Prosim o preventivku NB

Zpráva

stoupa101 · #1 Příspěvek od **stoupa101** » 25 led 2012 11:57

Posledni dobou je NB linejsi a linejsi. Nez neco provede tak stale na neco ceka a rad bych ho dal dohromady, jinak budu muset asi preinstalovat. Predem dekuji za rady.

Logfile of random's system information tool 1.09 (written by random/random)
Run by stoupa at 2012-01-25 11:42:54
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 272 GB (59%) free of 461 GB
Total RAM: 2037 MB (7% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:44:11, on 25.1.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\App\DAEMON Tools Lite\DTLite.exe
C:\App\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\WWW\Zend\Apache2\bin\ApacheMonitor.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\stoupa\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Launch Manager\LManager.EXE
C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\App\Salamander\salamand.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\App\Winamp\winamp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
C:\App\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-unity-helper.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\App\Mozilla Firefox\firefox.exe
C:\App\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\stoupa.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\App\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\App\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\stoupa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\App\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ICQ] "C:\App\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\App\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Startup: Dropbox.lnk = stoupa\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Apache Web Server Monitor.lnk = C:\WWW\Zend\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Zend Controller.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\App\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\App\ICQ7.2\ICQ.exe
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\App\QIP\qip.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} (RtspVaPgCtrlNew Class) - http://192.168.10.73/RtspVaPgDec.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://cam2.nix.cz/plugin/h263ctrl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\App\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\WWW\httpd-2.2-x64\bin\httpd.exe (file missing)
O23 - Service: Apache2.2-Zend - Apache Software Foundation - C:\WWW\Zend\Apache2\bin\httpd.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\App\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\App\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: MySQL - Unknown owner - C:\WWW\MySQL\MySQL.exe (file missing)
O23 - Service: MySQL_ZendServer51 - Unknown owner - C:\WWW\Zend\MySQL51\bin\mysqld (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - Unknown owner - C:/App/PostgreSQL/8.4/bin/pg_ctl.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ST7501 Uranus Watch Dog - Unknown owner - C:\App\Vivotek Inc\ST7501\Server\ST7501_UranusWatchDog.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zend Java Bridge (ZendJavaBridge) - Zend Technologies Ltd. - C:\WWW\Zend\ZendServer\bin\JavaServer.exe
O23 - Service: Zend Job Queue (ZendJobQueue) - Zend Technologies Ltd. - C:\WWW\Zend\ZendServer\bin\jqd.exe
O23 - Service: Zend Monitor (ZendMonitor) - Zend Technologies Ltd. - C:\WWW\Zend\ZendServer\bin\MonitorNode.exe
O23 - Service: Zend Session Clustering (ZendSessionClustering) - Zend Technologies Ltd. - C:\WWW\Zend\ZendServer\bin\ZendSessionManager.exe

--
End of file - 15569 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Windows\SysWOW64\bgsvcgen.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe"
"C:\App\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe"
"C:\Program Files (x86)\Acer\Registration\GregHSRW.exe"
"C:\Program Files (x86)\Acer Bio Protection\BASVC.exe"
C:\Windows\System32\svchost.exe -k ipripsvc
"C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe"
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe"
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
"C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe"
"taskhost.exe"
C:\Windows\SysWOW64\vmnetdhcp.exe
"C:\App\T-Mobile\Web'n'walk Manager\ameisvc.exe"
WLIDSvcM.exe 2412
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\PLFSetI.exe"
"C:\App\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\App\TortoiseHg\TortoiseHgOverlayServer.exe"
"C:\App\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\App\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
"C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
"C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe"
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
"C:\WWW\Zend\Apache2\bin\ApacheMonitor.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe"
"C:\Users\stoupa\AppData\Roaming\Dropbox\bin\Dropbox.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"
"C:\Program Files (x86)\Launch Manager\LManager.EXE"
"C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe"
"taskhost.exe"
"C:\App\Salamander\salamand.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -restart
"C:\App\Winamp\winamp.exe" "D:\Download\playlist.pls"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
taskeng.exe {885E4C1F-16D1-434E-A327-1D2B3A6D7245}
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" -mode=scheduled
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d23eb088-544f-48ec-bdb6-0599c46c0cc7 -SystemEventPortName:HostProcess-1bd18111-e13a-4f50-b0fb-337c9074ad3a -IoCancelEventPortName:HostProcess-f6c15539-28a6-4588-a320-b656c0533987 -NonStateChangingEventPortName:HostProcess-11d57cb9-0782-43a5-baef-0869fdaddb2c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:bc9e4b15-8905-466d-af8b-b7cf322a8a19
"C:\App\Mozilla Thunderbird\thunderbird.exe"
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\ehome\ehPrivJob.exe /DoReindexSearchRoot
\??\C:\Windows\system32\conhost.exe "-22870100-194788764-412286567-972584851-61891114-16179599219863927121384887600
"C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe"
"C:\Program Files (x86)\VMware\VMware Player\vmware-unity-helper.exe" -d -e:{F10DF78F-5B04-495D-AC1F-4213FD723724}
"C:\Program Files (x86)\VMware\VMware Player\x64\vmware-vmx.exe" -T querytoken -s"snapshot.numRollingTiers=0" -s"RemoteDisplay.vnc.enabled=FALSE" -s vmx.stdio.keep=TRUE -# "product=8;name=VMware Player;version=3.1.5;buildnumber=491717;licensename=VMware Player;licenseversion=6.0;" -@ pipe=\\.\pipe\vmxf916e83a16453a31; "D:\Virtual Machines\Linux - Ubuntu\Linux - Ubuntu.vmx"
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version7\TeamViewer7_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version7\TeamViewer7_Logfile.log
"C:\App\Mozilla Firefox\firefox.exe"
"C:\App\Mozilla Firefox\plugin-container.exe" --channel=4180.6030990.288951302 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.8.0.1 -greomni "C:\App\Mozilla Firefox\omni.jar" 4180 "\\.\pipe\gecko-crash-server-pipe.4180" plugin
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe12_ Global\UsGthrCtrlFltPipeMssGthrPipe12 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\tmp\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2698489316-4078319972-4006630733-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2698489316-4078319972-4006630733-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default

prefs.js - "browser.startup.homepage" - "about:blank"
prefs.js - "extensions.enabledItems" - "firebug@software.joehewitt.com:1.6.2, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1, yslow@yahoo-inc.com:2.1.0, trexma@twofourone.blogspot.com:0.8.6, {3c9761ad-a43d-4447-b924-f5d83cb48063}:2.3, {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... 2.0.0.4&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198]
"Description"=15.0.0.198
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@skyhookwireless.com/LokiPlugin]
"Description"=Plugin for enabling loki based location services
"Path"=C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0]
"Description"=
"Path"=C:\App\Sony\npmediago.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\App\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\App\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\App\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsjsrealplayerplugin.xpt

C:\App\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\App\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\extensions\
foxmarks@kei.com
trexma@twofourone.blogspot.com
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\App\Java\jre6\bin\jp2ssv.dll [2011-04-05 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-12-02 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll [2007-02-16 457216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-07 186904]
"mwlDaemon"=C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2009-08-06 349480]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-08-19 496160]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-09-03 8098848]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-14 1814312]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"egui"=C:\App\ESET\ESET Smart Security\egui.exe [2009-11-16 2716216]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"TortoiseHgOverlayIconServer"=C:\App\TortoiseHg\TortoiseHgOverlayServer.exe [2011-05-01 52688]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\App\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"Google Update"=C:\Users\stoupa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 135664]
"uTorrent"=C:\App\uTorrent\uTorrent.exe [2011-03-30 399736]
"ICQ"=C:\App\ICQ7.2\ICQ.exe [2011-01-05 133432]
"T-Mobile Communication Centre"=C:\App\T-Mobile\Web'n'walk Manager\Manager.exe [2011-06-30 1363984]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecLiveUpdate"=C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [2009-08-04 199464]
"BackupManagerTray"=C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-09-22 261888]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2009-08-18 825864]
"VitaKeyPdtWzd"=C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [2009-08-28 3567616]
"ArcadeDeluxeAgent"=C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2009-10-06 419112]
"PlayMovie"=C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2009-10-05 181480]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"VMware hqtray"=C:\Program Files (x86)\VMware\VMware Player\hqtray.exe [2011-09-23 64112]
"QuickTime Task"=C:\App\QuickTime\QTTask.exe [2011-10-24 421888]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2011-12-02 296056]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
Apache Web Server Monitor.lnk - C:\WWW\Zend\Apache2\bin\ApacheMonitor.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
Zend Controller.lnk - C:\WWW\Zend\ZendServer\bin\zendcontroller.exe

C:\Users\stoupa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\stoupa\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-06-02 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - C:\Windows\NOTEPAD.EXE %1

======List of files/folders created in the last 1 month======

2012-01-25 11:42:54 ----D---- C:\rsit
2012-01-25 11:24:58 ----D---- C:\Users\stoupa\AppData\Roaming\TeamViewer
2012-01-24 11:42:11 ----D---- C:\Windows\system32\Macromed
2012-01-23 11:35:40 ----D---- C:\Program Files (x86)\TeamViewer
2012-01-20 12:30:51 ----D---- C:\tmp
2012-01-19 10:48:22 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-01-18 11:01:14 ----A---- C:\Windows\system32\drivers\pneteth.sys
2012-01-18 11:01:12 ----D---- C:\Program Files (x86)\PdaNet for Android
2012-01-18 07:51:16 ----D---- C:\Users\stoupa\AppData\Roaming\Dropbox
2012-01-15 17:34:23 ----A---- C:\Windows\system32\drivers\ssadwhnt.sys
2012-01-15 17:34:23 ----A---- C:\Windows\system32\drivers\ssadwh.sys
2012-01-15 17:34:23 ----A---- C:\Windows\system32\drivers\ssadmdm.sys
2012-01-15 17:34:23 ----A---- C:\Windows\system32\drivers\ssadmdfl.sys
2012-01-15 17:34:23 ----A---- C:\Windows\system32\drivers\ssadcmnt.sys
2012-01-15 17:34:23 ----A---- C:\Windows\system32\drivers\ssadcm.sys
2012-01-15 17:34:23 ----A---- C:\Windows\system32\drivers\ssadbus.sys
2012-01-15 17:34:23 ----A---- C:\Windows\system32\drivers\ssadadb.sys
2012-01-15 17:33:18 ----A---- C:\Windows\system32\drivers\sscdwhnt.sys
2012-01-15 17:33:18 ----A---- C:\Windows\system32\drivers\sscdmdm.sys
2012-01-15 17:33:18 ----A---- C:\Windows\system32\drivers\sscdmdfl.sys
2012-01-15 17:33:18 ----A---- C:\Windows\system32\drivers\sscdcmnt.sys
2012-01-15 17:33:18 ----A---- C:\Windows\system32\drivers\sscdbus.sys
2012-01-15 15:34:01 ----D---- C:\Users\stoupa\AppData\Roaming\Temp
2012-01-15 15:32:17 ----D---- C:\Temp
2012-01-15 15:10:58 ----D---- C:\Windows\SYSWOW64\System32

