Nova poruka

Iskakanje reklamnih prozora u Windowsima

poruka: 16
|
čitano: 11.303
|
moderatori: pirat, XXX-Man, vincimus
1
+/- sve poruke
ravni prikaz
starije poruke gore
snake01091989ST 
14 godina
neaktivan
offline
čet 1.3.2012 20:14
Odgovori Citiraj
Iskakanje reklamnih prozora u Windowsima

Pozz ekipa,,,

 

imam jedan iritirajući problem zadnja 2 tjedna a radi se o tome da mi stalno iskaču nekakvi prozori u Windowsima (ne u browserima) s reklamama za igre, web stranice, bla bla bla,,,zadrže se nekih 5-10 sekundi i nestanu, al nemoguće ih je uhvatiti sa printscreenom ili zatvoriti jer nema Xa i svaki put kad se pojave kickaju me iz igre ako slučajno igram u tom trenu,,,molim Vas pomagajte jer ću ispalit na živce, samo mi nemojte reći da reinstaliram windowse jer sam to napravio nedavno :D

 

Zahvaljujem unaprijed ;)

Moj PC  
trajni link
0 0 hvala 0
geek_boy1 
15 godina
neaktivan
offline
čet 1.3.2012 20:16
Odgovori Citiraj
Iskakanje reklamnih prozora u Windowsima

skeniraj komp sa antivirusom ..

Samobor je lepa varoš :))
Moj PC  
trajni link
0 0 hvala 0
snake01091989ST 
14 godina
neaktivan
offline
čet 1.3.2012 20:17
Odgovori Citiraj
Re: Iskakanje reklamnih prozora u Windowsima

jesam, nema pomoći :(

Moj PC  
trajni link nadporuka
0 0 hvala 0
rambox 
17 godina
offline
čet 1.3.2012 20:19
Odgovori Citiraj
Re: Iskakanje reklamnih prozora u Windowsima
snake01091989ST kaže...

Pozz ekipa,,,

 

imam jedan iritirajući problem zadnja 2 tjedna a radi se o tome da mi stalno iskaču nekakvi prozori u Windowsima (ne u browserima) s reklamama za igre, web stranice, bla bla bla,,,zadrže se nekih 5-10 sekundi i nestanu, al nemoguće ih je uhvatiti sa printscreenom ili zatvoriti jer nema Xa i svaki put kad se pojave kickaju me iz igre ako slučajno igram u tom trenu,,,molim Vas pomagajte jer ću ispalit na živce, samo mi nemojte reći da reinstaliram windowse jer sam to napravio nedavno :D

 

Zahvaljujem unaprijed ;)

Odradi skeniranje sa HitmanPro, kak sam dole preporučil instaliraj ga na komp i nema problema. Usput odradi i sa Malwarebytes,ali samo Quck Scan radi dodatne provjere i to je to pa onda javi rezultate.{#}

 

http://www.bug.hr/forum/topic/internet/kako-prepoznati-pravi-virus/134139.aspx?page=0&jumpto=2590991&sort=asc&view=flat

 

http://www.filehippo.com/download_malwarebytes_anti_malware/

http://www.vhnd.com/a-different-kind-of-truth/
Moj PC  
trajni link nadporuka
0 0 hvala 0
snake01091989ST 
14 godina
neaktivan
offline
čet 1.3.2012 20:27
Odgovori Citiraj
Re: Iskakanje reklamnih prozora u Windowsima
rambox kaže...
snake01091989ST kaže...

Pozz ekipa,,,

 

imam jedan iritirajući problem zadnja 2 tjedna a radi se o tome da mi stalno iskaču nekakvi prozori u Windowsima (ne u browserima) s reklamama za igre, web stranice, bla bla bla,,,zadrže se nekih 5-10 sekundi i nestanu, al nemoguće ih je uhvatiti sa printscreenom ili zatvoriti jer nema Xa i svaki put kad se pojave kickaju me iz igre ako slučajno igram u tom trenu,,,molim Vas pomagajte jer ću ispalit na živce, samo mi nemojte reći da reinstaliram windowse jer sam to napravio nedavno :D

 

Zahvaljujem unaprijed ;)

Odradi skeniranje sa HitmanPro, kak sam dole preporučil instaliraj ga na komp i nema problema. Usput odradi i sa Malwarebytes,ali samo Quck Scan radi dodatne provjere i to je to pa onda javi rezultate.{#}

 

http://www.bug.hr/forum/topic/internet/kako-prepoznati-pravi-virus/134139.aspx?page=0&jumpto=2590991&sort=asc&view=flat

 

http://www.filehippo.com/download_malwarebytes_anti_malware/

pokušat ću i javit ću tek sutra jer ne izlijeću tako često da mogu odmah javiti,,,

Moj PC  
trajni link nadporuka
0 0 hvala 0
rambox 
17 godina
offline
čet 1.3.2012 20:34
Odgovori Citiraj
Re: Iskakanje reklamnih prozora u Windowsima
snake01091989ST kaže...
rambox kaže...

Odradi skeniranje sa HitmanPro, kak sam dole preporučil instaliraj ga na komp i nema problema. Usput odradi i sa Malwarebytes,ali samo Quck Scan radi dodatne provjere i to je to pa onda javi rezultate.{#}

 

http://www.bug.hr/forum/topic/internet/kako-prepoznati-pravi-virus/134139.aspx?page=0&jumpto=2590991&sort=asc&view=flat

 

http://www.filehippo.com/download_malwarebytes_anti_malware/

pokušat ću i javit ću tek sutra jer ne izlijeću tako često da mogu odmah javiti,,,

Ti samo javi kaj su pronašla ta dva programa, skeniranje s njima ionako traje kratko i ak su počistitli dosta toga onda je situacija otprilike jasna.{#}

http://www.vhnd.com/a-different-kind-of-truth/
Moj PC  
trajni link nadporuka
0 0 hvala 0
snake01091989ST 
14 godina
neaktivan
offline
čet 1.3.2012 21:33
Odgovori Citiraj
Re: Iskakanje reklamnih prozora u Windowsima

Skenirao sam i izbrisao sve šta su našli (15ak zaraženih datoteka) i opet nema pomoći,,,i primjetio sam da kada iskoči taj prozor komp se jednostavno smrzne dok prozor ne nestane, ništa ne funkcionira,,, O.o

 

Poruka je uređivana zadnji put čet 1.3.2012 21:36 (snake01091989ST).
Moj PC  
trajni link nadporuka
0 0 hvala 0
total 
17 godina
neaktivan
offline
pet 2.3.2012 12:29
Odgovori Citiraj
Re: Iskakanje reklamnih prozora u Windowsima
snake01091989ST kaže...

Skenirao sam i izbrisao sve šta su našli (15ak zaraženih datoteka) i opet nema pomoći,,,i primjetio sam da kada iskoči taj prozor komp se jednostavno smrzne dok prozor ne nestane, ništa ne funkcionira,,, O.o

 

 uradi ovako, i logove koje dobiješ kopiraj da pogledam

 
trajni link nadporuka
0 0 hvala 0
Father_Dougal 
17 godina
offline
pet 2.3.2012 12:42
Odgovori Citiraj
Re: Iskakanje reklamnih prozora u Windowsima
snake01091989ST kaže...

Skenirao sam i izbrisao sve šta su našli (15ak zaraženih datoteka) i opet nema pomoći,,,i primjetio sam da kada iskoči taj prozor komp se jednostavno smrzne dok prozor ne nestane, ništa ne funkcionira,,, O.o

 

Windowsi patchirani zadnjim nadogradnjama?

I was only mostly dead, try finding that option on government paperwork!
Moj PC  
trajni link nadporuka
0 0 hvala 0
snake01091989ST 
14 godina
neaktivan
offline
pon 5.3.2012 23:21
Odgovori Citiraj
Re: Iskakanje reklamnih prozora u Windowsima
total kaže...
snake01091989ST kaže...

Skenirao sam i izbrisao sve šta su našli (15ak zaraženih datoteka) i opet nema pomoći,,,i primjetio sam da kada iskoči taj prozor komp se jednostavno smrzne dok prozor ne nestane, ništa ne funkcionira,,, O.o

 

 uradi ovako, i logove koje dobiješ kopiraj da pogledam

pozz prika,,,

 

evo log od RogueKiller-a:

 

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Snake [Admin rights]

Mode: Scan -- Date: 03/05/2012 22:57:28

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 6 ¤¤¤

[SUSP PATH] HKCU\[...]\Run : Drivers ("C:\Users\Snake\AppData\Roaming\driver.exe") -> FOUND

[SUSP PATH] HKUS\S-1-5-21-3752930861-2899763130-1952413251-1001[...]\Run : Drivers ("C:\Users\Snake\AppData\Roaming\driver.exe") -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [NOT LOADED] ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD10EARS-00Y5B1 ATA Device +++++

--- User ---

[MBR] c4484109a33f9badb6508c13d8ae7548

[BSP] 1d34c0b520c046027716c55407847d01 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: MAXTOR STM3320613AS ATA Device +++++

--- User ---

[MBR] fb39c9f66000f8918acce3d85f430b13

[BSP] 2976cf299414096fc20d191bf432535a : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305241 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive2: WDC WD7501AALS-00E8B0 ATA Device +++++

--- User ---

[MBR] e55b2ed0d31c47c7fb86ea347476af50

[BSP] 9f85e6ec687d2ec0414b1b652613708e : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 612992 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1255409664 | Size: 102410 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive3: Generic USB SD Reader USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

 

+++++ PhysicalDrive4: Generic USB CF Reader USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

i log od OTSa:
[code]
OTS logfile created on: 5.3.2012. 23:00:38 - Run 1
OTS by OldTimer - Version 3.1.47.2    Folder = M:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 598,63 Gb Total Space | 477,74 Gb Free Space | 79,81% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 167,81 Gb Free Space | 56,30% Space Free | Partition Type: NTFS
Drive E: | 3,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 100,01 Gb Total Space | 84,35 Gb Free Space | 84,34% Space Free | Partition Type: NTFS
Drive M: | 931,51 Gb Total Space | 37,55 Gb Free Space | 4,03% Space Free | Partition Type: NTFS
 
