Facebook vir

Zpráva

radim30 · #16 Příspěvek od **radim30** » 04 lis 2011 23:51

ComboFix 11-11-04.04 - Vojta 04.11.2011 23:18:48.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4087.2962 [GMT 1:00]
Spuštěný z: c:\users\Vojta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vojta\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll"
"c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll
c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-04 do 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 22:21 . 2011-11-04 22:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 16:54 . 2011-11-04 16:54 -------- d-----w- c:\users\Vojta\AppData\Local\Diagnostics
2011-11-04 14:07 . 2011-11-04 14:07 -------- d-----w- c:\users\Vojta\AppData\Roaming\Malwarebytes
2011-11-04 14:07 . 2011-11-04 14:07 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 14:07 . 2011-11-04 14:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-04 14:07 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 13:07 . 2011-11-04 13:07 -------- d-----w- C:\rsit
2011-11-04 13:07 . 2011-11-04 13:07 -------- d-----w- c:\program files (x86)\trend micro
2011-10-26 15:08 . 2011-10-26 15:08 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-10-26 14:55 . 2011-10-18 00:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2C7F1A9-48E2-49FB-BBDB-9A45827AFEB3}\mpengine.dll
2011-10-25 17:48 . 2011-10-25 17:48 -------- d-----w- c:\program files (x86)\Eidos
2011-10-24 13:53 . 2011-11-04 17:50 -------- d-----w- c:\program files (x86)\Steam
2011-10-21 14:39 . 2011-10-24 13:13 -------- d-----w- c:\program files (x86)\Valve
2011-10-21 09:28 . 2011-11-03 03:28 -------- d-----w- c:\program files (x86)\Application Updater
2011-10-18 17:05 . 2011-10-18 17:05 -------- d-----w- c:\users\Vojta\AppData\Roaming\Razer
2011-10-18 17:05 . 2008-09-12 14:22 65536 ----a-w- c:\windows\SysWow64\Arctosa.cpl
2011-10-18 17:05 . 2011-10-18 17:05 -------- d-----w- c:\program files (x86)\Razer
2011-10-18 17:05 . 2011-10-18 17:05 -------- d-----w- c:\users\Vojta\AppData\Roaming\InstallShield
2011-10-13 15:46 . 2011-10-13 15:46 -------- d-----w- c:\users\Vojta\AppData\Roaming\MusicNet
2011-10-13 15:46 . 2011-10-13 15:46 -------- d-----w- c:\program files (x86)\SearchCore for Browsers
2011-10-13 15:41 . 2011-11-04 17:44 -------- d-----w- c:\program files (x86)\BearShare Applications
2011-10-13 15:40 . 2011-10-13 15:40 -------- d-----w- c:\users\Vojta\AppData\Local\PackageAware
2011-10-13 14:26 . 2011-10-13 14:27 -------- d-----w- c:\windows\system32\SPReview
2011-10-13 14:26 . 2011-10-13 14:26 -------- d-----w- c:\windows\system32\EventProviders
2011-10-12 22:25 . 2011-09-01 05:17 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-10-12 18:50 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-07 17:49 . 2011-10-07 18:02 -------- d-----w- c:\program files (x86)\FIFA 12
2011-10-07 16:16 . 2011-10-07 16:16 -------- d-----w- c:\program files (x86)\EA Sports
2011-10-07 13:15 . 2011-10-14 20:53 -------- d-----w- c:\users\Vojta\AppData\Roaming\vlc
2011-10-07 13:15 . 2011-10-07 13:15 -------- d-----w- c:\program files (x86)\VideoLAN
2011-10-07 12:30 . 2011-10-07 12:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-07 12:29 . 2011-11-04 15:32 -------- d-----w- c:\program files (x86)\Java
2011-10-07 12:28 . 2011-10-07 12:34 -------- d-----w- c:\program files (x86)\JDownloader
2011-10-07 12:28 . 2011-10-07 12:28 -------- d-----w- c:\program files (x86)\Common Files\i4j_jres
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-13 14:33 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-10-13 14:33 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-03 04:06 . 2011-04-19 15:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-25 00:13 . 2011-07-06 21:30 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-09-25 00:13 . 2011-07-06 21:30 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-04_15.47.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-04 15:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-04 17:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-26 09:25 . 2011-11-04 17:52 71650 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-04 17:52 32806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-04 15:40 32806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-11 14:57 . 2011-11-04 17:52 17984 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-193897993-210543724-810583694-1001_UserData.bin
+ 2011-11-04 22:22 . 2011-11-04 22:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-04 15:47 . 2011-11-04 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2011-11-04 17:50 573440 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-04 15:39 573440 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-04 17:50 802816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-04 15:39 802816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2011-11-04 17:56 606992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-04 15:45 606992 c:\windows\system32\perfh009.dat
+ 2010-06-25 20:30 . 2011-11-04 17:56 622422 c:\windows\system32\perfh005.dat
- 2010-06-25 20:30 . 2011-11-04 15:45 622422 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-11-04 17:56 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-04 15:45 103370 c:\windows\system32\perfc009.dat
+ 2010-06-25 20:30 . 2011-11-04 17:56 118604 c:\windows\system32\perfc005.dat
- 2010-06-25 20:30 . 2011-11-04 15:45 118604 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2011-11-04 15:46 396120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-04 22:21 396120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-12 02:35 . 2011-11-04 22:21 6148720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-193897993-210543724-810583694-1001-8192.dat
+ 2011-05-22 17:54 . 2011-11-04 17:45 2722343 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-193897993-210543724-810583694-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-24 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-05-06 609312]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-02-05 124136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-09-27 745880]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-24 9642528]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [BU]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2011-11-04 23:25:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-04 22:25
ComboFix2.txt 2011-11-04 17:49
ComboFix3.txt 2011-11-04 15:50
.
Před spuštěním: Volných bajtů: 35 986 137 088
Po spuštění: Volných bajtů: 35 899 547 648
.
- - End Of File - - E1AF8437C75F5F515E06964574CD5DF0

#17 Příspěvek od **Mc_Murphy** » 05 lis 2011 09:12

Log z CF už vypadá čistý. Sice jsi ho spouštěl na začátku, ale proveď ještě jednou scan s MBAM. Lepší by bylo, provést scan v Nouzovém režimu.

Stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.

Proveď aktualizaci virové databáze.
V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.
Předem nic nemaž!!
MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!

radim30 · #18 Příspěvek od **radim30** » 05 lis 2011 15:59

OK, a když ta MBAM's úplná kontrola nic nenajde, můžu nainstalovat antivirus a instalovat aktualizace Windows?

Ptám se proto, že teď jsem doma a až půjdu ke kámošovi, tak bych už chtěl mít info.

Zatím jsem tam byl 6 hodin v kuse, přičemž se udělaly asi 4 kroky k čištění. Následně jsem si přijel v 11 hodin pouze pro log.