======List of files/folders modified in the last 1 month======

2012-01-25 11:43:59 ----D---- C:\Windows\Temp
2012-01-25 11:43:42 ----D---- C:\Program Files\trend micro
2012-01-25 11:43:33 ----D---- C:\Users\stoupa\AppData\Roaming\Skype
2012-01-25 11:22:04 ----D---- C:\Users\stoupa\AppData\Roaming\VMware
2012-01-24 13:50:07 ----D---- C:\Windows\system32\config
2012-01-24 11:42:11 ----D---- C:\Windows\System32
2012-01-24 11:06:28 ----D---- C:\Data
2012-01-23 12:39:42 ----D---- C:\Windows\inf
2012-01-23 12:39:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-23 12:36:36 ----D---- C:\Users\stoupa\AppData\Roaming\uTorrent
2012-01-23 12:35:41 ----D---- C:\Users\stoupa\AppData\Roaming\ICQ
2012-01-23 12:34:27 ----D---- C:\Users\stoupa\AppData\Roaming\TortoiseHg
2012-01-23 12:33:27 ----D---- C:\ProgramData\VMware
2012-01-23 12:21:23 ----D---- C:\Windows\Prefetch
2012-01-23 11:35:40 ----D---- C:\Program Files (x86)
2012-01-22 15:09:18 ----SHD---- C:\$RECYCLE.BIN
2012-01-22 01:33:23 ----SHD---- C:\System Volume Information
2012-01-21 23:21:34 ----D---- C:\WWW
2012-01-19 13:19:22 ----SHD---- C:\Config.Msi
2012-01-19 13:18:06 ----D---- C:\Windows\tracing
2012-01-19 13:18:02 ----D---- C:\Windows\system32\catroot
2012-01-19 13:03:04 ----D---- C:\Windows\ModemLogs
2012-01-19 13:00:14 ----SHD---- C:\Windows\Installer
2012-01-19 12:52:03 ----D---- C:\ProgramData\Samsung
2012-01-19 12:51:56 ----D---- C:\Windows\SysWOW64
2012-01-19 12:51:55 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-01-19 12:50:39 ----D---- C:\Windows
2012-01-19 12:45:41 ----D---- C:\Windows\system32\catroot2
2012-01-19 12:34:53 ----RSD---- C:\Windows\assembly
2012-01-19 12:34:47 ----D---- C:\Windows\system32\DriverStore
2012-01-19 12:34:36 ----RD---- C:\Program Files
2012-01-19 12:34:36 ----D---- C:\App
2012-01-19 12:28:53 ----A---- C:\Windows\wininit.ini
2012-01-19 12:11:12 ----D---- C:\Windows\system32\Tasks
2012-01-19 12:10:23 ----D---- C:\ProgramData
2012-01-19 12:10:01 ----D---- C:\Program Files (x86)\Common Files
2012-01-19 12:08:49 ----D---- C:\Program Files (x86)\Rockstar Games
2012-01-19 11:43:29 ----D---- C:\Windows\Microsoft.NET
2012-01-19 11:19:18 ----D---- C:\Windows\system32\drivers
2012-01-19 10:48:25 ----D---- C:\Windows\SYSWOW64\en-US
2012-01-19 10:48:25 ----D---- C:\Windows\system32\en-US
2012-01-19 10:42:19 ----DC---- C:\Windows\system32\DRVSTORE
2012-01-10 15:58:13 ----D---- C:\Users\stoupa\AppData\Roaming\Winamp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-08-07 408600]
R0 johci;JMicron 1394 Filter Driver; C:\Windows\system32\DRIVERS\johci.sys [2009-08-24 22640]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-09 834544]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\dddskx64.sys [2009-02-12 26024]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 145336]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-12-18 169080]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-12-18 44944]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys); C:\Windows\System32\Drivers\FPSensor.sys [2009-12-09 29184]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-09-23 38512]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
R2 vmci;VMware vmci; \??\C:\Windows\system32\drivers\vmci.sys [2011-09-23 81008]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2011-09-23 45104]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2011-09-23 30320]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2011-09-23 68720]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [2010-08-19 32816]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2009-03-26 25608]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-01-08 33608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-09-03 1994272]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-06-07 317480]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 18432]
R3 nuvotoncir;Nuvoton IR Transceiver; C:\Windows\system32\DRIVERS\nuvotoncir.sys [2009-06-24 48128]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-14 286768]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 16896]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2011-09-23 31856]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2011-09-23 20016]
S1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys []
S3 Axtmvflt;Axesstel USB Filter Service; C:\Windows\system32\DRIVERS\Axtmvflt.sys [2007-06-27 6144]
S3 Axtmvmdm;Axesstel USB Modem; C:\Windows\system32\DRIVERS\Axtmvmdm.sys [2007-06-27 54272]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\Windows\System32\Drivers\Axtmvprt.sys [2007-06-27 52224]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-06 98344]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-01-06 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-01-06 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-06 21160]
S3 connctfy;Connectify Service; C:\Windows\system32\DRIVERS\connctfy.sys []
S3 connctfyMP;connctfyMP; C:\Windows\system32\DRIVERS\connctfy.sys []
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-10-25 20552]
S3 easytether;easytether; C:\Windows\system32\DRIVERS\easytthr.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2008-03-13 68800]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2008-03-13 84288]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-05-18 143320]
S3 KinectCamera;Microsoft Kinect Camera Driver; C:\Windows\System32\Drivers\kinectcamera.sys [2011-05-27 46112]
S3 libusb0;LibUsb-Win32 - Kernel Driver; C:\Windows\system32\drivers\libusb0.sys []
S3 Ltn_stk7070P;PCTV LITEON TT1260 based TV tuner device; C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys [2009-05-22 625152]
S3 massfilter;Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-02-22 11776]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []
S3 pneteth;PdaNet Broadband; C:\Windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RzSynapse;Razer Driver; C:\Windows\system32\DRIVERS\RzSynapse.sys [2010-12-16 126464]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2010-12-21 136264]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2010-12-21 19016]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2010-12-21 172104]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2011-01-04 16392]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-02-26 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2010-02-26 9216]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2011-09-23 37680]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\App\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-06-24 123120]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\SysWOW64\bgsvcgen.exe [2007-06-16 145504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-08-11 864032]
R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1); C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe [2009-04-04 38688]
R2 ekrn;ESET Service; C:\App\ESET\ESET Smart Security\x86\ekrn.exe [2009-11-16 735960]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 796192]
R2 Greg_Service;GRegService; C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-08-07 354840]
R2 IGBASVC;EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2009-08-28 3450368]
R2 iprip;@%Systemroot%\system32\iprip.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-22 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 159336]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 10240]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [2011-09-23 113264]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2011-09-23 334448]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-09-23 539248]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2011-09-23 404080]
S2 Apache2.2;Apache2.2; C:\WWW\httpd-2.2-x64\bin\httpd.exe -k runservice []
S2 Apache2.2-Zend;Apache2.2-Zend; C:\WWW\Zend\Apache2\bin\httpd.exe [2011-03-09 26496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
S2 MySQL;MySQL; C:\WWW\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\WWW\MySQL\MySQL Server 5.1\my.ini MySQL []
S2 MySQL_ZendServer51;MySQL_ZendServer51; C:\WWW\Zend\MySQL51\bin\mysqld --defaults-file=C:\WWW\Zend\MySQL51\my.ini MySQL_ZendServer51 []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4; C:/App/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/App/PostgreSQL/8.4/data -w []
S2 ST7501 Uranus Watch Dog;ST7501 Uranus Watch Dog; C:\App\Vivotek Inc\ST7501\Server\ST7501_UranusWatchDog.exe [2009-03-25 376192]
S2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S3 EhttpSrv;ESET HTTP Server; C:\App\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 23296]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ufad-ws60;VMware Agent Service; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [2010-08-19 191024]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1255736]

-----------------EOF-----------------

#2 Příspěvek od **Mc_Murphy** » 26 led 2012 05:44

Zdravím.

Mno, na NTB Ti kromě jiného běží dva antiviry. Počítám, že McAfee tam byl jako OEM a ESET Smart Security sis doinstaloval sám. Jeden z antivirů musí jít pryč, jinak Ti bude systém kolidovat. Jsou ESET Smart Security legální = zakoupená licence?!

stoupa101 · #3 Příspěvek od **stoupa101** » 26 led 2012 12:28

ESET je legalni, takze jsem odinstaloval McAfeeho.

#4 Příspěvek od **Mc_Murphy** » 26 led 2012 14:07

OK, dáme si preventivní scan s MBAM.

Stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.

Proveď aktualizaci virové databáze.
V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.
Předem nic nemaž!!
MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!

stoupa101 · #5 Příspěvek od **stoupa101** » 27 led 2012 13:08

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.0.1800
www.malwarebytes.org

Verze databáze: v2012.01.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
stoupa :: LEGUAN [administrátor]

Ochrana: Povolena

26.1.2012 15:34:36
mbam-log-2012-01-26 (15-34-36).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 805659
Uplynulý čas: 2 hodin, 47 minut, 16 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

#6 Příspěvek od **Mc_Murphy** » 27 led 2012 13:33

OK, MBAM je čistý, takže program nyní zase odinstaluj.

Programy ICQ a Skype odeber ze spouštění při náběhu systému a spouštěj je až PO náběhu systému ručně v případě potřeby, zvláště ICQ značně zdržuje.

Potom fixni v HJT níže uvedené položky.

Fixnout znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek. Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
Položky, které v seznamu nenajdeš, prostě přeskoč.
HJT najdeš zde: C:\Program Files\trend micro\stoupa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\App\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\App\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\stoupa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\App\uTorrent\uTorrent.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\App\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\App\ICQ7.2\ICQ.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\App\QIP\qip.exe (file missing) (HKCU)
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com

Dále stáhni OTL z tohoto odkazu a ulož jej na Plochu.

Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
Zaškrtni okénko Pro všechny uživatele.
Zaškrtni okénko Kontrola na havěť "LOP".
Zaškrtni okénko Kontrola na havěť "Purity".
Stáři souborů změň z 30 dnů na 7 dnů!!
Do spodního okénka Vlastní skenování/opravy vlož tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

CREATERESTOREPOINT
netsvc
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
%userprofile%\Plocha\*.*
%userprofile%\Desktop\*.*
%ALLUSERSPROFILE%\Plocha\*.*
%ALLUSERSPROFILE%\Desktop\*.*
*crack* /s
*keygen* /s
*loader* /s
*RemoveWAT* /s
*minodlogin* /s
*tnod* /s
*TemDono* /s
*AutoKMS* /s
*KMSEmulator* /s
*activator* /s
*serial* /s
*w7lxe* /s
*AutoRearm* /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

Klikni na tlačítko [Prohledat].
Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vlož.
Logy se nevejdou do jednoho, rozděl je tedy prosím do více příspěvků.

stoupa101 · #7 Příspěvek od **stoupa101** » 27 led 2012 17:49

Spoustel jsem to 2x a pokazde mi to hodilo chybovou hlasku:
Cannot create file C:\Data\_Download\cmd.bat
spoustel jsem to jako spravce a zaskrtnul vse podle doporuceni.
Prohledal jsem cely NB a nikde nenalezl soubor OTL.txt. Dnes to jiz nestihnu, ale zitra zkusim spustit OTL.exe primo na C:\

#8 Příspěvek od **Mc_Murphy** » 28 led 2012 06:33

Tohle je chyba OTL. Při jednom příkazu dochází ke konfliktu s antivirem. Bohužel, autorovi se zatím nedaří tuto chybu odstranit.

Použij pro OTL takto upravený script:

Kód: Vybrat vše

CREATERESTOREPOINT
netsvc
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
%userprofile%\Plocha\*.*
%userprofile%\Desktop\*.*
%ALLUSERSPROFILE%\Plocha\*.*
%ALLUSERSPROFILE%\Desktop\*.*
*crack* /s
*keygen* /s
*loader* /s
*RemoveWAT* /s
*minodlogin* /s
*tnod* /s
*TemDono* /s
*AutoKMS* /s
*KMSEmulator* /s
*activator* /s
*serial* /s
*w7lxe* /s
*AutoRearm* /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s
%SystemDrive%\PhysicalMBR.bin /md5

Postup pochopitelně stejný, jako prve. Takhle to bude fungovat.

stoupa101 · #9 Příspěvek od **stoupa101** » 28 led 2012 08:58

OTL logfile created on: 28.1.2012 7:41:06 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\tmp
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 0,31 Gb Available Physical Memory | 15,74% Memory free
4,18 Gb Paging File | 1,72 Gb Available in Paging File | 41,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 331,69 Gb Free Space | 73,68% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 162,79 Gb Free Space | 34,95% Space Free | Partition Type: NTFS

Computer Name: LEGUAN | User Name: stoupa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.01.27 14:29:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\tmp\OTL.exe
PRC - [2012.01.26 11:55:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\App\Mozilla Firefox\firefox.exe
PRC - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.19 12:47:18 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.01.19 12:26:18 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\App\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\stoupa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.09.23 20:20:22 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011.09.23 20:19:58 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2011.09.23 20:19:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.09.23 20:19:38 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011.09.23 19:21:12 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011.07.11 22:48:10 | 001,595,520 | ---- | M] (Nullsoft, Inc.) -- C:\App\Winamp\winamp.exe
PRC - [2011.06.30 12:35:20 | 001,363,984 | ---- | M] (Gemfor s.r.o.) -- C:\App\T-Mobile\Web'n'walk Manager\Manager.exe
PRC - [2011.06.24 20:17:25 | 000,123,120 | ---- | M] (Gemfor s.r.o.) -- C:\App\T-Mobile\Web'n'walk Manager\ameisvc.exe
PRC - [2011.03.09 15:03:02 | 000,042,904 | ---- | M] (Apache Software Foundation) -- C:\WWW\Zend\Apache2\bin\ApacheMonitor.exe
PRC - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\App\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009.10.06 14:18:26 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.10.05 19:15:10 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009.09.22 21:04:32 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.09.22 21:04:20 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.08.28 07:45:38 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
PRC - [2009.08.28 07:45:20 | 003,358,208 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009.08.18 08:38:32 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.08.07 13:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.08.07 13:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.08.06 18:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.08.06 18:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.12 19:34:56 | 004,426,608 | ---- | M] (Prog-Soft s.r.o.) -- C:\App\PSPad\PSPad.exe
PRC - [2009.07.10 23:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.07.10 10:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.04.04 00:33:36 | 000,038,688 | ---- | M] (International Business Machines Corporation) -- C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe
PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.06.16 03:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
PRC - [2001.02.28 09:33:20 | 001,019,959 | ---- | M] () -- C:\App\Salamander\salamand.exe