Computer Name: SNAKE-PC
Current User Name: Snake
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> M:\Downloads\OTS.exe -> [2012.03.05 22:45:59 | 000,646,656 | ---- | M] (OldTimer Tools)
roguekiller (1).exe -> M:\Downloads\RogueKiller (1).exe -> [2012.03.05 22:45:37 | 001,339,904 | ---- | M] ()
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2012.03.01 22:05:44 | 002,152,152 | ---- | M] (Lavasoft Limited)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2012.03.01 22:05:44 | 001,187,072 | ---- | M] (Lavasoft Limited)
msiafterburner.exe -> C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe -> [2011.02.15 12:20:22 | 000,364,544 | ---- | M] ()
vbc.exe -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe -> [2010.11.05 02:58:15 | 001,169,224 | ---- | M] (Microsoft Corporation)
everest.exe -> M:\Downloads\Programi\EVEREST Ultimate v5.02 Portable\everest.exe -> [2009.09.16 18:39:44 | 002,438,752 | ---- | M] (Lavalys, Inc.)
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2009.07.20 04:00:00 | 000,077,824 | ---- | M] ()
 
[Modules - No Company Name]
ppgooglenaclpluginchrome.dll -> C:\Users\Snake\AppData\Local\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll -> [2012.02.15 06:03:36 | 000,429,040 | ---- | M] ()
pdf.dll -> C:\Users\Snake\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll -> [2012.02.15 06:03:34 | 003,772,912 | ---- | M] ()
avutil-51.dll -> C:\Users\Snake\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll -> [2012.02.15 06:02:10 | 000,122,880 | ---- | M] ()
avformat-53.dll -> C:\Users\Snake\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll -> [2012.02.15 06:02:08 | 000,220,672 | ---- | M] ()
avcodec-53.dll -> C:\Users\Snake\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll -> [2012.02.15 06:02:07 | 001,747,456 | ---- | M] ()
gcswf32.dll -> C:\Users\Snake\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll -> [2012.02.15 03:00:24 | 008,593,568 | ---- | M] ()
msiafterburner.exe -> C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe -> [2011.02.15 12:20:22 | 000,364,544 | ---- | M] ()
rtmui.dll -> C:\Program Files (x86)\MSI Afterburner\RTMUI.dll -> [2011.02.15 12:20:08 | 000,061,440 | ---- | M] ()
rthal.dll -> C:\Program Files (x86)\MSI Afterburner\RTHAL.dll -> [2011.02.15 12:20:02 | 000,278,528 | ---- | M] ()
rtcore.dll -> C:\Program Files (x86)\MSI Afterburner\RTCore.dll -> [2011.02.15 12:19:44 | 000,229,376 | ---- | M] ()
rtui.dll -> C:\Program Files (x86)\MSI Afterburner\RTUI.dll -> [2011.02.15 12:19:30 | 000,147,456 | ---- | M] ()
rtfc.dll -> C:\Program Files (x86)\MSI Afterburner\RTFC.dll -> [2011.02.15 12:19:20 | 000,061,440 | ---- | M] ()
rttsh.dll -> C:\Program Files (x86)\MSI Afterburner\RTTSH.dll -> [2010.07.27 05:37:16 | 000,013,312 | ---- | M] ()
grooveintlresource.dll -> C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll -> [2010.01.21 01:34:10 | 008,793,952 | ---- | M] ()
office.odf -> C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF -> [2010.01.09 20:18:18 | 004,254,560 | ---- | M] ()
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2009.07.20 04:00:00 | 000,077,824 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(FLEXnet Licensing Service 64)  [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -> [2012.01.20 19:17:00 | 001,431,888 | ---- | M] (Flexera Software, Inc.)
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2011.12.06 04:11:56 | 000,235,520 | ---- | M] (AMD)
64bit-(AMD FUEL Service)  [Auto | Running] -> C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -> [2011.12.05 22:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(NisSrv)  [On_Demand | Stopped] -> c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -> [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation)
64bit-(MsMpSvc)  [Auto | Running] -> c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation)
64bit-(wlcrasvc)  [Disabled | Stopped] -> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -> [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation)
64bit-(LBTServ)  [On_Demand | Stopped] -> C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -> [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.)
64bit-(WinDefend)  [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(AppMgmt)  [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2012.03.01 22:05:44 | 002,152,152 | ---- | M] (Lavasoft Limited)
(TeamViewer7) TeamViewer 7 [Disabled | Stopped] -> C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -> [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH)
(TeamViewer6) TeamViewer 6 [Disabled | Stopped] -> C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -> [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH)
(AdobeARMservice) Adobe Acrobat Update Service [Disabled | Stopped] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated)
(Autodesk Content Service) Autodesk Content Service [Disabled | Stopped] -> C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -> [2011.02.02 14:08:16 | 000,018,656 | ---- | M] ()
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(Nero BackItUp Scheduler 4.0) Nero BackItUp Scheduler 4.0 [Disabled | Stopped] -> C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -> [2008.09.29 05:09:20 | 000,935,208 | ---- | M] (Nero AG)
 
