Katalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013/06/26 18:55:31 | 000,018,189 | ---- | C] () -- C:\Users\Katalin\Desktop\anti.png [2013/06/26 18:47:27 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/06/26 03:38:52 | 000,000,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRID 2.lnk [2013/06/24 22:03:03 | 009,052,964 | ---- | C] () -- C:\Users\Katalin\Desktop\Avicii - Wake Me Up.m4a [2013/06/23 21:57:31 | 000,000,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.lnk [2013/06/19 15:31:12 | 000,045,668 | ---- | C] () -- C:\Users\Katalin\Desktop\lol.png [2013/06/18 17:06:45 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2013/06/12 02:40:30 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini [2013/06/06 22:20:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/06 22:04:34 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2013/06/05 06:04:37 | 000,012,029 | ---- | C] () -- C:\Users\Katalin\AppData\Local\WiDiSetupLog.20130605.060437.wdl [2013/06/05 06:02:42 | 000,011,613 | ---- | C] () -- C:\Users\Katalin\AppData\Local\WiDiSetupLog.20130605.060242.wdl [2013/05/30 01:45:44 | 000,001,088 | ---- | C] () -- C:\Users\Katalin\Desktop\EVGA Precision X.lnk [2013/05/17 04:15:26 | 000,000,040 | ---- | C] () -- C:\Windows\EasyRun.INI [2013/05/16 04:03:23 | 000,000,000 | ---- | C] () -- C:\Windows\RunOdDll.INI [2013/05/16 03:31:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2013/05/16 03:31:39 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2013/04/26 20:13:48 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013/04/26 20:13:41 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013/04/19 16:38:54 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll [2013/04/19 16:37:54 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll [2013/04/15 18:53:12 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll [2013/04/15 18:53:00 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll [2013/04/15 18:52:44 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll [2013/04/15 18:52:42 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll [2013/04/15 18:52:40 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll [2013/04/15 18:52:24 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll [2013/03/25 06:21:11 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2013/03/24 17:04:07 | 000,005,632 | ---- | C] () -- C:\Users\Katalin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/03/23 18:28:06 | 000,000,132 | ---- | C] () -- C:\Users\Katalin\AppData\Roaming\Adobe PNG Format CS6 Prefs [2013/03/19 18:40:35 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll [2013/03/19 18:40:35 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll [2013/03/19 18:40:35 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll [2013/03/19 18:40:35 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll [2013/03/19 18:40:35 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll [2013/03/19 18:40:35 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll [2013/03/19 18:40:35 | 000,517,040 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicoms.exe [2013/03/19 18:40:35 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll [2013/03/19 18:40:35 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll [2013/03/19 18:40:35 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll [2013/03/19 18:40:35 | 000,340,912 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicfg.exe [2013/03/19 18:40:35 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll [2013/03/19 18:40:35 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiih.exe [2013/03/19 18:40:35 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll [2013/03/19 18:40:35 | 000,054,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdippls.exe [2013/03/19 18:40:35 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll [2013/03/19 18:40:35 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll [2013/03/19 17:05:10 | 000,007,606 | ---- | C] () -- C:\Users\Katalin\AppData\Local\Resmon.ResmonCfg [2013/03/18 08:27:07 | 000,871,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/03/18 02:02:49 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2013/03/17 06:00:50 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2013/03/17 05:21:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\CommCmd.dll [2013/03/17 04:56:02 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013/02/05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013/02/05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2013/02/05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2013/02/05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2013/02/05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 08:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 07:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/06/26 