#19 Příspěvek od **Mc_Murphy** » 05 lis 2011 18:36

Ještě jednou zopakuji, že u toho sedím zadarmo a ve svém volném čase. Pročítám dlouhatánské logy, snažím se na dálku pomáhat lidem s jejich problémy a sem tam si za to vyslechnu, že bych měl dělat rychleji. Jak jsem psal již dříve, jestli kamarád tak strašně pospíchá, měl si zaplatit firmu. Doufám, že nejsi blonďatej a nemusím Ti to malovat v komixu. Howgh.

Mám sto chutí Tě pořádně vydusit, ale nesnížím se na Tvou úroveň. Když MBAM nic nenajde, spusť tam OTL se vstupním scriptem. Napíšu script pro dočištění a pak si s tím počítačem dělej, co se Ti zlíbí a jak rychle chceš.

Pro začátek stáhni OTL z tohoto odkazu a ulož jej na Plochu.

Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
Zaškrtni okénko Pro všechny uživatele.
Zaškrtni okénko Kontrola na havěť "LOP".
Zaškrtni okénko Kontrola na havěť "Purity".
Stáři souborů změň z 30 dnů na 7 dnů.
Do spodního okénka Vlastní skenování/opravy vlož tento script:

Kód: Vybrat vše

safebootminimal 
safebootnetwork
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys 
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
*legalizator* /s
*registration* /s
*Office 2010* /s
*AutoRearm* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

Klikni na tlačítko Prohledat.
Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vlož.
Logy se nevejdou do jednoho, rozděl je tedy prosím do více příspěvků.

#20 Příspěvek od **Pavuk29** » 06 lis 2011 14:18

radim30 píše:
Ptám se proto, že teď jsem doma a až půjdu ke kámošovi, tak bych už chtěl mít info.

Mc_Murphy je tvoj zamestnanec?

radim30 · #21 Příspěvek od **radim30** » 07 lis 2011 17:46

Mc_Murphy píše: Log z CF už vypadá čistý. Sice jsi ho spouštěl na začátku, ale proveď ještě jednou scan s MBAM. Lepší by bylo, provést scan v Nouzovém režimu.

Stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.
Proveď aktualizaci virové databáze.

V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.

Předem nic nemaž!!

MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!

Dobrý den,

děkuji za návod. Udělal jsem teda úplnou kontrolu kámošovi přes TeamViewer, tudíž to nebylo v nouzovém režimu, ale vše ostatní bylo ukončeno. Našlo to 4 infikované soubory, které si ale myslíme, že žádné viry nejsou. Jenom ten třetí bude asi zbytek po viru z karantény, kam ho před tím hodil ComboFix. Takže snad by to mělo být neškodné.

Můžem teda pokračovat podle toho dalšího návodu? Přikládám zmiňovaný log:

Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Verze databáze: 8107

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7.11.2011 17:19:23
mbam-log-2011-11-07 (17-19-15).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 331386
Uplynulý čas: 24 minut, 40 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files (x86)\av digital talking parrot\dealiokit1-stub-0.exe (PUP.Dealio.TB) -> No action taken.
c:\program files (x86)\electronic arts\medal of honor\Binaries\loader.dll (Riskware.Tool.CK) -> No action taken.
c:\Qoobox\quarantine\C\Windows\update.tray-14-0-lnk\svchost.exe.vir (Trojan.Agent) -> No action taken.
c:\Users\Vojta\downloads\gta iv pc version\gta_4_no_shaking_camera_working_personaly_tried_shezan___redor_1.0.3_only\gta_4_no_shaking_camera_working_personaly_tried_shezan___redor_1.0.3_only\launchgtaiv.exe (Risktool.Crack) -> No action taken.

#22 Příspěvek od **Mc_Murphy** » 07 lis 2011 18:19

S tím Team Viewerem dobrý nápad, ale chtěl jsem spustit MBAM v Nouzovém režimu úmyslně, protože tak dokáže odpálit více problémových souborů, ale nevadí.

Mno, nemáš tak docela pravdu...

Ano, třetí položka je karanténa, ta bude na konci smazána.

Ten loader.dll ve složce medal of honor může být závadný v případě, že má Tvůj kamarád hru nelegálně. Osobně se mi nelíbí ani ten soubor z GTA IV.

První položku nech smazat, je to zbytek po Dealio Toolbaru - pryč s tím.

A čekám na ten log z OTL už jen (snad) na dočištění zbytků po toolbarech a dalších.

radim30 · #23 Příspěvek od **radim30** » 07 lis 2011 18:45

OK díky za rychlou odpověď. Jenom se zeptám:

Můžu u toho prvního celou tu složku smazat pomocí SHIFT+DEL? Kámoš musel restartnout PC a nevím, jestli odstranění viru z programu se rovná tomu stejnému jako na soubor SHIFT+DEL ...

A jinak ten OTL můžu teoreticky taky přes ten TeamViewer?

Děkuju.

#24 Příspěvek od **Mc_Murphy** » 07 lis 2011 18:57

Shift Del zkus, mělo by to jít. Když ne, musí se to provést v Nouzovém režimu nebo to mohu potom zařadit do scriptu pro OTL.

Co se týče spuštění přes Team Viewer, mělo by to fungovat v pohodě, ale mohou se vyskytnout chyby. Zkus to a uvidíš, kdyžtak napiš.

radim30 · #25 Příspěvek od **radim30** » 07 lis 2011 19:30

Dobrý večer,

tak spustil jsem všechno dle daných instrukcí, aplikace byly kromě toho Team Vieweru vyplé, spuštěno jako administrátor a nastaveno vše dle instrukcí. Asi po 10ti minutách tam ale vyskočila tato chyba:

Obrázek

Dole ve stavovém řádku bylo v tu chvíli zobrazeno:

Manual File Scan - Looking in folder: \Windows\winsxs\x86_wwf-system.workflow.runtime_ ... -> a nějaké znaky

Test se zasekl a dál už nejede. Ještě před touto chybou vyskočilo v levém horním rohu na sekundu externí okno příkazového řádku. Nevíte, čím by to mohlo být?

Předem děkuji

radim30 · #26 Příspěvek od **radim30** » 07 lis 2011 20:11

Tak nakonec jsem ty 4 podezřelé z MBAM-u smazal řádně, spustili jsme ještě jeden scan a až po něm je vymazali, to manuální nám přišlo rizikové.

Teď teda restartujem PC zkusíme ještě ten OST, uvidíme, jestli tam zas bude ta chyba

Zde je kdyžtak log z toho MBAMu, který smazal ty 4 nákazy:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8109

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7.11.2011 20:08:36
mbam-log-2011-11-07 (20-08-36).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 331169
Uplynulý čas: 22 minut, 37 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files (x86)\av digital talking parrot\dealiokit1-stub-0.exe (PUP.Dealio.TB) -> Quarantined and deleted successfully.
c:\program files (x86)\electronic arts\medal of honor\Binaries\loader.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.tray-14-0-lnk\svchost.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Vojta\downloads\gta iv pc version\gta_4_no_shaking_camera_working_personaly_tried_shezan___redor_1.0.3_only\gta_4_no_shaking_camera_working_personaly_tried_shezan___redor_1.0.3_only\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.

