HijackThis - FanSte

De curand am observat ca dupa ce intru pe stick, in loc de fisierele mele, am o scurtatura la stick in care trebuie sa ca sa accesez fisierele si asta patesc la fiecare stick pe care il conectez la laptop. Am scanat stick-ul cu nod 32 dar nu mi-a gasit nimic. Cum pot scapa de virus? Am mai vazut o problema asemanatoare, insa cazul respectiv i se crea o scurtatura fiecarui fisier in parte de pe stick, aici i se creaza o scurtatura stickului.

Vezi aici:
http://forum.softped...virus-pe-stick/

Buna.
FanSte,
fa o scanare cu Malwarebytes AntiMalware si posteaza logul aici.

Scuze de intarziere!
Am scanat cu programul respectiv, cu stickul bagat, insa problema a ramas. Shortcut-ul de pe stick nu a disparut si nici nu vad, in log, sa fii gasit vreo problema acolo.


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.15.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
X-Files :: X-FILES-PC [administrator]
Protection: Enabled
6/15/2013 1:39:54 PM
mbam-log-2013-06-15 (13-39-54).txt
Scan type: Full scan (C:\|D:\|E:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 624351
Time elapsed: 1 hour(s), 9 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|6646 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\ccoqzaka.com -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.
Files Detected: 20
C:\ProgramData\Local Settings\Temp\ccoqzaka.com (Trojan.Agent) -> Delete on reboot.
C:\MSI\TrustedInstaller.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GRAPHISOFT\ArchiCAD 16\AC16 X64 b3006_K.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FIFA 13\Game\rld.dll (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 (PUP.HackTool.H) -> Quarantined and deleted successfully.
C:\Users\X-Files\AppData\Local\Temp\_.net_\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\X-Files\Downloads\Windows 7 Loader.zip (PUP.HackTool.H) -> Quarantined and deleted successfully.
C:\Users\X-Files\Downloads\Windows 7 Loader\Windows 7 Loader\Windows Loader.exe (PUP.HackTool.H) -> Quarantined and deleted successfully.
E:\kituri\Microsoft.Office.2010.ProfessionalPlus.with.SP1.VL.Edition-ZWTiSO\crack.rar (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
E:\kituri\Microsoft.Office.2010.ProfessionalPlus.with.SP1.VL.Edition-ZWTiSO\Microsoft.Office.2010.ProfessionalPlus.with.SP1.VL.Edition-ZWTiSO.rar (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
E:\kituri\Microsoft.Windows.7.Activator.V2.WiN7ALL.Incl.Patcher-ACTiVATiNG\ac-wmvva.zip (Trojan.Dropper.WEX) -> Quarantined and deleted successfully.
E:\kituri\Robot 2012\x-force_2012_x32.exe (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
E:\kituri\Robot 2012\xf-a2012-32bits.rar (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
E:\kituri\Robot 2012\xf-a2012-64bits.rar (Trojan.Agent.ck) -> Quarantined and deleted successfully.
E:\kituri\Robot 2012\en-US\x-force_2012_x32.exe (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
E:\kituri\Robot 2012\en-US\x-force_2012_x32.rar (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
E:\kituri\sap2000 14.2\crack\Crack_SAP2000_14.2.rar (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
E:\kituri\sap2000 14.2\crack\Crack_SAP2000_14.2\Crack_SAP2000_14.2.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
E:\kituri\[REQ]Graphisoft ArchiCAD 16 Build 3006 x64 - warez_spam\[REQ]Graphisoft ArchiCAD 16 Build 3006 x64 - warez_spam\Graphisoft ArchiCAD 16 Build 3006 x64\Crack\AC16 X64 b3006_K.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.
(end)

Salut,
Am o problema cu orice stick sau card Sd pe care il bag in laptopul meu. Pe stick se creaza o scurtatura la stick. Deci cand intru in stick, in loc sa vad fisierele pe care le am pe el, vad o scurtatura la stick in care ttrebuie sa intru ca sa imi pot accesa fisierele. Si asta pateste orice stick nou care intra in laptopul meu.  

Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 3:59:10 PM, on 6/15/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Join Air\UIExec.exe
C:\Users\X-Files\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://http://www.ya...ilc=8.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://http://www.ya...ilc=8.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://http://www.ya...ilc=8.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [UIExec] "C:\Program Files (x86)\Join Air\UIExec.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [6646] C:\PROGRA~3\LOCALS~1\Temp\ccoqzaka.com
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2419175925-1990461145-1146479879-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2419175925-1990461145-1146479879-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = X-Files\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDC480B6-A7E0-4502-A25B-146A1442B8A0}: NameServer = 193.231.236.30 193.231.236.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.5 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files (x86)\Join Air\AssistantServices.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12520 bytes

Multumesc!

1. Descarca AdwCleaner by Xplode pe Desktop.
Dublu click pe AdwCleaner.exe pentru al rula.
Pentru Windows Vista sau Windows7,
click dreapta, selecteaza Run as administrator.
Click pe Search.
Asteapta sa termine de cautat.
Dupa click pe Delete.
Un fisier log se va deschide dupa ce va termina de scanat.
Posteaza continutul lui aici.
Logul se gaseste in C:\AdwCleaner[Sn].txt (n este un numar).
[ http://s8.postimage.org/q3trcenth/ADW1.jpg - Pentru incarcare in pagina (embed) Click aici ]

2.Descarca si salveaza pe Desktop, RogueKiller sau de aici.
Inchide toate programele care ruleaza.
Scoate tot din porturile USB(Memory Stick, Hard Extern).
Dublu click pe RogueKiller.exe, pentru a rula.
Pentru Windows Vista sau Windows 7,
click dreapta, selecteaza Run as administrator.
Asteapta pana Prescan-ul a terminat.
Click pe "Scan".
Asteapta pana ce in Status box apare "Scan Finished".
Click pe "Report" si copy/paste aici.
Pe imaginea de mai jos ignora pasul 3!
[ http://s9.postimage.org/q04cnvji7/image.jpg - Pentru incarcare in pagina (embed) Click aici ]

Scan cu AdwCleaner


# Adwcleaner v2.303 - Logfile created 06/15/2013 at 18:12:29
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : X-Files - X-FILES-PC
# Boot Mode : Normal
# Running from : C:\Users\X-Files\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf
Folder Deleted : C:\Users\X-Files\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\X-Files\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\X-Files\AppData\Roaming\SpeedAnalysis2
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Registry is clean.
-\\ Google Chrome v27.0.1453.110
File : C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2645 octets] - [15/06/2013 18:10:34]
AdwCleaner[S1].txt - [2618 octets] - [15/06/2013 18:12:29]
########## EOF - C:\AdwCleaner[S1].txt - [2678 octets] ##########




Scan cu RogueKiller

RogueKiller V8.6.0 [Jun 15 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7
Started in : Normal mode
User : X-Files [Admin rights]
Mode : Scan -- Date : 06/15/2013 18:28:50
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : 6646 (C:\PROGRA~3\LOCALS~1\Temp\ccoqzaka.com [x]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : 6646 (C:\PROGRA~3\LOCALS~1\Temp\ccoqzaka.com [x]) -> FOUND
[DNS] HKLM\[...]\CCSet[...]\{BDC480B6-A7E0-4502-A25B-146A1442B8A0} : NameServer (193.231.236.30 193.231.236.25) -> FOUND
[DNS] HKLM\[...]\CS001[...]\{BDC480B6-A7E0-4502-A25B-146A1442B8A0} : NameServer (193.231.236.30 193.231.236.25) -> FOUND
[DNS] HKLM\[...]\CS002[...]\{BDC480B6-A7E0-4502-A25B-146A1442B8A0} : NameServer (193.231.236.30 193.231.236.25) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection :  ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] b0e1c439b685fe4fc8fff5aa5ca23ccb
[BSP] c82e9b411691a04a6ed7c7b7c8ea2cce : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 119900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 245762048 | Size: 151856 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 556764705 | Size: 205079 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_06152013_182850.txt >>

1. Ruleaza din nou RogueKiller.exe.
Asteapta pana Prescan-ul a terminat.
Click pe "Scan".
Asteapta pana ce in Status box apare "Scan Finished".
Verifica sa fie bifat  ce e citat mai jos:

Quote

Click pe "Delete".
Cand in Status box apare "Deleting Finished".
Click pe "Report" si copy/paste aici.
[ http://s9.postimage.org/q04cnvji7/image.jpg - Pentru incarcare in pagina (embed) Click aici ]

2. Descarca: ComboFix si salveaza-l pe Desktop.
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix.
Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data.
Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii.
Salveaza acel fisier si posteaza continutul AICI.