========== Modules (No Company Name) ==========

MOD - [2012.01.26 11:55:24 | 002,124,760 | ---- | M] () -- C:\App\Mozilla Firefox\mozjs.dll
MOD - [2012.01.24 11:43:38 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.09.23 20:20:38 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2011.09.23 20:19:40 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2011.08.15 12:42:45 | 000,623,616 | ---- | M] () -- C:\App\Winamp\System\jnetlib.w5s
MOD - [2011.08.15 12:42:45 | 000,154,624 | ---- | M] () -- C:\App\Winamp\System\jpeg.w5s
MOD - [2011.08.15 12:42:45 | 000,103,936 | ---- | M] () -- C:\App\Winamp\System\png.w5s
MOD - [2011.08.15 12:42:45 | 000,090,112 | ---- | M] () -- C:\App\Winamp\System\xml.w5s
MOD - [2011.08.15 12:42:45 | 000,084,480 | ---- | M] () -- C:\App\Winamp\System\playlist.w5s
MOD - [2011.08.15 12:42:45 | 000,047,616 | ---- | M] () -- C:\App\Winamp\zlib.dll
MOD - [2011.08.15 12:42:45 | 000,021,504 | ---- | M] () -- C:\App\Winamp\System\tagz.w5s
MOD - [2011.08.15 12:42:45 | 000,019,456 | ---- | M] () -- C:\App\Winamp\System\gif.w5s
MOD - [2011.08.15 12:42:45 | 000,016,384 | ---- | M] () -- C:\App\Winamp\System\gracenote.w5s
MOD - [2011.08.15 12:42:44 | 000,052,224 | ---- | M] () -- C:\App\Winamp\Plugins\out_ds.dll
MOD - [2011.08.15 12:42:44 | 000,023,040 | ---- | M] () -- C:\App\Winamp\System\albumart.w5s
MOD - [2011.08.15 12:42:44 | 000,022,528 | ---- | M] () -- C:\App\Winamp\Plugins\out_disk.dll
MOD - [2011.08.15 12:42:44 | 000,019,456 | ---- | M] () -- C:\App\Winamp\System\bmp.w5s
MOD - [2011.08.15 12:42:44 | 000,018,432 | ---- | M] () -- C:\App\Winamp\Plugins\out_wave.dll
MOD - [2011.08.15 12:42:44 | 000,016,896 | ---- | M] () -- C:\App\Winamp\System\dlmgr.w5s
MOD - [2011.08.15 12:42:43 | 000,313,344 | ---- | M] () -- C:\App\Winamp\Plugins\in_wm.dll
MOD - [2011.08.15 12:42:43 | 000,285,696 | ---- | M] () -- C:\App\Winamp\Plugins\in_mp3.dll
MOD - [2011.08.15 12:42:43 | 000,252,416 | ---- | M] () -- C:\App\Winamp\Plugins\in_vorbis.dll
MOD - [2011.08.15 12:42:43 | 000,165,376 | ---- | M] () -- C:\App\Winamp\Plugins\in_mod.dll
MOD - [2011.08.15 12:42:43 | 000,109,568 | ---- | M] () -- C:\App\Winamp\Plugins\in_midi.dll
MOD - [2011.08.15 12:42:43 | 000,102,400 | ---- | M] () -- C:\App\Winamp\Plugins\in_cdda.dll
MOD - [2011.08.15 12:42:43 | 000,060,928 | ---- | M] () -- C:\App\Winamp\Plugins\in_flac.dll
MOD - [2011.08.15 12:42:43 | 000,050,688 | ---- | M] () -- C:\App\Winamp\Plugins\in_mp4.dll
MOD - [2011.08.15 12:42:43 | 000,016,896 | ---- | M] () -- C:\App\Winamp\Plugins\in_wave.dll
MOD - [2011.08.15 12:42:42 | 000,869,376 | ---- | M] () -- C:\App\Winamp\Plugins\gen_dropbox.dll
MOD - [2011.08.15 12:42:42 | 000,410,624 | ---- | M] () -- C:\App\Winamp\nsutil.dll
MOD - [2011.08.15 12:42:42 | 000,253,440 | ---- | M] () -- C:\App\Winamp\libsndfile.dll
MOD - [2011.08.15 12:42:42 | 000,183,808 | ---- | M] () -- C:\App\Winamp\Plugins\gen_jumpex.dll
MOD - [2011.08.15 12:42:42 | 000,078,848 | ---- | M] () -- C:\App\Winamp\nde.dll
MOD - [2011.08.15 12:42:42 | 000,027,648 | ---- | M] () -- C:\App\Winamp\Plugins\gen_hotkeys.dll
MOD - [2011.08.15 12:42:42 | 000,025,600 | ---- | M] () -- C:\App\Winamp\Plugins\gen_tray.dll
MOD - [2009.08.16 17:06:04 | 000,141,312 | ---- | M] () -- C:\App\WinRAR\RarExt32.dll
MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2008.03.30 16:22:42 | 000,070,144 | ---- | M] () -- C:\App\PSPad\PSPadShell.dll
MOD - [2001.02.28 09:33:20 | 001,019,959 | ---- | M] () -- C:\App\Salamander\salamand.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.08.19 06:40:12 | 000,796,192 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009.08.11 16:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009.07.14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\App\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.09.23 20:20:22 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.09.23 20:19:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.09.23 20:19:38 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.09.23 19:21:12 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011.06.24 20:17:25 | 000,123,120 | ---- | M] (Gemfor s.r.o.) [Auto | Running] -- C:\App\T-Mobile\Web'n'walk Manager\ameisvc.exe -- (ameisvc)
SRV - [2011.03.09 15:03:16 | 000,574,736 | ---- | M] (Zend Technologies Ltd.) [Auto | Stopped] -- C:\WWW\Zend\ZendServer\bin\ZendSessionManager.exe -- (ZendSessionClustering)
SRV - [2011.03.09 15:03:12 | 000,338,704 | ---- | M] (Zend Technologies Ltd.) [Auto | Stopped] -- C:\WWW\Zend\ZendServer\bin\MonitorNode.exe -- (ZendMonitor)
SRV - [2011.03.09 15:03:10 | 000,556,816 | ---- | M] (Zend Technologies Ltd.) [Auto | Stopped] -- C:\WWW\Zend\ZendServer\bin\jqd.exe -- (ZendJobQueue)
SRV - [2011.03.09 15:03:10 | 000,022,800 | ---- | M] (Zend Technologies Ltd.) [Auto | Stopped] -- C:\WWW\Zend\ZendServer\bin\JavaServer.exe -- (ZendJavaBridge)
SRV - [2011.03.09 15:03:06 | 000,026,496 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\WWW\Zend\Apache2\bin\httpd.exe -- (Apache2.2-Zend)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.08.12 23:08:04 | 006,094,848 | ---- | M] () [Auto | Stopped] -- C:\WWW\Zend\MySQL51\bin\mysqld.exe -- (MySQL_ZendServer51)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.11.16 09:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\App\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\App\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2009.09.22 21:04:32 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.28 07:45:38 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009.08.07 13:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.08.06 18:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.07.14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.07.10 10:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.04 00:33:36 | 000,038,688 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_DB2COPY1) DB2 Management Service (DB2COPY1)
SRV - [2009.03.25 13:46:38 | 000,376,192 | ---- | M] () [Auto | Stopped] -- C:\App\Vivotek Inc\ST7501\Server\ST7501_UranusWatchDog.exe -- (ST7501 Uranus Watch Dog)
SRV - [2007.06.16 03:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.11.25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011.09.23 20:21:08 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.09.23 20:20:54 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.09.23 20:19:16 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.09.23 20:19:06 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.09.23 19:21:06 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.09.23 16:58:32 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.09.23 16:58:32 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011.09.23 16:58:32 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.05.27 20:01:12 | 000,046,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kinectcamera.sys -- (KinectCamera)
DRV:64bit: - [2011.01.04 16:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.12.16 09:23:14 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.25 10:10:22 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.06.21 23:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.03.02 13:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.03.02 13:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.03.02 13:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010.02.26 13:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010.02.26 13:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.02.26 13:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010.02.26 13:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010.02.22 09:09:10 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010.01.08 08:13:12 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010.01.06 16:33:40 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.06 16:33:40 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.06 16:33:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.01.06 16:33:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.12.18 15:02:26 | 000,169,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009.12.18 15:02:26 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009.12.09 19:20:41 | 000,029,184 | ---- | M] (Egistec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV:64bit: - [2009.12.09 19:14:30 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.16 09:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009.11.16 08:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009.08.24 13:10:40 | 000,022,640 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009.08.14 15:54:54 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 05:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.06.24 22:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.07 08:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.22 13:43:08 | 000,625,152 | ---- | M] (LiteOn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV:64bit: - [2009.05.18 07:23:42 | 000,143,320 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.05.14 01:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.05.05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.02.13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009.02.12 14:11:26 | 000,026,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dddskx64.sys -- (ElRawDisk)
DRV:64bit: - [2008.03.13 06:51:00 | 000,068,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2008.03.13 06:49:36 | 000,084,288 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2007.06.27 18:31:24 | 000,054,272 | ---- | M] (Axesstel) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Axtmvmdm.sys -- (Axtmvmdm)
DRV:64bit: - [2007.06.27 18:31:24 | 000,052,224 | ---- | M] (Axesstel) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Axtmvprt.sys -- (Axtmvprt)
DRV:64bit: - [2007.06.27 18:31:24 | 000,006,144 | ---- | M] (Axesstel) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Axtmvflt.sys -- (Axtmvflt)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.12.30 11:23:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
DRV - [2009.10.21 13:04:22 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009.09.02 19:52:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/12/09 19:25:39] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.02.20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys -- (cdrbsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4842y265
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2698489316-4078319972-4006630733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2698489316-4078319972-4006630733-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0
FF - prefs.js..extensions.enabledItems: trexma@twofourone.blogspot.com:0.8.6
FF - prefs.js..extensions.enabledItems: {3c9761ad-a43d-4447-b924-f5d83cb48063}:2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... 2.0.0.4&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\App\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\App\Sony\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.148_0\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\stoupa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\stoupa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3c9761ad-a43d-4447-b924-f5d83cb48063}: C:\App\Zend\Zend Studio - 8.0.0\toolbars\firefox [2010.12.16 14:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.02 11:20:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\App\Mozilla Firefox\components [2012.01.26 11:55:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\App\Mozilla Firefox\plugins [2012.01.19 11:17:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\App\Mozilla Thunderbird\components [2011.12.02 11:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\App\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\App\Mozilla Thunderbird\components [2011.12.02 11:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\App\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\App\Mozilla Thunderbird\components [2011.12.02 11:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\App\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\App\Mozilla Thunderbird\components [2011.12.02 11:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\App\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\App\Mozilla Thunderbird\components [2011.12.02 11:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\App\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\App\Mozilla Thunderbird\components [2011.12.02 11:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\App\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\App\Mozilla Thunderbird\components [2011.12.02 11:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\App\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\App\ESET\ESET Smart Security\Mozilla Thunderbird [2010.01.26 12:53:42 | 000,000,000 | ---D | M]

[2009.12.10 07:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stoupa\AppData\Roaming\Mozilla\Extensions
[2009.12.10 07:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stoupa\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.26 15:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\extensions
[2012.01.26 15:34:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.01.23 17:28:43 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\extensions\foxmarks@kei.com
[2012.01.23 17:26:15 | 000,000,000 | ---D | M] (trexma) -- C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\extensions\trexma@twofourone.blogspot.com
[2012.01.23 12:38:53 | 000,000,950 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\searchplugins\icqplugin-1.xml
[2010.12.09 11:35:33 | 000,000,950 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\searchplugins\icqplugin-2.xml
[2010.12.28 12:17:41 | 000,000,950 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\searchplugins\icqplugin-3.xml
[2010.08.20 12:39:18 | 000,001,056 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\searchplugins\icqplugin.xml
() (No name found) -- C:\USERS\STOUPA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XK82R5PH.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\STOUPA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XK82R5PH.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\STOUPA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XK82R5PH.DEFAULT\EXTENSIONS\RPNCALCBAR@DOMBONJ.XPI
() (No name found) -- C:\USERS\STOUPA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XK82R5PH.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\stoupa\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\App\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\App\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\App\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\App\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\App\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\App\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\App\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\App\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\App\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\App\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\App\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\App\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\stoupa\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\stoupa\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.148_0\npsoe.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\App\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Media Go Detector (Enabled) = C:\App\Sony\npmediago.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Xmarks Bookmark Sync = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.17_0\
CHR - Extension: YouTube = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Firebug Lite = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbbfjbeaefgipfjpdabmpadaacmafkj\1.27\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: SOE Web Installer = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.148_0\
CHR - Extension: YouTube Downloader = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fapjkciegccccojledkpnfgchdkjemec\1.7_0\
CHR - Extension: Fast YouTube Search = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkljdkflooidjlkahdnfgodflkelkai\1.2\
CHR - Extension: Send to Kindle = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\2.6.3.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: TM new showprofile = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcfgiokokcmclnmghadckabnlacjean\1.0_0\
CHR - Extension: Gmail = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: TED Video Download = C:\Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponobohemjmcfbdcjghajlmkenceogaa\1.3_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\App\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\App\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-2698489316-4078319972-4006630733-1000..\Run: [T-Mobile Communication Centre] C:\App\T-Mobile\Web'n'walk Manager\Manager.exe (Gemfor s.r.o.)
O4 - Startup: C:\Users\stoupa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\stoupa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2698489316-4078319972-4006630733-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2698489316-4078319972-4006630733-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} http://192.168.10.73/RtspVaPgDec.cab (RtspVaPgCtrlNew Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} http://cam2.nix.cz/plugin/h263ctrl.cab (VaPgCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DAC2B3F-3FA0-4E4F-BED8-4F736289FD79}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2698489316-4078319972-4006630733-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2698489316-4078319972-4006630733-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

stoupa101 · #10 Příspěvek od **stoupa101** » 28 led 2012 09:00

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.ACDV - File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.ACDV - C:\Windows\SysWow64\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.01.25 11:42:54 | 000,000,000 | ---D | C] -- C:\rsit
[2012.01.25 11:24:58 | 000,000,000 | ---D | C] -- C:\Users\stoupa\AppData\Roaming\TeamViewer
[2012.01.24 11:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.01.23 11:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2009.09.08 04:44:51 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2031.01.09 19:10:16 | 000,969,941 | ---- | M] () -- C:\Users\stoupa\Documents\Img00023.jpg
[2012.01.28 07:44:25 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.01.28 07:37:44 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2698489316-4078319972-4006630733-1000UA.job
[2012.01.28 07:37:43 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.28 07:36:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.27 17:05:55 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.27 16:53:09 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2698489316-4078319972-4006630733-1000Core.job
[2012.01.27 15:27:30 | 001,454,016 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.27 15:27:30 | 000,625,562 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.01.27 15:27:30 | 000,610,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.27 15:27:30 | 000,120,238 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.01.27 15:27:30 | 000,104,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.25 21:58:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.25 21:58:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.25 21:55:28 | 000,002,408 | ---- | M] () -- C:\Users\stoupa\Desktop\Google Chrome.lnk
[2012.01.25 21:49:50 | 1601,622,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.25 16:27:35 | 000,000,091 | ---- | M] () -- C:\Users\stoupa\.vpsuite_installation.xml
[2012.01.25 11:27:49 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.01.24 11:43:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.01.24 10:51:34 | 000,000,600 | ---- | M] () -- C:\Users\stoupa\AppData\Local\PUTTY.RND
[2012.01.23 11:35:51 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.27 14:36:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.01.25 11:27:50 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.01.25 11:27:49 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.01.23 11:35:51 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2012.01.23 11:35:51 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.11.30 16:40:26 | 000,000,096 | ---- | C] () -- C:\ProgramData\xlink.sys
[2011.11.30 16:40:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ntUsrrIP_1_0.dll
[2011.11.30 16:32:46 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\wiswndowsp32.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.12 11:56:49 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2011.05.19 11:53:57 | 000,000,413 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.05.10 14:03:17 | 000,014,848 | ---- | C] () -- C:\Users\stoupa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.10 14:02:01 | 000,007,680 | ---- | C] () -- C:\Users\stoupa\AppData\Roaming\JJStateData.dat
[2011.05.10 14:02:01 | 000,007,680 | ---- | C] () -- C:\Users\stoupa\AppData\Local\JJStateData.dat
[2011.05.10 13:21:58 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.01.19 23:28:47 | 000,000,507 | ---- | C] () -- C:\Windows\wininit.ini
[2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.10.15 09:13:04 | 000,000,013 | ---- | C] () -- C:\Windows\TEXTware.ini
[2010.10.13 18:47:17 | 000,000,043 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2010.10.07 14:01:38 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\BHARegister.dll
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.06.24 16:19:53 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.24 16:13:35 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\K8D.dll
[2010.06.24 16:13:35 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FASTTime32.dll
[2010.06.24 16:13:34 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\K8E.exe
[2010.05.18 12:11:04 | 000,007,620 | ---- | C] () -- C:\Users\stoupa\AppData\Local\Resmon.ResmonCfg
[2010.05.17 10:43:17 | 000,000,195 | ---- | C] () -- C:\Windows\MibBrowser.INI
[2010.02.12 16:27:41 | 000,000,012 | ---- | C] () -- C:\Windows\pspvc_path.ini
[2010.01.14 10:03:17 | 000,022,152 | ---- | C] () -- C:\Windows\SysWow64\driver-flasher-3.5.exe
[2009.12.21 20:18:08 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\gmsblist.dll
[2009.12.14 13:45:10 | 001,496,946 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.10 12:36:10 | 000,000,600 | ---- | C] () -- C:\Users\stoupa\AppData\Local\PUTTY.RND
[2009.12.10 00:08:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.12.09 20:53:23 | 000,000,000 | ---- | C] () -- C:\Users\stoupa\AppData\Roaming\wklnhst.dat
[2009.12.09 19:24:28 | 000,000,600 | ---- | C] () -- C:\Users\stoupa\AppData\Roaming\winscp.rnd
[2009.12.09 19:04:03 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.12.09 19:04:03 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.12.09 19:04:03 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009.12.09 19:04:03 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009.11.27 20:49:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.01.23 13:11:20 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\QFClient2.dll
[2002.03.21 14:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\UNACEV2.DLL