[Driver Services - Safe List]
64bit-(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\Lbd.sys -> [2011.12.23 07:12:12 | 000,069,376 | ---- | M] (Lavasoft AB)
64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2011.12.06 04:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2011.12.06 03:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(dtsoftbus01) DAEMON Tools Virtual Bus Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\dtsoftbus01.sys -> [2011.11.23 10:53:43 | 000,279,616 | ---- | M] (DT Soft Ltd)
64bit-(AtiHDAudioService) AMD Function Driver for HD Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtihdW76.sys -> [2011.10.17 18:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices)
64bit-(AODDriver4.01) AODDriver4.01 [Kernel | Auto | Running] -> C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -> [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices)
64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2011.05.13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation)
64bit-(NisDrv) Microsoft Network Inspection System [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\NisDrvWFP.sys -> [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpvideominiport.sys -> [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation)
64bit-(amdiox64) AMD IO Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\amdiox64.sys -> [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LMouFilt.Sys -> [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.)
64bit-(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LHidFilt.Sys -> [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                       )
(Lavasoft Kernexplorer) Lavasoft helper driver [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -> [2012.03.01 22:05:57 | 000,017,152 | ---- | M] ()
(speedfan) speedfan [Kernel | Boot | Running] -> C:\Windows\SysWOW64\speedfan.sys -> [2011.03.18 17:08:56 | 000,029,592 | ---- | M] (Almico Software)
(RTCore64) RTCore64 [Kernel | On_Demand | Running] -> C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -> [2010.05.27 01:43:00 | 000,014,648 | ---- | M] ()
(EverestDriver) Lavalys EVEREST Kernel Driver [Kernel | On_Demand | Running] -> M:\Downloads\Programi\EVEREST Ultimate v5.02 Portable\kerneld.amd64 -> [2009.09.05 18:27:16 | 000,026,240 | ---- | M] ()
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\] > -> -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/?ocid=iehp -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\: Main\\"Start Page Redirect Cache AcceptLangs" -> hr -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 83 2F 2E 07 1B DA CC 01  [binary data] -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1003\] > -> -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1003\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Snake\AppData\Roaming\Mozilla\FireFox\Profiles\b593iwom.default\prefs.js -> 
browser.startup.homepage -> "http://www.google.hr/" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2012.02.20 23:55:40 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2011.11.23 10:39:26 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Snake\AppData\Roaming\Mozilla\Extensions -> [2011.11.23 10:44:27 | 000,000,000 | ---D | M]
  -> C:\Users\Snake\AppData\Roaming\Mozilla\Firefox\Profiles\b593iwom.default\extensions -> [2012.03.01 20:06:23 | 000,000,000 | ---D | M]
Greasemonkey   -> C:\Users\Snake\AppData\Roaming\Mozilla\Firefox\Profiles\b593iwom.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2012.03.01 20:06:23 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2012.01.12 21:39:25 | 000,000,000 | ---D | M]
No name found -> C:\USERS\SNAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B593IWOM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI -> ()
< HOSTS File > ([2009.06.10 22:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012.01.10 13:28:38 | 000,079,240 | ---- | M] (Oracle Corporation)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Kernel and Hardware Abstraction Layer" -> C:\Windows\KHALMNPR.Exe [KHALMNPR.EXE] -> [2009.06.17 17:53:26 | 000,130,576 | ---- | M] (Logitech, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"avast5" ->  ["C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui] -> File not found
"Spybot-S&D Cleaning" ->  ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean] -> File not found
"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2011.12.05 22:46:16 | 000,343,168 | ---- | M] (Advanced Micro Devices, Inc.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" ->  [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" ->  [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\] > -> HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Drivers" -> C:\Users\Snake\AppData\Roaming\driver.exe ["C:\Users\Snake\AppData\Roaming\driver.exe"] -> [2012.02.28 14:49:18 | 000,717,312 | ---- | M] (Avira Operations GmbH & Co. KG)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [0] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"EnableLUA" ->  [0] -> File not found
\\"PromptOnSecureDesktop" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001] > -> HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001] > -> HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2011.12.21 01:02:26 | 004,448,256 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2011.12.21 01:02:26 | 004,448,256 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\] > -> HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2011.12.21 01:02:26 | 004,448,256 | ---- | M] (Google Inc.)
Search the Web ->  [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1003\] > -> HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2011.12.21 01:02:26 | 004,448,256 | ---- | M] (Google Inc.)
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\] > -> HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\] > -> HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1003\] > -> HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1003\] > -> HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab [Java Plug-in 10.3.1] -> 
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Java Plug-in 1.6.0_27] -> 
{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab [Java Plug-in 1.7.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab [Java Plug-in 1.7.0_03] -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29] -> 
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5053AC4F-5445-4C7F-B501-1FA758E003DE}\\DhcpNameServer -> 192.168.1.1   (Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009.07.14 02:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
userinit.exe -> C:\Windows\SysWow64\userinit.exe -> [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
LBTWlgn -> c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll -> [2009.07.20 12:36:46 | 000,076,816 | ---- | M] (Logitech, Inc.)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0B9BC3BA-8280-474A-8850-1EEBEC43A0E6} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{11B729BE-402C-4531-9F19-84C3BB40CBF8} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{11F6ECCB-0AFF-4D03-B994-D150624C8767} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{13E4CEAD-7A17-49AF-BAE6-D7FE74F6D784} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files\microsoft office\office14\outlook.exe | 
{1416E76E-B7ED-4542-A4C0-B0E35389A62B} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{450D6015-455F-4E23-8CCC-E763996628DB} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
{53D0EF58-CAFB-4FE1-9526-B84C42722DD3} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
{54FB7FEF-56FB-430D-A3AC-6F53687BE4AA} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
{5A0ADB70-828C-4034-89F9-5823ECA1C276} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{67E01D3A-BB95-4141-8FE9-A00DA9E020C2} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{76702E59-AFEC-4E46-A702-2D6FE57C88F7} -> lport=808 | protocol=6 | dir=in | action=allow | name=@c:\windows\microsoft.net\framework64\v4.0.30319\\servicemodelevents.dll,-2000 | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | svc=nettcpactivator | 
{7A20019B-FC7A-4146-8C3A-9A0FDF89422D} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
{7C2848AE-CC23-4C30-BC21-CA27CAFD86CB} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | 
{9D11AE87-055E-4E75-8FE4-C229F9D5DFE6} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | 
{B0E886BF-078B-4F6E-A348-1ADC1D8B1D49} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{C1B2320E-94C8-4AA6-BD80-82B0AA8C709C} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
{C35E833F-D60B-4379-A653-C229305DF8A6} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
{C6A7DC12-068F-45FC-9FB7-76D34B35AC4E} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
{C6C5BCF5-37E9-40F9-821B-FCE1CDBD7DFC} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
{D1C4DF70-14F1-48FC-883C-32E2436808DF} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{DCD0333B-1896-4570-9BAB-1AEF3C40520E} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{E07CC593-84BF-4278-A830-757A376939C3} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
{E85609CC-292D-4823-B252-AB43B1DCF5A9} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{F073A930-FD9B-4ECC-8359-86CC33B6FDA9} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
{F4A8F8D0-CAB8-4A3C-909E-D36F3FF1670B} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{F51A828C-2F1B-4624-9FFF-DA06FCF8CFA1} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{F5CB4684-BD70-4B5F-9AC0-654F6EE30DEC} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{02224B27-1A4E-4EDF-A599-E76052A89823} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
{13953A22-8DAB-4867-AF28-93D2D9DEB4C2} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files\microsoft office\office14\onenote.exe | 
{19D09916-86BB-4B70-82C0-19B4C9031B38} -> profile=private | protocol=6 | dir=in | action=allow | name=sweetim installer | app=m:\downloads\sweetimsetup.exe | 
{1D37AF5D-200A-41F7-B229-EA63436915EE} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{34237CCC-FD9B-48D0-A5E4-15EA74ECFEC1} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
{37EFCD56-18C4-4E8A-9568-DC75AAEFB280} -> profile=private | protocol=6 | dir=in | action=allow | name=battlefield: bad company™ 2 | app=c:\games\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
{39AC7967-2BF3-459D-ABFF-EB27B9776257} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{3AEF1C4C-1982-4544-A8BA-E1CE69A19709} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{3E4588EE-50BF-4BC7-BCD0-0868BA55C066} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{43DED7FD-F793-4780-A08E-EA76FF3C98C4} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 
{466F0EB6-13AF-4884-BD2E-4FBB21441AC6} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
{4A11476C-B508-4AFD-ACFA-75A36F9F3DA7} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{4F98384F-51F5-4A7B-948C-A38DB0969471} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{5706B295-3564-43B4-AF60-57729A0FA01C} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{653731EA-2B3E-4E48-8EA1-7EC4C9B0BE32} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{67CA43B2-E02C-4567-8DA7-46D2ACC54A91} -> profile=private | protocol=17 | dir=in | action=allow | name=sweetim installer | app=m:\downloads\sweetimsetup.exe | 
{6FD33EBE-FBF3-469D-9770-B0A60034BA47} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
{744B1863-35E3-4487-90A1-43E07C63C744} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files\microsoft office\office14\groove.exe | 
{7562D4F5-94B0-4E4F-B953-C0132F2E3268} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{75C77137-AEF7-40C7-A572-C7D5873B930B} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
{799B38DA-C3BD-4C19-90C0-005DB6A28823} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{7D9D97E0-7DD6-4F04-B2DD-F2289EDB925B} -> dir=in | action=allow | name=windows live mesh | app=c:\program files (x86)\windows live\mesh\moe.exe | 
{8688371B-F993-4BC6-869B-4E04EB4711ED} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | 
{8A0DB863-86E6-490F-B26C-28588868C99B} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files\microsoft office\office14\groove.exe | 
{A8B29CE2-7B30-429A-B82E-AEDBA04BFA59} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{AFE3AF20-FDC4-49E0-9B5E-5683892E9772} -> dir=in | action=allow | name=facebook video calling plugin | app=c:\users\snake\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
{BA1F638F-69C3-45BC-8C37-EC445EB06D47} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{C0866CFF-F592-411C-A829-4B648A2029E8} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
{C606FC88-8994-4723-9892-6B473ED82C74} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{D0226BDF-AA65-4001-BCCF-E34382892535} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 
{D34B1EB3-51E2-4CCE-B438-5ED7B305904A} -> profile=private | protocol=17 | dir=in | action=allow | name=battlefield: bad company™ 2 | app=c:\games\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
{D70B5269-39A8-4AE7-99A3-89A15C41C2BE} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
{DD92761C-D58B-40DD-A5BA-A9F465FEAF18} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
{E4571108-E5AA-42BE-A5E1-FB771F0F0038} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{EA6DA776-514A-445F-A6F8-ADDC8F019DCF} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files\microsoft office\office14\onenote.exe | 
{EAD4B304-C4DE-4EE3-B7CF-855C4A532B92} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
{ED4D2E02-EB8D-42E5-AC27-0CEC86DFD9F9} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
{F1300DCE-848D-41B7-A7CD-E55BB4304197} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{F3E4E304-5431-4D58-BF51-A262EFB297E4} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
{F7C4E2E6-2F47-4E2D-A4C3-CD8A3CD15E66} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{FFF15340-A096-4EA1-B127-2FC9B7FC189E} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
TCP Query User{22E0206D-43CD-4C33-8C29-9D5E38190EF1}C:\games\electronic arts\shift 2 unleashed\shift2u.exe -> profile=private | protocol=6 | dir=in | action=allow | name=shift 2 unleashed™ | app=c:\games\electronic arts\shift 2 unleashed\shift2u.exe | 
TCP Query User{4028EF1A-C513-4FA4-8CAB-4DD861C1F83B}C:\games\world_of_tanks\worldoftanks.exe -> profile=private | protocol=6 | dir=in | action=block | name=world of tanks | app=c:\games\world_of_tanks\worldoftanks.exe | 
TCP Query User{AED1BA95-56D1-4E45-803E-044082CB51EB}M:\downloads\programi\jdownloader_portableapps\commonfiles\java\bin\javaw.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=m:\downloads\programi\jdownloader_portableapps\commonfiles\java\bin\javaw.exe | 
TCP Query User{B11FE36A-32E2-495D-8E3F-08A5E91AE514}C:\users\snake\appdata\local\temp\3c59.tmp\keygen.exe -> profile=private | protocol=6 | dir=in | action=allow | name=keygen.exe | app=c:\users\snake\appdata\local\temp\3c59.tmp\keygen.exe | 
TCP Query User{E738DA10-64E4-428A-8385-BD0F1952CB20}C:\program files (x86)\java\jre6\bin\javaw.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
TCP Query User{E917E090-969F-4537-9741-7B3B34B6860D}C:\games\world_of_tanks\wotlauncher.exe -> profile=private | protocol=6 | dir=in | action=allow | name=world of tanks launcher | app=c:\games\world_of_tanks\wotlauncher.exe | 
TCP Query User{FDFE93D3-1677-431D-B908-91D2C2E7D9A4}C:\users\snake\desktop\teamviewerportable\teamviewer.exe -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer.exe | app=c:\users\snake\desktop\teamviewerportable\teamviewer.exe | 
UDP Query User{1FCD40CD-859F-41C3-8DAE-2E4B9B82B8A7}C:\games\electronic arts\shift 2 unleashed\shift2u.exe -> profile=private | protocol=17 | dir=in | action=allow | name=shift 2 unleashed™ | app=c:\games\electronic arts\shift 2 unleashed\shift2u.exe | 
UDP Query User{214C5778-651D-4B4C-9A1A-8D86DCECEDD8}C:\users\snake\desktop\teamviewerportable\teamviewer.exe -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer.exe | app=c:\users\snake\desktop\teamviewerportable\teamviewer.exe | 
UDP Query User{28F013B9-277C-4BED-8CCB-AFB24C834AAA}C:\program files (x86)\java\jre6\bin\javaw.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
UDP Query User{585236C7-B29B-4DF0-A2AD-C40225F6952B}C:\games\world_of_tanks\wotlauncher.exe -> profile=private | protocol=17 | dir=in | action=allow | name=world of tanks launcher | app=c:\games\world_of_tanks\wotlauncher.exe | 
UDP Query User{9381DB03-26CB-4C06-83DE-B14B032DEAF0}C:\users\snake\appdata\local\temp\3c59.tmp\keygen.exe -> profile=private | protocol=17 | dir=in | action=allow | name=keygen.exe | app=c:\users\snake\appdata\local\temp\3c59.tmp\keygen.exe | 
UDP Query User{9CA74F74-66A8-4475-937A-C20F6EC39AD7}M:\downloads\programi\jdownloader_portableapps\commonfiles\java\bin\javaw.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=m:\downloads\programi\jdownloader_portableapps\commonfiles\java\bin\javaw.exe | 
UDP Query User{C964C3CF-4610-452F-9523-DF2DC1CC67E5}C:\games\world_of_tanks\worldoftanks.exe -> profile=private | protocol=17 | dir=in | action=block | name=world of tanks | app=c:\games\world_of_tanks\worldoftanks.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" ->  [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service] -> File not found
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" ->  [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon] -> File not found
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" ->  [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater] -> File not found
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" ->  [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service] -> File not found
"C:\Users\Snake\AppData\Roaming\new.exe" -> C:\Users\Snake\AppData\Roaming\new.exe [C:\Users\Snake\AppData\Roaming\new.exe:*:Enabled:Windows Messanger] -> [2010.11.05 02:58:15 | 001,169,224 | ---- | M] (Microsoft Corporation)
"C:\Users\Snake\AppData\Roaming\test.exe" ->  [C:\Users\Snake\AppData\Roaming\test.exe:*:Enabled:Windows Messanger] -> File not found
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe [C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger] -> [2010.11.05 02:58:15 | 001,169,224 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [\SystemRoot\system32\drivers\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AutoCAD Electrical 2012 [] -> C:\AutoCAD Electrical 2012 [ NTFS ] -> [2012.01.20 19:07:19 | 000,000,000 | ---D | M]
E:\AUTORUN.INF [[Autorun] | open=setup.exe | icon=setup.exe,0 | ] -> E:\AUTORUN.INF [ CDFS ] -> [2009.07.13 13:55:00 | 000,000,043 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{3a891ee5-15b8-11e1-9954-00241dc19311}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a891ee5-15b8-11e1-9954-00241dc19311}\shell
\{3a891ee5-15b8-11e1-9954-00241dc19311}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a891ee5-15b8-11e1-9954-00241dc19311}\shell\AutoRun\command
\{3a891ee5-15b8-11e1-9954-00241dc19311}\shell\AutoRun\command\\"" ->  [J:\autorun.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< 64bit-Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe ARM hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated)
BCSSync hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft Office\Office14\BCSSync.exe -> [2010.01.21 17:17:52 | 000,112,512 | ---- | M] (Microsoft Corporation)
DAEMON Tools Lite hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -> [2011.11.10 10:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd)
EADM hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Electronic Arts\EADM\EADMUI.exe -> [2011.02.03 08:55:38 | 011,509,760 | ---- | M] (Electronic Arts)
Facebook Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Users\Snake\AppData\Local\Facebook\Update\FacebookUpdate.exe -> [2011.12.04 23:35:34 | 000,137,536 | ---- | M] (Facebook Inc.)
facemoods hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Users\Snake\AppData\Local\Google\Update\GoogleUpdate.exe -> [2010.09.01 07:15:55 | 000,136,176 | ---- | M] (Google Inc.)
MSC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\Program Files\Microsoft Security Client\msseces.exe -> [2011.06.15 14:35:24 | 001,436,736 | ---- | M] (Microsoft Corporation)
WinampAgent hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Winamp\winampa.exe -> [2011.10.26 19:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.)
< 64bit-Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 2 -> 
"services" -> 2 -> 
"startup" -> 2 -> 
< 64bit-Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> 
"msacm.l3acm" -> C:\Windows\SysNative\l3codeca.acm [C:\Windows\System32\l3codeca.acm] -> [2009.07.14 02:38:53 | 000,081,408 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"VIDC.FPS1" -> C:\Windows\SysNative\frapsv64.dll [frapsv64.dll] -> [2010.06.15 03:16:22 | 000,084,992 | ---- | M] (Beepa P/L)
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> 
"msacm.ac3acm" -> C:\Windows\SysWow64\ac3acm.acm [ac3acm.acm] -> [2011.07.16 15:17:06 | 000,151,552 | ---- | M] (fccHandler)
"msacm.divxa32" -> C:\Windows\SysWow64\msaud32_divx.acm [msaud32_divx.acm] -> [2003.02.03 07:01:02 | 000,186,368 | ---- | M] (Microsoft Corporation)
"msacm.l3acm" -> C:\Windows\SysWOW64\l3codeca.acm [C:\Windows\SysWOW64\l3codeca.acm] -> [2009.07.14 02:14:10 | 000,064,000 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.lameacm" -> C:\Windows\SysWow64\lameACM.acm [lameACM.acm] -> [2008.09.24 19:41:12 | 000,839,680 | ---- | M] (http://www.mp3dev.org/)
"vidc.cvid" -> C:\Windows\SysWow64\iccvid.dll [iccvid.dll] -> [2010.11.20 13:19:17 | 000,082,944 | ---- | M] (Radius Inc.)
"VIDC.FFDS" -> C:\Windows\SysWow64\ff_vfw.dll [ff_vfw.dll] -> [2011.10.28 09:00:00 | 000,074,752 | ---- | M] ()
"VIDC.FPS1" -> C:\Windows\SysWow64\frapsvid.dll [frapsvid.dll] -> [2010.06.15 03:16:24 | 000,086,016 | ---- | M] (Beepa P/L)
"VIDC.RTV1" ->  [rtvcvfw32.dll] -> File not found
"VIDC.XVID" -> C:\Windows\SysWow64\xvidvfw.dll [xvidvfw.dll] -> [2011.06.24 15:44:30 | 000,243,200 | ---- | M] ()
"VIDC.YV12" -> C:\Windows\SysWow64\xvidvfw.dll [xvidvfw.dll] -> [2011.06.24 15:44:30 | 000,243,200 | ---- | M] ()
< 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
AppMgmt -> C:\Windows\SysNative\appmgmts.dll -> [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< 64bit-SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AppMgmt -> C:\Windows\SysNative\appmgmts.dll -> [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
Lavasoft Ad-Aware Service -> 32bit -> File not found
MsMpSvc -> c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation)
NTDS -> 32bit -> File not found
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
sacsvr -> Service
SCSI Class -> Driver Group
System Bus Extender -> Driver Group
TrustedInstaller -> 32bit -> File not found
vmms -> Service
WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AppInfo -> 64bit -> File not found
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
DcomLaunch -> 64bit -> File not found
EFS -> 64bit -> File not found
EventLog -> 64bit -> File not found
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
KeyIso -> 64bit -> File not found
Lavasoft Ad-Aware Service -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2012.03.01 22:05:44 | 002,152,152 | ---- | M] (Lavasoft Limited)
MsMpSvc -> 64bit -> File not found
Netlogon -> 64bit -> File not found
NTDS -> 64bit -> File not found
PCI Configuration -> Driver Group
PlugPlay -> 64bit -> File not found
PNP Filter -> Driver Group
Power -> 64bit -> File not found
Primary disk -> Driver Group
ProfSvc -> 64bit -> File not found
RpcEptMapper -> 64bit -> File not found
RpcSs -> 64bit -> File not found
sacsvr -> Service
SCSI Class -> Driver Group
sermouse.sys -> 64bit -> File not found
SWPRV -> 64bit -> File not found
System Bus Extender -> Driver Group
TabletInputService -> 64bit -> File not found
TBS -> 64bit -> File not found
VDS -> 64bit -> File not found
vga.sys -> 64bit -> File not found
vgasave.sys -> 64bit -> File not found
vmms -> Service
volmgr.sys -> 64bit -> File not found
volmgrx.sys -> 64bit -> File not found
WinDefend -> 64bit -> File not found
WinMgmt -> 64bit -> File not found
WudfPf -> 64bit -> File not found
WudfRd -> 64bit -> File not found
WudfSvc -> 64bit -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-batfile [open] -> "%1" %*
64bit-cmdfile [open] -> "%1" %*
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
64bit-http [open] -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
64bit-https [open] -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009.07.14 02:39:13 | 000,010,240 | ---- | M] (Microsoft Corporation)
64bit-InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2009.07.14 02:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation)
64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2009.07.14 02:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation)
64bit-piffile [open] -> "%1" %*
64bit-scrfile [config] -> "%1"
64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l
64bit-scrfile [open] -> "%1" /S
64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2010.11.20 14:24:33 | 000,345,088 | ---- | M] (Microsoft Corporation)
64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
64bit-Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2011.10.26 19:49:52 | 001,595,520 | ---- | M] (Nullsoft, Inc.)
64bit-Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2011.10.26 19:49:52 | 001,595,520 | ---- | M] (Nullsoft, Inc.)
64bit-Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2011.10.26 19:49:52 | 001,595,520 | ---- | M] (Nullsoft, Inc.)
64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009.07.14 02:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation)
exefile [open] -> "%1" %* -> 
http [open] -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome -> 
https [open] -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome -> 
inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009.07.14 02:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* -> 
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> 
scrfile [open] -> "%1" /S -> 
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2010.11.20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2011.10.26 19:49:52 | 001,595,520 | ---- | M] (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2011.10.26 19:49:52 | 001,595,520 | ---- | M] (Nullsoft, Inc.)
Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2011.10.26 19:49:52 | 001,595,520 | ---- | M] (Nullsoft, Inc.)
Folder [open] -> %SystemRoot%\Explorer.exe -> [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 28.2.2012. 13:36:35 Computer Name = Snake-PC | Source = Application Hang | ID = 1002 -> Description = The program vbc.exe version 8.0.50727.5420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.   Process ID: 1aac   Start Time: 01ccf61fc6a422ce   Termination Time: 7   Application Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe   Report Id: c021f046-6232-11e1-a801-00241dc19311  
Application [ Error ] 28.2.2012. 17:47:11 Computer Name = Snake-PC | Source = Application Hang | ID = 1002 -> Description = The program vbc.exe version 8.0.50727.5420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.   Process ID: b28   Start Time: 01ccf65644c2b606   Termination Time: 8   Application Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe   Report Id: c17704cf-6255-11e1-b467-00241dc19311  
Application [ Error ] 29.2.2012. 9:11:20 Computer Name = Snake-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "C:\Program Files\Autodesk\Acade 2012\FaroImporter.exe".  Dependent Assembly FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.406.58" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 29.2.2012. 9:13:27 Computer Name = Snake-PC | Source = SideBySide | ID = 16842824 -> Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10.  The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.
Application [ Error ] 1.3.2012. 8:02:57 Computer Name = Snake-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "C:\Program Files\Autodesk\Acade 2012\FaroImporter.exe".  Dependent Assembly FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.406.58" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 1.3.2012. 8:03:48 Computer Name = Snake-PC | Source = SideBySide | ID = 16842824 -> Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10.  The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.
Application [ Error ] 1.3.2012. 13:58:46 Computer Name = Snake-PC | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "M:\Downloads\SoftonicDownloader_for_picasa.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.  Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Application [ Error ] 2.3.2012. 5:17:18 Computer Name = Snake-PC | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "M:\Downloads\SoftonicDownloader_for_picasa.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.  Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Application [ Error ] 2.3.2012. 11:04:02 Computer Name = Snake-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "C:\Program Files\Autodesk\Acade 2012\FaroImporter.exe".  Dependent Assembly FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.406.58" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 2.3.2012. 11:05:52 Computer Name = Snake-PC | Source = SideBySide | ID = 16842824 -> Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10.  The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.
System [ Error ] 13.2.2012. 17:27:49 Computer Name = Snake-PC | Source = Service Control Manager | ID = 7032 -> Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the avast! Antivirus service, but this action failed with the following error:   %%1056
System [ Error ] 14.2.2012. 6:48:15 Computer Name = Snake-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 11:46:37 on ?14.?2.?2012. was unexpected.
System [ Error ] 14.2.2012. 6:48:16 Computer Name = SNAKE-PC | Source = BugCheck | ID = 1005 -> Description = 
System [ Error ] 14.2.2012. 6:48:16 Computer Name = SNAKE-PC | Source = BugCheck | ID = 1001 -> Description = 
System [ Error ] 16.2.2012. 14:56:57 Computer Name = Snake-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 19:55:11 on ?16.?2.?2012. was unexpected.
System [ Error ] 16.2.2012. 14:56:58 Computer Name = SNAKE-PC | Source = BugCheck | ID = 1005 -> Description = 
System [ Error ] 16.2.2012. 14:56:58 Computer Name = SNAKE-PC | Source = BugCheck | ID = 1001 -> Description = 
System [ Error ] 16.2.2012. 14:57:52 Computer Name = Snake-PC | Source = Service Control Manager | ID = 7009 -> Description = A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
System [ Error ] 16.2.2012. 14:57:52 Computer Name = Snake-PC | Source = Service Control Manager | ID = 7000 -> Description = The Software Protection service failed to start due to the following error:   %%1053
System [ Error ] 21.2.2012. 12:50:14 Computer Name = Snake-PC | Source = volsnap | ID = 393232 -> Description = The shadow copies of volume K: were aborted because volume K:, which contains shadow copy storage for this shadow copy, was force dismounted.
 