1.
RogueKiller V8.6.0 [Jun 15 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7
Started in : Normal mode
User : X-Files [Admin rights]
Mode : Remove -- Date : 06/15/2013 22:18:46
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : 6646 (C:\PROGRA~3\LOCALS~1\Temp\ccoqzaka.com [x]) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : 6646 (C:\PROGRA~3\LOCALS~1\Temp\ccoqzaka.com [x]) -> [0x2] The system cannot find the file specified.
[DNS] HKLM\[...]\CCSet[...]\{BDC480B6-A7E0-4502-A25B-146A1442B8A0} : NameServer (193.231.236.30 193.231.236.25) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS001[...]\{BDC480B6-A7E0-4502-A25B-146A1442B8A0} : NameServer (193.231.236.30 193.231.236.25) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS002[...]\{BDC480B6-A7E0-4502-A25B-146A1442B8A0} : NameServer (193.231.236.30 193.231.236.25) -> NOT REMOVED, USE DNSFIX
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection :  ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] b0e1c439b685fe4fc8fff5aa5ca23ccb
[BSP] c82e9b411691a04a6ed7c7b7c8ea2cce : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 119900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 245762048 | Size: 151856 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 556764705 | Size: 205079 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_06152013_221846.txt >>
RKreport[0]_S_06152013_182850.txt;RKreport[1]_S_06152013_221456.txt





2.
ComboFix 13-06-15.01 - X-Files 06/15/2013  22:22:39.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3934.2530 [GMT 3:00]
Running from: c:\users\X-Files\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Local Settings\Temp
c:\users\X-Files\AppData\Local\Microsoft\Windows\Temporary Internet Files\{05DA1D1A-6B23-40A9-817A-17AC757F9B20}.xps
c:\users\X-Files\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4216EB51-93DE-4A75-B968-66EDD17AF604}.xps
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\lang-1033-default.dll
c:\windows\SysWow64\prsgrc.dll
c:\windows\SysWow64\ssprs.dll
c:\windows\SysWow64\yh67o5v.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-15 to 2013-06-15  )))))))))))))))))))))))))))))))
.
.
2013-06-15 19:27 . 2013-06-15 19:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-15 19:27 . 2013-06-15 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-15 10:37 . 2013-06-15 10:37 -------- d-----w- c:\users\X-Files\AppData\Roaming\Malwarebytes
2013-06-15 10:37 . 2013-06-15 10:37 -------- d-----w- c:\programdata\Malwarebytes
2013-06-15 10:37 . 2013-06-15 10:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-15 10:37 . 2013-04-04 11:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-15 10:36 . 2013-06-15 10:36 -------- d-----w- c:\users\X-Files\AppData\Local\Programs
2013-06-15 06:21 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F157580-E6C0-4A7F-B951-971AEE16A4D4}\mpengine.dll
2013-06-13 04:52 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 05:20 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-08 11:58 . 2013-06-08 11:59 -------- d-----w- c:\program files (x86)\WorldUnlock Codes Calculator
2013-06-04 08:25 . 2013-06-15 19:27 -------- d-----w- c:\programdata\Local Settings
2013-06-04 08:24 . 2013-06-15 11:55 -------- d-----w- C:\MSI
2013-06-02 20:31 . 2013-06-02 20:31 -------- d-----w- c:\users\X-Files\AppData\Roaming\ABBYY
2013-06-02 20:25 . 2013-06-02 20:25 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2013-06-02 20:25 . 2013-06-02 20:56 -------- d-----w- c:\users\X-Files\AppData\Local\ABBYY
2013-06-02 20:25 . 2013-06-02 20:56 -------- d-----w- c:\programdata\ABBYY
2013-06-02 20:25 . 2013-06-02 20:27 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0
2013-06-02 20:23 . 2008-05-16 02:51 -------- d-----w- C:\FR90PE_VOL
2013-05-28 07:42 . 2013-05-28 07:42 -------- d-----w- c:\users\X-Files\AppData\Roaming\Yahoo!
2013-05-28 07:42 . 2013-05-28 07:42 -------- d-----w- c:\programdata\Yahoo! Companion
2013-05-27 19:36 . 2013-06-07 12:37 -------- d-----w- c:\users\X-Files\AppData\Roaming\Skype
2013-05-27 19:36 . 2013-05-27 19:37 -------- d-----r- c:\program files (x86)\Skype
2013-05-27 19:36 . 2013-05-27 19:36 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-27 19:35 . 2013-05-27 19:37 -------- d-----w- c:\programdata\Skype
2013-05-19 18:30 . 2013-05-19 18:30 -------- d-----w- c:\users\X-Files\AppData\Local\GHISLER
2013-05-19 09:20 . 2012-08-03 05:01 545 ----a-w- c:\windows\UC.PIF
2013-05-19 09:20 . 2012-08-03 05:01 545 ----a-w- c:\windows\RAR.PIF
2013-05-19 09:20 . 2013-05-19 09:20 -------- d-----w- c:\program files (x86)\totalcmd
2013-05-19 09:20 . 2013-05-19 09:20 -------- d-----w- c:\users\X-Files\AppData\Roaming\GHISLER
2013-05-19 09:20 . 2012-08-03 05:01 545 ----a-w- c:\windows\LHA.PIF
2013-05-19 09:20 . 2012-08-03 05:01 545 ----a-w- c:\windows\ARJ.PIF
2013-05-18 11:50 . 2013-05-18 11:50 119808 ----a-r- c:\users\X-Files\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-05-17 07:14 . 2013-05-17 07:14 -------- d-----w- c:\users\X-Files\AppData\Roaming\MathWorks
2013-05-17 07:04 . 2004-07-29 19:35 1077344 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2013-05-17 07:04 . 2004-03-01 20:05 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2013-05-17 07:04 . 2004-02-11 12:37 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2013-05-17 06:43 . 2013-05-17 06:43 -------- d-----w- c:\program files\MATLAB
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 04:53 . 2013-04-25 04:55 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 16:03 . 2013-04-27 19:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 16:03 . 2013-04-27 19:33 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-01 23:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-27 05:02 . 2013-04-27 05:02 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-04-25 03:49 . 2013-04-25 03:49 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-25 03:49 . 2013-04-25 03:49 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-25 03:49 . 2013-04-25 03:49 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-25 03:49 . 2013-04-25 03:49 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-25 03:49 . 2013-04-25 03:49 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-25 03:49 . 2013-04-25 03:49 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-25 03:49 . 2013-04-25 03:49 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-25 03:49 . 2013-04-25 03:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-25 03:49 . 2013-04-25 03:49 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-25 03:49 . 2013-04-25 03:49 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-25 03:49 . 2013-04-25 03:49 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-25 03:49 . 2013-04-25 03:49 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-25 03:49 . 2013-04-25 03:49 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-25 03:49 . 2013-04-25 03:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-25 03:49 . 2013-04-25 03:49 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-25 03:49 . 2013-04-25 03:49 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-25 03:49 . 2013-04-25 03:49 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-25 03:49 . 2013-04-25 03:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-25 03:49 . 2013-04-25 03:49 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-25 03:49 . 2013-04-25 03:49 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-25 03:49 . 2013-04-25 03:49 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-25 03:49 . 2013-04-25 03:49 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-25 03:49 . 2013-04-25 03:49 441856 ----a-w- c:\windows\system32\html.iec
2013-04-25 03:49 . 2013-04-25 03:49 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-25 03:49 . 2013-04-25 03:49 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-25 03:49 . 2013-04-25 03:49 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-25 03:49 . 2013-04-25 03:49 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-25 03:49 . 2013-04-25 03:49 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-25 03:49 . 2013-04-25 03:49 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-25 03:49 . 2013-04-25 03:49 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-25 03:49 . 2013-04-25 03:49 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-25 03:49 . 2013-04-25 03:49 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-25 03:49 . 2013-04-25 03:49 235008 ----a-w- c:\windows\system32\url.dll
2013-04-25 03:49 . 2013-04-25 03:49 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-25 03:49 . 2013-04-25 03:49 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-25 03:49 . 2013-04-25 03:49 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-25 03:49 . 2013-04-25 03:49 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-25 03:49 . 2013-04-25 03:49 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-25 03:49 . 2013-04-25 03:49 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-25 03:49 . 2013-04-25 03:49 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-25 03:49 . 2013-04-25 03:49 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-25 03:49 . 2013-04-25 03:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-25 03:49 . 2013-04-25 03:49 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-25 03:49 . 2013-04-25 03:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-25 03:49 . 2013-04-25 03:49 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-25 03:49 . 2013-04-25 03:49 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-25 03:49 . 2013-04-25 03:49 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-25 03:49 . 2013-04-25 03:49 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-25 03:49 . 2013-04-25 03:49 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-25 03:45 . 2013-04-25 03:45 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-04-25 03:42 . 2013-04-25 03:42 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-25 03:42 . 2013-04-25 03:42 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-25 03:42 . 2013-04-25 03:42 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-25 03:42 . 2013-04-25 03:42 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-25 03:42 . 2013-04-25 03:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-25 03:42 . 2013-04-25 03:42 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-25 03:42 . 2013-04-25 03:42 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-25 03:42 . 2013-04-25 03:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-25 03:42 . 2013-04-25 03:42 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-25 03:42 . 2013-04-25 03:42 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-25 03:42 . 2013-04-25 03:42 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-04-25 03:42 . 2013-04-25 03:42 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-25 03:42 . 2013-04-25 03:42 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-25 03:42 . 2013-04-25 03:42 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-04-25 03:42 . 2013-04-25 03:42 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-25 03:42 . 2013-04-25 03:42 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-25 03:42 . 2013-04-25 03:42 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-04-25 03:42 . 2013-04-25 03:42 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-04-25 03:42 . 2013-04-25 03:42 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-04-25 03:42 . 2013-04-25 03:42 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-04-25 03:42 . 2013-04-25 03:42 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-04-25 03:42 . 2013-04-25 03:42 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-04-25 03:42 . 2013-04-25 03:42 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-04-25 03:42 . 2013-04-25 03:42 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-25 03:42 . 2013-04-25 03:42 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-25 03:42 . 2013-04-25 03:42 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-25 03:42 . 2013-04-25 03:42 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-25 03:42 . 2013-04-25 03:42 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\X-Files\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\X-Files\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\X-Files\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\X-Files\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2011-02-14 139088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-04 1081224]
.
c:\users\X-Files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\X-Files\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe;c:\windows\SYSNATIVE\hasplms.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe;c:\program files (x86)\Join Air\AssistantServices.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-05 21:52 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-27 16:03]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25 03:39]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce497568e6c852.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25 03:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\X-Files\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\X-Files\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\X-Files\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\X-Files\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-06 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-06 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-06 439576]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2012-02-02 576376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com
mDefault_Page_URL = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com
mStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 81.180.19.254 193.231.3.10
TCP: Interfaces\{BDC480B6-A7E0-4502-A25B-146A1442B8A0}: NameServer = 193.231.236.30 193.231.236.25
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-15  22:29:20
ComboFix-quarantined-files.txt  2013-06-15 19:29
.
Pre-Run: 46,481,874,944 bytes free
Post-Run: 47,190,171,648 bytes free
.
- - End Of File - - 0CF78A9E929DF38817F22F63296A0BBF
D41D8CD98F00B204E9800998ECF8427E