========== LOP Check ==========

[2010.12.24 21:21:13 | 000,000,000 | ---D | M] -- C:\Users\hanka\AppData\Roaming\ESET
[2010.12.24 21:18:31 | 000,000,000 | ---D | M] -- C:\Users\hanka\AppData\Roaming\PC Suite
[2010.06.22 11:03:01 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\.purple
[2011.05.04 14:43:28 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Ashampoo
[2011.06.24 06:42:04 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\calibre
[2010.06.01 13:45:27 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Clonk
[2011.12.15 15:48:27 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Copernic
[2010.08.25 15:40:02 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\DAEMON Tools Lite
[2012.01.25 21:53:07 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Dropbox
[2012.01.19 12:29:59 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Electronic Arts
[2010.01.26 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\ESET
[2011.01.28 17:38:57 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\EVEMon
[2011.04.27 13:54:18 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\FileZilla
[2010.01.12 09:26:21 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\GHISLER
[2009.12.22 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\gsak
[2012.01.26 11:46:13 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\ICQ
[2009.12.17 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\ID3-TagIT 3
[2011.01.12 00:18:06 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\LangSoft
[2009.12.17 16:06:48 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Mp3tag
[2009.12.11 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\MySQL
[2010.03.24 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Nokia
[2010.10.15 09:41:41 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\oald8
[2011.08.15 12:15:50 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\OnLive App
[2010.02.07 14:01:39 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\OpenOffice.org
[2011.04.13 14:37:57 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Opera
[2010.10.15 09:13:48 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Oxford
[2010.03.24 15:18:37 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\PC Suite
[2009.12.25 18:53:53 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\PowerCinema
[2010.03.15 07:54:24 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\ProfitUI Reborn Updater
[2010.09.08 13:35:59 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\QuidoCX
[2012.01.25 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\RIFT
[2011.08.18 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Samsung
[2011.04.04 15:13:24 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\SmartDraw
[2011.12.23 12:12:11 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\SoftDMA
[2011.02.19 23:25:54 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Sony
[2010.02.10 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Sony Setup
[2011.05.25 15:46:23 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Subversion
[2012.01.25 11:30:12 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\TeamViewer
[2012.01.15 15:34:01 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Temp
[2009.12.10 07:15:18 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Thunderbird
[2012.01.27 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\uTorrent
[2010.11.11 16:50:30 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\VitySoft
[2010.09.30 06:42:11 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Vogat Interactive
[2010.09.08 13:58:34 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Wireshark
[2009.12.10 01:42:12 | 000,000,000 | ---D | M] -- C:\Users\stoupa101\AppData\Roaming\Sports Interactive
[2012.01.19 11:09:53 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< netsvc >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011.09.29 18:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010.11.20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011.06.21 07:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010.06.14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011.04.25 06:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010.06.14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011.04.25 06:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011.06.21 07:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011.09.29 17:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2011.04.25 07:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011.06.21 07:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011.06.21 07:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011.09.29 17:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011.09.29 17:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011.09.29 17:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%*.* /U /s >
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[10 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[7 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\c40714d5b04af66acd1cc52cc6d573d2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c40714d5b04af66acd1cc52cc6d573d2\*.tmp -> ]
[6056 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.06.22 11:03:01 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\.purple
[2011.07.18 12:13:30 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Adobe
[2011.12.06 16:25:44 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Apple Computer
[2011.05.04 14:43:28 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Ashampoo
[2011.06.24 06:42:04 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\calibre
[2010.06.01 13:45:27 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Clonk
[2011.12.15 15:48:27 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Copernic
[2009.12.12 14:27:10 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\CyberLink
[2010.08.25 15:40:02 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\DAEMON Tools Lite
[2012.01.25 21:53:07 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Dropbox
[2012.01.19 12:29:59 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Electronic Arts
[2010.01.26 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\ESET
[2011.01.28 17:38:57 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\EVEMon
[2011.04.27 13:54:18 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\FileZilla
[2010.01.12 09:26:21 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\GHISLER
[2009.12.09 18:57:43 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Google
[2009.12.22 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\gsak
[2012.01.26 11:46:13 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\ICQ
[2009.12.17 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\ID3-TagIT 3
[2009.12.09 18:55:21 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Identities
[2009.12.09 19:03:43 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\InstallShield
[2010.12.24 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Intelli-studio
[2011.01.12 00:18:06 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\LangSoft
[2009.12.09 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Macromedia
[2011.02.21 08:57:27 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Media Center Programs
[2011.03.13 10:48:14 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Media Player Classic
[2011.11.01 11:35:09 | 000,000,000 | --SD | M] -- C:\Users\stoupa\AppData\Roaming\Microsoft
[2011.06.20 16:03:04 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Mozilla
[2009.12.17 16:06:48 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Mp3tag
[2009.12.11 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\MySQL
[2011.12.22 13:33:08 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Nero
[2010.03.24 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Nokia
[2010.08.18 08:50:37 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\NVIDIA
[2010.10.15 09:41:41 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\oald8
[2011.08.15 12:15:50 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\OnLive App
[2010.02.07 14:01:39 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\OpenOffice.org
[2011.04.13 14:37:57 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Opera
[2010.10.15 09:13:48 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Oxford
[2010.03.24 15:18:37 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\PC Suite
[2009.12.25 18:53:53 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\PowerCinema
[2010.03.15 07:54:24 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\ProfitUI Reborn Updater
[2011.01.12 00:18:08 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\PSpad
[2010.09.08 13:35:59 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\QuidoCX
[2011.12.02 11:20:23 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Real
[2012.01.25 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\RIFT
[2011.08.18 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Samsung
[2010.07.02 06:59:03 | 000,000,000 | RH-D | M] -- C:\Users\stoupa\AppData\Roaming\SecuROM
[2012.01.28 08:11:51 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Skype
[2011.07.22 09:50:37 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\skypePM
[2011.04.04 15:13:24 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\SmartDraw
[2011.12.23 12:12:11 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\SoftDMA
[2011.02.19 23:25:54 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Sony
[2010.02.10 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Sony Setup
[2011.05.25 15:46:23 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Subversion
[2009.12.10 12:27:38 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Talkback
[2012.01.25 11:30:12 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\TeamViewer
[2012.01.15 15:34:01 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Temp
[2009.12.10 07:15:18 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Thunderbird
[2012.01.25 21:53:02 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\TortoiseHg
[2010.01.04 07:42:45 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\UltraVNC
[2012.01.27 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\uTorrent
[2010.01.03 19:51:55 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Ventrilo
[2010.11.11 16:50:30 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\VitySoft
[2012.01.26 12:03:46 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\VMware
[2010.09.30 06:42:11 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Vogat Interactive
[2012.01.10 15:58:13 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Winamp
[2009.12.10 20:50:01 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\WinRAR
[2010.09.08 13:58:34 | 000,000,000 | ---D | M] -- C:\Users\stoupa\AppData\Roaming\Wireshark

< %APPDATA%\*.exe /s >
[2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\stoupa\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.12.05 20:17:50 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\stoupa\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.12.24 21:50:48 | 019,474,216 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Intelli-studio\iUpdate.exe
[2011.12.19 12:52:54 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\stoupa\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.09.30 14:25:53 | 000,010,134 | R--- | M] () -- C:\Users\stoupa\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
[2011.01.12 18:09:16 | 000,004,334 | R--- | M] () -- C:\Users\stoupa\AppData\Roaming\Microsoft\Installer\{402F8EF6-D4F8-4E0C-B572-99D318A06FC7}\_37c74887.exe
[2011.01.12 18:09:16 | 000,004,334 | R--- | M] () -- C:\Users\stoupa\AppData\Roaming\Microsoft\Installer\{402F8EF6-D4F8-4E0C-B572-99D318A06FC7}\_682b7484.exe
[2011.11.29 12:06:43 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stoupa\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe
[2011.11.22 11:31:51 | 026,927,552 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stoupa\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\stub_data\RealPlayer.exe
[2011.11.22 11:31:30 | 000,713,472 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stoupa\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\stub_exe\RealPlayer.exe
[2012.01.15 15:00:31 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe
[2011.07.26 19:23:14 | 000,958,352 | ---- | M] (Samsung) -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.07.26 19:23:16 | 000,278,928 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.07.26 16:27:50 | 000,286,720 | ---- | M] (Samsung) -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2011.07.26 19:23:16 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.07.26 16:27:16 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.07.26 16:27:16 | 000,284,160 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.07.26 16:27:18 | 000,666,112 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.07.26 19:23:20 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.07.26 16:27:06 | 000,106,408 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.07.26 16:27:06 | 000,101,288 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.07.26 19:23:22 | 000,131,984 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.07.26 19:23:24 | 000,020,880 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.07.26 19:23:26 | 004,661,464 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.07.26 16:26:44 | 024,100,248 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.07.26 19:23:28 | 000,362,384 | ---- | M] (ml) -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\temp\Kies.Update.exe
[2012.01.04 07:07:42 | 000,371,088 | ---- | M] (ml) -- C:\Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012.01.27 17:05:55 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.01.28 07:59:05 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.01.27 16:53:09 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2698489316-4078319972-4006630733-1000Core.job
[2012.01.28 07:53:06 | 000,000,966 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2698489316-4078319972-4006630733-1000UA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %userprofile%\Plocha\*.* >

< %userprofile%\Desktop\*.* >
[2009.12.09 20:51:53 | 000,001,524 | ---- | M] () -- C:\Users\stoupa\Desktop\Acer Crystal Eye Webcam.lnk
[2010.11.02 21:19:31 | 000,001,934 | ---- | M] () -- C:\Users\stoupa\Desktop\Bloodline of the Fallen - Anna's Sacrifice.lnk
[2009.12.09 22:11:24 | 000,001,230 | ---- | M] () -- C:\Users\stoupa\Desktop\Calculator.lnk
[2011.02.22 20:04:07 | 000,000,700 | ---- | M] () -- C:\Users\stoupa\Desktop\CCleaner.lnk
[2011.03.21 16:05:53 | 000,000,140 | ---- | M] () -- C:\Users\stoupa\Desktop\chill.pls
[2010.09.26 15:34:56 | 000,001,270 | ---- | M] () -- C:\Users\stoupa\Desktop\CivilizationV – zástupce.lnk
[2010.10.14 18:05:17 | 000,001,829 | ---- | M] () -- C:\Users\stoupa\Desktop\Columbus - Ghost of the Mystery Stone.lnk
[2011.02.08 08:47:15 | 000,000,654 | ---- | M] () -- C:\Users\stoupa\Desktop\Comical.lnk
[2011.06.27 11:43:42 | 000,000,834 | -HS- | M] () -- C:\Users\stoupa\Desktop\desktop.ini
[2010.10.13 18:45:37 | 000,000,728 | ---- | M] () -- C:\Users\stoupa\Desktop\DicMan.lnk
[2010.08.26 12:03:43 | 000,000,826 | ---- | M] () -- C:\Users\stoupa\Desktop\DjView.lnk
[2012.01.18 07:56:59 | 000,001,042 | ---- | M] () -- C:\Users\stoupa\Desktop\Dropbox.lnk
[2011.07.22 21:43:58 | 002,143,778 | ---- | M] () -- C:\Users\stoupa\Desktop\DSCF3282.JPG
[2010.06.02 11:51:06 | 000,000,744 | ---- | M] () -- C:\Users\stoupa\Desktop\Edraw UML Diagram.lnk
[2011.02.10 23:55:42 | 860,941,932 | ---- | M] () -- C:\Users\stoupa\Desktop\euroix_film.mov
[2009.10.13 11:14:52 | 000,005,386 | ---- | M] () -- C:\Users\stoupa\Desktop\euroix_film.txt
[2010.02.23 19:09:35 | 000,001,093 | ---- | M] () -- C:\Users\stoupa\Desktop\EverQuest2 – zástupce.lnk
[2010.01.27 15:24:05 | 000,000,728 | ---- | M] () -- C:\Users\stoupa\Desktop\Free Ape Player.lnk
[2012.01.25 21:55:28 | 000,002,408 | ---- | M] () -- C:\Users\stoupa\Desktop\Google Chrome.lnk
[2010.10.14 09:41:05 | 000,001,791 | ---- | M] () -- C:\Users\stoupa\Desktop\googleearth – zástupce.lnk
[2011.04.20 10:12:30 | 000,000,490 | ---- | M] () -- C:\Users\stoupa\Desktop\history.xml
[2010.08.19 06:48:08 | 000,001,798 | ---- | M] () -- C:\Users\stoupa\Desktop\Installation Wizard 2.lnk
[2010.09.09 16:16:02 | 000,000,698 | ---- | M] () -- C:\Users\stoupa\Desktop\JustCause2 – zástupce.lnk
[2011.01.12 18:09:16 | 000,002,913 | ---- | M] () -- C:\Users\stoupa\Desktop\Language Lab Demo.lnk
[2010.08.25 19:12:18 | 000,001,082 | ---- | M] () -- C:\Users\stoupa\Desktop\mafia2 – zástupce.lnk
[2011.02.14 07:49:52 | 000,002,620 | ---- | M] () -- C:\Users\stoupa\Desktop\Magic The Gathering Tactics.lnk
[2010.05.17 11:23:52 | 000,001,965 | ---- | M] () -- C:\Users\stoupa\Desktop\MIB Browser.lnk
[2011.05.19 12:51:18 | 000,001,684 | ---- | M] () -- C:\Users\stoupa\Desktop\Mozilla Thunderbird.lnk
[2009.07.28 11:48:50 | 002,244,518 | ---- | M] () -- C:\Users\stoupa\Desktop\naty.jpg
[2010.10.13 18:45:37 | 000,000,728 | ---- | M] () -- C:\Users\stoupa\Desktop\PC Translator 2010.lnk
[2010.06.30 08:01:43 | 000,000,712 | ---- | M] () -- C:\Users\stoupa\Desktop\Perpetuum.lnk
[2011.06.02 12:48:36 | 000,000,134 | ---- | M] () -- C:\Users\stoupa\Desktop\Poradce při potížích s aplikací Internet Explorer.url
[2010.02.23 16:07:39 | 000,002,041 | ---- | M] () -- C:\Users\stoupa\Desktop\ProfitUI Reborn Updater.lnk
[2010.02.12 16:27:54 | 000,000,810 | ---- | M] () -- C:\Users\stoupa\Desktop\PSP Video Converter.lnk
[2010.02.12 16:27:54 | 000,000,859 | ---- | M] () -- C:\Users\stoupa\Desktop\PSPVC (Server).lnk
[2010.10.04 07:01:23 | 000,000,806 | ---- | M] () -- C:\Users\stoupa\Desktop\RapidShare Manager.lnk
[2011.07.20 14:43:28 | 000,000,862 | ---- | M] () -- C:\Users\stoupa\Desktop\Sample Skeletal Viewer.lnk
[2010.09.22 17:30:22 | 000,001,555 | ---- | M] () -- C:\Users\stoupa\Desktop\SBMonopoly – zástupce.lnk
[2010.10.13 18:45:37 | 000,000,728 | ---- | M] () -- C:\Users\stoupa\Desktop\Slovník.lnk
[2011.04.04 13:37:35 | 000,000,693 | ---- | M] () -- C:\Users\stoupa\Desktop\SmartDraw VP.lnk
[2010.01.12 09:26:23 | 000,000,726 | ---- | M] () -- C:\Users\stoupa\Desktop\Total Commander.lnk
[2010.01.04 07:41:23 | 000,000,656 | ---- | M] () -- C:\Users\stoupa\Desktop\UltraVNC Server.lnk
[2010.01.04 07:41:24 | 000,000,673 | ---- | M] () -- C:\Users\stoupa\Desktop\UltraVNC Viewer.lnk
[2011.05.10 14:38:18 | 000,170,100 | ---- | M] () -- C:\Users\stoupa\Desktop\X_38.jpg