[Files/Folders - Created Within 30 Days]
 RK_Quarantine -> C:\Users\Snake\Desktop\RK_Quarantine -> [2012.03.05 22:45:40 | 000,000,000 | ---D | C]
 Workspace -> C:\Users\Snake\Desktop\Workspace -> [2012.03.01 22:53:56 | 000,000,000 | ---D | C]
 SBREDrv.sys -> C:\Windows\SysNative\drivers\SBREDrv.sys -> [2012.03.01 22:05:58 | 000,055,384 | ---- | C] (Sunbelt Software)
 Lbd.sys -> C:\Windows\SysNative\drivers\Lbd.sys -> [2012.03.01 22:01:07 | 000,069,376 | ---- | C] (Lavasoft AB)
 Lavasoft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft -> [2012.03.01 22:01:00 | 000,000,000 | ---D | C]
 Lavasoft -> C:\ProgramData\Lavasoft -> [2012.03.01 22:01:00 | 000,000,000 | ---D | C]
 Lavasoft -> C:\Program Files (x86)\Lavasoft -> [2012.03.01 22:01:00 | 000,000,000 | ---D | C]
 {FE148204-54B4-466C-BA3F-1CC167F44A06} -> C:\Users\Snake\AppData\Local\{FE148204-54B4-466C-BA3F-1CC167F44A06} -> [2012.03.01 21:15:06 | 000,000,000 | ---D | C]
 {A1F22124-4A65-45C6-B49C-1A74E340326E} -> C:\Users\Snake\AppData\Local\{A1F22124-4A65-45C6-B49C-1A74E340326E} -> [2012.03.01 21:14:55 | 000,000,000 | ---D | C]
 pss -> C:\Windows\pss -> [2012.03.01 21:10:08 | 000,000,000 | ---D | C]
 bootdelete.exe -> C:\Windows\SysNative\bootdelete.exe -> [2012.03.01 21:03:24 | 000,012,872 | ---- | C] (SurfRight B.V.)
 Hitman Pro 3.5 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5 -> [2012.03.01 20:53:57 | 000,000,000 | ---D | C]
 Hitman Pro 3.5 -> C:\Program Files\Hitman Pro 3.5 -> [2012.03.01 20:53:56 | 000,000,000 | ---D | C]
 Hitman Pro -> C:\ProgramData\Hitman Pro -> [2012.03.01 20:53:43 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\Users\Snake\AppData\Roaming\Malwarebytes -> [2012.03.01 20:48:58 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2012.03.01 20:48:52 | 000,000,000 | ---D | C]
 HitmanPro -> C:\Program Files\HitmanPro -> [2012.03.01 20:26:15 | 000,000,000 | ---D | C]
 HitmanPro -> C:\ProgramData\HitmanPro -> [2012.03.01 20:25:53 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2012.02.29 21:58:50 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy 2 -> C:\Program Files (x86)\Spybot - Search & Destroy 2 -> [2012.02.29 21:58:39 | 000,000,000 | ---D | C]
 {EEC3B933-15F6-4F39-A3DE-1731B0B9317A} -> C:\Users\Snake\AppData\Local\{EEC3B933-15F6-4F39-A3DE-1731B0B9317A} -> [2012.02.29 19:06:19 | 000,000,000 | ---D | C]
 {73F78AD6-6B46-41BC-A99E-05E015589CE2} -> C:\Users\Snake\AppData\Local\{73F78AD6-6B46-41BC-A99E-05E015589CE2} -> [2012.02.29 19:06:08 | 000,000,000 | ---D | C]
 appmgmt -> C:\Windows\SysNative\appmgmt -> [2012.02.28 22:51:56 | 000,000,000 | ---D | C]
 {02041642-ECF3-452C-A668-BE7F8665953F} -> C:\Users\Snake\AppData\Local\{02041642-ECF3-452C-A668-BE7F8665953F} -> [2012.02.28 21:20:05 | 000,000,000 | ---D | C]
 driver.exe -> C:\Users\Snake\AppData\Roaming\driver.exe -> [2012.02.28 14:49:22 | 000,717,312 | ---- | C] (Avira Operations GmbH & Co. KG)
 {779D5029-C530-4A6F-A9E8-D106C08E306B} -> C:\Users\Snake\AppData\Local\{779D5029-C530-4A6F-A9E8-D106C08E306B} -> [2012.02.21 20:23:46 | 000,000,000 | ---D | C]
 {B4C96FC2-6A1D-4FEC-9B13-A11590812B0C} -> C:\Users\Snake\AppData\Local\{B4C96FC2-6A1D-4FEC-9B13-A11590812B0C} -> [2012.02.21 20:23:34 | 000,000,000 | ---D | C]
 {DDE0F0BD-C275-4AA4-AA84-03F35292C886} -> C:\Users\Snake\AppData\Local\{DDE0F0BD-C275-4AA4-AA84-03F35292C886} -> [2012.02.20 13:39:06 | 000,000,000 | ---D | C]
 {B019C705-1744-410E-AF81-625BA8B86958} -> C:\Users\Snake\AppData\Local\{B019C705-1744-410E-AF81-625BA8B86958} -> [2012.02.20 13:38:56 | 000,000,000 | ---D | C]
 {F896FD9F-D43F-4743-BE1B-87344CFE4683} -> C:\Users\Snake\AppData\Local\{F896FD9F-D43F-4743-BE1B-87344CFE4683} -> [2012.02.19 19:32:00 | 000,000,000 | ---D | C]
 {F39474B7-0E8D-49BA-B226-5A5A92453823} -> C:\Users\Snake\AppData\Local\{F39474B7-0E8D-49BA-B226-5A5A92453823} -> [2012.02.19 19:31:47 | 000,000,000 | ---D | C]
 WindowsESD -> C:\WindowsESD -> [2012.02.18 11:21:21 | 000,000,000 | ---D | C]
 {FCDE1842-7F73-4CE2-9D56-F3022A856F34} -> C:\Users\Snake\AppData\Local\{FCDE1842-7F73-4CE2-9D56-F3022A856F34} -> [2012.02.17 10:57:09 | 000,000,000 | ---D | C]
 {FB63E65F-C975-446C-925A-49C598CBBC40} -> C:\Users\Snake\AppData\Local\{FB63E65F-C975-446C-925A-49C598CBBC40} -> [2012.02.17 10:56:58 | 000,000,000 | ---D | C]
 stetic -> C:\Users\Snake\AppData\Roaming\stetic -> [2012.02.17 00:36:18 | 000,000,000 | ---D | C]
 xbuild -> C:\Users\Snake\AppData\Roaming\xbuild -> [2012.02.17 00:36:02 | 000,000,000 | ---D | C]
 MonoDevelop-2.8 -> C:\Users\Snake\AppData\Roaming\MonoDevelop-2.8 -> [2012.02.17 00:36:02 | 000,000,000 | ---D | C]
 MonoDevelop-2.8 -> C:\Users\Snake\AppData\Local\MonoDevelop-2.8 -> [2012.02.17 00:35:59 | 000,000,000 | ---D | C]
 MonoDevelop -> C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MonoDevelop -> [2012.02.17 00:07:04 | 000,000,000 | ---D | C]
 MonoDevelop -> C:\Program Files (x86)\MonoDevelop -> [2012.02.17 00:07:00 | 000,000,000 | ---D | C]
 GtkSharp -> C:\Program Files (x86)\GtkSharp -> [2012.02.17 00:06:21 | 000,000,000 | ---D | C]
 Mono 2.10.8 for Windows -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mono 2.10.8 for Windows -> [2012.02.16 21:38:27 | 000,000,000 | ---D | C]
 Mono-2.10.8 -> C:\Program Files (x86)\Mono-2.10.8 -> [2012.02.16 21:37:45 | 000,000,000 | ---D | C]
 Oracle -> C:\Program Files\Oracle -> [2012.02.16 20:46:04 | 000,000,000 | ---D | C]
 npdeployJava1.dll -> C:\Windows\SysNative\npdeployJava1.dll -> [2012.02.16 20:33:47 | 000,750,488 | ---- | C] (Oracle Corporation)
 Xamarin -> C:\Users\Snake\AppData\Local\Xamarin -> [2012.02.16 20:05:30 | 000,000,000 | ---D | C]
 Xamarin -> C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xamarin -> [2012.02.16 20:05:29 | 000,000,000 | ---D | C]
 Apps -> C:\Users\Snake\AppData\Local\Apps -> [2012.02.16 20:05:05 | 000,000,000 | ---D | C]
 Deployment -> C:\Users\Snake\AppData\Local\Deployment -> [2012.02.16 20:05:04 | 000,000,000 | ---D | C]
 {3A8394AA-03CA-4A73-AC02-105C2B95E1FE} -> C:\Users\Snake\AppData\Local\{3A8394AA-03CA-4A73-AC02-105C2B95E1FE} -> [2012.02.16 19:58:23 | 000,000,000 | ---D | C]
 {2D5F554B-66AE-4547-A9C4-DF7028D2196E} -> C:\Users\Snake\AppData\Local\{2D5F554B-66AE-4547-A9C4-DF7028D2196E} -> [2012.02.16 19:58:09 | 000,000,000 | ---D | C]
 {CECA5D29-AA85-478F-B545-B07120474929} -> C:\Users\Snake\AppData\Local\{CECA5D29-AA85-478F-B545-B07120474929} -> [2012.02.16 11:56:02 | 000,000,000 | ---D | C]
 All -> C:\Users\Snake\Desktop\All -> [2012.02.15 19:07:52 | 000,000,000 | ---D | C]
 ntshrui.dll -> C:\Windows\SysNative\ntshrui.dll -> [2012.02.15 16:27:58 | 000,509,952 | ---- | C] (Microsoft Corporation)
 timedate.cpl -> C:\Windows\SysNative\timedate.cpl -> [2012.02.15 16:27:54 | 000,515,584 | ---- | C] (Microsoft Corporation)
 timedate.cpl -> C:\Windows\SysWow64\timedate.cpl -> [2012.02.15 16:27:54 | 000,478,720 | ---- | C] (Microsoft Corporation)
 msvcrt.dll -> C:\Windows\SysNative\msvcrt.dll -> [2012.02.15 16:27:47 | 000,634,880 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2012.02.15 16:27:38 | 000,702,464 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2012.02.15 16:27:38 | 000,247,808 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2012.02.15 16:27:38 | 000,176,640 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2012.02.15 16:27:37 | 000,134,144 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2012.02.15 16:27:37 | 000,132,096 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2012.02.15 16:27:37 | 000,097,280 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2012.02.15 16:27:37 | 000,067,072 | ---- | C] (Microsoft Corporation)
 {49BC98D1-8BA0-427F-8EC2-9DB5439BFDD9} -> C:\Users\Snake\AppData\Local\{49BC98D1-8BA0-427F-8EC2-9DB5439BFDD9} -> [2012.02.14 14:03:46 | 000,000,000 | ---D | C]
 {D4518356-0E77-40F2-BB43-4D2F534B5009} -> C:\Users\Snake\AppData\Local\{D4518356-0E77-40F2-BB43-4D2F534B5009} -> [2012.02.14 14:03:35 | 000,000,000 | ---D | C]
 {0B81898D-3C9C-4C70-B25A-1EEAD26CC35B} -> C:\Users\Snake\AppData\Local\{0B81898D-3C9C-4C70-B25A-1EEAD26CC35B} -> [2012.02.14 11:49:47 | 000,000,000 | ---D | C]
 {C059D90C-2EB9-4305-BB94-96A7B6D29962} -> C:\Users\Snake\AppData\Local\{C059D90C-2EB9-4305-BB94-96A7B6D29962} -> [2012.02.14 11:49:32 | 000,000,000 | ---D | C]
 {9E88885D-9879-4409-A671-218E8A5F0A8B} -> C:\Users\Snake\AppData\Local\{9E88885D-9879-4409-A671-218E8A5F0A8B} -> [2012.02.13 22:31:04 | 000,000,000 | ---D | C]
 {6C1303ED-6ACB-43DF-87B6-106690E1B5DF} -> C:\Users\Snake\AppData\Local\{6C1303ED-6ACB-43DF-87B6-106690E1B5DF} -> [2012.02.13 22:30:53 | 000,000,000 | ---D | C]
 Alwil Software -> C:\ProgramData\Alwil Software -> [2012.02.13 22:25:17 | 000,000,000 | ---D | C]
 Alwil Software -> C:\Program Files\Alwil Software -> [2012.02.13 22:25:17 | 000,000,000 | ---D | C]
 drivers.exe -> C:\Users\Snake\AppData\Roaming\drivers.exe -> [2012.02.13 18:10:05 | 000,905,728 | ---- | C] (PsyhoSOFT)
 {D2455701-1744-4CCD-9324-DC3C76AF8959} -> C:\Users\Snake\AppData\Local\{D2455701-1744-4CCD-9324-DC3C76AF8959} -> [2012.02.12 20:23:40 | 000,000,000 | ---D | C]
 {33303CB3-7D04-4E9C-8C0E-CF7545EC886C} -> C:\Users\Snake\AppData\Local\{33303CB3-7D04-4E9C-8C0E-CF7545EC886C} -> [2012.02.12 20:23:28 | 000,000,000 | ---D | C]
 SpeedFan -> C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan -> [2012.02.09 21:45:26 | 000,000,000 | ---D | C]
 SpeedFan -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan -> [2012.02.09 21:45:26 | 000,000,000 | ---D | C]
 SpeedFan -> C:\Program Files (x86)\SpeedFan -> [2012.02.09 21:45:26 | 000,000,000 | ---D | C]
 {D4B8C976-D83A-4F5C-9CD7-BF68D1332213} -> C:\Users\Snake\AppData\Local\{D4B8C976-D83A-4F5C-9CD7-BF68D1332213} -> [2012.02.09 21:43:33 | 000,000,000 | ---D | C]
 {33AECB28-AEF1-4D64-AFAE-B7540D994624} -> C:\Users\Snake\AppData\Local\{33AECB28-AEF1-4D64-AFAE-B7540D994624} -> [2012.02.09 21:43:17 | 000,000,000 | ---D | C]
 WhoCrashed -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed -> [2012.02.06 23:16:49 | 000,000,000 | ---D | C]
 WhoCrashed -> C:\Program Files\WhoCrashed -> [2012.02.06 23:16:49 | 000,000,000 | ---D | C]
 {154CD8D2-EB60-4FF5-92BB-DEADBC41F04E} -> C:\Users\Snake\AppData\Local\{154CD8D2-EB60-4FF5-92BB-DEADBC41F04E} -> [2012.02.06 21:03:08 | 000,000,000 | ---D | C]
 {D4A7E1F9-8550-4E89-969F-5F9A5327FA55} -> C:\Users\Snake\AppData\Local\{D4A7E1F9-8550-4E89-969F-5F9A5327FA55} -> [2012.02.06 21:02:56 | 000,000,000 | ---D | C]
 new.exe -> C:\Users\Snake\AppData\Roaming\new.exe -> [2011.11.28 20:26:34 | 001,169,224 | ---- | C] (Microsoft Corporation)
 