Scaneaza te rog cu OTL.
Vezi aici:
http://forum.softped...r/#entry8313329

Bifezi ca in imaginea de mai jos:
 OTL.png   46.27K   5 downloads

La terminare vor apare 2 ferestre de Notepad - OTL.txt si Extras.txt.
Posteaza cele doua loguri aici.

OTL Extras logfile created on: 6/15/2013 11:14:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\X-Files\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 64.11% Memory free
7.68 Gb Paging File | 6.19 Gb Available in Paging File | 80.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117.09 Gb Total Space | 44.05 Gb Free Space | 37.62% Space Free | Partition Type: NTFS
Drive D: | 148.30 Gb Total Space | 17.20 Gb Free Space | 11.60% Space Free | Partition Type: NTFS
Drive E: | 200.27 Gb Total Space | 142.33 Gb Free Space | 71.07% Space Free | Partition Type: NTFS
Drive H: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: X-FILES-PC | User Name: X-Files | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8854AB-31CF-4023-88B4-FA756EAD7B46}" = rport=139 | protocol=6 | dir=out | app=system |
"{0BD85101-4C80-4E38-9DC2-49A56303E3A8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0DCDC7E0-64C8-4926-8B95-2B26C4F14241}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E45A2B8-CA85-41D6-B50A-A8D53221EA22}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{3E68CE65-5D23-42BE-99BE-2D0867D9D292}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41CF3444-5961-44EC-A0D4-755AA37556B1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4D59FB1B-BAC9-4813-A08F-15794B0FF229}" = lport=137 | protocol=17 | dir=in | app=system |
"{5230BC2E-B5BE-4A67-B4DA-A9D482BEEC3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61CEFD56-BC3E-41CB-9710-72B1E41758EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CC35D91-D8EA-445A-A787-0AAAA8DC0D66}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{747ED4B4-01A9-42EA-82E7-24F2F56440DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79755E43-F531-4C3D-9752-99ED065B4A2F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{799E6BC3-9599-4F04-84CD-86BCD01041F4}" = lport=138 | protocol=17 | dir=in | app=system |
"{8372BD6C-2210-457E-8126-FA69A69CA803}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E34C3E2-9728-4716-A05E-E91536BF21CB}" = rport=138 | protocol=17 | dir=out | app=system |
"{9DDC9597-9BCB-4B98-BC19-DD29B581DCEC}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{AB8A9202-00BD-4587-8E54-289FD1AA4BD9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B1CFA0EA-4B41-40D3-A226-04825B3386F4}" = rport=445 | protocol=6 | dir=out | app=system |
"{B68297F2-0576-4842-AF8A-2BD1C5D9FC45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA2ED35A-F45D-4D2C-ABF6-DF47C64E7CB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB7D13A1-78DC-4639-B76D-5ECE423C4B85}" = lport=445 | protocol=6 | dir=in | app=system |
"{DBF69196-72B8-4102-83FB-927A0D7E125D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6FE440E-9B11-4ADC-B870-0EAC10947E2A}" = rport=137 | protocol=17 | dir=out | app=system |
"{EA10A5CA-DCFD-4D6B-9F0C-8A882C59155A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6594D87-F968-4DAA-8A37-92001442CB10}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FEB0E5-695F-4502-8E1A-974730B3A5C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{16F81EFC-D778-4697-8B3D-588E3A5CBC2A}" = protocol=6 | dir=in | app=c:\users\x-files\desktop\utorrent.exe |
"{1A4965AB-8B65-4B42-97E3-014336CE1FFE}" = protocol=17 | dir=in | app=c:\users\x-files\appdata\roaming\dropbox\bin\dropbox.exe |
"{2E1ADC85-44BF-4CC7-8497-7E5C4EC1B762}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{314AF89B-12CA-414C-A8F2-791A5A625BFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F1172CD-F622-454E-A81D-D2A6A5CE39F7}" = protocol=58 | dir=in | [email protected],-28545 |
"{409AE598-C4B8-46A3-A737-48D570E6A83D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{416C6649-FF7B-4536-A665-8046DCD94A3F}" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 13\game\fifa13.exe |
"{4D5BCDB7-131E-431C-91B5-CA0122A4990B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54CA6147-DFEF-45E7-85AC-F9FAD11EE050}" = protocol=6 | dir=out | app=system |
"{55C8764A-1F5B-4445-A666-FE6C53AFA932}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{5B21C412-379A-4CC7-86AD-E8F213E3A3B9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6703157D-B9D6-497D-A232-66D3D6A3C0D6}" = protocol=58 | dir=out | [email protected],-28546 |
"{6AAFBA7F-6C3A-4414-8B90-BC494401EFAB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6BE26757-8A91-45BC-9B99-FB354DC6D0F7}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{724AC01E-7501-417C-8805-9F43FA8F15DC}" = protocol=6 | dir=in | app=f:\routersetup\qiswizard.exe |
"{7354392D-AACD-4BA8-BE5A-AA3A1A2363E9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{75B664A7-5BAD-4DA0-9C7D-E5AEDF1F72B5}" = protocol=1 | dir=in | [email protected],-28543 |
"{784EAD96-1B54-4932-93A2-3C531EEB5325}" = protocol=6 | dir=in | app=c:\users\x-files\appdata\roaming\dropbox\bin\dropbox.exe |
"{789EED82-53BA-47AA-9192-6FDE51BCED4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{79B54929-8155-465D-B2F0-9FD1FF92A702}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{80FAE95D-F076-4AF5-9B5E-BAE34C7E2BB3}" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 13\game\fifa13.exe |
"{81378FCD-BF52-4C3D-B58D-4D75B6433E8B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{85D07B88-74E7-48C2-8475-AFD884CE38FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BA7E0FE-2E94-429D-BC74-A37B2BD80522}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8EC5E4F8-9336-4296-BF46-1103E4188D28}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{90F8AE88-2337-4AB7-A2D6-02CC5FBBCA0E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{93613971-241D-478B-AB13-5BE3F1C92C25}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\virtua tennis 4\vt4.exe |
"{97E67338-7D49-4933-97DA-3F899BAB8A69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C673147-F4B9-4B40-B61E-20AEEE569CE1}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{AD4B00D6-8102-40D1-8425-24D9DBAAA19E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B0D0B86A-9892-49B2-8BE4-D66C93F65F82}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{B105CC17-8F6C-4C6A-9021-4EF32E017BE8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B7164AD0-D5C8-4539-8E78-5C444D9BA1C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B94F37F9-6D1C-4C31-A497-C7958D78C04E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BCEC5832-D295-4C6E-AF64-523B558C713E}" = protocol=17 | dir=in | app=f:\routersetup\qiswizard.exe |