18:09:24 | 000,000,000 | ---D | M] -- C:\Users\fffff\AppData\Roaming\Bitdefender [2013/04/08 01:45:29 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\Android [2013/05/08 17:22:18 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\Audacity [2013/03/21 17:59:29 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\Auslogics [2013/06/26 04:18:05 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\BitTorrent [2013/06/05 03:57:30 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\BSplayer PRO [2013/04/21 05:26:37 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\DigitalDJ17 [2013/04/06 17:48:39 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\Downloaded Installations [2013/05/17 04:40:24 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\Easeware [2013/04/06 17:22:15 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\FileOpen [2013/04/09 22:53:06 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\FinalVideoDownloader [2013/03/18 06:41:05 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\IrfanView [2013/05/22 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\JustVoip [2013/03/18 06:51:30 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\Leadertech [2013/04/22 02:02:35 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\Lexmark Productivity Studio [2013/06/18 18:19:59 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\LolClient [2013/04/08 02:01:23 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\Nitro [2013/06/24 00:54:58 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\Nitro PDF [2013/03/25 06:21:10 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\PACE Anti-Piracy [2013/03/26 03:47:03 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\PhotoScape [2013/03/18 08:02:41 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\PowerISO [2013/03/18 05:14:27 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\QuickScan [2013/05/23 12:45:10 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\Samsung [2013/03/20 17:21:09 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\Seagate [2013/04/21 05:26:37 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\SongManager [2013/03/18 06:58:36 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\TagScanner [2013/06/27 02:30:56 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\TeamViewer [2013/06/25 14:53:10 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\ViberPC [2013/03/18 02:31:47 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\Waterfox Limited ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:07BF512B @Alternate Data Stream - 1346 bytes -> C:\ProgramData\Microsoft:A5I7nN0GSjXSkbIbvXsBUntZX @Alternate Data Stream - 1220 bytes -> C:\ProgramData\Microsoft:objO7IPLUjphkNWaxgK < End of report > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Raportul 2 OTL Extras logfile created on: 6/27/2013 3:32:19 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katalin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.99 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 67.28% Memory free 7.98 Gb Paging File | 6.26 Gb Available in Paging File | 78.42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 133.69 Gb Total Space | 11.02 Gb Free Space | 8.24% Space Free | Partition Type: NTFS Drive D: | 98.97 Gb Total Space | 83.20 Gb Free Space | 84.07% Space Free | Partition Type: NTFS Drive F: | 232.88 Gb Total Space | 75.44 Gb Free Space | 32.39% Space Free | Partition Type: NTFS Drive G: | 127.99 Gb Total Space | 105.22 Gb Free Space | 82.21% Space Free | Partition Type: NTFS Drive H: | 166.02 Gb Total Space | 47.42 Gb Free Space | 28.56% Space Free | Partition Type: NTFS Drive K: | 171.75 Gb Total Space | 97.05 Gb Free Space | 56.51% Space Free | Partition Type: NTFS Computer Name: KATALIN-PC | User Name: Katalin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2946525647-1517530458-274711146-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Play_with_TriDef_Media_Player] -- "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" "%1" (DDD Group Plc.) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [PrivaZer] -- C:\Program Files (x86)\PrivaZer\contextmenuExe.exe (Goversoft LLC) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Play_with_TriDef_Media_Player] -- "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" "%1" (DDD Group Plc.) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [PrivaZer] -- C:\Program Files (x86)\PrivaZer\contextmenuExe.exe (Goversoft LLC) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.) "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E6389F9-2211-48FF-A0DB-545CA6CF6B92}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{195958B6-A473-441D-B3AA-6E48B03AFD5E}" = lport=137 | protocol=17 | dir=in | app=system | "{202B7144-3FBB-47FB-A12A-C516C5FD266D}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 | "{23CFEC45-CF38-4AB0-93AC-817FA69E693A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{31A9417B-0EF0-4C3D-B874-8C66077A0ACF}" = lport=445 | protocol=6 | dir=in | app=system | "{3402422D-C66E-4DB8-B7AF-CC03BCC4BB37}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3F53B29D-7E76-4628-BF6C-FDC033918F0C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{401D5A0A-4C4D-4B77-94D6-46DDF0D4AFEF}" = lport=138 | protocol=17 | dir=in | app=system | "{44607499-461F-4956-BFE9-E29C4830B0BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4509F98F-CCAA-45F7-834B-8D433501D83C}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 | "{4E3F5119-A195-4715-88AA-6E7E38D09A4C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{56870A6B-57C6-4A09-8CEF-040C97C96999}" = rport=10243 | protocol=6 | dir=out | app=system | "{5B56023E-C2EF-4BBB-865D-64CD5AF58567}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 | "{60FEDD8C-5B8E-4188-B50A-9D496676604F}" = rport=445 | protocol=6 | dir=out | app=system | "{70BC7249-C7C9-4453-A94B-6E27541A235A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{82FCD527-D430-4D78-805C-854D7ED82ACD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{84160D7A-F5BD-4B27-930E-8FB278C6A14C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9B732BF3-1DCF-4CDD-AD7F-FCD11C6EFBE8}" = rport=137 | protocol=17 | dir=out | app=system | "{9C764F9F-5FAC-40DE-961F-2B9C991B49EE}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port | "{A538D480-94B3-435B-9E5C-D1A4BC35EA5F}" = lport=10243 | protocol=6 | dir=in | app=system | "{B7382953-1FCC-48B0-99CE-68D52128F4F3}" = rport=139 | protocol=6 | dir=out | app=system | "{B76C998D-025D-4508-B423-82F99BC1690D}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port | "{C1E7ABC8-D9CB-4B41-9917-AA650511A0F6}" = rport=138 | protocol=17 | dir=out | app=system | "{CEA7E9B3-3C1B-42B8-A38B-688BA3AB3A13}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D549962C-B91D-49E5-AA37-D9C7564F6F19}" = lport=2869 | protocol=6 | dir=in | app=system | "{E5AC528A-6193-4F5B-BE24-6E10C4C5E4AC}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port | "{ED0E6F4F-9E86-4983-B6BA-CD4FE65D961C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F27B0E9D-4D40-42A8-B7D0-1BA6BF2E98FA}" = lport=139 | protocol=6 | dir=in | app=system | "{FAE9B771-0174-45CC-8C32-C149D1E16BC7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{FF8716C1-17BD-4C5F-9429-417363AE2D31}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{051E3B5F-DD32-4DCF-B71B-16E48989A979}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.09\allshareframeworkdms.exe | "{135103F6-9500-402E-92D0-E09C6947718D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{1B969B93-D228-41DB-BA53-A6DA8C42910B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1D485EBF-BD34-48CF-AA31-8A19710593D4}" = protocol=6 | dir=out | app=system | "{231696F3-3F18-4799-BC81-015CDF644F61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{26D7715B-1C66-414C-B044-DF8373D4F4F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{308DAE6C-DC2B-4802-B08F-492C4A048938}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe | "{36CD4432-4ED5-4B8B-9032-4246310FBF70}" = protocol=58 | dir=in | [email protected],-28545 | "{3D52ECFC-6EB5-43CC-B408-5D1B7A1217A1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{41FF4245-D820-4612-B3A9-A21D8C95C38D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A836582-1268-4E90-8AAD-67D22088A21F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4AD45D2A-0E23-48DD-BDC6-3C4BCF1F6AB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5AC5EF37-7F16-4FC7-A9EE-03F29017B75B}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{84FD441C-FD2F-4A6E-8E1C-637F7B67E8EC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8A3514D5-8F6F-471A-9050-8DEBAA286FA6}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.09\allshareframeworkdms.exe | "{8DF14325-A478-4C20-8968-69F6E870099E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{91C49001-CFCA-4C4A-AE57-4C9283DEFF25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A761D92F-7A55-4EDE-8AA6-C72E5BE3E956}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AAB428CA-75DE-4101-895F-D4715E8BA025}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{ACCAE399-A755-4D40-AF13-F367BF3C6222}" = protocol=1 | dir=out | [email protected],-28544 | "{B0695941-2400-438F-8ADA-22D4DFBF488A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C6814093-FFE7-4FE5-9FC6-5E694C002789}" = protocol=1 | dir=in | [email protected],-28543 | "{CF5CAF61-AA22-4870-A3D6-78DD2BB3A2F7}" = protocol=58 | dir=out | [email protected],-28546 | "{D3B66718-DFFF-45FA-9882-5D62F7DC5337}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe | "{D43B838C-E639-4DB6-AF03-AC859FFAD8EC}" = dir=out | app=f:\games