#27 Příspěvek od **Mc_Murphy** » 07 lis 2011 20:19

Jo, tu chybu s OTL znám. Spusť ho tedy stejně, jako je psáno v původním návodu, ale dej tento pozměněný script:

Kód: Vybrat vše

safebootminimal 
safebootnetwork
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys 
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
*legalizator* /s
*registration* /s
*Office 2010* /s
*AutoRearm* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%SystemDrive%\PhysicalMBR.bin /md5

Co se týče MBAMu, tak v pořádku.

radim30 · #28 Příspěvek od **radim30** » 07 lis 2011 20:55

Dobrý večer,

OTL hotovo, je to ale hodně velké, tak to radši posílám přes externí webové úložiště. Snad nebude problém:

Kód: Vybrat vše

http://leteckaposta.cz/193081556

Je to všechno OK? Už ten Antivirus nemám nabouraný, takže můžu zkusit už i aktualizace? Zatím děkuju

#29 Příspěvek od **Mc_Murphy** » 08 lis 2011 07:04

Já si sem ten script hodím, lépe se to čte, vydrž prosím...

OTL logfile created on: 11/7/2011 8:35:47 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Vojta\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.99 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 73.43% Memory free
7.98 Gb Paging File | 6.87 Gb Available in Paging File | 86.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289.95 Gb Total Space | 29.36 Gb Free Space | 10.12% Space Free | Partition Type: NTFS
Drive D: | 290.12 Gb Total Space | 251.80 Gb Free Space | 86.79% Space Free | Partition Type: NTFS

Computer Name: VOJTA-PC | User Name: Vojta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 19:06:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vojta\Desktop\OTL.exe
PRC - [2011/11/03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/11/03 19:25:09 | 002,143,104 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011/11/03 19:25:08 | 008,094,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/11/03 18:55:50 | 000,108,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
PRC - [2011/09/27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2011/09/25 01:13:19 | 000,103,736 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/09/25 01:13:11 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/02/01 19:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/12/09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/10/02 21:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/05 10:00:32 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/09/27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/09/25 01:13:19 | 000,103,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/09/25 01:13:11 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/12/08 13:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/01 19:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/12/09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/10/02 21:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/16 18:44:21 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/27 23:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/10/02 20:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/24 14:07:52 | 001,622,528 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-193897993-210543724-810583694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-193897993-210543724-810583694-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-193897993-210543724-810583694-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vojta\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vojta\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://search.bearshare.com/web?src=crb ... earchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vojta\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vojta\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vojta\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Media Plugin = C:\Users\Vojta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\2.0_0\

O1 HOSTS File: ([2011/11/04 23:22:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-193897993-210543724-810583694-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found
O3 - HKU\S-1-5-21-193897993-210543724-810583694-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3:64bit: - HKU\S-1-5-21-193897993-210543724-810583694-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-193897993-210543724-810583694-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Arctosa] C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-193897993-210543724-810583694-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-193897993-210543724-810583694-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-193897993-210543724-810583694-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB93C659-5CB4-4903-ADDC-7BDD26A343BD}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.tscc - C:\PROGRA~2\MpcStar\Codecs\tscc\tsccvid.dll File not found
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2011/11/07 19:06:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Vojta\Desktop\OTL.exe
[2011/11/07 16:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011/11/05 19:54:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/04 23:25:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/04 23:22:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/04 18:36:49 | 004,284,246 | R--- | C] (Swearware) -- C:\Users\Vojta\Desktop\ComboFix.exe
[2011/11/04 17:54:42 | 000,000,000 | ---D | C] -- C:\Users\Vojta\AppData\Local\Diagnostics
[2011/11/04 16:41:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/04 16:41:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/04 16:41:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/04 16:41:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/04 16:41:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/04 16:40:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/04 15:45:01 | 000,000,000 | ---D | C] -- C:\Users\Vojta\Desktop\RK_Quarantine
[2011/11/04 15:07:47 | 000,000,000 | ---D | C] -- C:\Users\Vojta\AppData\Roaming\Malwarebytes
[2011/11/04 15:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/04 15:07:39 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/04 15:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/04 14:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2011/11/04 14:07:52 | 000,000,000 | ---D | C] -- C:\rsit

========== Files - Modified Within 7 Days ==========

[2011/11/07 20:36:31 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/11/07 20:21:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 20:21:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 20:20:02 | 001,445,560 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/07 20:20:02 | 000,622,422 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011/11/07 20:20:02 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/07 20:20:02 | 000,118,604 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011/11/07 20:20:02 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/07 20:14:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 20:13:58 | 3214,204,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 19:25:00 | 000,020,635 | ---- | M] () -- C:\Users\Vojta\Desktop\error.png
[2011/11/07 19:06:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vojta\Desktop\OTL.exe
[2011/11/07 16:22:23 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/11/04 23:22:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/04 23:17:51 | 004,284,246 | R--- | M] (Swearware) -- C:\Users\Vojta\Desktop\ComboFix.exe
[2011/11/04 18:18:04 | 000,002,122 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/04 17:00:34 | 000,019,809 | ---- | M] () -- C:\Users\Vojta\Desktop\nvcpl.png
[2011/11/04 16:52:33 | 000,022,724 | ---- | M] () -- C:\Users\Vojta\Desktop\spuštění.png
[2011/11/04 14:13:01 | 000,007,655 | ---- | M] () -- C:\Users\Vojta\AppData\Local\Resmon.ResmonCfg
[2011/11/02 19:43:03 | 000,001,823 | ---- | M] () -- C:\Users\Vojta\Desktop\NeroStartSmart.lnk
[2011/11/02 19:41:44 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts puvodni