"{C97D98C0-28EB-45C4-B44E-BFBECE87C33E}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{DA2BFD49-86AF-4EE7-B45E-87B689D7457B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF5A0DB7-3C29-4985-9F00-75BB419CA7E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E635342A-6BF7-4F8F-90A0-FB28651F8872}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\virtua tennis 4\vt4.exe |
"{E6BFAC19-6EC2-4757-822F-49D9D71C4A13}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF13C54A-0942-4D22-91AB-40425DBEC723}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F128CD9B-AE5C-4DA5-872C-F3EB6ED786CF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{F48EC368-0F99-4FF9-A883-7887CF800564}" = protocol=17 | dir=in | app=c:\users\x-files\desktop\utorrent.exe |
"{F67B1400-0571-4B5A-A58E-26F588B9F49E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{FF42DF42-D934-412A-9BF7-8338DC85DF79}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{7306A250-40D9-4349-A52A-CE8D98BDF354}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{769E8A55-1EFE-42B3-8E50-8F46E14CE25D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{8974BF91-6E59-4A2A-8982-D7CE7314FC4A}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"TCP Query User{9515209B-AFF5-401E-B4A9-B89706283063}C:\program files (x86)\sega\virtua tennis 4\vt4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sega\virtua tennis 4\vt4.exe |
"UDP Query User{14CA2561-1960-4A76-AEED-7D5E306582CD}C:\program files (x86)\sega\virtua tennis 4\vt4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sega\virtua tennis 4\vt4.exe |
"UDP Query User{25C4AB9B-B00E-4D0E-9CFD-C83525E85BD0}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{6480503D-E448-4900-9B69-1E8B4CC6FC31}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"UDP Query User{89C28956-9834-426C-82CA-36D0B9D88C02}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WibuKey Setup (WibuKey Remove)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}" = Autodesk 360
"{5783F2D7-D001-0000-0102-0060B0CE6BBA}" = AutoCAD 2014 - English
"{5783F2D7-D001-0409-1102-0060B0CE6BBA}" = AutoCAD 2014 Language Pack - English
"{5783F2D7-D001-0409-2102-0060B0CE6BBA}" = AutoCAD 2014 - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Intel® Turbo Boost Technology Monitor 2.5
"{80F34ED1-D2F9-484C-9B69-CFE0DBD1A51A}" = Tekla Structures 18.1 x64 Software
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C2C49561-CD30-4A44-92AB-81BC2ECA2CB0}" = ESET NOD32 Antivirus
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"001FFF2FFF16FF00FF0701F01F02F000-R1" = ArchiCAD 16 INT
"AutoCAD 2014 - English" = Autodesk AutoCAD 2014 - English
"Elantech" = ETDWare PS/2-X64 10.6.9.9_WHQL
"Matlab R2012a" = MATLAB R2012a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091C41F7-94BE-4857-8F83-6DD93B00C27D}" = Tekla Structures 18.1 France Env
"{129024FF-A6C9-4696-91BC-570C6C05193A}" = Windchill ProductPoint Client Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{32A105FD-AC27-4326-82DF-D60977FEBA20}" = ETABS 9
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{458B92F3-A319-40A8-A329-BF24DFA836B2}" = Tekla Structures 18.1 Default Env
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}" = Top Spin 2
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014
"{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{644E9589-F73A-49A4-AC61-A953B9DE5669}" = SketchUp Import for AutoCAD 2014
"{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{8A470330-70B2-49AD-86AF-79885EF9898A}" = FARO LS 1.1.501.0 (64bit)
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AC76D478-1033-0000-3478-000000000004}" = Mathcad PDSi viewable support
"{ACE45656-34E1-4960-AFD5-857A1BD6A8A9}" = PERFORM-3D 5
"{ADC47FB8-9152-408A-A9FF-F9AEBBD3061C}" = Tekla Structures 18.1 Common Env (Required)
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C070121A-C8C5-4D52-9A7D-D240631BD433}" = Autodesk App Manager
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C65ABF2A-1B82-4F34-8C74-E4FE373F3BE4}" = 'PTC Places' Namespace Shell Extension
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{DC8F6C78-7231-44A2-B66E-6C4FCB3A3364}" = Mathcad 15 F000
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F732FEDA-7713-4428-934B-EF83B8DD65D0}" = Autodesk Featured Apps
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk Content Service" = Autodesk Content Service
"BSPlayerf" = BS.Player FREE
"DAEMON Tools Pro" = Daemon Tools Pro
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 9.0.0 Professional
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"GFWL_{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.55
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mathcad PDSi viewable support" = Mathcad PDSi viewable support
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SopCast" = Sopcast 3.8.2
"TeamViewer 8" = TeamViewer 8
"Tennis Elbow 2011" = Tennis Elbow 2011 1.0a
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WorldUnlock Codes Calculator" = WorldUnlock Codes Calculator
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2013 11:59:02 AM | Computer Name = X-Files-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 2:15:13 AM | Computer Name = X-Files-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 2:20:06 AM | Computer Name = X-Files-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 3:22:59 AM | Computer Name = X-Files-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\EASEUS\easeus
partition master 9.0.0 professional edition\res\Help.exe".  Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.

Error - 6/15/2013 8:14:16 AM | Computer Name = X-Files-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 8:40:42 AM | Computer Name = X-Files-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 10:28:26 AM | Computer Name = X-Files-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 11:25:40 AM | Computer Name = X-Files-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 3:07:59 PM | Computer Name = X-Files-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2013 3:59:49 PM | Computer Name = X-Files-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/15/2013 6:39:29 AM | Computer Name = X-Files-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/15/2013 6:39:30 AM | Computer Name = X-Files-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/15/2013 10:28:00 AM | Computer Name = X-Files-PC | Source = DCOM | ID = 10010
Description =

Error - 6/15/2013 11:10:35 AM | Computer Name = X-Files-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/15/2013 11:10:37 AM | Computer Name = X-Files-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/15/2013 11:10:38 AM | Computer Name = X-Files-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/15/2013 3:20:17 PM | Computer Name = X-Files-PC | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly.  It has done
this 1 time(s).