< %ALLUSERSPROFILE%\Plocha\*.* >

< %ALLUSERSPROFILE%\Desktop\*.* >

< *crack* /s >
[2010.10.20 01:16:22 | 000,786,476 | ---- | M] () -- \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\particles\cha_fidget_colossus_crack.tga
[2010.10.20 01:16:23 | 000,786,476 | ---- | M] () -- \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\particles\eff_animals_crackedearth.tga
[2010.10.20 01:16:59 | 000,496,667 | ---- | M] () -- \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\pssg\props\plains_manaDeviceCracked.PSSG.gz

< *keygen* /s >
[2009.04.09 00:31:58 | 000,015,784 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\security\spec\RSAKeyGenParameterSpec.html
[2009.04.09 00:29:44 | 000,006,397 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\security\spec\class-use\RSAKeyGenParameterSpec.html
[2009.04.09 00:32:10 | 000,026,617 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\jce10\javax\crypto\KeyGenerator.html
[2009.04.09 00:28:22 | 000,013,948 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\jce10\javax\crypto\KeyGeneratorSpi.html
[2009.04.09 00:31:04 | 000,008,837 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\jce10\javax\crypto\class-use\KeyGenerator.html
[2009.04.09 00:27:42 | 000,007,553 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\jce10\javax\crypto\class-use\KeyGeneratorSpi.html
[2009.04.09 00:31:10 | 000,015,083 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\security\spec\RSAKeyGenParameterSpec.html
[2009.04.09 00:28:18 | 000,005,914 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\security\spec\class-use\RSAKeyGenParameterSpec.html

stoupa101 · #11 Příspěvek od **stoupa101** » 28 led 2012 09:02

< *loader* /s >
[2006.09.26 14:00:54 | 000,049,664 | ---- | M] () -- \App\Edraw UML Diagram\ssloader.e32
[2010.06.28 07:24:27 | 000,005,795 | ---- | M] () -- \App\ICQ7.2\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2010.06.28 07:24:27 | 000,005,520 | ---- | M] () -- \App\ICQ7.2\imApp\theme\IMAGES\XtraPreloader\loader.swf
[2010.06.28 07:24:28 | 000,004,180 | ---- | M] () -- \App\ICQ7.2\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2010.06.28 07:24:27 | 000,005,520 | ---- | M] () -- \App\ICQ7.2\imApp\theme\MUICoreLib\xtraLoader.swf
[2011.07.11 12:33:31 | 000,002,886 | ---- | M] () -- \App\ICQ7.2\Xtraz\icq\content\babylon_feed\preloader01_b.swf
[2011.07.12 05:52:22 | 000,000,402 | ---- | M] () -- \App\ICQ7.2\Xtraz\icq\content\icq_profile\preloader.html
[2011.01.19 13:57:12 | 000,000,402 | ---- | M] () -- \App\ICQ7.2\Xtraz\icq\content\profile_forms\preloader.html
[2011.01.19 13:57:13 | 000,000,402 | ---- | M] () -- \App\ICQ7.2\Xtraz\icq\content\profile_lightboxs\preloader.html
[2010.06.28 07:26:54 | 000,552,798 | ---- | M] () -- \App\ICQ7.2\Xtraz\icq\theme\game_center\loaderBkg.png
[2011.04.05 11:41:10 | 000,007,664 | ---- | M] () -- \App\Java\jdk1.6.0_24\demo\jvmti\hprof\src\hprof_loader.c
[2011.04.05 11:41:10 | 000,002,141 | ---- | M] () -- \App\Java\jdk1.6.0_24\demo\jvmti\hprof\src\hprof_loader.h
[2011.04.05 11:39:52 | 000,002,941 | ---- | M] () -- \App\Java\jdk1.6.0_24\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml
[2011.04.05 11:39:53 | 000,000,411 | ---- | M] () -- \App\Java\jdk1.6.0_24\lib\visualvm\platform\config\Modules\org-openide-loaders.xml
[2011.04.05 11:40:06 | 001,138,236 | ---- | M] () -- \App\Java\jdk1.6.0_24\lib\visualvm\platform\modules\org-openide-loaders.jar
[2011.04.05 11:40:03 | 000,007,002 | ---- | M] () -- \App\Java\jdk1.6.0_24\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar
[2011.04.05 11:40:03 | 000,006,658 | ---- | M] () -- \App\Java\jdk1.6.0_24\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar
[2011.04.05 11:40:09 | 000,000,456 | ---- | M] () -- \App\Java\jdk1.6.0_24\lib\visualvm\platform\update_tracking\org-openide-loaders.xml
[2011.04.08 02:30:00 | 000,000,483 | ---- | M] () -- \App\NetBeans 7.0\enterprise\config\Modules\org-netbeans-modules-j2ee-ddloaders.xml
[2011.05.18 11:24:47 | 002,743,880 | ---- | M] () -- \App\NetBeans 7.0\enterprise\modules\org-netbeans-modules-j2ee-ddloaders.jar
[2011.05.18 11:24:18 | 000,033,680 | ---- | M] () -- \App\NetBeans 7.0\enterprise\modules\locale\org-netbeans-modules-j2ee-ddloaders_ja.jar
[2011.05.18 11:24:15 | 000,031,129 | ---- | M] () -- \App\NetBeans 7.0\enterprise\modules\locale\org-netbeans-modules-j2ee-ddloaders_pt_BR.jar
[2011.05.18 11:24:18 | 000,036,025 | ---- | M] () -- \App\NetBeans 7.0\enterprise\modules\locale\org-netbeans-modules-j2ee-ddloaders_ru.jar
[2011.05.18 11:24:15 | 000,032,362 | ---- | M] () -- \App\NetBeans 7.0\enterprise\modules\locale\org-netbeans-modules-j2ee-ddloaders_zh_CN.jar
[2011.05.18 11:25:26 | 000,000,432 | ---- | M] () -- \App\NetBeans 7.0\enterprise\update_tracking\org-netbeans-modules-j2ee-ddloaders.xml
[2011.04.08 02:30:01 | 000,000,484 | ---- | M] () -- \App\NetBeans 7.0\ergonomics\config\Modules\org-netbeans-modules-j2ee-ddloaders.xml
[2011.04.08 02:30:11 | 000,019,348 | ---- | M] () -- \App\NetBeans 7.0\javacard\JCDK3.0.2_ConnectedEdition\docs\api\spi\com\sun\javacard\spi\cardmgmt\DeploymentUnitLoader.html
[2009.04.09 00:30:54 | 000,004,261 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\apps\SVGDemo\src\com\sun\perseus\demo\ImageLoader.java
[2009.04.09 00:27:28 | 000,075,179 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\java\lang\ClassLoader.html
[2009.04.09 00:29:26 | 000,025,070 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\java\lang\class-use\ClassLoader.html
[2009.04.09 00:31:18 | 000,035,485 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\java\net\URLClassLoader.html
[2009.04.09 00:29:48 | 000,008,749 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\java\net\class-use\URLClassLoader.html
[2009.04.09 00:27:10 | 000,021,745 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\java\security\SecureClassLoader.html
[2009.04.09 00:29:42 | 000,007,912 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\java\security\class-use\SecureClassLoader.html
[2009.04.09 00:31:22 | 000,075,257 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\lang\ClassLoader.html
[2009.04.09 00:27:52 | 000,025,144 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\lang\class-use\ClassLoader.html
[2009.04.09 00:27:30 | 000,035,559 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\net\URLClassLoader.html
[2009.04.09 00:29:28 | 000,008,823 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\net\class-use\URLClassLoader.html
[2009.04.09 00:30:48 | 000,021,827 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\security\SecureClassLoader.html
[2009.04.09 00:27:10 | 000,007,986 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\security\class-use\SecureClassLoader.html
[2009.04.09 00:31:58 | 000,073,570 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\lang\ClassLoader.html
[2009.04.09 00:30:02 | 000,027,469 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\lang\class-use\ClassLoader.html
[2009.04.09 00:27:34 | 000,034,597 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\net\URLClassLoader.html
[2009.04.09 00:28:20 | 000,008,293 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\net\class-use\URLClassLoader.html
[2009.04.09 00:28:00 | 000,021,104 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\security\SecureClassLoader.html
[2009.04.09 00:31:02 | 000,007,466 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\security\class-use\SecureClassLoader.html
[2011.05.18 11:26:16 | 000,002,977 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\toolkit-lib\process\memory-profiler\code\memprof-loader.jar
[2011.04.08 02:30:16 | 000,002,941 | ---- | M] () -- \App\NetBeans 7.0\platform\config\ModuleAutoDeps\org-openide-loaders.xml
[2011.04.08 02:30:16 | 000,000,411 | ---- | M] () -- \App\NetBeans 7.0\platform\config\Modules\org-openide-loaders.xml
[2011.05.18 11:21:04 | 001,322,133 | ---- | M] () -- \App\NetBeans 7.0\platform\modules\org-openide-loaders.jar
[2011.05.18 11:21:00 | 000,007,062 | ---- | M] () -- \App\NetBeans 7.0\platform\modules\locale\org-openide-loaders_ja.jar
[2011.05.18 11:20:58 | 000,006,437 | ---- | M] () -- \App\NetBeans 7.0\platform\modules\locale\org-openide-loaders_pt_BR.jar
[2011.05.18 11:21:00 | 000,007,588 | ---- | M] () -- \App\NetBeans 7.0\platform\modules\locale\org-openide-loaders_ru.jar
[2011.05.18 11:20:58 | 000,006,722 | ---- | M] () -- \App\NetBeans 7.0\platform\modules\locale\org-openide-loaders_zh_CN.jar
[2011.05.18 11:22:32 | 000,000,465 | ---- | M] () -- \App\NetBeans 7.0\platform\update_tracking\org-openide-loaders.xml
[2009.09.16 22:33:50 | 000,006,308 | ---- | M] () -- \App\OpenOffice.org 3\Basis\program\pythonloader.py
[2009.09.16 15:22:08 | 000,022,528 | ---- | M] () -- \App\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2009.09.17 20:12:18 | 000,000,171 | ---- | M] () -- \App\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2009.09.11 16:36:38 | 000,029,696 | ---- | M] () -- \App\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2009.09.16 15:00:48 | 000,003,872 | ---- | M] () -- \App\OpenOffice.org 3\URE\java\unoloader.jar
[2009.11.23 14:18:44 | 000,002,828 | ---- | M] () -- \App\Oxford\OALD8\components\uriloader.xpt
[2007.07.26 17:00:02 | 000,067,584 | ---- | M] () -- \App\Panasonic\HDWRITER\MediaLoader.dll
[2010.06.04 15:49:49 | 000,025,294 | ---- | M] () -- \App\Pidgin\Gtk\bin\gdk-pixbuf-query-loaders.exe
[2010.06.04 15:49:51 | 000,000,543 | ---- | M] () -- \App\Pidgin\Gtk\etc\gtk-2.0\gdk-pixbuf.loaders
[2010.07.12 07:27:27 | 000,029,485 | ---- | M] () -- \App\PostgreSQL\EnterpriseDB-ApachePhp\apache\www\mediaWiki\includes\AutoLoader.php
[2010.07.12 07:27:27 | 000,000,894 | ---- | M] () -- \App\PostgreSQL\EnterpriseDB-ApachePhp\apache\www\mediaWiki\maintenance\checkAutoLoader.php
[2009.10.23 15:41:45 | 012,010,264 | ---- | M] () -- \App\Sony\PSNDownloaderSetup.exe
[2011.02.26 11:46:28 | 000,007,168 | ---- | M] () -- \App\TortoiseHg\_win32sysloader.pyd
[2009.03.25 13:28:28 | 000,045,056 | ---- | M] () -- \App\Vivotek Inc\ST7501\Server\ServerControllerLoader.dll
[2009.03.25 13:28:28 | 000,044,032 | ---- | M] () -- \App\Vivotek Inc\ST7501\Server\ServerUtilityLoader.dll
[2009.08.16 17:05:14 | 000,053,760 | ---- | M] () -- \App\WinRAR\Formats\ace32loader.exe
[2010.02.08 00:44:00 | 000,000,543 | ---- | M] () -- \App\Wireshark\etc\gtk-2.0\gdk-pixbuf.loaders
[2011.05.25 15:46:13 | 000,004,071 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\configuration\org.eclipse.osgi\bundles\666\1\.cp\resources\zend_server\ZendLoader.php
[2010.10.27 20:29:18 | 000,002,973 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\plugins\com.zend.php.datatools.core_8.0.0.v20100714-1206\com\zend\php\datatools\core\DriversLoader.class
[2010.10.27 20:29:22 | 000,006,229 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\plugins\com.zend.php.phpunit_8.0.0.v20101001-0100\resources\library\PHPUnit\Runner\StandardTestSuiteLoader.php
[2010.10.27 20:29:22 | 000,002,942 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\plugins\com.zend.php.phpunit_8.0.0.v20101001-0100\resources\library\PHPUnit\Runner\TestSuiteLoader.php
[2010.10.27 20:29:22 | 000,004,998 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\plugins\com.zend.php.phpunit_8.0.0.v20101001-0100\resources\library\PHPUnit\Util\Fileloader.php
[2011.05.15 13:09:04 | 000,006,229 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\plugins\com.zend.php.phpunit_8.0.0.v20110331-1830\resources\library\PHPUnit\Runner\StandardTestSuiteLoader.php
[2011.05.15 13:09:04 | 000,002,942 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\plugins\com.zend.php.phpunit_8.0.0.v20110331-1830\resources\library\PHPUnit\Runner\TestSuiteLoader.php
[2011.05.15 13:09:04 | 000,004,998 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\plugins\com.zend.php.phpunit_8.0.0.v20110331-1830\resources\library\PHPUnit\Util\Fileloader.php
[2009.07.07 22:34:40 | 000,002,713 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\plugins\org.mozilla.xulrunner.win32.win32.x86_1.9.1.0_v20101025-0100\xulrunner\components\uriloader.xpt
[2009.07.31 17:28:08 | 000,002,865 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Customizations\Generic\Style\Cascade\Media\Standard\Common\Seekbar\ProgramLoader.png
[2009.07.31 17:29:32 | 000,001,019 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\System\FlvLoader.swf
[2009.07.31 17:29:32 | 000,001,462 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\System\FlvLoaderResize.swf
[2009.07.31 17:29:36 | 000,010,481 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\System\KernelCtrl\ImageLoader.kc
[2009.07.31 17:29:36 | 000,003,706 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\System\KernelCtrl\URLDownloader.kc
[2009.07.31 17:29:36 | 000,003,482 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Widget\langloader.kc
[2009.07.31 17:29:36 | 000,012,741 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Widget\layoutloader.kc
[2009.08.03 22:34:48 | 000,011,710 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\HomeMedia\mm\MediaCtrl\ImageLoader.kc
[2009.08.03 22:34:56 | 000,003,489 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\HomeMedia\widget\langloader.kc
[2009.08.03 22:34:56 | 000,012,539 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\HomeMedia\widget\layoutloader.kc
[2009.10.05 19:15:18 | 000,010,777 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\PlayMovie\mm\MediaCtrl\ImageLoader.kc
[2009.10.05 19:15:22 | 000,003,494 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\PlayMovie\widget\langloader.kc
[2009.10.05 19:15:22 | 000,012,797 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\PlayMovie\widget\layoutloader.kc
[2011.06.18 08:24:14 | 000,044,032 | R--- | M] () -- \Program Files (x86)\Calibre2\DLLs\PyISAPI_loader.dll
[2010.08.23 11:48:47 | 000,000,001 | ---- | M] () -- \Program Files (x86)\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2010.05.06 10:31:10 | 000,335,872 | ---- | M] () -- \Program Files (x86)\Common Files\Nokia\Service Layer\A\nsl_loader.dll
[2010.04.19 12:34:16 | 000,131,072 | ---- | M] () -- \Program Files (x86)\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2009.05.31 02:21:00 | 000,071,008 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2009.05.31 02:21:00 | 000,073,568 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2011.04.20 18:33:38 | 006,359,960 | ---- | M] () -- \Program Files (x86)\Sony Media Go Install\PSNDownloaderSetup.exe
[2011.12.02 11:20:00 | 000,007,715 | ---- | M] () -- \ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.js
[2011.12.02 11:20:00 | 000,000,319 | ---- | M] () -- \ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.xul
[2011.12.02 11:20:00 | 000,007,715 | ---- | M] () -- \Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.js
[2011.12.02 11:20:00 | 000,000,319 | ---- | M] () -- \Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.xul
[2011.01.15 02:53:51 | 000,131,301 | ---- | M] () -- \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\gfx\campaignPreloader.gfx
[2010.12.08 21:10:53 | 002,796,368 | ---- | M] () -- \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\gfx\preloaderBG.dds
[2012.01.17 04:09:26 | 000,001,849 | ---- | M] () -- \Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\2.6.3.3_0\images\loader-gray.gif
[2012.01.17 04:09:26 | 000,001,849 | ---- | M] () -- \Users\stoupa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\2.6.3.3_0\images\loader-white.gif
[2011.03.02 12:01:59 | 000,002,931 | ---- | M] () -- \Users\stoupa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QDDVD5A\preloader[1].swf
[2012.01.24 11:41:50 | 000,000,723 | ---- | M] () -- \Users\stoupa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17EUT7BM\downloaderror[1].js
[2012.01.24 11:41:50 | 000,001,174 | ---- | M] () -- \Users\stoupa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17EUT7BM\downloader[1].js
[2012.01.04 09:21:22 | 000,003,043 | ---- | M] () -- \Users\stoupa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5H71SXNI\downloader_en_eu[1].htm
[2012.01.24 11:41:20 | 000,007,900 | ---- | M] () -- \Users\stoupa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNTFTU3M\bundleloader[1].js
[2012.01.11 16:34:20 | 000,000,009 | ---- | M] () -- \Users\stoupa\AppData\Local\Temp\ZendLoader.MemoryBase@stoupa@193488477
[15 \Users\stoupa\AppData\Local\Temp\*.tmp files -> \Users\stoupa\AppData\Local\Temp\*.tmp -> ]
[2011.08.16 15:52:36 | 000,000,064 | ---- | M] () -- \Users\stoupa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LZ923GJE\www.kamennyobchod.cz\js\preloader.swf\preloadercookie.sol
[2010.11.12 11:13:58 | 000,000,749 | ---- | M] () -- \Users\stoupa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Downloader.lnk
[2011.07.26 16:39:46 | 000,069,120 | ---- | M] () -- \Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2011.07.26 19:23:22 | 000,131,984 | ---- | M] () -- \Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.01.15 15:05:48 | 000,028,629 | ---- | M] () -- \Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\CabFile\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll.cab
[2012.01.15 15:05:10 | 000,058,835 | ---- | M] () -- \Users\stoupa\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\CabFile\External\FirmwareUpdate\BinaryLoaderMgr.exe.cab
[2009.12.24 00:57:55 | 000,069,632 | ---- | M] () -- \Users\stoupa\Cryptic\Cryptic Studios\Star Trek Online\Live\PhysXLoader.dll
[2010.12.16 14:34:58 | 000,004,071 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\com.zend.php.core\__language__\a231ab58\ZendLoader.php
[2011.05.25 15:46:13 | 000,004,071 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\com.zend.php.core\__language__\c2ca1c27\ZendLoader.php
[2011.05.25 15:47:54 | 000,011,310 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Loader.php
[2011.05.25 15:46:42 | 000,007,638 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Amf\Parse\TypeLoader.php
[2011.05.25 15:46:42 | 000,002,950 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Application\Module\Autoloader.php
[2011.05.25 15:47:04 | 000,016,892 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Loader\Autoloader.php
[2011.05.25 15:47:04 | 000,014,749 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Loader\PluginLoader.php
[2011.05.25 15:47:28 | 000,010,495 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Search\Lucene\Index\DictionaryLoader.php
[2011.05.25 15:47:45 | 000,004,653 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Tool\Framework\Loader\BasicLoader.php
[2011.05.25 15:47:45 | 000,004,670 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Tool\Framework\Loader\IncludePathLoader.php
[2011.02.05 14:09:31 | 000,005,745 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 14:04:44 | 000,005,745 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2011.02.05 18:34:23 | 000,005,745 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 14:09:57 | 000,005,745 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2011.02.05 14:09:50 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_9c05f879842e1792.manifest
[2011.02.05 14:05:03 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_9c6455949d6c2720.manifest
[2011.02.05 18:34:40 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_9deb553581556a27.manifest
[2011.02.05 14:10:12 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_9e73f1b69a73f09a.manifest
[2011.07.16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011.07.16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2012.01.19 13:19:54 | 000,000,009 | ---- | M] () -- \Windows\Temp\ZendLoader.MemoryBase@SYSTEM@3391924446
[6056 \Windows\Temp\*.tmp files -> \Windows\Temp\*.tmp -> ]
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.02 07:23:09 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_66e5ca0f95521152\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:04:54 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_66c2596d956d1920\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:39:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_673e58b0ae93bb84\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:06:43 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_67770e0aae6a7c68\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:44:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:40:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_694ff566ab99b7ac\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.12.10 02:29:58 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.12.10 02:29:58 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.12.10 02:29:58 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.12.10 02:29:58 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.12.10 02:29:58 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2011.06.27 07:18:32 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.06.27 07:18:32 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2011.06.27 07:18:32 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2011.06.27 07:18:32 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2011.06.27 07:18:33 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.12.10 02:26:03 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 03:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 14:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 14:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010.11.20 05:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 18:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 14:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.02 06:45:50 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:19:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 06:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 06:47:28 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.03.09 15:05:16 | 000,134,928 | ---- | M] () -- \WWW\Zend\ZendServer\lib\loader\php-5.3.x\ZendLoader.dll