installed\starcraft ii\versions\base24944\sc2.exe | "{DE01BAEE-C6B7-49FD-BE44-44F452E75F39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E0881926-34B0-4E4D-A377-19182840234D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E1824657-8EE9-4661-A31A-FDE4016AFB45}" = protocol=6 | dir=in | app=f:\games installed\starcraft ii\versions\base24944\sc2.exe | "{F2C0AB43-C579-4D98-B735-6E1680C1170F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{F56F2308-3C23-439B-828A-5DBA107FCA8B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{FB9B9DB4-3E61-4CDC-A3A5-490D41DEA639}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FD799B00-751F-4287-9735-4F051FB7DD41}" = protocol=17 | dir=in | app=f:\games installed\starcraft ii\versions\base24944\sc2.exe | "TCP Query User{01DB5793-FA58-4969-8AD3-CBB8DCDA0176}C:\program files (x86)\mouseserver\mouseserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mouseserver\mouseserver.exe | "TCP Query User{0BF90896-AC65-445D-B66D-4B058B933228}C:\program files (x86)\gigabyte\energysaver2\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\energysaver2\updexe.exe | "TCP Query User{0F5C3E27-2CA5-4442-B924-E2D04046E6F1}C:\program files (x86)\gigabyte\energysaver2\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\energysaver2\gbtupd.exe | "TCP Query User{22F64A27-D806-400E-874C-C521E465473D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{52601943-815E-49DB-B474-526143325E13}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{59820D3C-BB96-4AB4-B9E4-8E8346FDEA6C}C:\freeocr\freeocr.exe" = protocol=6 | dir=in | app=c:\freeocr\freeocr.exe | "TCP Query User{5BE5FB89-DC42-4289-A2A9-2CD7917DF162}C:\program files (x86)\intel\intel pair & share\pairandshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intel\intel pair & share\pairandshare.exe | "TCP Query User{5D8A0879-0956-4099-8A92-ADCC69054D3E}C:\users\katalin\appdata\roaming\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\katalin\appdata\roaming\bittorrent\bittorrent.exe | "TCP Query User{74143D07-5614-4C08-BE2C-3882CBB979D8}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "TCP Query User{7C01A69A-6B13-455E-A4C4-AE8326444F19}C:\program files (x86)\intel\intel pair & share\pairandshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intel\intel pair & share\pairandshare.exe | "TCP Query User{8FC03C9F-AF75-4B59-A3BF-E4107DB07B1D}C:\users\katalin\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\katalin\appdata\local\facebook\video\skype\facebookvideocalling.exe | "TCP Query User{939B9197-F595-47CE-986E-20C040C295DB}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{96CDBFDB-2F67-406B-9E38-E0B0BEEB2F0B}C:\windows\system32\spool\drivers\x64\3\lxdipswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe | "TCP Query User{AE2177D8-FD72-49D6-B295-9A64E71975C8}C:\program files (x86)\lexmark 3500-4500 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\app4r.exe | "TCP Query User{BEE5474B-9070-455C-8C99-D55CB8EEF27A}C:\program files (x86)\mouseserver\mouseserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mouseserver\mouseserver.exe | "TCP Query User{CCCDB9DF-8357-4B17-8138-95B8975DF08B}C:\program files (x86)\justvoip.com\justvoip\justvoip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\justvoip.com\justvoip\justvoip.exe | "TCP Query User{D205072B-C29B-41A6-95BE-C1D7B8DB8C55}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe | "TCP Query User{EF1BBE02-D994-49D9-9929-87F08CD8D7F1}C:\users\katalin\my programs\skype.exe" = protocol=6 | dir=in | app=c:\users\katalin\my programs\skype.exe | "TCP Query User{F7F38A80-DDA5-4AB2-AFA7-0845677771AB}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe | "UDP Query User{004417B0-40F7-4B4E-9EEB-9655930F7A40}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{04811938-7F33-4236-891C-1D3805458823}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{05386F3F-EB55-44B9-BFE3-D41A1FBB7FD9}C:\program files (x86)\mouseserver\mouseserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mouseserver\mouseserver.exe | "UDP Query User{057E6EB4-01A0-4258-8FE2-69746BBA8C86}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{05F4566F-FEDF-4D81-895A-61E7CE16E898}C:\program files (x86)\intel\intel pair & share\pairandshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intel\intel pair & share\pairandshare.exe | "UDP Query User{10A22310-3DA2-43E8-B1C9-99D846AB27B5}C:\windows\system32\spool\drivers\x64\3\lxdipswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe | "UDP Query User{169F8F12-B264-4110-98BE-73B110BFD541}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{2C0AB4BE-E998-431E-A211-B011DFED2A4C}C:\users\katalin\appdata\roaming\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\katalin\appdata\roaming\bittorrent\bittorrent.exe | "UDP Query