Error - 6/15/2013 3:25:08 PM | Computer Name = X-Files-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
the system is configured to not allow interactive services.  This service may not
function properly.

Error - 6/15/2013 3:27:04 PM | Computer Name = X-Files-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 6/15/2013 3:27:46 PM | Computer Name = X-Files-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
the system is configured to not allow interactive services.  This service may not
function properly.


< End of report >










OTL logfile created on: 6/15/2013 11:14:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\X-Files\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 64.11% Memory free
7.68 Gb Paging File | 6.19 Gb Available in Paging File | 80.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117.09 Gb Total Space | 44.05 Gb Free Space | 37.62% Space Free | Partition Type: NTFS
Drive D: | 148.30 Gb Total Space | 17.20 Gb Free Space | 11.60% Space Free | Partition Type: NTFS
Drive E: | 200.27 Gb Total Space | 142.33 Gb Free Space | 71.07% Space Free | Partition Type: NTFS
Drive H: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: X-FILES-PC | User Name: X-Files | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/06/15 23:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\X-Files\Desktop\OTL.exe
PRC - [2013/06/07 15:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2013/03/15 08:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/12/13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012/10/23 11:25:06 | 002,744,960 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/02/26 22:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/12/16 07:38:48 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 07:38:46 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 07:38:24 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/14 17:17:52 | 000,261,456 | ---- | M] () -- C:\Program Files (x86)\Join Air\AssistantServices.exe
PRC - [2011/02/14 17:17:52 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\Join Air\UIExec.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/15 08:53:06 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/02/14 17:17:52 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\Join Air\UIExec.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/27 08:21:42 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013/03/15 12:52:10 | 004,466,120 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2012/01/20 16:15:14 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2011/12/08 16:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/12 19:03:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/07 15:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/11 23:40:21 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/05/11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 08:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2012/03/06 11:09:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/16 07:38:48 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 07:38:46 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/16 07:38:24 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/08/31 16:11:40 | 002,425,960 | R--- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/14 17:17:52 | 000,261,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/27 08:02:30 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/15 12:52:08 | 000,331,144 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2013/03/15 12:52:08 | 000,303,368 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2013/03/15 12:52:08 | 000,141,064 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2013/03/15 12:52:08 | 000,090,056 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2013/03/15 12:52:08 | 000,063,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2013/03/15 12:52:08 | 000,060,488 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2013/03/15 08:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/02/20 11:07:38 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/01/10 15:08:16 | 000,139,768 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2013/01/10 15:08:14 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/07 16:48:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/29 17:34:48 | 003,545,088 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/02/27 19:55:24 | 014,741,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/26 22:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/26 22:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/26 22:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/01/20 16:14:34 | 000,016,128 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2011/12/05 22:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/09 20:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/14 08:49:22 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/09/22 07:00:04 | 000,097,792 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WibuKey64.sys -- (WIBUKEY)
DRV:64bit: - [2011/09/21 13:08:10 | 000,376,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/09/02 06:46:28 | 000,339,048 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/07 09:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2009/09/27 09:53:54 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/09/27 09:53:54 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/09/27 09:53:54 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/09/27 09:53:54 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/09/07 09:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://http://www.ya...ilc=8.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://http://www.ya...ilc=8.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://http://www.ya...ilc=8.yahoo.com
IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 C8 A2 31 66 41 CE 01  [binary data]
IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1002\..\SearchScopes,DefaultScope =


========== Firefox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@graphisoft.com/GDL Web Plug-in: C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA Thunderbird [2013/04/25 06:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/05/10 22:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/04/25 06:54:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/05/10 22:22:11 | 000,000,000 | ---D | M]

[2013/05/10 22:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions
[2013/05/10 22:22:11 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - Extension: Google Docs = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disc Google = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: One Number = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi\1.5.6.18_0\
CHR - Extension: căutare Google = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Gmail = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/15 22:27:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\.DEFAULT..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-18..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\X-Files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\X-Files\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O7 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.180.19.254 193.231.3.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{445AC949-72F4-4C9A-BB30-7B9C7A9FD974}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEFE8A4B-67FE-4173-AB36-8AB32BB341CE}: DhcpNameServer = 81.180.19.254 193.231.3.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDC480B6-A7E0-4502-A25B-146A1442B8A0}: NameServer = 193.231.236.30 193.231.236.25
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/13 15:55:00 | 000,000,043 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/15 23:11:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\X-Files\Desktop\OTL.exe
[2013/06/15 22:58:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/15 22:21:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/15 22:21:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/15 22:21:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/15 22:20:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/15 22:20:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/15 22:19:22 | 005,080,151 | R--- | C] (Swearware) -- C:\Users\X-Files\Desktop\ComboFix.exe
[2013/06/15 18:27:17 | 000,000,000 | ---D | C] -- C:\Users\X-Files\Desktop\RK_Quarantine
[2013/06/15 15:53:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\X-Files\Desktop\HiJackThis.exe
[2013/06/15 13:37:31 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\Malwarebytes
[2013/06/15 13:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/15 13:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/15 13:37:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/15 13:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/15 13:36:57 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Local\Programs
[2013/06/15 13:34:29 | 010,284,816 | ---- | C] (Malwarebytes Corporation     ) -- C:\Users\X-Files\Desktop\mbam-setup.exe
[2013/06/15 09:16:23 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/15 09:16:22 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/13 07:52:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/13 07:52:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/13 07:52:54 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/13 07:52:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/13 07:52:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/13 07:52:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/13 07:52:54 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/13 07:52:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/13 07:52:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/13 07:52:53 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/13 07:52:52 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/13 07:52:52 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/13 07:52:52 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 08:20:49 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 08:20:49 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 08:20:43 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 08:20:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 08:20:28 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/12 08:20:20 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 08:20:20 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 08:20:20 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 08:20:20 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 08:20:20 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 08:20:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 08:20:10 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/12 08:20:10 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/08 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldUnlock Calculator
[2013/06/08 14:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldUnlock Calculator
[2013/06/08 14:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WorldUnlock Codes Calculator
[2013/06/08 00:27:17 | 000,000,000 | ---D | C] -- C:\Users\X-Files\Desktop\New folder
[2013/06/04 11:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2013/06/04 11:24:25 | 000,000,000 | ---D | C] -- C:\MSI
[2013/06/02 23:31:12 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\ABBYY
[2013/06/02 23:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0
[2013/06/02 23:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2013/06/02 23:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0
[2013/06/02 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Local\ABBYY
[2013/06/02 23:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2013/06/02 23:23:52 | 000,000,000 | ---D | C] -- C:\FR90PE_VOL
[2013/05/29 10:24:47 | 000,000,000 | ---D | C] -- C:\Users\X-Files\Desktop\ANSAMBLU_SOMES_A-transfer_ro-29may-b6530a
[2013/05/28 10:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/05/28 10:42:00 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\Yahoo!
[2013/05/28 10:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2013/05/27 22:36:10 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\Skype
[2013/05/27 22:36:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/05/27 22:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/05/27 22:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/05/27 22:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/05/19 21:30:22 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Local\GHISLER
[2013/05/19 12:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\totalcmd
[2013/05/19 12:20:03 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\GHISLER
[2013/05/18 14:50:11 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2013/05/17 10:14:51 | 000,000,000 | ---D | C] -- C:\Users\X-Files\Documents\MATLAB
[2013/05/17 10:14:39 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\MathWorks
[2013/05/17 10:04:54 | 001,077,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSCOMCTL.OCX
[2013/05/17 10:04:54 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSHFLXGD.OCX
[2013/05/17 10:04:54 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RICHTX32.OCX
[2013/05/17 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB

========== Files - Modified Within 30 Days ==========

[2013/06/15 23:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\X-Files\Desktop\OTL.exe
[2013/06/15 23:06:17 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 23:06:17 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 23:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/15 22:58:16 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/15 22:58:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/15 22:57:56 | 3094,102,016 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/15 22:27:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/15 22:20:02 | 005,080,151 | R--- | M] (Swearware) -- C:\Users\X-Files\Desktop\ComboFix.exe
[2013/06/15 18:25:44 | 000,908,288 | ---- | M] () -- C:\Users\X-Files\Desktop\RogueKiller.exe
[2013/06/15 18:09:29 | 000,648,201 | ---- | M] () -- C:\Users\X-Files\Desktop\adwcleaner.exe
[2013/06/15 17:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce497568e6c852.job
[2013/06/15 15:53:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\X-Files\Desktop\HiJackThis.exe
[2013/06/15 13:50:08 | 000,796,420 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/15 13:50:08 | 000,663,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/15 13:50:08 | 000,122,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/15 13:37:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/15 13:35:32 | 010,284,816 | ---- | M] (Malwarebytes Corporation     ) -- C:\Users\X-Files\Desktop\mbam-setup.exe
[2013/06/14 07:35:30 | 011,619,024 | ---- | M] () -- C:\Users\X-Files\Desktop\Attachments_2013613.zip
[2013/06/12 19:03:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 19:03:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/11 21:56:29 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/08 17:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 14:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/08 11:03:34 | 000,291,952 | ---- | M] () -- C:\Windows\ETABS9.7.4chg.tb2
[2013/06/08 11:03:34 | 000,000,780 | ---- | M] () -- C:\Windows\ETABSv9.ini
[2013/06/08 11:03:27 | 000,000,218 | ---- | M] () -- C:\Windows\SysWow64\yh67o5v.tgz
[2013/06/08 11:03:27 | 000,000,114 | ---- | M] () -- C:\Windows\SysWow64\prsgrc.tgz
[2013/06/08 11:03:27 | 000,000,086 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz
[2013/06/07 13:41:41 | 000,097,950 | ---- | M] () -- C:\Users\X-Files\Documents\CV Neacsu Stefan.pdf
[2013/05/29 11:52:07 | 000,001,053 | ---- | M] () -- C:\Users\X-Files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/05/28 10:41:41 | 000,001,165 | ---- | M] () -- C:\Users\X-Files\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/05/18 19:59:24 | 000,007,608 | ---- | M] () -- C:\Users\X-Files\AppData\Local\Resmon.ResmonCfg
[2013/05/18 14:59:00 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/05/18 14:59:00 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/05/17 16:18:49 | 000,001,351 | ---- | M] () -- C:\Users\X-Files\Desktop\matlab.lnk
[2013/05/17 04:25:27 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/17 04:25:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/17 04:25:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/17 04:25:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/17 03:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/17 03:58:20 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/17 03:58:10 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/17 03:58:10 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/17 03:58:08 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/17 03:58:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/17 03:58:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

========== Files Created - No Company Name ==========

[2013/06/15 22:21:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/15 22:21:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/15 22:21:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/15 22:21:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/15 22:21:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/15 18:25:39 | 000,908,288 | ---- | C] () -- C:\Users\X-Files\Desktop\RogueKiller.exe
[2013/06/15 18:09:23 | 000,648,201 | ---- | C] () -- C:\Users\X-Files\Desktop\adwcleaner.exe
[2013/06/15 13:37:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/14 07:35:04 | 011,619,024 | ---- | C] () -- C:\Users\X-Files\Desktop\Attachments_2013613.zip
[2013/06/07 13:41:41 | 000,097,950 | ---- | C] () -- C:\Users\X-Files\Documents\CV Neacsu Stefan.pdf
[2013/05/28 10:41:41 | 000,001,165 | ---- | C] () -- C:\Users\X-Files\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/05/19 12:20:04 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2013/05/19 12:20:04 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2013/05/19 12:20:03 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2013/05/19 12:20:03 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2013/05/18 19:59:24 | 000,007,608 | ---- | C] () -- C:\Users\X-Files\AppData\Local\Resmon.ResmonCfg
[2013/05/18 14:58:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/05/18 14:58:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/05/17 10:14:30 | 000,001,351 | ---- | C] () -- C:\Users\X-Files\Desktop\matlab.lnk
[2013/05/16 12:07:24 | 002,469,248 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013/05/16 12:07:24 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013/05/16 12:07:24 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013/05/16 12:07:24 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013/05/16 12:07:24 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013/05/10 22:22:32 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/04/27 08:22:14 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/04/27 08:06:34 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/25 07:27:40 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\wzlqmhg.dll
[2013/04/25 07:27:40 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2013/04/25 07:27:40 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2013/04/25 07:27:40 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2013/04/25 07:27:40 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\wu23wbk.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\uzqdpji.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\us5e1h5.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\rsbzsoo.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\r9xh74u.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\ojxgp0r.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\ls3v6ks.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\l0ebt1m.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\kwovleu.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\jzco9vj.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\hpdlnno.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\edrgezx.dll
[2013/04/25 06:51:39 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/04/25 06:51:38 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/04/25 06:51:38 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013/04/25 06:51:37 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2011/12/08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 08:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 07:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/27 22:31:23 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\Autodesk
[2013/04/29 01:07:06 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\BSplayer
[2013/04/29 01:01:12 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\BSplayer Pro
[2013/04/27 08:03:52 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\DAEMON Tools Pro
[2013/06/15 23:10:38 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\Dropbox
[2013/05/19 12:20:03 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\GHISLER
[2013/04/27 23:06:29 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\Graphisoft
[2013/04/27 22:56:04 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\Install.GS
[2013/04/27 09:51:44 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\Mathsoft
[2013/04/27 21:30:18 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\PTC
[2013/06/05 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\TeamViewer
[2013/06/15 14:55:27 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

Ruleaza din nou OTL.
Copiaza ce e citat mai jos si "Paste"(Lipeste) textul in OTL.

Quote

Vezi pe imagine cum.
Apasa Run Fix.
Posteaza logul aici.
[ http://s23.postimg.org/6ui8tyrrv/OTLsc.jpg - Pentru incarcare in pagina (embed) Click aici ]

Am dat sa faca treaba asta si de o ora de cand a inceput nu s-a schimbat nimic. Imi arata cam asa:
[ http://s23.postimg.org/w8s6y0f0n/Untitled.jpg - Pentru incarcare in pagina (embed) Click aici ]
Il mai las?

Mai lasa-l sa vezi ce se intampla.
Daca dupa 10 minute tot asa e, atunci ruleaza-l asa:

Ruleaza din nou OTL.
Copiaza ce e citat mai jos si "Paste"(Lipeste) textul in OTL.

Quote

Vezi pe imagine cum.
Apasa Run Fix.
Posteaza logul aici.
[ http://s23.postimg.org/6ui8tyrrv/OTLsc.jpg - Pentru incarcare in pagina (embed) Click aici ]

Dupa refaci scanarea ca aici:
http://forum.softped.../#entry13341777

Am refacut scanarea dar nu mi-a mai aparut decat OTL.txt, extras.txt nu.