[Files/Folders - Modified Within 30 Days]
 PsyhoSOFT -> C:\Users\Snake\AppData\Roaming\PsyhoSOFT -> [2012.03.05 23:00:29 | 000,291,931 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-3752930861-2899763130-1952413251-1001UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3752930861-2899763130-1952413251-1001UA.job -> [2012.03.05 22:48:00 | 000,000,958 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-3752930861-2899763130-1952413251-1001Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3752930861-2899763130-1952413251-1001Core.job -> [2012.03.05 22:48:00 | 000,000,906 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2012.03.05 22:29:43 | 000,067,584 | --S- | M] ()
 FacebookUpdateTaskUserS-1-5-21-3752930861-2899763130-1952413251-1001UA.job -> C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3752930861-2899763130-1952413251-1001UA.job -> [2012.03.05 14:40:01 | 000,000,928 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012.03.05 14:06:27 | 000,014,544 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012.03.05 14:06:27 | 000,014,544 | -H-- | M] ()
 FacebookUpdateTaskUserS-1-5-21-3752930861-2899763130-1952413251-1001Core.job -> C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3752930861-2899763130-1952413251-1001Core.job -> [2012.03.04 23:40:00 | 000,000,906 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2012.03.04 23:33:53 | 000,879,866 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2012.03.04 23:33:53 | 000,723,152 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2012.03.04 23:33:53 | 000,148,014 | ---- | M] ()
 rp_stats.dat -> C:\Windows\SysWow64\rp_stats.dat -> [2012.03.04 23:31:17 | 000,000,064 | ---- | M] ()
 rp_rules.dat -> C:\Windows\SysWow64\rp_rules.dat -> [2012.03.04 23:31:17 | 000,000,044 | ---- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012.03.04 23:29:27 | 4025,344,000 | -HS- | M] ()
 SBREDrv.sys -> C:\Windows\SysNative\drivers\SBREDrv.sys -> [2012.03.01 22:05:57 | 000,055,384 | ---- | M] (Sunbelt Software)
 Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2012.03.01 22:01:08 | 000,001,071 | ---- | M] ()
 wininit.ini -> C:\Windows\wininit.ini -> [2012.03.01 21:08:41 | 000,077,978 | ---- | M] ()
 bootdelete.exe -> C:\Windows\SysNative\bootdelete.exe -> [2012.03.01 21:03:24 | 000,012,872 | ---- | M] (SurfRight B.V.)
 hitmanpro35.sys -> C:\Windows\SysNative\drivers\hitmanpro35.sys -> [2012.03.01 20:53:57 | 000,025,160 | ---- | M] ()
 Hitman Pro 3.5.lnk -> C:\Users\Public\Desktop\Hitman Pro 3.5.lnk -> [2012.03.01 20:53:57 | 000,001,989 | ---- | M] ()
 OTMData.xml -> C:\Users\Snake\Desktop\OTMData.xml -> [2012.03.01 20:24:07 | 000,010,386 | ---- | M] ()
 Install Windows.lnk -> C:\Users\Snake\Desktop\Install Windows.lnk -> [2012.03.01 15:40:20 | 000,001,422 | ---- | M] ()
 driver.exe -> C:\Users\Snake\AppData\Roaming\driver.exe -> [2012.02.28 14:49:18 | 000,717,312 | ---- | M] (Avira Operations GmbH & Co. KG)
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2012.02.26 23:15:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated)
 javaw.exe -> C:\Windows\SysNative\javaw.exe -> [2012.02.16 20:33:35 | 000,188,808 | ---- | M] (Oracle Corporation)
 java.exe -> C:\Windows\SysNative\java.exe -> [2012.02.16 20:33:35 | 000,188,808 | ---- | M] (Oracle Corporation)
 Microsoft Visual Studio 2010.lnk -> C:\Users\Snake\Desktop\Microsoft Visual Studio 2010.lnk -> [2012.02.16 20:15:33 | 000,001,378 | ---- | M] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2012.02.16 19:56:47 | 775,263,782 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2012.02.16 09:26:58 | 000,516,000 | ---- | M] ()
 config.nt -> C:\Windows\SysWow64\config.nt -> [2012.02.13 22:25:37 | 000,000,000 | ---- | M] ()
 drivers.exe -> C:\Users\Snake\AppData\Roaming\drivers.exe -> [2012.02.11 22:02:26 | 000,905,728 | ---- | M] (PsyhoSOFT)
 initdebug.nfo -> C:\Windows\SysWow64\initdebug.nfo -> [2012.02.09 21:45:26 | 000,000,045 | ---- | M] ()
 Temp19.html -> C:\Users\Snake\AppData\Local\Temp19.html -> [2012.02.06 23:17:13 | 000,026,896 | ---- | M] ()
 Temp1.html -> C:\Users\Snake\AppData\Local\Temp1.html -> [2012.02.06 23:16:52 | 000,001,667 | ---- | M] ()
 337 C:\Users\Snake\AppData\Local\Temp\*.tmp files -> C:\Users\Snake\AppData\Local\Temp\*.tmp -> 
 337 C:\Users\Snake\AppData\Local\Temp\*.tmp files -> C:\Users\Snake\AppData\Local\Temp\*.tmp -> 
 1 C:\Users\Snake\AppData\Local\Temp\is-91R2Q.tmp\_isetup\*.tmp files -> C:\Users\Snake\AppData\Local\Temp\is-91R2Q.tmp\_isetup\*.tmp -> 
 