========== Files Created - No Company Name ==========

[2011/11/07 19:25:00 | 000,020,635 | ---- | C] () -- C:\Users\Vojta\Desktop\error.png
[2011/11/07 19:13:19 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/11/07 16:22:23 | 000,001,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/11/07 16:22:23 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/11/04 17:00:34 | 000,019,809 | ---- | C] () -- C:\Users\Vojta\Desktop\nvcpl.png
[2011/11/04 16:52:33 | 000,022,724 | ---- | C] () -- C:\Users\Vojta\Desktop\spuštění.png
[2011/11/04 16:41:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/04 16:41:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/04 16:41:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/04 16:41:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/04 16:41:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/02 19:43:03 | 000,001,823 | ---- | C] () -- C:\Users\Vojta\Desktop\NeroStartSmart.lnk
[2011/09/25 01:13:07 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/09/25 00:57:22 | 000,007,655 | ---- | C] () -- C:\Users\Vojta\AppData\Local\Resmon.ResmonCfg
[2011/09/20 19:05:37 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2011/07/06 22:30:17 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/06 22:30:14 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/07/06 22:30:14 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/08 12:28:05 | 001,470,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/21 19:50:02 | 000,000,632 | ---- | C] () -- C:\Windows\Thps3.INI
[2011/01/06 17:24:16 | 000,003,584 | ---- | C] () -- C:\Users\Vojta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 07:47:45 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\Rezip.exe
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2010/03/26 11:15:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2010/03/26 11:15:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2010/03/26 11:15:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2010/03/26 11:15:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2010/03/26 11:15:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2010/03/26 11:15:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2010/03/26 11:15:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2010/03/26 11:15:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2010/03/26 11:15:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2010/03/26 11:15:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2010/03/26 11:15:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2010/03/26 11:15:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2010/03/26 11:15:44 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2010/03/26 11:15:44 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2010/03/26 11:15:44 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2010/03/26 11:15:44 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2011/05/22 18:24:55 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\BitComet
[2011/06/02 19:12:27 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\BSplayer
[2011/01/04 19:42:33 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\BSplayer Pro
[2011/05/22 18:24:16 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\CometPlayer
[2010/12/16 18:46:27 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\DAEMON Tools Lite
[2011/07/07 00:40:56 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Day 1 Studios
[2011/05/28 09:44:58 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\eSobi
[2010/12/16 19:55:41 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Leadertech
[2011/06/01 21:13:19 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\MP3Rocket
[2011/10/13 16:46:38 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\MusicNet
[2011/05/22 16:19:11 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Nokia
[2010/12/11 15:59:42 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\OEM
[2010/12/29 13:55:34 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Opera
[2011/05/22 16:19:26 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\PC Suite
[2010/12/11 16:16:55 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\PowerCinema
[2011/10/18 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Razer
[2011/05/22 18:23:54 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\tigerplayer
[2011/11/04 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\uTorrent
[2011/08/27 08:42:11 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010/11/20 14:25:17 | 001,475,584 | ---- | M] (Microsoft Corporation)
"Steam" = "C:\Program Files (x86)\Steam\steam.exe" -silent -- [2011/10/24 14:54:35 | 001,242,448 | ---- | M] (Valve Corporation)

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CSRSS.EXE >
[2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 07:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/02/04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\ERDNT\cache86\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 07:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2010/02/04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: LSASS.EXE >
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\ERDNT\cache64\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe

< MD5 for: NDIS.SYS >
[2010/11/20 14:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\ERDNT\cache64\ndis.sys
[2010/11/20 14:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys
[2010/11/20 14:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NTFS.SYS >
[2010/11/20 14:33:46 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\ERDNT\cache64\ntfs.sys
[2010/11/20 14:33:46 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\SysNative\drivers\ntfs.sys
[2010/11/20 14:33:46 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2009/07/14 02:48:27 | 001,659,984 | ---- | M] (Microsoft Corporation) MD5=356698A13C4630D5B31C37378D469196 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SMSS.EXE >
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010/08/20 06:38:12 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=8547491BE7086EE317163365D83A37D2 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[2009/07/14 02:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=89E8550C5862999FCF482EA562B0E98E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[2010/11/20 14:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\ERDNT\cache64\spoolsv.exe
[2010/11/20 14:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\SysNative\spoolsv.exe
[2010/11/20 14:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[2010/08/21 07:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 06:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2010/11/20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/21 07:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/06/14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011/04/25 06:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010/04/09 12:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2010/06/14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 06:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 07:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2010/04/09 08:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[2011/04/25 07:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/21 07:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011/06/21 07:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\ERDNT\cache64\tcpip.sys
[2011/06/21 07:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/06/21 07:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008/05/29 19:00:00 | 000,027,648 | ---- | M] (CANON INC.) --
[2008/05/29 19:00:00 | 000,082,944 | ---- | M] (CANON INC.) --
[2009/07/14 02:41:12 | 000,027,648 | ---- | M] (Microsoft Corporation) --
[2010/11/20 14:27:28 | 000,039,424 | ---- | M] (Microsoft Corporation) --
[2010/06/25 21:29:23 | 000,003,584 | ---- | M] (Lexmark International Inc.) --

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2010/02/25 13:00:32 | 000,000,008 | ---- | M] () -- C:\Windows\system32\drivers\1025_ACER_ACER_AM3910.MRK
[2009/06/10 22:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2009/06/10 22:14:29 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt
[2010/02/25 13:00:39 | 000,002,072 | ---- | M] () -- C:\Windows\system32\drivers\MOD01SET0500Z6006W.enc

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011/11/04 16:32:23 | 000,002,967 | ---- | M] () -- C:\Windows\system32\jupdate-1.6.0_29-b11.log

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\config\*.sav >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[6 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\001eb024e3e4a075499121b09d79daaf\*.tmp files -> C:\Windows\SoftwareDistribution\Download\001eb024e3e4a075499121b09d79daaf\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\023c4f300a1412193e91f96c90e8ee99\*.tmp files -> C:\Windows\SoftwareDistribution\Download\023c4f300a1412193e91f96c90e8ee99\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2a126cd9b589f78768b01dcff6e2ab71\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2a126cd9b589f78768b01dcff6e2ab71\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\65b406b7f28ba0f00f95cb730b908d9c\*.tmp files -> C:\Windows\SoftwareDistribution\Download\65b406b7f28ba0f00f95cb730b908d9c\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\861750b96d28fe2fdd009b6afa86d3bb\*.tmp files -> C:\Windows\SoftwareDistribution\Download\861750b96d28fe2fdd009b6afa86d3bb\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\95fdded43253e3432324814f2f0e9126\*.tmp files -> C:\Windows\SoftwareDistribution\Download\95fdded43253e3432324814f2f0e9126\*.tmp -> ]
[40 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp -> ]
[40 C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp files -> C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp -> ]
[2 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2011/01/20 11:34:33 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Adobe
[2011/04/15 12:21:36 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Apple Computer
[2011/05/22 18:24:55 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\BitComet
[2011/06/02 19:12:27 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\BSplayer
[2011/01/04 19:42:33 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\BSplayer Pro
[2011/05/22 18:24:16 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\CometPlayer
[2011/01/25 22:39:28 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Creative
[2010/12/11 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\CyberLink
[2010/12/16 18:46:27 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\DAEMON Tools Lite
[2011/07/07 00:40:56 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Day 1 Studios
[2011/07/03 18:47:47 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\dvdcss
[2011/05/28 09:44:58 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\eSobi
[2010/12/11 16:07:00 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Google
[2010/12/11 15:59:11 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Identities
[2011/10/18 18:05:26 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\InstallShield
[2010/12/11 15:59:46 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Intel Corporation
[2010/12/16 19:55:41 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Leadertech
[2010/12/11 15:59:38 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Macromedia
[2011/11/04 15:07:47 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Media Center Programs
[2011/11/03 04:28:16 | 000,000,000 | --SD | M] -- C:\Users\Vojta\AppData\Roaming\Microsoft
[2011/05/22 17:54:34 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Mozilla
[2011/06/01 21:13:19 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\MP3Rocket
[2011/10/13 16:46:38 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\MusicNet
[2011/03/13 16:24:27 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Nero
[2011/05/22 16:19:11 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Nokia
[2010/12/11 15:59:42 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\OEM
[2011/01/04 19:10:36 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\OpenOffice.org2
[2010/12/29 13:55:34 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Opera
[2011/05/22 16:19:26 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\PC Suite
[2010/12/11 16:16:55 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\PowerCinema
[2011/10/18 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Razer
[2011/07/03 09:34:14 | 000,000,000 | RH-D | M] -- C:\Users\Vojta\AppData\Roaming\SecuROM
[2011/05/28 18:28:18 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Skype
[2011/05/22 18:23:54 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\tigerplayer
[2011/11/04 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\uTorrent
[2011/10/14 21:53:52 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\vlc
[2011/01/04 19:12:31 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\Winamp
[2010/12/13 19:29:48 | 000,000,000 | ---D | M] -- C:\Users\Vojta\AppData\Roaming\WinRAR