OTL logfile created on: 6/16/2013 11:57:08 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\X-Files\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 63.74% Memory free
7.68 Gb Paging File | 6.21 Gb Available in Paging File | 80.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117.09 Gb Total Space | 48.22 Gb Free Space | 41.18% Space Free | Partition Type: NTFS
Drive D: | 148.30 Gb Total Space | 17.20 Gb Free Space | 11.60% Space Free | Partition Type: NTFS
Drive E: | 200.27 Gb Total Space | 142.33 Gb Free Space | 71.07% Space Free | Partition Type: NTFS
Drive H: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: X-FILES-PC | User Name: X-Files | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/06/15 23:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\X-Files\Desktop\OTL.exe
PRC - [2013/06/07 15:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2013/03/15 08:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/12/13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012/10/23 11:25:06 | 002,744,960 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/02/26 22:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/12/16 07:38:48 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 07:38:46 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 07:38:24 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/14 17:17:52 | 000,261,456 | ---- | M] () -- C:\Program Files (x86)\Join Air\AssistantServices.exe
PRC - [2011/02/14 17:17:52 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\Join Air\UIExec.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/15 08:53:06 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/02/14 17:17:52 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\Join Air\UIExec.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/27 08:21:42 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013/03/15 12:52:10 | 004,466,120 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2012/01/20 16:15:14 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2011/12/08 16:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/12 19:03:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/07 15:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/11 23:40:21 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/05/11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 08:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2012/03/06 11:09:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/16 07:38:48 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 07:38:46 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/16 07:38:24 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/08/31 16:11:40 | 002,425,960 | R--- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/14 17:17:52 | 000,261,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/27 08:02:30 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/15 12:52:08 | 000,331,144 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2013/03/15 12:52:08 | 000,303,368 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2013/03/15 12:52:08 | 000,141,064 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2013/03/15 12:52:08 | 000,090,056 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2013/03/15 12:52:08 | 000,063,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2013/03/15 12:52:08 | 000,060,488 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2013/03/15 08:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/02/20 11:07:38 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/01/10 15:08:16 | 000,139,768 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2013/01/10 15:08:14 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/07 16:48:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/29 17:34:48 | 003,545,088 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/02/27 19:55:24 | 014,741,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/26 22:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/26 22:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/26 22:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/01/20 16:14:34 | 000,016,128 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2011/12/05 22:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/09 20:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/14 08:49:22 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/09/22 07:00:04 | 000,097,792 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WibuKey64.sys -- (WIBUKEY)
DRV:64bit: - [2011/09/21 13:08:10 | 000,376,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/09/02 06:46:28 | 000,339,048 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/07 09:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2009/09/27 09:53:54 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/09/27 09:53:54 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/09/27 09:53:54 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/09/27 09:53:54 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/09/07 09:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://http://www.ya...ilc=8.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://http://www.ya...ilc=8.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://http://www.ya...ilc=8.yahoo.com
IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 C8 A2 31 66 41 CE 01  [binary data]
IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2419175925-1990461145-1146479879-1002\..\SearchScopes,DefaultScope =


========== Firefox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@graphisoft.com/GDL Web Plug-in: C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA Thunderbird [2013/04/25 06:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/05/10 22:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/04/25 06:54:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/05/10 22:22:11 | 000,000,000 | ---D | M]

[2013/05/10 22:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions
[2013/05/10 22:22:11 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - Extension: Google Docs = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disc Google = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: One Number = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi\1.5.6.18_0\
CHR - Extension: căutare Google = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Gmail = C:\Users\X-Files\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/15 22:27:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\.DEFAULT..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-18..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\X-Files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\X-Files\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O7 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2419175925-1990461145-1146479879-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.180.19.254 193.231.3.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{445AC949-72F4-4C9A-BB30-7B9C7A9FD974}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEFE8A4B-67FE-4173-AB36-8AB32BB341CE}: DhcpNameServer = 81.180.19.254 193.231.3.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDC480B6-A7E0-4502-A25B-146A1442B8A0}: NameServer = 193.231.236.30 193.231.236.25
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/13 15:55:00 | 000,000,043 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/16 09:17:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/15 23:11:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\X-Files\Desktop\OTL.exe
[2013/06/15 22:58:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/15 22:21:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/15 22:21:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/15 22:21:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/15 22:20:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/15 22:20:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/15 22:19:22 | 005,080,151 | R--- | C] (Swearware) -- C:\Users\X-Files\Desktop\ComboFix.exe
[2013/06/15 18:27:17 | 000,000,000 | ---D | C] -- C:\Users\X-Files\Desktop\RK_Quarantine
[2013/06/15 15:53:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\X-Files\Desktop\HiJackThis.exe
[2013/06/15 13:37:31 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\Malwarebytes
[2013/06/15 13:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/15 13:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/15 13:37:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/15 13:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/15 13:36:57 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Local\Programs
[2013/06/15 13:34:29 | 010,284,816 | ---- | C] (Malwarebytes Corporation     ) -- C:\Users\X-Files\Desktop\mbam-setup.exe
[2013/06/15 09:16:23 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/15 09:16:22 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/13 07:52:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/13 07:52:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/13 07:52:54 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/13 07:52:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/13 07:52:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/13 07:52:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/13 07:52:54 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/13 07:52:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/13 07:52:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/13 07:52:53 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/13 07:52:52 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/13 07:52:52 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/13 07:52:52 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 08:20:49 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 08:20:49 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 08:20:43 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 08:20:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 08:20:28 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/12 08:20:20 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 08:20:20 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 08:20:20 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 08:20:20 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 08:20:20 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 08:20:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 08:20:10 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/12 08:20:10 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/08 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldUnlock Calculator
[2013/06/08 14:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldUnlock Calculator
[2013/06/08 14:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WorldUnlock Codes Calculator
[2013/06/08 00:27:17 | 000,000,000 | ---D | C] -- C:\Users\X-Files\Desktop\New folder
[2013/06/04 11:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2013/06/04 11:24:25 | 000,000,000 | ---D | C] -- C:\MSI
[2013/06/02 23:31:12 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\ABBYY
[2013/06/02 23:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0
[2013/06/02 23:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2013/06/02 23:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0
[2013/06/02 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Local\ABBYY
[2013/06/02 23:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2013/06/02 23:23:52 | 000,000,000 | ---D | C] -- C:\FR90PE_VOL
[2013/05/29 10:24:47 | 000,000,000 | ---D | C] -- C:\Users\X-Files\Desktop\ANSAMBLU_SOMES_A-transfer_ro-29may-b6530a
[2013/05/28 10:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/05/28 10:42:00 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\Yahoo!
[2013/05/28 10:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2013/05/27 22:36:10 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\Skype
[2013/05/27 22:36:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/05/27 22:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/05/27 22:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/05/27 22:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/05/19 21:30:22 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Local\GHISLER
[2013/05/19 12:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\totalcmd
[2013/05/19 12:20:03 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\GHISLER
[2013/05/18 14:50:11 | 000,000,000 | ---D | C] -- C:\Users\X-Files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool

========== Files - Modified Within 30 Days ==========

[2013/06/16 11:51:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/16 11:51:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/16 11:51:38 | 3094,102,016 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/16 11:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce497568e6c852.job
[2013/06/16 11:12:48 | 000,134,782 | ---- | M] () -- C:\Users\X-Files\Desktop\Untitled.png
[2013/06/16 11:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/16 09:10:11 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/16 09:10:11 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 23:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\X-Files\Desktop\OTL.exe
[2013/06/15 22:27:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/15 22:20:02 | 005,080,151 | R--- | M] (Swearware) -- C:\Users\X-Files\Desktop\ComboFix.exe
[2013/06/15 18:25:44 | 000,908,288 | ---- | M] () -- C:\Users\X-Files\Desktop\RogueKiller.exe
[2013/06/15 18:09:29 | 000,648,201 | ---- | M] () -- C:\Users\X-Files\Desktop\adwcleaner.exe
[2013/06/15 15:53:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\X-Files\Desktop\HiJackThis.exe
[2013/06/15 13:50:08 | 000,796,420 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/15 13:50:08 | 000,663,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/15 13:50:08 | 000,122,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/15 13:37:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/15 13:35:32 | 010,284,816 | ---- | M] (Malwarebytes Corporation     ) -- C:\Users\X-Files\Desktop\mbam-setup.exe
[2013/06/14 07:35:30 | 011,619,024 | ---- | M] () -- C:\Users\X-Files\Desktop\Attachments_2013613.zip
[2013/06/12 19:03:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 19:03:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/11 21:56:29 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/08 17:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 14:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/08 11:03:34 | 000,291,952 | ---- | M] () -- C:\Windows\ETABS9.7.4chg.tb2
[2013/06/08 11:03:34 | 000,000,780 | ---- | M] () -- C:\Windows\ETABSv9.ini
[2013/06/08 11:03:27 | 000,000,218 | ---- | M] () -- C:\Windows\SysWow64\yh67o5v.tgz
[2013/06/08 11:03:27 | 000,000,114 | ---- | M] () -- C:\Windows\SysWow64\prsgrc.tgz
[2013/06/08 11:03:27 | 000,000,086 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz
[2013/06/07 13:41:41 | 000,097,950 | ---- | M] () -- C:\Users\X-Files\Documents\CV Neacsu Stefan.pdf
[2013/05/29 11:52:07 | 000,001,053 | ---- | M] () -- C:\Users\X-Files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/05/28 10:41:41 | 000,001,165 | ---- | M] () -- C:\Users\X-Files\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/05/18 19:59:24 | 000,007,608 | ---- | M] () -- C:\Users\X-Files\AppData\Local\Resmon.ResmonCfg
[2013/05/18 14:59:00 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/05/18 14:59:00 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/05/17 16:18:49 | 000,001,351 | ---- | M] () -- C:\Users\X-Files\Desktop\matlab.lnk