[Files - No Company Name]
 rp_stats.dat -> C:\Windows\SysWow64\rp_stats.dat -> [2012.03.01 22:01:33 | 000,000,064 | ---- | C] ()
 rp_rules.dat -> C:\Windows\SysWow64\rp_rules.dat -> [2012.03.01 22:01:33 | 000,000,044 | ---- | C] ()
 Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2012.03.01 22:01:08 | 000,001,071 | ---- | C] ()
 hitmanpro35.sys -> C:\Windows\SysNative\drivers\hitmanpro35.sys -> [2012.03.01 20:53:57 | 000,025,160 | ---- | C] ()
 Hitman Pro 3.5.lnk -> C:\Users\Public\Desktop\Hitman Pro 3.5.lnk -> [2012.03.01 20:53:57 | 000,001,989 | ---- | C] ()
 OTMData.xml -> C:\Users\Snake\Desktop\OTMData.xml -> [2012.03.01 20:24:07 | 000,010,386 | ---- | C] ()
 Install Windows.lnk -> C:\Users\Snake\Desktop\Install Windows.lnk -> [2012.03.01 13:57:08 | 000,001,422 | ---- | C] ()
 wininit.ini -> C:\Windows\wininit.ini -> [2012.03.01 00:39:16 | 000,077,978 | ---- | C] ()
 Microsoft Visual Studio 2010.lnk -> C:\Users\Snake\Desktop\Microsoft Visual Studio 2010.lnk -> [2012.02.16 20:15:33 | 000,001,378 | ---- | C] ()
 config.nt -> C:\Windows\SysWow64\config.nt -> [2012.02.13 22:25:37 | 000,000,000 | ---- | C] ()
 PsyhoSOFT -> C:\Users\Snake\AppData\Roaming\PsyhoSOFT -> [2012.02.13 19:09:40 | 000,291,931 | ---- | C] ()
 initdebug.nfo -> C:\Windows\SysWow64\initdebug.nfo -> [2012.02.09 21:45:26 | 000,000,045 | ---- | C] ()
 Temp19.html -> C:\Users\Snake\AppData\Local\Temp19.html -> [2012.02.06 23:17:13 | 000,026,896 | ---- | C] ()
 Temp1.html -> C:\Users\Snake\AppData\Local\Temp1.html -> [2012.02.06 23:16:52 | 000,001,667 | ---- | C] ()
 OpenVideo.dll -> C:\Windows\SysWow64\OpenVideo.dll -> [2011.12.05 22:04:00 | 000,059,904 | ---- | C] ()
 OVDecode.dll -> C:\Windows\SysWow64\OVDecode.dll -> [2011.12.05 22:03:52 | 000,054,784 | ---- | C] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011.11.28 10:56:11 | 000,865,334 | ---- | C] ()
 ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2011.11.23 10:41:30 | 000,000,000 | ---- | C] ()
 unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2011.11.23 10:36:22 | 000,175,616 | ---- | C] ()
 xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2011.11.23 10:36:21 | 000,650,752 | ---- | C] ()
 xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2011.11.23 10:36:21 | 000,243,200 | ---- | C] ()
 ff_vfw.dll -> C:\Windows\SysWow64\ff_vfw.dll -> [2011.11.23 10:36:21 | 000,074,752 | ---- | C] ()
 ativvsvl.dat -> C:\Windows\SysWow64\ativvsvl.dat -> [2011.11.10 03:36:06 | 000,204,960 | ---- | C] ()
 ativvsva.dat -> C:\Windows\SysWow64\ativvsva.dat -> [2011.11.10 03:36:06 | 000,157,152 | ---- | C] ()
 OVDecoder.dll -> C:\Windows\SysWow64\OVDecoder.dll -> [2011.10.25 21:21:34 | 000,056,832 | ---- | C] ()
 atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2011.09.12 23:06:16 | 000,003,917 | ---- | C] ()
 
[File - Lop Check]
 Autodesk -> C:\Users\Snake\AppData\Roaming\Autodesk -> [2012.01.22 23:50:56 | 000,000,000 | ---D | M]
 com.nicolasprof.OTMEditor -> C:\Users\Snake\AppData\Roaming\com.nicolasprof.OTMEditor -> [2011.11.23 11:26:37 | 000,000,000 | ---D | M]
 DAEMON Tools Lite -> C:\Users\Snake\AppData\Roaming\DAEMON Tools Lite -> [2012.01.31 20:16:28 | 000,000,000 | ---D | M]
 GetRightToGo -> C:\Users\Snake\AppData\Roaming\GetRightToGo -> [2012.01.15 23:53:46 | 000,000,000 | ---D | M]
 Leadertech -> C:\Users\Snake\AppData\Roaming\Leadertech -> [2011.11.23 11:33:13 | 000,000,000 | ---D | M]
 MonoDevelop-2.8 -> C:\Users\Snake\AppData\Roaming\MonoDevelop-2.8 -> [2012.02.17 00:36:17 | 000,000,000 | ---D | M]
 stetic -> C:\Users\Snake\AppData\Roaming\stetic -> [2012.02.17 00:36:18 | 000,000,000 | ---D | M]
 TeamViewer -> C:\Users\Snake\AppData\Roaming\TeamViewer -> [2012.02.02 22:01:35 | 000,000,000 | ---D | M]
 TypingMaster7 -> C:\Users\Snake\AppData\Roaming\TypingMaster7 -> [2012.01.30 10:42:20 | 000,000,000 | ---D | M]
 uTorrent -> C:\Users\Snake\AppData\Roaming\uTorrent -> [2012.02.24 17:34:08 | 000,000,000 | ---D | M]
 wargaming.net -> C:\Users\Snake\AppData\Roaming\wargaming.net -> [2011.11.23 21:49:59 | 000,000,000 | ---D | M]
 xbuild -> C:\Users\Snake\AppData\Roaming\xbuild -> [2012.02.17 00:36:12 | 000,000,000 | ---D | M]
 FacebookUpdateTaskUserS-1-5-21-3752930861-2899763130-1952413251-1001Core.job -> C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3752930861-2899763130-1952413251-1001Core.job -> [2012.03.04 23:40:00 | 000,000,906 | ---- | M] ()
 FacebookUpdateTaskUserS-1-5-21-3752930861-2899763130-1952413251-1001UA.job -> C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3752930861-2899763130-1952413251-1001UA.job -> [2012.03.05 14:40:01 | 000,000,928 | ---- | M] ()
 SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009.07.14 06:08:49 | 000,016,734 | ---- | M] ()
[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
< MD5 Scans Start>
< %systemdrive%\EXPLORER.EXE  /md5 /s >
 explorer.exe : MD5=0862495E0C825893DB75EF44FAEA8E93 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe -> [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=0FB9C74046656D1579A64660AD67B746 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe -> [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=15BC38A7492BEFE831966ADB477CF76F -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe -> [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=255CF508D7CFB10E0794D6AC93280BD8 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe -> [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=2626FC9755BE22F805D3CFA0CE3EE727 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe -> [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe -> [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=3B69712041F3D63605529BD66DC00C48 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe -> [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=40D777B7A95E00593EB1568C68514493 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe -> [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=6F3480C8F7D905CB0D3EFFE51256B0EA -> C:\Windows\explorer.exe -> [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=6F3480C8F7D905CB0D3EFFE51256B0EA -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe -> [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=700073016DAC1C3D2E7E2CE4223334B6 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe -> [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=8B88EBBB05A0E56B7DCC708498C02B3E -> C:\Windows\SysWOW64\explorer.exe -> [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=8B88EBBB05A0E56B7DCC708498C02B3E -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe -> [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=9AAAEC8DAC27AA17B053E6352AD233AE -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=9FF6C4C91A3711C0A3B18F87B08B518D -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe -> [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=AC4C51EB24AA95B77F705AB159189E24 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe -> [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=B8EC4BD49CE8F6FC457721BFC210B67F -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe -> [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe -> [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe -> [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=C76153C7ECA00FA852BB0C193378F917 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe -> [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=E38899074D4951D31B4040E994DD7C8D -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe -> [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=F170B4A061C9E026437B193B4D571799 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe -> [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SVCHOST.EXE  /md5 /s >
 svchost.exe : MD5=54A47F6B5E09A77E61649109C6A08866 -> C:\Windows\SysWOW64\svchost.exe -> [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=54A47F6B5E09A77E61649109C6A08866 -> C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe -> [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=C78655BC80301D76ED4FEF1C1EA40A7D -> C:\Windows\SysNative\svchost.exe -> [2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=C78655BC80301D76ED4FEF1C1EA40A7D -> C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe -> [2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation)
< %systemdrive%\USERINIT.EXE  /md5 /s >
 userinit.exe : MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -> C:\Windows\SysWOW64\userinit.exe -> [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe -> [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe -> [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=6F8F1376A13114CC10C0E69274F5A4DE -> C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe -> [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -> C:\Windows\SysNative\userinit.exe -> [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -> C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe -> [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)
< %systemdrive%\WINLOGON.EXE  /md5 /s >
 winlogon.exe : MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -> C:\Windows\SysNative\winlogon.exe -> [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe -> [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=132328DF455B0028F13BF0ABEE51A63A -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe -> [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=A93D41A4D4B0D91C072D11DD8AF266DE -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe -> [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=DA3E2A6FA9660CC75B471530CE88453A -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe -> [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2012.02.20 23:55:40 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2012.02.20 23:55:40 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2012.02.20 23:55:40 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE] -> [2012.02.20 23:55:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2012.02.20 23:55:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2012.02.20 23:55:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand -> C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS] -> [2012.02.15 06:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand -> C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS] -> [2012.02.15 06:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand -> C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER] -> [2012.02.15 06:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\ -> C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE"] -> [2012.02.15 06:03:37 | 001,049,072 | ---- | M] (Google Inc.)
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2012.02.20 23:55:40 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2012.02.20 23:55:40 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2012.02.20 23:55:40 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE] -> [2012.02.20 23:55:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2012.02.20 23:55:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2012.02.20 23:55:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand -> C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS] -> [2012.02.15 06:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand -> C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS] -> [2012.02.15 06:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand -> C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER] -> [2012.02.15 06:03:37 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\ -> C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\USERS\SNAKE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE"] -> [2012.02.15 06:03:37 | 001,049,072 | ---- | M] (Google Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTS Restore Point
< End of report >
[/code]
i evo o kojem pop-up-u se radi