User{33D7C538-8CAE-4D74-83B0-BB086ACC442C}C:\users\katalin\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\katalin\appdata\local\facebook\video\skype\facebookvideocalling.exe | "UDP Query User{3F90A571-8179-4975-88E2-2D79311C30A8}C:\program files (x86)\lexmark 3500-4500 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\app4r.exe | "UDP Query User{52B7481B-91E8-4B94-8BB9-9CFA5F13898E}C:\program files (x86)\gigabyte\energysaver2\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\energysaver2\updexe.exe | "UDP Query User{594E3A93-45D1-459E-80BF-D2CBCA18480C}C:\users\katalin\my programs\skype.exe" = protocol=17 | dir=in | app=c:\users\katalin\my programs\skype.exe | "UDP Query User{5AF2F13C-62CE-4FEC-A6A2-FF80229DBDD0}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe | "UDP Query User{5D363965-48D4-497D-8CFA-AEDD8CEF37AA}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe | "UDP Query User{63BF5DE0-453F-4823-B6E3-7967DB75FE39}C:\program files (x86)\gigabyte\energysaver2\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\energysaver2\gbtupd.exe | "UDP Query User{799A9152-E448-4F4C-BF60-0E97BA5C59C1}C:\program files (x86)\justvoip.com\justvoip\justvoip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\justvoip.com\justvoip\justvoip.exe | "UDP Query User{B0EFF9DA-F545-42E5-AAE4-CF4646E8B6A6}C:\program files (x86)\intel\intel pair & share\pairandshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intel\intel pair & share\pairandshare.exe | "UDP Query User{B43EE9D2-A4E0-4E1E-AAE7-9BB68CA829FC}C:\freeocr\freeocr.exe" = protocol=17 | dir=in | app=c:\freeocr\freeocr.exe | "UDP Query User{F256DF01-B9A5-4181-B42F-2B61F8389845}C:\program files (x86)\mouseserver\mouseserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mouseserver\mouseserver.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64) "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC5 "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit) "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program "{47B42E7A-57E9-407B-8DBB-017B86D7B13F}" = Nitro Pro 8 "{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010 "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA Geforce Experience 1.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files "{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64) "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared "{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMWare Player "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services "{FC655E43-0E90-4FAC-AF88-7CF8635C6ADC}" = AllShare Framework DMS "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "{FD7DEB7B-8CEA-44E5-AB2D-7C66786C0563}" = Waterfox "8474-7877-9059-0204" = Samsung Link 1.5.0.1305092012 "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0 "DriverEasy_is1" = DriverEasy 4.3.2 "Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Security Client" = Microsoft Security Essentials "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit) "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit) "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "sp6" = Logitech SetPoint 6.52 "Speccy" = Speccy "Unlocker" = Unlocker 1.9.1-x64 "WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1 "{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25 "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types "{30837ACB-1D54-4A3D-AD9E-8CB8CC6ED4A5}" = Intel Pair and Share "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.0422.1 "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4093F7A5-C25A-46EA-B61A-F46C07C0E8B6}" = Call Of Duty Modern Warfare 2 "{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3 "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0 "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2 "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool "{CF84827D-6048-435B-80CD-4F6CAF5F99CF}" = Intel® WiDi Widget "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1" = MouseServer version 1.3.0.0 "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1" = Thunder Master v1.9 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1A6C690-C12C-4E7A-B4BD-958678215418}" = 3DMark "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "Acoustica MP3 Audio Mixer" = Acoustica MP3 Audio Mixer "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "AMP WinOFF" = AMP WinOFF 5.0.1 "Audacity_is1" = Audacity 2.0.3 "BitTorrent" = BitTorrent "BSPlayerp" = BS.Player PRO "CardRecovery" = CardRecovery "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "essentials-bundle" = TriDef 3D 5.7 "experience-lge-mon-lite-bundle" = TriDef 3D Games (LG 3D Monitor/TV) 1.8.1 "FinalVideoDownloader_is1" = Final Video Downloader 2013 "Fraps" = Fraps (remove only) "freeocr_is1" = FreeOCR v4.2 "GOM Player" = GOM Player "Google Chrome" = Google Chrome "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch "InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2 "IrfanView" = Irfanview (remove only) "JustVoip_is1" = JustVoip "KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic) "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PhotoScape" = PhotoScape "PowerISO" = PowerISO "PrecisionX" = EVGA Precision X 4.1.0 "R1JJRDI=_is1" = GRID 2 © Codemasters version 1 "SopCast Tv Plugin 5.9 Setup" = Sopcast Tv Plugin 5.9 Setup "TagScanner_is1" = TagScanner 5.1.631 "TeamViewer 8" = TeamViewer 8 "TechPowerUp GPU-Z" = TechPowerUp GPU-Z "ToolwizCareFree" = Toolwiz Care "Trusted Software Assistant_is1" = File Type Assistant "U3RhckNyYWZ0IElJOiBIZWFydCBvZiB0aGUgU3dhcm0gKGMp~BFC02D25_is1" = StarCraft II: Heart of the Swarm © Blizzard Entertainment version 1 "Unlocker" = Unlocker 1.9.1 "VLC media player" = VLC media player 2.0.6 "VMware_Player" = VMware Player "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2946525647-1517530458-274711146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "PrivaZer" = PrivaZer "Viber" = Viber "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/27/2013 12:15:27 AM | Computer Name = Katalin-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\Users\Katalin\downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 6/27/2013 12:15:44 AM | Computer Name = Katalin-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\Users\Katalin\downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 6/27/2013 12:15:52 AM | Computer Name = Katalin-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\Users\Katalin\downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 6/27/2013 12:17:12 AM | Computer Name = Katalin-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\Users\Katalin\downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 6/27/2013 12:17:57 AM | Computer Name = Katalin-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\Users\Katalin\downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 6/27/2013 7:13:34 AM | Computer Name = Katalin-PC | Source = Application Error | ID = 1000 Description = Faulting application name: Viber.exe, version: 3.0.0.5748, time stamp: 0x51865cf2 Faulting module name: libViber.dll, version: 3.0.0.5748, time stamp: 0x51865ce6 Exception code: 0xc0000005 Fault offset: 0x00226c21 Faulting process id: 0xfa8 Faulting application start time: 0x01ce73274f2f708a Faulting application path: C:\Users\Katalin\AppData\Local\Viber\Viber.exe Faulting module path: C:\Users\Katalin\AppData\Local\Viber\3.0.0.5748\libViber.dll Report Id: 9a9bfd4e-df1a-11e2-98c0-1c6f653dbe19 Error - 6/27/2013 7:13:37 AM | Computer Name = Katalin-PC | Source = WinMgmt | ID = 10 Description = Error - 6/27/2013 7:42:21 AM | Computer Name = Katalin-PC | Source = VSS | ID = 8194 Description = Error - 6/27/2013 8:06:51 AM | Computer Name = Katalin-PC | Source = WinMgmt | ID = 10 Description = Error - 6/27/2013 8:35:18 AM | Computer Name = Katalin-PC | Source = VSS | ID = 8194 Description = [ System Events ] Error - 6/27/2013 12:22:43 AM | Computer Name = Katalin-PC | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error - 6/27/2013 7:12:44 AM | Computer Name = Katalin-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\WnsDrvr.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 6/27/2013 7:12:44 AM | Computer Name = Katalin-PC | Source = Service Control Manager | ID = 7000 Description = The WnsDrvr service failed to start due to the following error: %%1275 Error - 6/27/2013 7:12:49 AM | Computer Name = Katalin-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: BdfNdisf Error - 6/27/2013 7:57:07 AM | Computer Name = Katalin-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/27/2013 7:59:52 AM | Computer Name = Katalin-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 6/27/2013 8:03:49 AM | Computer Name = Katalin-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/27/2013 8:05:42 AM | Computer Name = Katalin-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\WnsDrvr.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 6/27/2013 8:05:42 AM | Computer Name = Katalin-PC | Source = Service Control Manager | ID = 7000 Description = The WnsDrvr service failed to start due to the following error: %%1275 Error - 6/27/2013 8:05:45 AM | Computer Name = Katalin-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: BdfNdisf < End of report > |
#10
Posted 27 June 2013 - 15:20
Ruleaza din nou OTL.
Copiaza ce e citat mai jos si "Paste"(Lipeste) textul in OTL. Quote