< *RemoveWAT* /s >

< *minodlogin* /s >

< *tnod* /s >
[2009.07.31 10:27:52 | 000,000,750 | ---- | M] () -- \OEM\Preload\Autorun\APP\Arcade Deluxe v3.1\PCinema\Config\CopyRightNoDTS.ini
[2009.07.31 10:27:52 | 000,000,566 | ---- | M] () -- \OEM\Preload\Autorun\APP\Arcade Deluxe v3.1\PCinema\Config\CopyRightNoDTSNoDolby.ini
[2009.07.31 10:27:52 | 000,000,750 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Customizations\Generic\CopyRightNoDTS.ini
[2009.07.31 10:27:52 | 000,000,566 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Customizations\Generic\CopyRightNoDTSNoDolby.ini
[2009.08.03 22:34:16 | 000,000,566 | ---- | M] () -- \Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Customizations\Cyberlink\CopyRightNoDolby.ini
[2011.02.21 12:45:17 | 000,001,005 | ---- | M] () -- \ProgramData\Spybot - Search & Destroy\Recovery\patnodkaz.zip
[2011.02.21 12:45:18 | 000,000,947 | ---- | M] () -- \ProgramData\Spybot - Search & Destroy\Recovery\patnodkaz1.zip
[2011.02.21 12:45:20 | 000,000,797 | ---- | M] () -- \ProgramData\Spybot - Search & Destroy\Recovery\patnodkaz2.zip
[2011.02.21 12:45:25 | 000,000,757 | ---- | M] () -- \ProgramData\Spybot - Search & Destroy\Recovery\patnodkaz3.zip
[2011.02.21 12:45:25 | 000,000,744 | ---- | M] () -- \ProgramData\Spybot - Search & Destroy\Recovery\patnodkaz4.zip
[2011.02.21 12:45:25 | 000,000,817 | ---- | M] () -- \ProgramData\Spybot - Search & Destroy\Recovery\patnodkaz5.zip
[2011.02.21 12:45:17 | 000,001,005 | ---- | M] () -- \Users\All Users\Spybot - Search & Destroy\Recovery\patnodkaz.zip
[2011.02.21 12:45:18 | 000,000,947 | ---- | M] () -- \Users\All Users\Spybot - Search & Destroy\Recovery\patnodkaz1.zip
[2011.02.21 12:45:20 | 000,000,797 | ---- | M] () -- \Users\All Users\Spybot - Search & Destroy\Recovery\patnodkaz2.zip
[2011.02.21 12:45:25 | 000,000,757 | ---- | M] () -- \Users\All Users\Spybot - Search & Destroy\Recovery\patnodkaz3.zip
[2011.02.21 12:45:25 | 000,000,744 | ---- | M] () -- \Users\All Users\Spybot - Search & Destroy\Recovery\patnodkaz4.zip
[2011.02.21 12:45:25 | 000,000,817 | ---- | M] () -- \Users\All Users\Spybot - Search & Destroy\Recovery\patnodkaz5.zip

< *TemDono* /s >

< *AutoKMS* /s >

< *KMSEmulator* /s >

< *activator* /s >
[2011.06.23 13:01:58 | 000,002,162 | ---- | M] () -- \App\Apache Directory Studio\configuration\org.eclipse.osgi\bundles\26\1\.cp\org\apache\directory\studio\Activator.class
[2010.10.27 20:29:18 | 000,002,299 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\plugins\com.zend.php.phpdocumentor_8.0.0.v20100906-1700\com\zend\php\phpdocumentor\PHPDocumentorActivator.class
[2010.10.27 20:29:18 | 000,001,640 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\plugins\com.zend.php.zendserver.core_8.0.0.v20101025-1600\com\zend\php\zendserver\core\Activator.class
[2011.05.15 13:09:04 | 000,001,640 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\plugins\com.zend.php.zendserver.core_8.0.0.v20110405-1007\com\zend\php\zendserver\core\Activator.class