< %APPDATA%\*.* >

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

#30 Příspěvek od **Mc_Murphy** » 08 lis 2011 07:05

< *crack* /s >
[2010/11/09 07:49:48 | 040,868,256 | ---- | M] () -- \Program Files (x86)\Activision\Call of Duty - Black Ops\zone\Common\mp_cracked.ff
[2010/11/09 07:49:48 | 000,019,296 | ---- | M] () -- \Program Files (x86)\Activision\Call of Duty - Black Ops\zone\English\en_mp_cracked.ff
[2011/07/12 17:15:27 | 002,681,309 | ---- | M] () -- \Program Files (x86)\BitLord\Downloads\[www.tnttorrent.info] Duke Nukem Forever 2011 [FULL] [miguel] [Ekipa TnT]\Duke Nukem Forever 2011 CrackOnly SKIDROW.rar
[2011/10/06 18:16:14 | 000,004,328 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\plugins\hoster\CrackedCom.class
[2011/06/01 21:13:14 | 000,000,991 | ---- | M] () -- \Users\Vojta\AppData\Roaming\Microsoft\Windows\Cookies\vojta@crackle[2].txt
[2011/07/15 15:10:40 | 000,015,488 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetailcrackndetailncrack.cfx
[2011/07/15 15:10:41 | 000,015,476 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
[2011/07/15 15:10:41 | 000,015,896 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
[2011/07/15 15:10:41 | 000,016,392 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
[2011/07/15 15:10:41 | 000,015,232 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
[2011/07/15 15:10:41 | 000,015,972 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
[2011/07/15 15:10:40 | 000,015,908 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
[2011/07/15 15:10:40 | 000,016,404 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
[2011/07/15 15:10:41 | 000,015,232 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
[2011/07/15 15:10:40 | 000,015,984 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
[2011/07/15 15:10:40 | 000,015,708 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
[2011/07/15 15:10:41 | 000,015,696 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
[2011/07/15 15:10:41 | 000,016,116 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
[2011/07/15 15:10:41 | 000,016,612 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
[2011/07/15 15:10:42 | 000,015,452 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
[2011/07/15 15:10:41 | 000,016,192 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
[2011/07/15 15:10:40 | 000,016,128 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
[2011/07/15 15:10:40 | 000,016,624 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
[2011/07/15 15:10:41 | 000,015,452 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
[2011/07/15 15:10:40 | 000,016,204 | ---- | M] () -- \Users\Vojta\Documents\Battlefield Play4Free\mods\main\cache\{D7B71E3E-4FE2-11CF-3951-5B011CC2C535}_226447_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
[2011/09/27 17:01:12 | 008,172,035 | ---- | M] () -- \Users\Vojta\Downloads\Call of Duty - Black Ops\Call.of.Duty.Black.Ops-SKIDROW-Crack.rar
[2011/07/04 19:54:48 | 004,754,842 | ---- | M] () -- \Users\Vojta\Downloads\GTA IV PC Version\crack\rzr-gta4-crack.rar
[2011/07/03 07:51:52 | 057,217,859 | ---- | M] () -- \Users\Vojta\Downloads\GTA IV PC Version\GTA IV PATCH 1.0.3.0 + CRACK\GTA IV 1.0.3.0 Crack + Patch.rar
[2011/07/06 18:21:10 | 000,019,666 | ---- | M] () -- \Users\Vojta\Downloads\torenty\Far_Cry_2_PC_Windows_Game_Full_Game___Serial___Crack___PowerISO.4703507.TPB.torrent
[2011/09/09 12:50:13 | 000,036,240 | ---- | M] () -- \Users\Vojta\Downloads\torenty\Medal_of_Honor_2010_[Eng]_Full_Game_Keygen_Crack[OP_SN_95].6095273.TPB.torrent

< *keygen* /s >
[2011/09/09 12:50:13 | 000,036,240 | ---- | M] () -- \Users\Vojta\Downloads\torenty\Medal_of_Honor_2010_[Eng]_Full_Game_Keygen_Crack[OP_SN_95].6095273.TPB.torrent