:OTL PRC - [2013/06/27 02:20:37 | 005,191,936 | ---- | M] (Toolwiz) -- C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe SRV:64bit: - [2013/05/03 14:25:36 | 000,405,896 | ---- | M] (Samsung) [Disabled | Stopped] -- C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe -- (AllShare Framework DMS) SRV - [2013/06/13 12:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found O4:64bit: - HKLM..\Run: [Samsung Link] C:\Program Files\SAMSUNG\Samsung Link\utils\Samsung Link Launcher.exe (Samsung Electronics) O4 - HKU\S-1-5-21-2946525647-1517530458-274711146-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-2946525647-1517530458-274711146-1000..\Run: [ToolwizCareFree] C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe (Toolwiz) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found [2013/06/27 02:20:42 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Local\ToolwizCareFree [2013/06/27 02:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ToolwizCareFree [2013/06/08 05:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup [2013/06/05 05:07:15 | 000,000,000 | ---D | C] -- C:\Users\Katalin\AppData\Local\AVG SafeGuard toolbar [2013/06/22 18:51:37 | 000,005,120 | -H-- | M] () -- C:\Users\Katalin\Desktop\photothumb.db [2013/06/05 06:04:57 | 000,012,029 | ---- | M] () -- C:\Users\Katalin\AppData\Local\WiDiSetupLog.20130605.060437.wdl [2013/06/05 06:02:53 | 000,011,613 | ---- | M] () -- C:\Users\Katalin\AppData\Local\WiDiSetupLog.20130605.060242.wdl [2013/06/05 06:04:37 | 000,012,029 | ---- | C] () -- C:\Users\Katalin\AppData\Local\WiDiSetupLog.20130605.060437.wdl [2013/06/05 06:02:42 | 000,011,613 | ---- | C] () -- C:\Users\Katalin\AppData\Local\WiDiSetupLog.20130605.060242.wdl [2013/03/19 18:40:35 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll [2013/04/09 22:53:06 | 000,000,000 | ---D | M] -- C:\Users\Katalin\AppData\Roaming\FinalVideoDownloader @Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:07BF512B @Alternate Data Stream - 1346 bytes -> C:\ProgramData\Microsoft:A5I7nN0GSjXSkbIbvXsBUntZX @Alternate Data Stream - 1220 bytes -> C:\ProgramData\Microsoft:objO7IPLUjphkNWaxgK :Reg :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [resethosts] [CLEARALLRESTOREPOINTS] [Reboot] Apasa Run Fix. Posteaza logul aici. [ http://s23.postimg.org/6ui8tyrrv/OTLsc.jpg - Pentru incarcare in pagina (embed) Click aici ] Posteaza logul creat si verifica daca functiuneaza programele. |
|
#11
Posted 27 June 2013 - 15:26
Dupa ce am rulat ComboFix, orice program as deschide imi da o eroare:
[ http://s12.postimg.org/uzr6ohme5/eror.png - Pentru incarcare in pagina (embed) Click aici ] SI pentru a putea intra in acele programe trebuie sa dau Run as administrator. De ce ? |
#12
Posted 27 June 2013 - 15:32
Katalos, on 27 iunie 2013 - 15:26, said:
Dupa ce am rulat ComboFix, orice program as deschide imi da o eroare: [ http://s12.postimg.org/uzr6ohme5/eror.png - Pentru incarcare in pagina (embed) Click aici ] SI pentru a putea intra in acele programe trebuie sa dau Run as administrator. De ce ? Da restart la calculator. Ai incercat sa scanezi cu ESET Online Scanner? |
#13
Posted 27 June 2013 - 15:46
Acum dupa restartul cerut de OTL nu mai da acea eroare, in schimb programele tot nu au acces la internet.
Asta e raportul. ----------------------------------------------------------------------------------------------------------------------------------------- All processes killed ========== OTL ========== No active process named ToolwizCares.exe was found! Service AllShare Framework DMS stopped successfully! Service AllShare Framework DMS deleted successfully! C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe moved successfully. Service TeamViewer8 stopped successfully! Service TeamViewer8 deleted successfully! C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Samsung Link deleted successfully. C:\Program Files\SAMSUNG\Samsung Link\utils\Samsung Link Launcher.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-2946525647-1517530458-274711146-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware deleted successfully. C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-2946525647-1517530458-274711146-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ToolwizCareFree deleted successfully. C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. C:\Users\Katalin\AppData\Local\ToolwizCareFree\RegistryBackup folder moved successfully. C:\Users\Katalin\AppData\Local\ToolwizCareFree\RegCleanBackup folder moved successfully. C:\Users\Katalin\AppData\Local\ToolwizCareFree folder moved successfully. C:\Program Files (x86)\ToolwizCareFree folder moved successfully. C:\ProgramData\BlueStacksSetup\Images folder moved successfully. C:\ProgramData\BlueStacksSetup folder moved successfully. C:\Users\Katalin\AppData\Local\AVG SafeGuard toolbar\SiteSafety folder moved successfully. C:\Users\Katalin\AppData\Local\AVG SafeGuard toolbar\DNT folder moved successfully. C:\Users\Katalin\AppData\Local\AVG SafeGuard toolbar folder moved successfully. C:\Users\Katalin\Desktop\photothumb.db moved successfully. C:\Users\Katalin\AppData\Local\WiDiSetupLog.20130605.060437.wdl moved