< *serial* /s >
[2011.04.05 11:39:33 | 000,039,680 | ---- | M] () -- \App\Java\jdk1.6.0_24\bin\serialver.exe
[2011.04.08 02:30:12 | 000,008,179 | ---- | M] () -- \App\NetBeans 7.0\javacard\JCDK3.0.2_ConnectedEdition\docs\apduio\apduiolib\serialized-form.html
[2009.04.09 00:30:36 | 000,055,991 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\agui10\serialized-form.html
[2009.04.09 00:29:34 | 000,267,165 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\serialized-form.html
[2009.04.09 00:27:30 | 000,013,638 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\java\io\NotSerializableException.html
[2009.04.09 00:30:48 | 000,012,374 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\java\io\Serializable.html
[2009.04.09 00:29:44 | 000,016,366 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\java\io\SerializablePermission.html
[2009.04.09 00:30:16 | 000,006,197 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\java\io\class-use\NotSerializableException.html
[2009.04.09 00:29:12 | 000,100,040 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\java\io\class-use\Serializable.html
[2009.04.09 00:28:22 | 000,008,596 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\cdc-1.1\java\io\class-use\SerializablePermission.html
[2009.04.09 00:31:40 | 000,301,579 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\serialized-form.html
[2009.04.09 00:27:12 | 000,013,712 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\io\NotSerializableException.html
[2009.04.09 00:31:12 | 000,013,172 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\io\Serializable.html
[2009.04.09 00:29:42 | 000,016,466 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\io\SerializablePermission.html
[2009.04.09 00:28:04 | 000,006,271 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\io\class-use\NotSerializableException.html
[2009.04.09 00:29:48 | 000,122,371 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\io\class-use\Serializable.html
[2009.04.09 00:28:22 | 000,008,670 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\fp-1.1\java\io\class-use\SerializablePermission.html
[2009.04.09 00:28:46 | 000,026,002 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\jaas10\serialized-form.html
[2009.04.09 00:28:20 | 000,010,813 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\jce10\serialized-form.html
[2009.04.09 00:30:16 | 000,006,910 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\jsr135\serialized-form.html
[2009.04.09 00:29:40 | 000,022,806 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\jsr172\serialized-form.html
[2009.04.09 00:31:02 | 000,097,949 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\jsr177\serialized-form.html
[2009.04.09 00:27:06 | 000,006,234 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\jsr211\serialized-form.html
[2009.04.09 00:28:30 | 000,006,337 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\jsr239\serialized-form.html
[2009.04.09 00:29:30 | 000,012,641 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\jsse10\serialized-form.html
[2009.04.09 00:28:54 | 000,423,163 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\serialized-form.html
[2009.04.09 00:30:06 | 000,013,101 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\io\NotSerializableException.html
[2009.04.09 00:29:28 | 000,012,548 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\io\Serializable.html
[2009.04.09 00:28:50 | 000,015,796 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\io\SerializablePermission.html
[2009.04.09 00:26:58 | 000,005,788 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\io\class-use\NotSerializableException.html
[2009.04.09 00:28:12 | 000,155,576 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\io\class-use\Serializable.html
[2009.04.09 00:27:56 | 000,008,141 | ---- | M] () -- \App\NetBeans 7.0\mobility\Java_ME_platform_SDK_3.0\docs\api\pbp11\java\io\class-use\SerializablePermission.html
[2010.07.12 07:27:26 | 000,000,903 | ---- | M] () -- \App\PostgreSQL\EnterpriseDB-ApachePhp\apache\www\mediaWiki\serialized\serialize-localisation.php
[2010.07.12 07:27:26 | 000,001,710 | ---- | M] () -- \App\PostgreSQL\EnterpriseDB-ApachePhp\apache\www\mediaWiki\serialized\serialize.php
[2010.10.27 21:14:26 | 000,293,198 | ---- | M] () -- \App\Zend\Zend Studio - 8.0.0\plugins\org.apache.xml.serializer_2.7.1.v201005080400.jar
[2010.09.16 23:07:12 | 000,413,696 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.0.50917.0\System.Runtime.Serialization.dll
[2010.09.30 06:15:18 | 001,186,816 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.0.50917.0\System.Runtime.Serialization.ni.dll
[2010.11.05 02:52:27 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 02:53:39 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2008.07.11 14:59:31 | 000,099,640 | ---- | M] () -- \Program Files (x86)\Stardock\Impulse\Sd.Central.Archive.XmlSerializers.dll
[2008.07.11 14:59:33 | 000,255,288 | ---- | M] () -- \Program Files (x86)\Stardock\Impulse\sd.central.cmp.server.XmlSerializers.dll
[2008.07.11 14:59:36 | 000,173,368 | ---- | M] () -- \Program Files (x86)\Stardock\Impulse\Sd.Common.XmlSerializers.dll
[2008.07.11 14:59:38 | 000,083,256 | ---- | M] () -- \Program Files (x86)\Stardock\Impulse\Sd.InstallManager.XmlSerializers.dll
[2008.07.11 14:59:44 | 000,050,488 | ---- | M] () -- \Program Files (x86)\Stardock\Impulse\Sd.Uninstall.XmlSerializers.dll
[2010.05.11 16:10:48 | 000,021,291 | ---- | M] () -- \Program Files (x86)\VMware\VMware Player\help\t_add_serial_port.html
[2010.05.11 16:10:48 | 000,019,047 | ---- | M] () -- \Program Files (x86)\VMware\VMware Player\help\t_configure_serial_port_settings.html
[2010.05.13 11:32:00 | 000,022,986 | ---- | M] () -- \Program Files (x86)\VMware\VMware Player\messages\ja\help\t_add_serial_port.html
[2010.05.13 11:32:00 | 000,020,139 | ---- | M] () -- \Program Files (x86)\VMware\VMware Player\messages\ja\help\t_configure_serial_port_settings.html
[2010.11.05 02:52:08 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 02:54:42 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2012.01.24 11:41:44 | 000,001,193 | ---- | M] () -- \Users\stoupa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEDIPLCQ\serialize[1].js
[2012.01.03 23:27:30 | 000,004,812 | ---- | M] () -- \Users\stoupa\AppData\Roaming\Thunderbird\Profiles\24frza14.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\calendar-js\calIcsSerializer.js
[2011.05.25 15:47:54 | 000,005,879 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Serializer.php
[2011.05.25 15:46:42 | 000,002,118 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Amf\Parse\Deserializer.php
[2011.05.25 15:46:42 | 000,001,752 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Amf\Parse\Serializer.php
[2011.05.25 15:46:42 | 000,009,398 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Amf\Parse\Amf0\Deserializer.php
[2011.05.25 15:46:42 | 000,013,709 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Amf\Parse\Amf0\Serializer.php
[2011.05.25 15:46:42 | 000,015,623 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Amf\Parse\Amf3\Deserializer.php
[2011.05.25 15:46:42 | 000,018,287 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Amf\Parse\Amf3\Serializer.php
[2011.05.25 15:47:22 | 000,003,916 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Paginator\SerializableLimitIterator.php
[2011.05.25 15:47:34 | 000,002,912 | ---- | M] () -- \Users\stoupa\Zend\workspaces\DefaultWorkspace7\.metadata\.plugins\org.zend.php.framework.resource\resources\ZendFramework-1\library\Zend\Serializer\Adapter\PhpSerialize.php
[2009.12.10 02:29:22 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.12.10 02:29:36 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2010.11.05 02:52:27 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2011.11.02 12:23:51 | 000,271,872 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\Sd.Central.Archive.#\6582b05f18aa4ebeef4a95f498c0a60d\Sd.Central.Archive.XmlSerializers.ni.dll
[2011.11.02 12:23:53 | 000,463,872 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\Sd.Common.XmlSerial#\acdca461d8cb5ada8d314fafc4e4ebfc\Sd.Common.XmlSerializers.ni.dll
[2011.11.02 10:39:37 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\680689b01ddb7fbe11478caf8cb71d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011.11.02 12:24:35 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
[2011.11.02 12:30:26 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\1377c29b871c7eb768769b5f4bdbb15d\System.Runtime.Serialization.ni.dll
[2011.11.02 10:35:17 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b3b42692707c0f555807def0c4acefe3\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.05 02:53:33 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.05 02:52:39 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2009.06.10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.05 02:54:38 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010.11.05 02:52:16 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2011.02.05 14:10:43 | 000,002,766 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2011.02.05 14:05:47 | 000,002,766 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1.manifest
[2011.02.05 18:35:45 | 000,002,766 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 14:11:05 | 000,002,766 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.12.10 02:29:07 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2009.12.10 02:29:07 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2009.12.10 02:29:19 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_1c215c9ac50719c5\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010.11.05 02:54:38 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2009.12.10 02:29:23 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009.07.14 02:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2009.12.10 02:29:36 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_b96904386c2fe002\System.RunTime.Serialization.Resources.dll
[2010.11.05 02:54:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2009.12.10 02:29:25 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009.07.14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2009.06.10 21:30:46 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c\System.Runtime.Serialization.dll
[2010.11.05 02:52:16 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2009.06.10 21:30:43 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05\System.Runtime.Serialization.dll
[2010.11.05 02:52:08 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2011.06.27 07:16:54 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.06.27 07:16:54 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2009.12.10 02:30:00 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009.07.14 03:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2009.12.10 02:29:55 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 03:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 03:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 14:10:43 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2011.02.05 14:05:47 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1.manifest
[2011.02.05 18:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 14:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 03:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2009.07.14 03:26:23 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c.manifest
[2010.11.20 05:21:24 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2009.07.14 03:27:09 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05.manifest
[2010.11.20 05:22:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2009.07.14 02:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010.11.20 04:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2009.12.10 02:27:44 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009.07.14 02:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010.11.20 04:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2009.07.14 02:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010.11.20 04:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.12.10 02:29:22 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010.11.05 02:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2009.12.10 02:29:36 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2010.11.05 02:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2009.12.10 02:29:23 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_267606ecf967dbc0\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.05 02:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.12.10 02:29:07 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.12.10 02:29:36 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2010.11.05 02:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010.11.05 02:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll

< *w7lxe* /s >

< *AutoRearm* /s >

< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s >
"EgisTecLiveUpdate" = "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" -- [2009.08.04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.)
"BackupManagerTray" = "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k -- [2009.09.22 21:04:20 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.)
"LManager" = C:\Program Files (x86)\Launch Manager\LManager.exe -- [2009.08.18 08:38:32 | 000,825,864 | ---- | M] (Dritek System Inc.)
"VitaKeyPdtWzd" = "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe" -- [2009.08.28 07:45:36 | 003,567,616 | ---- | M] (Egis Technology Inc.)
"ArcadeDeluxeAgent" = "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" -- [2009.10.06 14:18:26 | 000,419,112 | ---- | M] (CyberLink Corp.)
"PlayMovie" = "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" -- [2009.10.05 19:15:10 | 000,181,480 | ---- | M] (Acer Corp.)
"VMware hqtray" = "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" -- [2011.09.23 20:19:58 | 000,064,112 | ---- | M] (VMware, Inc.)

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"T-Mobile Communication Centre" = "C:\App\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun -- [2011.06.30 12:35:20 | 001,363,984 | ---- | M] (Gemfor s.r.o.)

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s >
"EgisTecLiveUpdate" = "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" -- [2009.08.04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.)
"BackupManagerTray" = "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k -- [2009.09.22 21:04:20 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.)
"LManager" = C:\Program Files (x86)\Launch Manager\LManager.exe -- [2009.08.18 08:38:32 | 000,825,864 | ---- | M] (Dritek System Inc.)
"VitaKeyPdtWzd" = "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe" -- [2009.08.28 07:45:36 | 003,567,616 | ---- | M] (Egis Technology Inc.)
"ArcadeDeluxeAgent" = "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" -- [2009.10.06 14:18:26 | 000,419,112 | ---- | M] (CyberLink Corp.)
"PlayMovie" = "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" -- [2009.10.05 19:15:10 | 000,181,480 | ---- | M] (Acer Corp.)
"VMware hqtray" = "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" -- [2011.09.23 20:19:58 | 000,064,112 | ---- | M] (VMware, Inc.)

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.01.28 07:44:25 | 000,000,512 | ---- | M] () MD5=ECCD9B6864B71336CECCDDA9CDFA6601 -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\pssg\props\plains_manaDeviceCracked.PSSG.gz:crc
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\particles\cha_fidget_colossus_crack.tga:crc
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\particles\eff_animals_crackedearth.tga:crc
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\gfx\preloaderBG.dds:crc
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\gfx\campaignPreloader.gfx:crc
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29

< End of report >

stoupa101 · #12 Příspěvek od **stoupa101** » 28 led 2012 09:02

OTL Extras logfile created on: 28.1.2012 7:41:06 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\tmp
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 0,31 Gb Available Physical Memory | 15,74% Memory free
4,18 Gb Paging File | 1,72 Gb Available in Paging File | 41,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 331,69 Gb Free Space | 73,68% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 162,79 Gb Free Space | 34,95% Space Free | Partition Type: NTFS

Computer Name: LEGUAN | User Name: stoupa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\App\PSPad\PSPad.exe (Prog-Soft s.r.o.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.txt [@ = txtfile] -- C:\App\PSPad\PSPad.exe (Prog-Soft s.r.o.)