Moj PC  
trajni link nadporuka
0 0 hvala 0
Father_Dougal 
17 godina
offline
uto 6.3.2012 9:11
Odgovori Citiraj
Iskakanje reklamnih prozora u Windowsima

Koja ćitaba. Kaj je onaj driver.exe na samom početku? Bojim se da ne bi smio tamo biti... :)

Nego, imao sam sličan slučaj, pa provjeri u add/remove programs ima li kakvih unosa koji ne bi tamo trebali biti. Meni se instalacijom nekakvog sharewarea ukucao nekakav redirector za reklame koji bi mi izbacio popup, i ostao je nakon deinstalacije programa, a nije bilo opcije za isključiti.

S druge strane, AV program, UAC stavi na maksimum ako si ga hackerski isključio...

I was only mostly dead, try finding that option on government paperwork!
Moj PC  
trajni link
0 0 hvala 0
total 
17 godina
neaktivan
offline
uto 6.3.2012 13:07
Odgovori Citiraj
Iskakanje reklamnih prozora u Windowsima

otvori OTS i ovo kopiraj u prazno polje

 

  [Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\] > ->
YN -> HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 83 2F 2E 07 1B DA CC 01 [binary data]
< Run [HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\] > -> HKEY_USERS\S-1-5-21-3752930861-2899763130-1952413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "Drivers" -> C:\Users\Snake\AppData\Roaming\driver.exe ["C:\Users\Snake\AppData\Roaming\driver.exe"]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YY -> "C:\Users\Snake\AppData\Roaming\new.exe" -> C:\Users\Snake\AppData\Roaming\new.exe [C:\Users\Snake\AppData\Roaming\new.exe:*:Enabled:Windows Messanger]
YN -> "C:\Users\Snake\AppData\Roaming\test.exe" -> [C:\Users\Snake\AppData\Roaming\test.exe:*:Enabled:Windows Messanger]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{3a891ee5-15b8-11e1-9954-00241dc19311}\shell\\"" -> [AutoRun]
YN -> \{3a891ee5-15b8-11e1-9954-00241dc19311}\shell\AutoRun\command\\"" -> [J:\autorun.exe]
[Files/Folders - Created Within 30 Days]
NY -> driver.exe -> C:\Users\Snake\AppData\Roaming\driver.exe
NY -> drivers.exe -> C:\Users\Snake\AppData\Roaming\drivers.exe
NY -> new.exe -> C:\Users\Snake\AppData\Roaming\new.exe
[Files/Folders - Modified Within 30 Days]
NY -> driver.exe -> C:\Users\Snake\AppData\Roaming\driver.exe
NY -> Temp19.html -> C:\Users\Snake\AppData\Local\Temp19.html
NY -> Temp1.html -> C:\Users\Snake\AppData\Local\Temp1.html
NY -> 337 C:\Users\Snake\AppData\Local\Temp\*.tmp files -> C:\Users\Snake\AppData\Local\Temp\*.tmp
NY -> 337 C:\Users\Snake\AppData\Local\Temp\*.tmp files -> C:\Users\Snake\AppData\Local\Temp\*.tmp
NY -> 1 C:\Users\Snake\AppData\Local\Temp\is-91R2Q.tmp\_isetup\*.tmp files -> C:\Users\Snake\AppData\Local\Temp\is-91R2Q.tmp\_isetup\*.tmp
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[CreateRestorePoint]
[Start Explorer]
[Reboot]

 

-klik na RUN FIX

-log koji dobiješ uploadaj na speedyshare ili neki drugi link

 

2.skini combofix i spremi na desktop

-isključi antivirus

-pokreni combofix i na sve što traži odgovori potvrdno

-log koji dobiješ uploadaj na speedyshare a link kopiraj na ovu temu

 
trajni link
0 0 hvala 0
snake01091989ST 
14 godina
neaktivan
offline
uto 6.3.2012 19:51
Odgovori Citiraj
Re: Iskakanje reklamnih prozora u Windowsima

Evo OTS log: http://speedy.sh/QX8vx/OTS-log.txt

 

i ComboFix log: http://speedy.sh/wnk97/ComboFix-log.txt

Poruka je uređivana zadnji put uto 6.3.2012 19:53 (snake01091989ST).
Moj PC  
trajni link nadporuka
0 0 hvala 0
total 
17 godina
neaktivan
offline
uto 6.3.2012 20:23
Odgovori Citiraj
Re: Iskakanje reklamnih prozora u Windowsima
snake01091989ST kaže...

Evo OTS log:  http://speedy.sh/QX8vx/OTS-log.txt

 

i ComboFix log:  http://speedy.sh/wnk97/ComboFix-log.txt

  sad bi trebalo biti sve ok

 

možeš izbrisati OTS i combofix

 

-otvori OTS i klik na CLEAN UP

 

još ćeš provjerit računalo s malwarebytesom

-instaliraj program >update >quick scan

-log koji dobieš kopiraj

 

imaš li i dalje problem s računalom ?

 

 
trajni link nadporuka
0 0 hvala 1
snake01091989ST 
14 godina
neaktivan
offline
čet 8.3.2012 12:04
Odgovori Citiraj
Re: Iskakanje reklamnih prozora u Windowsima

evo nema više dosadnih reklama,,,zahvaljujem svima na pomoći, spasili ste me ;)

 

pozz

Moj PC  
trajni link nadporuka
0 0 hvala 0
Father_Dougal 
17 godina
offline
čet 8.3.2012 12:38
Odgovori Citiraj
Iskakanje reklamnih prozora u Windowsima

Evo Total HVALA s moje strane jer si se potrudio pomoći čovjeku.

I was only mostly dead, try finding that option on government paperwork!
Moj PC  
trajni link
0 0 hvala 0
1
Nova poruka
Pronađi
Prijava korisnika
E-mail:
Lozinka:
 
Aktivne teme
vrh stranice
Copyright © 2008 - 2025 Bug d.o.o. sva prava pridržana.