successfully. C:\Users\Katalin\AppData\Local\WiDiSetupLog.20130605.060242.wdl moved successfully. File C:\Users\Katalin\AppData\Local\WiDiSetupLog.20130605.060437.wdl not found. File C:\Users\Katalin\AppData\Local\WiDiSetupLog.20130605.060242.wdl not found. C:\Windows\SysWOW64\lxdicomx.dll moved successfully. C:\Users\Katalin\AppData\Roaming\FinalVideoDownloader\temp\1 folder moved successfully. C:\Users\Katalin\AppData\Roaming\FinalVideoDownloader\temp\0 folder moved successfully. C:\Users\Katalin\AppData\Roaming\FinalVideoDownloader\temp folder moved successfully. C:\Users\Katalin\AppData\Roaming\FinalVideoDownloader folder moved successfully. ADS C:\ProgramData\TEMP:07BF512B deleted successfully. ADS C:\ProgramData\Microsoft:A5I7nN0GSjXSkbIbvXsBUntZX deleted successfully. ADS C:\ProgramData\Microsoft:objO7IPLUjphkNWaxgK deleted successfully. ========== REGISTRY ========== ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Katalin\Downloads\cmd.bat deleted successfully. C:\Users\Katalin\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: fffff ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 3960 bytes ->FireFox cache emptied: 4309213 bytes ->Google Chrome cache emptied: 594288 bytes ->Flash cache emptied: 3552 bytes User: Katalin ->Temp folder emptied: 2670800 bytes ->Temporary Internet Files folder emptied: 49286 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 5751075 bytes ->Google Chrome cache emptied: 594288 bytes ->Flash cache emptied: 492 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 13.00 mb [EMPTYJAVA] User: Administrator User: All Users User: Default User: Default User User: fffff User: Katalin ->Java cache emptied: 0 bytes User: Public User: UpdatusUser Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: fffff ->Flash cache emptied: 0 bytes User: Katalin ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 06272013_163046 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Da am incerca sa scanez cu Eset Online Scanner dar imi spune ca nu e compatibil cu Waterfox, si Firefox nu merge Chrome la fel... Edited by Katalos, 27 June 2013 - 15:46. |
#14
Posted 27 June 2013 - 15:46
Daca ai scanat cu Malwarebytes Anti-Rootkit, te rog sa postezi logurile aici.
|
#15
Posted 27 June 2013 - 15:50
Scz nu era Eset Online Scanner ci Bit Defender online! In schmib am incercat si ESET Online Scanner dar cand dau start imi spne "Can not get update. Is proxy configured?"
Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.06.01.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Katalin :: KATALIN-PC [administrator] 6/27/2013 12:55:37 AM mbar-log-2013-06-27 (00-55-37).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 324391 Time elapsed: 17 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end) |
|
#16
Posted 27 June 2013 - 15:52
MhG_40, on 27 iunie 2013 - 06:51, said:
Click pe "Fix Proxy" Click pe "Report" si copy/paste aici. [ http://s11.postimg.org/jj3662z5f/RK1.jpg - Pentru incarcare in pagina (embed) Click aici ] Ai dat Fix Proxy aici? |
#17
Posted 27 June 2013 - 16:12
Da am dat! Doar ca raportul Malwarebytes Anti-Rootkit era de aseara! Am dat sa faca o noua scanare acum!
FixProxy raport RogueKiller V8.6.1 _x64_ [Jun 25 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : hxxp://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Katalin [Admin rights] Mode : ProxyFix -- Date : 06/27/2013 17:04:36 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [SUSP PATH] mbar.exe -- C:\Users\Katalin\Desktop\mbar\mbar.exe [7] -> ERROR [5] ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ Finished : << RKreport[0]_PR_06272013_170436.txt >> RKreport[0]_D_06272013_144703.txt;RKreport[0]_S_06262013_235003.txt;RKreport[0]_S_06272013_000306.txt RKreport[0]_S_06272013_000944.txt;RKreport[0]_S_06272013_144631.txt;RKreport[0]_S_06272013_145008.txt RKreport[0]_S_06272013_170430.txt Raportu de acum Malwarebytes Anti-Rootkit. ---------------------------------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.06.01.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Katalin :: KATALIN-PC [administrator] 6/27/2013 4:49:03 PM mbar-log-2013-06-27 (16-49-03).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 324070 Time elapsed: 17 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Edited by Katalos, 27 June 2013 - 16:06. |
#18
Posted 27 June 2013 - 16:19
In fine.
Ruleaza din nou RogueKiller.exe. Asteapta pana Prescan-ul a terminat. Click pe "Scan". Asteapta pana ce in Status box apare "Scan Finished". Verifica sa fie bifat ce e citat mai jos: Quote [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND Cand in Status box apare "Deleting Finished". Click pe "Report" si copy/paste aici. [ http://s9.postimage.org/q04cnvji7/image.jpg - Pentru incarcare in pagina (embed) Click aici ] |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users