< *loader* /s >
[2010/02/05 22:08:58 | 000,058,664 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Koan\pyloader.dll
[2010/02/05 22:09:04 | 000,001,731 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\System\FlvLoader.swf
[2010/02/05 22:09:06 | 000,011,732 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\System\KernelCtrl\ImageLoader.kc
[2010/02/05 22:09:06 | 000,021,419 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\System\KernelCtrl\ImageLoader2.kc
[2010/02/05 22:09:08 | 000,003,955 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Widget\langloader.kc
[2010/02/05 22:09:08 | 000,013,982 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Widget\layoutloader.kc
[2010/02/05 20:33:54 | 000,010,787 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\mm\MediaCtrl\ImageLoader.kc
[2010/02/05 20:33:56 | 000,003,498 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\Widget\langloader.kc
[2010/02/05 20:33:56 | 000,012,801 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\Widget\layoutloader.kc
[2010/02/02 09:20:58 | 000,011,710 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\HomeMedia\mm\MediaCtrl\ImageLoader.kc
[2010/02/02 09:21:06 | 000,003,489 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\HomeMedia\widget\langloader.kc
[2010/02/02 09:21:06 | 000,012,539 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\HomeMedia\widget\layoutloader.kc
[2010/02/04 00:37:34 | 000,056,416 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\Koan\pyloader.dll
[2010/02/04 00:37:38 | 000,018,115 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\subsys\DataCenter\ImageLoader.kc
[2006/10/26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2006/05/04 16:16:50 | 000,333,840 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\hideout\Loader_Sequence.WAV
[2006/05/04 16:16:50 | 000,005,952 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\hideout\Loader_Sequence.WHD
[2006/05/04 16:16:50 | 000,351,949 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\hideout\Loader_Sequence.ZIP
[2006/05/04 16:17:20 | 000,313,360 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M00\Loader_Sequence.WAV
[2006/05/04 16:17:20 | 000,005,392 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M00\Loader_Sequence.WHD
[2006/05/04 16:17:20 | 000,570,691 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M00\Loader_Sequence.ZIP
[2006/05/04 16:18:02 | 000,320,528 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M01\Loader_Sequence.WAV
[2006/05/04 16:18:02 | 000,005,616 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M01\Loader_Sequence.WHD
[2006/05/04 16:18:02 | 000,711,223 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M01\Loader_Sequence.ZIP
[2006/05/04 16:18:52 | 000,320,528 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M02\Loader_Sequence.WAV
[2006/05/04 16:18:52 | 000,005,616 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M02\Loader_Sequence.WHD
[2006/05/04 16:18:52 | 000,634,201 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M02\Loader_Sequence.ZIP
[2006/05/04 16:19:46 | 000,320,528 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M03\Loader_Sequence.WAV
[2006/05/04 16:19:46 | 000,005,616 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M03\Loader_Sequence.WHD
[2006/05/04 16:19:46 | 000,707,294 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M03\Loader_Sequence.ZIP
[2006/05/04 16:20:20 | 000,320,528 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M04\Loader_Sequence.WAV
[2006/05/04 16:20:20 | 000,005,616 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M04\Loader_Sequence.WHD
[2006/05/04 16:20:20 | 000,531,761 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M04\Loader_Sequence.ZIP
[2006/05/04 16:21:00 | 000,320,528 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M05\Loader_Sequence.WAV
[2006/05/04 16:21:00 | 000,005,616 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M05\Loader_Sequence.WHD
[2006/05/04 16:21:00 | 000,591,946 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M05\Loader_Sequence.ZIP
[2006/05/04 16:21:50 | 000,320,528 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M06\Loader_Sequence.WAV
[2006/05/04 16:21:50 | 000,005,616 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M06\Loader_Sequence.WHD
[2006/05/04 16:21:50 | 000,617,459 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M06\Loader_Sequence.ZIP
[2006/05/04 16:22:26 | 000,320,528 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M08\Loader_Sequence.WAV
[2006/05/04 16:22:26 | 000,005,616 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M08\Loader_Sequence.WHD
[2006/05/04 16:22:28 | 000,440,664 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M08\Loader_Sequence.ZIP
[2006/05/04 16:23:14 | 000,320,528 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M09\Loader_Sequence.WAV
[2006/05/04 16:23:14 | 000,005,616 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M09\Loader_Sequence.WHD
[2006/05/04 16:23:14 | 000,550,700 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M09\Loader_Sequence.ZIP
[2006/05/04 16:24:14 | 000,320,528 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M10\Loader_Sequence.WAV
[2006/05/04 16:24:14 | 000,005,616 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M10\Loader_Sequence.WHD
[2006/05/04 16:24:14 | 000,650,200 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M10\Loader_Sequence.ZIP
[2006/05/04 16:24:58 | 000,320,528 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M11\Loader_Sequence.WAV
[2006/05/04 16:24:58 | 000,005,616 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M11\Loader_Sequence.WHD
[2006/05/04 16:24:58 | 000,596,635 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M11\Loader_Sequence.ZIP
[2006/05/04 16:25:40 | 000,320,528 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M12\Loader_Sequence.WAV
[2006/05/04 16:25:40 | 000,005,616 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M12\Loader_Sequence.WHD
[2006/05/04 16:25:40 | 000,668,734 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M12\Loader_Sequence.ZIP
[2006/05/04 16:26:20 | 000,320,528 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M13\Loader_Sequence.WAV
[2006/05/04 16:26:20 | 000,005,616 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M13\Loader_Sequence.WHD
[2006/05/04 16:26:20 | 000,632,940 | ---- | M] () -- \Program Files (x86)\Eidos\Hitman Blood Money\Scenes\M13\Loader_Sequence.ZIP
[2010/09/02 07:45:20 | 000,065,536 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\Binaries\PhysXLocal\PhysXLoader.dll
[2010/09/25 15:33:10 | 001,933,161 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\common_mp\loader-00.fbrb
[2010/09/25 15:33:11 | 005,968,346 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\common_mp_01\loader-00.fbrb
[2010/09/25 15:33:12 | 005,755,952 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\common_mp_02\loader-00.fbrb
[2010/09/25 15:33:19 | 055,099,465 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\common_mp_03\loader-00.fbrb
[2010/09/25 15:33:19 | 002,954,487 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\common_mp_04\loader-00.fbrb
[2010/09/25 15:33:25 | 047,101,846 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\common_mp_05\loader-00.fbrb
[2010/09/25 15:33:32 | 050,561,194 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\common_mp_06\loader-00.fbrb
[2010/09/25 15:33:39 | 055,282,402 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\common_mp_07\loader-00.fbrb
[2010/09/25 15:33:46 | 049,203,256 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\common_mp_08\loader-00.fbrb
[2010/09/25 15:33:52 | 047,279,340 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\common_mp_09\loader-00.fbrb
[2010/09/25 15:33:59 | 049,418,362 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\common_mp_10\loader-00.fbrb
[2010/09/25 15:28:14 | 017,474,214 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_01\loader-00.fbrb
[2010/09/25 15:28:19 | 016,173,085 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_02\loader-00.fbrb
[2010/09/25 15:28:28 | 017,335,818 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_04\loader-00.fbrb
[2010/09/25 15:28:31 | 008,013,580 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_05_domination\loader-00.fbrb
[2010/09/25 15:28:32 | 008,013,580 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_05_overrun\loader-00.fbrb
[2010/09/25 15:28:33 | 008,007,355 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_05_tdm\loader-00.fbrb
[2010/09/25 15:28:35 | 008,004,561 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_06_domination\loader-00.fbrb
[2010/09/25 15:28:36 | 008,004,561 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_06_overrun\loader-00.fbrb
[2010/09/25 15:28:37 | 007,984,585 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_06_tdm\loader-00.fbrb
[2010/09/25 15:28:38 | 008,008,365 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_08_domination\loader-00.fbrb
[2010/09/25 15:28:38 | 008,008,365 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_08_overrun\loader-00.fbrb
[2010/09/25 15:28:41 | 008,022,594 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_08_tdm\loader-00.fbrb
[2010/09/25 15:28:42 | 007,967,707 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_09_domination\loader-00.fbrb
[2010/09/25 15:28:45 | 007,967,707 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_09_overrun\loader-00.fbrb
[2010/09/25 15:28:46 | 007,988,318 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_09_tdm\loader-00.fbrb
[2010/09/25 15:28:46 | 008,033,103 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_10_domination\loader-00.fbrb
[2010/09/25 15:28:48 | 008,033,103 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_10_overrun\loader-00.fbrb
[2010/09/25 15:28:49 | 008,018,170 | ---- | M] () -- \Program Files (x86)\Electronic Arts\Medal of Honor\MP\dist\win32\levels\mp_10_tdm\loader-00.fbrb
[2011/10/06 18:16:14 | 000,214,528 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader.exe
[2011/10/06 18:16:14 | 000,593,293 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader.jar
[2011/10/06 18:16:14 | 000,218,816 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloaderBETA.exe
[2011/10/06 18:16:14 | 000,218,816 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloaderD3D.exe
[2011/10/07 13:31:07 | 000,000,105 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\img\hosterlogos\uploader.pl.png
[2011/10/06 18:16:14 | 000,007,069 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\plugins\hoster\UploaderPl.class
[2011/10/06 18:16:14 | 000,032,222 | ---- | M] () -- \Program Files (x86)\JDownloader\licenses\jdownloader.license
[2009/05/31 03:21:00 | 000,071,008 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2009/05/31 03:21:00 | 000,073,568 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2010/08/24 17:23:59 | 000,071,008 | ---- | M] () -- \Program Files\2K Games\Mafia 2\pc\PhysXLoader.dll
[2009/09/30 16:57:30 | 000,593,248 | ---- | M] () -- \Program Files\Microsoft Xbox 360 Accessories\Downloader.exe
[2010/03/15 11:27:18 | 000,054,784 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2011/10/07 13:28:23 | 000,001,905 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2011/10/07 13:28:23 | 000,001,884 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011/10/07 13:28:23 | 000,001,926 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2010/01/15 22:09:08 | 000,000,232 | ---- | M] () -- \ProgramData\Nero\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2011/10/26 15:51:06 | 000,000,000 | ---- | M] () -- \Qoobox\Quarantine\C\Windows\loader2.exe_ok.vir
[2011/10/07 13:28:23 | 000,001,905 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2011/10/07 13:28:23 | 000,001,884 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011/10/07 13:28:23 | 000,001,926 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2010/01/15 22:09:08 | 000,000,232 | ---- | M] () -- \Users\All Users\Nero\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2011/07/11 15:40:31 | 000,000,673 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NTZZFXC\loader[1].gif
[2011/07/11 16:59:38 | 000,000,851 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NTZZFXC\pageloader[1].gif
[2011/10/20 21:48:08 | 000,014,290 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NTZZFXC\TooltipLoader[1].js
[2011/07/11 16:53:42 | 000,004,176 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F9UZ4A7X\ajax-loader-hp[1].gif
[2011/07/11 15:49:13 | 000,001,332 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F9UZ4A7X\preloader[1].gif
[2011/10/20 21:48:08 | 000,000,905 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F9UZ4A7X\TooltipLoader[1].css
[2011/06/16 20:19:43 | 000,002,000 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J246HHD3\loader[1].gif
[2011/07/11 16:58:49 | 000,002,725 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF411PHT\loader[1].js
[2011/03/10 18:17:28 | 000,002,843 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF411PHT\rank_uploader[1].gif
[2011/03/10 18:22:25 | 000,008,238 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XQG1SV4H\ajax-loader[1].gif
[2011/07/11 16:57:44 | 000,003,174 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XQG1SV4H\loader[1].js
[2011/10/07 13:31:15 | 000,015,086 | ---- | M] () -- \Users\Vojta\AppData\Local\Opera\Opera\profile\images\http%3A%2F%2Fjdownloader.org%2Flib%2Ftpl%2Farctic%2Fimages%2Ffavicon.ico
[2011/10/07 13:31:15 | 000,000,110 | ---- | M] () -- \Users\Vojta\AppData\Local\Opera\Opera\profile\images\jdownloader.org.idx
[2010/03/26 10:43:36 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2011/07/16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011/07/16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009/07/14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/02 07:23:09 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_66e5ca0f95521152\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:04:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_66c2596d956d1920\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:39:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_673e58b0ae93bb84\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:06:43 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_67770e0aae6a7c68\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:44:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:40:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_694ff566ab99b7ac\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2010/06/25 21:29:42 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010/06/25 21:29:42 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2010/06/25 21:29:42 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2010/06/25 21:29:42 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2010/06/25 21:29:42 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2011/10/13 15:34:52 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011/10/13 15:34:52 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2011/10/13 15:34:53 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2011/10/13 15:34:53 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2011/10/13 15:34:53 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009/07/14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2010/06/25 21:27:22 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009/07/14 03:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011/02/05 14:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011/02/05 14:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010/11/20 05:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011/02/05 18:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011/02/05 14:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009/07/14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/02 06:45:50 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 06:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 06:47:28 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >
[2010/02/05 07:08:08 | 000,000,750 | ---- | M] () -- \OEM\Preload\Autorun\APP\Acer Arcade Deluxe v4.0\PCinema\Config\CopyRightNoDTS.ini
[2010/02/05 07:08:08 | 000,000,750 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Customizations\Generic\CopyRightNoDTS.ini
[2010/02/02 09:18:32 | 000,000,566 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Customizations\Cyberlink\CopyRightNoDolby.ini
[2011/05/22 18:24:55 | 000,000,028 | ---- | M] () -- \Users\Vojta\AppData\Roaming\BitComet\rules\dhtnodes.dat