[HKEY_USERS\S-1-5-21-2698489316-4078319972-4006630733-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "C:\App\PSPad\PSPad.exe" "%1" (Prog-Soft s.r.o.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\App\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [RapidShareManagerMail] -- C:\App\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\App\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Directory [Winamp.Bookmark] -- "C:\App\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\App\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\App\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "C:\App\PSPad\PSPad.exe" "%1" (Prog-Soft s.r.o.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\App\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [RapidShareManagerMail] -- C:\App\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\App\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Directory [Winamp.Bookmark] -- "C:\App\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\App\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\App\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 (64-bit)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Software Bluetooth WIDCOMM
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5A55A7F-73D6-4D36-85F8-9850635D6895}" = MySQL Server 5.5
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C938DFA9-B943-40A8-9680-02FC4D2E8551}" = ESET Smart Security
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E5267593-3DC9-4854-94E6-4DF672C93751}" = TortoiseHg 2.0.4 (x64)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"nbi-glassfish-mod-3.1.43.0.0" = GlassFish Server Open Source Edition 3.1
"nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0483BE07-260D-4E4D-815E-F737C0A72E40}" = Adobe Flash Player 10 ActiveX
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DF82C0A-38A7-4213-B3D7-9E7179F80065}" = calibre
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F082EA8-0F22-40CA-9FA8-8F85458026AF}" = Windows Live Fotogalerie
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{20D0CDB1-5F03-4A5D-86EB-7C218053B157}" = Windows Live Messenger
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3EA1D980-ABF5-4D33-A0D4-55E33644E1A7}" = CC3 Update 9
"{402F8EF6-D4F8-4E0C-B572-99D318A06FC7}" = Language Lab Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BCD581A-404A-483A-869D-109853007C32}" = HD Writer 2.0E for SX/SD
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{54FEAF1A-8F2A-44C1-95CA-5C1C21F4F934}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AEE236C-0100-464B-BD2E-883AA70A5D73}" = IBM Data Server Runtime Client - DB2COPY1
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E5EEE1B-3907-44C3-83BA-AD4B8CE40F76}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D62ABA3-35EC-623E-2C5F-1B3332CB705B}" = Media Go Video Playback Engine 1.64.106.02280
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{824BADF8-9A1B-4D07-8817-8DDDC8543F23}" = OpenOffice.org 3.1
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89C096A7-9A21-4402-9CD5-A09DA89551F0}" = PHP 5.2.11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A866CFA-66B9-46D1-93DA-DDCA802C635B}" = CC3
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{93028F9A-1EC0-467A-981B-DE93D96897C6}" = Windows Live Essentials
"{94B889E5-44A1-4DD5-BA54-51AC13AF704C}" = Zend Server
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{99D7DE4C-2775-4B16-B155-7F09AE939E8E}" = Microsoft Works
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A73D4BEE-2BBE-4285-BF6C-4B8C7C002100}" = Zend Studio 8.0.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Czech
"{ACC9984D-E78B-4fcd-BE44-4E3F186DDA33}" = ZTE Drivers
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BE4F388F-E7B6-43E8-8856-6B74AC375A87}" = Media Go
"{C54C7C1F-4015-4217-8F16-8CF993C59793}" = MySQL Server 5.1
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD44D196-C200-4960-AE80-E9FACD2D9019}" = Kindle Collection Manager
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E2B8BC2B-DA7A-423C-9E3E-DC68835099E6}" = Axesstel Manager
"{E570CB6B-1CBC-4ADD-969F-7B3338A6BDB6}" = Windows Live Sync
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FCC662D1-01A8-4034-B67D-2AD91F723154}" = Acer Arcade Instant On
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Apache Directory Studio" = Apache Directory Studio - (remove only)
"AviSynth" = AviSynth 2.5
"Bloodline of the Fallen - Anna's Sacrifice1.0.1.0" = Bloodline of the Fallen - Anna's Sacrifice
"CC3" = CC3
"CC3 Update 9" = CC3 Update 9
"CCleaner" = CCleaner
"Clonk Endeavour" = Clonk Endeavour 4.95.5
"Columbus Ghost of the Mystery Stone1.0" = Columbus Ghost of the Mystery Stone
"Combined Community Codec Pack BETA_is1" = Combined Community Codec Pack BETA 2009-09-19
"Comical_is1" = Comical 0.8
"DjVuLibre+DjView" = DjVuLibre+DjView
"Drupal 6.16-1" = drupal 6.16
"Edraw UML Diagram_is1" = Edraw UML Diagram 5.1
"FastCAD" = FastCAD
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileZilla Client" = FileZilla Client 3.4.0
"Free Ape Player_is1" = Free Ape Player 1.5.1
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"GridVista" = Acer GridVista
"GSAK_is1" = GSAK 7.6.2.45 (Final)
"ID3-TagIT 3_is1" = ID3-TagIT 3
"Identity Card" = Identity Card
"Impulse" = Impulse
"InstallationWizard2" = Vivotek Installation Wizard 2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{94B889E5-44A1-4DD5-BA54-51AC13AF704C}" = Zend Server
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"InstallShield_{E2B8BC2B-DA7A-423C-9E3E-DC68835099E6}" = Axesstel Manager
"Intelli-studio" = SAMSUNG Intelli-studio
"IrfanView" = IrfanView (remove only)
"Jukebox Jockey Media Player Pro 1_is1" = Jukebox Jockey Media Player Pro 1 1.2.2011.4.21
"JXplorer 3.2.1" = JXplorer
"LManager" = Launch Manager
"Loki Browser Plugin" = Loki Browser Plugin
"Maemo Flasher 3.5_is1" = Maemo Flasher 3.5
"mediaWiki 1.15.3-1" = mediaWiki 1.15.3
"Mozilla Firefox 9.0.1 (x86 cs)" = Mozilla Firefox 9.0.1 (x86 cs)
"Mozilla Thunderbird 9.0.1 (x86 cs)" = Mozilla Thunderbird 9.0.1 (x86 cs)
"Mp3tag" = Mp3tag v2.45a
"NSIS_oald8" = Oxford Advanced Learner's Dictionary - 8th Edition
"OnLive" = OnLive
"Opera 11.61.1250" = Opera 11.61
"Perpetuum" = Perpetuum
"Pidgin" = Pidgin
"PSPad editor_is1" = PSPad editor
"PSPVC" = PSPVC :: PSP Video Converter v3.75
"psqlODBC 08.04.0200-1" = psqlODBC 08.04.0200
"QUICKfind" = QUICKfind server v1.1
"RapidShare Manager" = RapidShare Manager
"RealPlayer 15.0" = RealPlayer
"SMPlayer" = SMPlayer 0.6.9
"ST7501" = VIVOTEK ST7501
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"The Mystery of Scoggins" = Puzzle Agent - The Mystery of Scoggins
"T-Mobile Communication Centre" = Web'n'walk Manager
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VMware_Player" = VMware Player
"Winamp" = Winamp
"WinArchiver" = WinArchiver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 4.3.4
"Wireshark" = Wireshark 1.4.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2698489316-4078319972-4006630733-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"ireasoning" = iReasoning MIB Browser (remove only)
"SOE-Magic The Gathering Tactics" = Magic The Gathering Tactics

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.1.2012 9:21:55 | Computer Name = leguan | Source = Application Error | ID = 1000
Description = Název chybující aplikace: mpc-hc.exe, verze: 1.3.1281.0, časové razítko:
0x4ab421f0 Název chybujícího modulu: mpc-hc.exe, verze: 1.3.1281.0, časové razítko:
0x4ab421f0 Kód výjimky: 0xc0000005 Posun chyby: 0x0001f273 ID chybujícího procesu:
0x1e44 Čas spuštění chybující aplikace: 0x01ccd10537066f96 Cesta k chybující aplikaci:
C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe ID zprávy:
64f5c9aa-3d20-11e1-82e4-961948358920

Error - 12.1.2012 12:10:51 | Computer Name = leguan | Source = Application Hang | ID = 1002
Description = Program mpc-hc.exe verze 1.3.1281.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
39b8 Čas spuštění: 01ccd140ff923d5c Čas ukončení: 79 Cesta k aplikaci: C:\Program
Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe ID hlášení: fb3c58af-3d37-11e1-82e4-961948358920

Error - 12.1.2012 13:40:11 | Computer Name = leguan | Source = System Restore | ID = 8193
Description =

Error - 12.1.2012 13:40:11 | Computer Name = leguan | Source = System Restore | ID = 8211
Description =

Error - 13.1.2012 9:07:29 | Computer Name = leguan | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.171.1
for ServerName .

Error - 15.1.2012 10:14:41 | Computer Name = LEGUAN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 10.0.0.4
for ServerName .

Error - 15.1.2012 13:35:35 | Computer Name = leguan | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 10.0.0.4
for ServerName .

Error - 15.1.2012 22:46:04 | Computer Name = leguan | Source = SideBySide | ID = 16842811
Description = Generování kontextu aktivace pro c:\program files (x86)\Samsung\Kies\External\firmwareupdate\AgentInstaller.exe
se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files (x86)\Samsung\Kies\External\firmwareupdate\AgentInstaller.exe.Config
na řádku 0. Neplatná syntaxe XML.

Error - 15.1.2012 22:46:04 | Computer Name = leguan | Source = SideBySide | ID = 16842811
Description = Generování kontextu aktivace pro c:\program files (x86)\Samsung\Kies\External\firmwareupdate\AgentUpdate.exe
se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files (x86)\Samsung\Kies\External\firmwareupdate\AgentUpdate.exe.Config
na řádku 0. Neplatná syntaxe XML.

Error - 16.1.2012 13:01:22 | Computer Name = leguan | Source = RasClient | ID = 20227
Description =

[ Media Center Events ]
Error - 2.2.2010 16:48:28 | Computer Name = leguan | Source = ehRecvr | ID = 3
Description = Televizní karta zjistila chybu. (0xc0040524) LITEON BDA Digital Tuner
(Dev1 Path0)

Error - 2.2.2010 16:48:28 | Computer Name = leguan | Source = ehRecvr | ID = 3
Description = Televizní karta zjistila chybu. (0x80070001) LITEON BDA Digital Tuner
(Dev1 Path0)

Error - 2.3.2010 18:38:33 | Computer Name = leguan | Source = MCUpdate | ID = 0
Description = 23:38:32 - Chyba při připojování k Internetu 23:38:32 - Nelze kontaktovat
server..

Error - 2.3.2010 18:38:48 | Computer Name = leguan | Source = MCUpdate | ID = 0
Description = 23:38:38 - Chyba při připojování k Internetu 23:38:38 - Nelze kontaktovat
server..

Error - 26.3.2010 16:29:16 | Computer Name = leguan | Source = MCUpdate | ID = 0
Description = 21:29:16 - Chyba při připojování k Internetu 21:29:16 - Nelze kontaktovat
server..

Error - 26.3.2010 16:29:37 | Computer Name = leguan | Source = MCUpdate | ID = 0
Description = 21:29:21 - Chyba při připojování k Internetu 21:29:21 - Nelze kontaktovat
server..

Error - 20.4.2010 5:22:56 | Computer Name = leguan | Source = ehRecvr | ID = 3
Description = Televizní karta zjistila chybu. (0xc0040524) LITEON BDA Digital Tuner
(Dev1 Path0)

Error - 10.11.2010 4:38:23 | Computer Name = leguan | Source = MCUpdate | ID = 0
Description = 9:37:45 - Chyba při připojování k Internetu 9:37:47 - Nelze kontaktovat
server..

Error - 11.11.2010 5:38:51 | Computer Name = leguan | Source = MCUpdate | ID = 0
Description = 10:38:50 - Chyba při připojování k Internetu 10:38:51 - Nelze kontaktovat
server..

Error - 11.11.2010 5:39:07 | Computer Name = leguan | Source = MCUpdate | ID = 0
Description = 10:38:56 - Chyba při připojování k Internetu 10:38:56 - Nelze kontaktovat
server..

[ System Events ]
Error - 25.1.2012 16:49:47 | Computer Name = leguan | Source = Application Popup | ID = 1060
Description = Načtení \SystemRoot\SysWow64\drivers\pfc.sys bylo zablokováno kvůli
nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi
ovladače.

Error - 25.1.2012 16:50:10 | Computer Name = leguan | Source = Service Control Manager | ID = 7000
Description = Služba Apache2.2 neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 25.1.2012 16:50:10 | Computer Name = leguan | Source = Service Control Manager | ID = 7024
Description = Služba Apache2.2-Zend ukončena s chybou %%1, specifickou pro službu.

Error - 25.1.2012 16:50:11 | Computer Name = leguan | Source = Service Control Manager | ID = 7000
Description = Služba MySQL neuspěla při spuštění v důsledku následující chyby: %%2

Error - 25.1.2012 16:50:12 | Computer Name = leguan | Source = Service Control Manager | ID = 7000
Description = Služba postgresql-8.4 - PostgreSQL Server 8.4 neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 25.1.2012 16:50:12 | Computer Name = leguan | Source = Service Control Manager | ID = 7001
Description = Služba ST7501 Uranus Watch Dog závisí na službě postgresql-8.4 - PostgreSQL
Server 8.4, která neuspěla při spuštění v důsledku následující chyby: %%2

Error - 25.1.2012 16:50:27 | Computer Name = leguan | Source = Service Control Manager | ID = 7034
Description = Služba MySQL_ZendServer51 byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 26.1.2012 1:04:58 | Computer Name = leguan | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 26.1.2012 2:13:31 | Computer Name = leguan | Source = iaStor | ID = 262153
Description = Zařízení \Device\Ide\iaStor0 neodpovídá v periodě časového limitu.

Error - 27.1.2012 7:09:27 | Computer Name = leguan | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).

< End of report >

#13 Příspěvek od **Mc_Murphy** » 28 led 2012 11:51

Edituj oba příspěvky a odstraň je z Code - špatně se to luští a bolí z toho oči. Code je určen pouze nám rádcům pro tvorbu opravných scriptů, které není potřeba číst ani luštit.

stoupa101 · #14 Příspěvek od **stoupa101** » 28 led 2012 13:00

Opraveno

#15 Příspěvek od **Mc_Murphy** » 28 led 2012 13:31

Proč máš MBAM v běžících procesech?

Psal jsem Ti, ať jej odinstaluješ. Nepíšu ty návody pro srandu králíkům.

Vyčisti si Plochu. Její adresář by měl mít maximálně tak 300 MB, jinak se bude systém dost brzdit.

Znovu spusť OTL.

Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
Do spodního okénka Vlastní skenování/opravy vlož tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

:Commands
[emptytemp]
[emptyflash]
[resethosts]
[purity]
[clearallrestorepoints]

:Services
AdobeARMservice
gupdate
gupdatem
McComponentHostService

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4842y265
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2698489316-4078319972-4006630733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3c9761ad-a43d-4447-b924-f5d83cb48063}: C:\App\Zend\Zend Studio - 8.0.0\toolbars\firefox [2010.12.16 14:07:43 | 000,000,000 | ---D | M]
[2012.01.23 12:38:53 | 000,000,950 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\searchplugins\icqplugin-1.xml
[2010.12.09 11:35:33 | 000,000,950 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\searchplugins\icqplugin-2.xml
[2010.12.28 12:17:41 | 000,000,950 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\searchplugins\icqplugin-3.xml
[2010.08.20 12:39:18 | 000,001,056 | ---- | M] () -- C:\Users\stoupa\AppData\Roaming\Mozilla\Firefox\Profiles\xk82r5ph.default\searchplugins\icqplugin.xml
() (No name found) -- C:\USERS\STOUPA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XK82R5PH.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O37 - HKU\S-1-5-21-2698489316-4078319972-4006630733-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2698489316-4078319972-4006630733-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[10 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[7 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\c40714d5b04af66acd1cc52cc6d573d2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c40714d5b04af66acd1cc52cc6d573d2\*.tmp -> ]
[6056 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\pssg\props\plains_manaDeviceCracked.PSSG.gz:crc
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\particles\cha_fidget_colossus_crack.tga:crc
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\particles\eff_animals_crackedearth.tga:crc
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\gfx\preloaderBG.dds:crc
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\Magic The Gathering Tactics\export_win32\resources\gfx\campaignPreloader.gfx:crc
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29

:Files
C:\ProgramData\Spybot - Search & Destroy
C:\Users\All Users\Spybot - Search & Destroy
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2698489316-4078319972-4006630733-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2698489316-4078319972-4006630733-1000UA.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

Klikni na tlačítko [Opravit].
Po dokončení skenu se objeví log, ten mi sem vlož.
Pokud se log nevejde do jednoho příspěvku, rozděl jej na více částí.

VIRY.CZ

Prosim o preventivku NB

Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB

Re: Prosim o preventivku NB