========== Files Created - No Company Name ==========

[2013/06/16 11:12:48 | 000,134,782 | ---- | C] () -- C:\Users\X-Files\Desktop\Untitled.png
[2013/06/15 22:21:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/15 22:21:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/15 22:21:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/15 22:21:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/15 22:21:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/15 18:25:39 | 000,908,288 | ---- | C] () -- C:\Users\X-Files\Desktop\RogueKiller.exe
[2013/06/15 18:09:23 | 000,648,201 | ---- | C] () -- C:\Users\X-Files\Desktop\adwcleaner.exe
[2013/06/15 13:37:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/14 07:35:04 | 011,619,024 | ---- | C] () -- C:\Users\X-Files\Desktop\Attachments_2013613.zip
[2013/06/07 13:41:41 | 000,097,950 | ---- | C] () -- C:\Users\X-Files\Documents\CV Neacsu Stefan.pdf
[2013/05/28 10:41:41 | 000,001,165 | ---- | C] () -- C:\Users\X-Files\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/05/19 12:20:04 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2013/05/19 12:20:04 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2013/05/19 12:20:03 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2013/05/19 12:20:03 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2013/05/18 19:59:24 | 000,007,608 | ---- | C] () -- C:\Users\X-Files\AppData\Local\Resmon.ResmonCfg
[2013/05/18 14:58:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/05/18 14:58:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/05/16 12:07:24 | 002,469,248 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013/05/16 12:07:24 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013/05/16 12:07:24 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013/05/16 12:07:24 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013/05/16 12:07:24 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013/05/10 22:22:32 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/04/27 08:22:14 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/04/27 08:06:34 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/25 07:27:40 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\wzlqmhg.dll
[2013/04/25 07:27:40 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2013/04/25 07:27:40 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2013/04/25 07:27:40 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2013/04/25 07:27:40 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\wu23wbk.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\uzqdpji.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\us5e1h5.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\rsbzsoo.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\r9xh74u.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\ojxgp0r.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\ls3v6ks.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\l0ebt1m.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\kwovleu.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\jzco9vj.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\hpdlnno.dll
[2013/04/25 07:27:40 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\edrgezx.dll
[2013/04/25 06:51:39 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/04/25 06:51:38 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/04/25 06:51:38 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013/04/25 06:51:37 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2011/12/08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 08:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 07:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/27 22:31:23 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\Autodesk
[2013/04/29 01:07:06 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\BSplayer
[2013/04/29 01:01:12 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\BSplayer Pro
[2013/04/27 08:03:52 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\DAEMON Tools Pro
[2013/06/16 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\Dropbox
[2013/05/19 12:20:03 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\GHISLER
[2013/04/27 23:06:29 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\Graphisoft
[2013/04/27 22:56:04 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\Install.GS
[2013/04/27 09:51:44 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\Mathsoft
[2013/04/27 21:30:18 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\PTC
[2013/06/05 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\TeamViewer
[2013/06/15 14:55:27 | 000,000,000 | ---D | M] -- C:\Users\X-Files\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

Ai reusit sa-ti nenorocesti Sistemul de operare si asta cu buna stiinta.

Ruleaza din nou OTL.
Copiaza ce e citat mai jos si "Paste"(Lipeste) textul in OTL.

Quote

Vezi pe imagine cum.
Apasa Run Fix.
Posteaza logul aici.
[ http://s23.postimg.org/6ui8tyrrv/OTLsc.jpg - Pentru incarcare in pagina (embed) Click aici ]

Auzi, eu ce probleme am? Am niste virusi sau am probleme la sistemul de operare?
Ca daca windowsul e problema, il reinstalez
Uite si logul:

All processes killed
========== OTL ==========
Process TeamViewer_Service.exe killed successfully!
Process c2c_service.exe killed successfully!
Service TeamViewer8 stopped successfully!
Service TeamViewer8 deleted successfully!
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe moved successfully.
Service Skype C2C Service stopped successfully!
Service Skype C2C Service deleted successfully!
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@graphisoft.com/GDL Web Plug-in\ deleted successfully.
C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\mz folder moved successfully.
C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome folder moved successfully.
C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected] folder moved successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected] not found.
Folder C:\Users\X-Files\AppData\Roaming\Mozilla\Extensions\[email protected]\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
C:\Program Files (x86)\ABBYY FineReader 9.0\Support folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Adobe folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0\Resource\Unicode\Mappings folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0\Resource\Unicode\Icu folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0\Resource\Unicode folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0\Resource\Font folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0\Resource\Cmap folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0\Resource folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0\Microsoft.VC80.CRT folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0\Guide folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0\Demo folder moved successfully.
C:\Program Files (x86)\ABBYY FineReader 9.0 folder moved successfully.
C:\Program Files (x86)\totalcmd\LANGUAGE folder moved successfully.
C:\Program Files (x86)\totalcmd folder moved successfully.
C:\Windows\SysWOW64\wzlqmhg.dll moved successfully.
C:\Windows\SysWOW64\wu23wbk.dll moved successfully.
C:\Windows\SysWOW64\uzqdpji.dll moved successfully.
C:\Windows\SysWOW64\us5e1h5.dll moved successfully.
C:\Windows\SysWOW64\rsbzsoo.dll moved successfully.
C:\Windows\SysWOW64\r9xh74u.dll moved successfully.
C:\Windows\SysWOW64\ojxgp0r.dll moved successfully.
C:\Windows\SysWOW64\ls3v6ks.dll moved successfully.
C:\Windows\SysWOW64\l0ebt1m.dll moved successfully.
C:\Windows\SysWOW64\kwovleu.dll moved successfully.
C:\Windows\SysWOW64\jzco9vj.dll moved successfully.
C:\Windows\SysWOW64\hpdlnno.dll moved successfully.
C:\Windows\SysWOW64\edrgezx.dll moved successfully.
C:\Users\X-Files\AppData\Roaming\Mathsoft\Mathcad\14\Autosave folder moved successfully.
C:\Users\X-Files\AppData\Roaming\Mathsoft\Mathcad\14 folder moved successfully.
C:\Users\X-Files\AppData\Roaming\Mathsoft\Mathcad folder moved successfully.
C:\Users\X-Files\AppData\Roaming\Mathsoft folder moved successfully.
C:\Users\X-Files\AppData\Roaming\PTC\ProENGINEER\Wildfire\.wf folder moved successfully.
C:\Users\X-Files\AppData\Roaming\PTC\ProENGINEER\Wildfire folder moved successfully.
C:\Users\X-Files\AppData\Roaming\PTC\ProENGINEER folder moved successfully.
C:\Users\X-Files\AppData\Roaming\PTC folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\X-Files\Desktop\cmd.bat deleted successfully.
C:\Users\X-Files\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: X-Files
->Temp folder emptied: 456 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 46001765 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8408728 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 974341937 bytes

Total Files Cleaned = 981.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: X-Files
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: X-Files
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06162013_141216
Files\Folders moved on Reboot...
C:\Users\X-Files\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

Poti sa-l reinstalezi!
Dar fara sa folosesti:

Quote

Softpedia nu incurajeaza pirateria!