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2011/09/19 17:57:40 | 052,512,219 | ---- | M] () -- \Program Files (x86)\FIFA 12\Game\data\fifarna\debug\rnaSerial1.bin
[2011/09/19 17:57:42 | 015,901,225 | ---- | M] () -- \Program Files (x86)\FIFA 12\Game\data\fifarna\debug\rnaSerial1_gpucrash.bin
[2011/09/19 17:57:42 | 008,388,608 | ---- | M] () -- \Program Files (x86)\FIFA 12\Game\data\fifarna\debug\rnaSerial2.bin
[2011/08/30 16:58:34 | 000,413,696 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.0.60831.0\System.Runtime.Serialization.dll
[2011/10/12 23:28:42 | 001,186,816 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.0.60831.0\System.Runtime.Serialization.ni.dll
[2010/11/05 02:52:27 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010/11/05 02:53:39 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2010/11/05 02:52:08 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010/11/05 02:54:42 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2011/03/10 17:29:06 | 000,002,234 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NTZZFXC\serialy[1].jpg
[2011/07/06 19:34:20 | 001,033,005 | ---- | M] () -- \Users\Vojta\Downloads\Far Cry 2\Power ISO+serial.rar
[2007/08/07 09:53:14 | 000,000,070 | ---- | M] () -- \Users\Vojta\Downloads\Far Cry 2\Power ISO+serial\Power ISO+serial\serial.txt
[2011/07/06 18:21:10 | 000,019,666 | ---- | M] () -- \Users\Vojta\Downloads\torenty\Far_Cry_2_PC_Windows_Game_Full_Game___Serial___Crack___PowerISO.4703507.TPB.torrent
[2010/06/25 21:29:20 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010/06/25 21:29:27 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2010/11/05 02:52:27 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2011/10/13 15:45:43 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0728af1479c3388cadf85ccfc2b12582\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011/10/13 15:46:22 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a984a9ad59d14063bc6ae64a0c8f62a\System.Runtime.Serialization.ni.dll
[2011/10/15 14:01:08 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\680689b01ddb7fbe11478caf8cb71d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011/10/15 14:38:32 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
[2011/10/15 14:14:04 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\1377c29b871c7eb768769b5f4bdbb15d\System.Runtime.Serialization.ni.dll
[2011/10/15 14:02:59 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b3b42692707c0f555807def0c4acefe3\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/05 02:53:33 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/11/05 02:52:39 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2009/06/10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/05 02:54:38 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010/11/05 02:52:16 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2010/06/25 21:29:13 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009/07/14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/06/10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2010/06/25 21:29:13 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2010/06/25 21:29:18 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_1c215c9ac50719c5\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010/11/05 02:54:38 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010/06/25 21:29:21 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009/07/14 02:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2010/06/25 21:29:27 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_b96904386c2fe002\System.RunTime.Serialization.Resources.dll
[2010/11/05 02:54:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2010/06/25 21:29:22 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009/07/14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009/06/10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2009/06/10 21:30:46 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c\System.Runtime.Serialization.dll
[2010/11/05 02:52:16 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2009/06/10 21:30:43 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05\System.Runtime.Serialization.dll
[2010/11/05 02:52:08 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2011/10/13 15:33:37 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011/10/13 15:33:37 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2010/06/25 21:29:43 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009/07/14 03:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2010/06/25 21:29:39 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009/07/14 03:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/14 03:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011/02/05 14:10:43 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2011/02/05 14:05:47 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1.manifest
[2011/02/05 18:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011/02/05 14:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009/07/14 03:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2009/07/14 03:26:23 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c.manifest
[2010/11/20 05:21:24 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2009/07/14 03:27:09 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05.manifest
[2010/11/20 05:22:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2009/07/14 02:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010/11/20 04:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2010/06/25 21:28:25 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009/07/14 02:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010/11/20 04:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2009/07/14 02:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010/11/20 04:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2010/06/25 21:29:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/06/10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010/11/05 02:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2010/06/25 21:29:27 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2009/06/10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2010/11/05 02:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2010/06/25 21:29:21 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_267606ecf967dbc0\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/11/05 02:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/06/25 21:29:13 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010/06/25 21:29:27 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2010/11/05 02:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2009/06/10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010/11/05 02:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll

< *w7lxe* /s >

< *legalizator* /s >

< *registration* /s >
[2009/08/28 10:40:20 | 000,021,024 | ---- | M] () -- \Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll
[2011/10/07 13:27:26 | 000,001,576 | ---- | M] () -- \Program Files (x86)\Common Files\i4j_jres\1.6.0_27\lib\servicetag\registration.xml
[2009/10/29 22:57:30 | 003,343,656 | ---- | M] () -- \Program Files (x86)\Common Files\Nero\AdvrCntr4\NOSProductRegistration.dll
[2002/07/18 15:27:08 | 000,024,632 | ---- | M] () -- \Program Files (x86)\Creative\Product Registration\English\App_Registration.bmp
[2002/07/18 15:29:38 | 000,055,352 | ---- | M] () -- \Program Files (x86)\Creative\Product Registration\English\App_Registration48.bmp
[2011/05/28 09:48:16 | 000,002,223 | ---- | M] () -- \Program Files (x86)\Creative\Product Registration\English\Product Registration.lnk
[2009/12/25 02:45:18 | 000,061,224 | ---- | M] () -- \Program Files (x86)\EgisTec IPS\Registration.dll
[2009/03/06 17:52:30 | 000,001,555 | ---- | M] () -- \Program Files (x86)\EgisTec Shredder\Layout\Images\icon_registration.png
[2011/11/04 16:32:30 | 000,001,555 | ---- | M] () -- \Program Files (x86)\Java\jre6\lib\servicetag\registration.xml
[2009/12/02 20:15:58 | 002,303,272 | ---- | M] () -- \Program Files (x86)\Nero\Nero 9\Nero Express\OnlineServices\NOSMyNeroRegistration.dll
[2010/01/15 22:09:22 | 002,299,176 | ---- | M] () -- \Program Files (x86)\Nero\Nero 9\Nero StartSmart\OnlineServices\NOSMyNeroRegistration.dll
[2010/02/01 18:53:22 | 002,307,368 | ---- | M] () -- \Program Files (x86)\Nero\Nero ControlCenter 4\OnlineServices\NOSMyNeroRegistration.dll
[2011/09/20 19:02:44 | 000,000,364 | ---- | M] () -- \ProgramData\Microsoft\Windows\GameExplorer\{D477A63A-D366-4753-AC04-CEA24CF301CE}\PlayTasks\4\Electronic Registration.lnk
[2011/09/20 19:02:44 | 000,000,364 | ---- | M] () -- \Users\All Users\Microsoft\Windows\GameExplorer\{D477A63A-D366-4753-AC04-CEA24CF301CE}\PlayTasks\4\Electronic Registration.lnk
[2011/09/20 19:02:44 | 000,000,364 | ---- | M] () -- \Users\Vojta\AppData\Local\Microsoft\Windows\GameExplorer\{D477A63A-D366-4753-AC04-CEA24CF301CE}\PlayTasks\4\Electronic Registration.lnk
[2011/11/07 13:44:05 | 000,000,352 | ---- | M] () -- \Users\Vojta\AppData\Roaming\Nero\OnlineServices\1registrationinfo.xml
[2009/10/23 03:35:10 | 000,061,224 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\9D0DC7D088A436A4F819F3E4F8737186\3.1.206\registration.dll.FBF21A8E_BD0A_49A2_AFB8_1C2179E82D44
[2009/07/14 04:01:01 | 000,008,183 | ---- | M] () -- \Windows\servicing\Packages\Microsoft-Windows-MediaPlayer-DVDRegistration-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.cat
[2009/07/13 21:48:32 | 000,001,457 | ---- | M] () -- \Windows\servicing\Packages\Microsoft-Windows-MediaPlayer-DVDRegistration-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum
[2010/11/20 15:37:08 | 000,008,586 | ---- | M] () -- \Windows\servicing\Packages\Microsoft-Windows-MediaPlayer-DVDRegistration-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
[2010/11/20 15:22:56 | 000,001,462 | ---- | M] () -- \Windows\servicing\Packages\Microsoft-Windows-MediaPlayer-DVDRegistration-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum
[2009/07/14 04:01:01 | 000,008,183 | ---- | M] () -- \Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaPlayer-DVDRegistration-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.cat
[2010/11/20 15:37:08 | 000,008,586 | --S- | M] () -- \Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaPlayer-DVDRegistration-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
[2009/07/14 03:12:10 | 000,004,509 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-m..yer-dvdregistration_31bf3856ad364e35_6.1.7600.16385_none_e0e4a1875c30d8c6.manifest
[2009/07/14 03:11:54 | 000,001,124 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-shell-registration_31bf3856ad364e35_6.1.7600.16385_none_1da19e3bba8c6d0f.manifest
[2009/07/14 03:12:00 | 000,003,429 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-t..client-registration_31bf3856ad364e35_6.1.7600.16385_none_d786f194796c48b2.manifest
[2009/07/14 03:17:09 | 000,012,512 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-xwizards-registration_31bf3856ad364e35_6.1.7600.16385_none_750dbfac02518b59.manifest
[2009/07/14 02:42:16 | 000,001,124 | ---- | M] () -- \Windows\winsxs\Manifests\wow64_microsoft-windows-shell-registration_31bf3856ad364e35_6.1.7600.16385_none_27f6488deeed2f0a.manifest
[2009/07/14 02:42:19 | 000,002,254 | ---- | M] () -- \Windows\winsxs\Manifests\wow64_microsoft-windows-t..client-registration_31bf3856ad364e35_6.1.7600.16385_none_e1db9be6adcd0aad.manifest
[2009/07/14 02:51:15 | 000,012,510 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-xwizards-registration_31bf3856ad364e35_6.1.7600.16385_none_18ef242849f41a23.manifest

< *Office 2010* /s >

< *AutoRearm* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011/11/07 20:36:31 | 000,000,512 | ---- | M] () MD5=DDA773C28BEBAA46A00000F0C99A91C4 -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0B9176C0

< End of report >

VIRY.CZ

Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir