FB virus :(

Zpráva

mike22 · #1 Příspěvek od **mike22** » 22 kvě 2012 09:25

Zdravim tak jsem narazil na fb virus tez.. Po pokusu o odstraneni obnovenim systemu me navic ani nejde prohlizec, musim vsecko nekolikrat aktualizovat aby se stranka nacetla.. Dekuji za pomoc
LOG:

Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2012-05-22 10:13:50
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 44 GB (52%) free of 84 GB
Total RAM: 3055 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:13:58, on 22.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\GIGABYTE\GHOST\Tilt.exe
C:\Windows\WindowsMobile\wmdc.exe
F:\programs\avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
F:\steam\Steam.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
H:\download\RSIT.exe
C:\Program Files\trend micro\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\programs\avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\programs\avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Tilt] C:\Program Files\GIGABYTE\GHOST\Tilt.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [avast] "F:\programs\avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "F:\steam\Steam.exe" -silent
O4 - HKCU\..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - F:\programs\avast\AvastSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5526 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2048173488-3706811368-1503832271-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2048173488-3706811368-1503832271-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-22 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - F:\programs\avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-22 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - F:\programs\avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Tilt"=C:\Program Files\GIGABYTE\GHOST\Tilt.exe [2009-06-26 724992]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-09-07 1634112]
"avast"=F:\programs\avast\avastUI.exe [2011-11-28 3744552]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-02-29 17148552]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-01-19 3477312]
"Steam"=F:\steam\Steam.exe [2012-02-12 1242448]
"KGShareApp"=C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [2012-02-03 394752]

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-03-16 203776]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 2 months======

2012-05-22 10:13:50 ----D---- C:\rsit
2012-05-22 10:13:50 ----D---- C:\Program Files\trend micro
2012-05-22 10:02:58 ----SHD---- C:\$RECYCLE.BIN
2012-05-22 10:02:57 ----D---- C:\Windows\temp
2012-05-22 10:02:56 ----A---- C:\ComboFix.txt
2012-05-22 09:55:14 ----A---- C:\Windows\zip.exe
2012-05-22 09:55:14 ----A---- C:\Windows\SWSC.exe
2012-05-22 09:55:14 ----A---- C:\Windows\SWREG.exe
2012-05-22 09:55:14 ----A---- C:\Windows\sed.exe
2012-05-22 09:55:14 ----A---- C:\Windows\PEV.exe
2012-05-22 09:55:14 ----A---- C:\Windows\NIRCMD.exe
2012-05-22 09:55:14 ----A---- C:\Windows\MBR.exe
2012-05-22 09:55:14 ----A---- C:\Windows\grep.exe
2012-05-22 09:55:10 ----D---- C:\ComboFix
2012-05-22 09:53:41 ----D---- C:\Windows\ERDNT
2012-05-22 09:52:57 ----D---- C:\Qoobox
2012-05-22 09:50:44 ----A---- C:\Windows\system32\MRT.exe
2012-05-10 23:02:08 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-10 23:02:03 ----A---- C:\Windows\system32\win32k.sys
2012-05-10 23:02:03 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-10 23:02:03 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-05-10 23:01:58 ----A---- C:\Windows\system32\DWrite.dll
2012-05-10 23:01:58 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-04-30 22:51:38 ----D---- C:\Users\user\AppData\Roaming\Kodak
2012-04-30 22:51:29 ----D---- C:\Program Files\DIFX
2012-04-30 22:51:21 ----D---- C:\Program Files\Common Files\Kodak
2012-04-30 22:51:20 ----D---- C:\Program Files\Kodak
2012-04-30 22:50:44 ----D---- C:\ProgramData\{FD7CAB3E-E895-4E98-9D68-A307CC601204}
2012-04-28 21:03:13 ----D---- C:\Users\user\AppData\Roaming\UFOAI
2012-04-22 13:34:43 ----D---- C:\Program Files\Android
2012-04-22 13:30:30 ----D---- C:\Program Files\Common Files\Java
2012-04-22 13:30:15 ----A---- C:\Windows\system32\javaws.exe
2012-04-22 13:30:15 ----A---- C:\Windows\system32\javaw.exe
2012-04-22 13:30:15 ----A---- C:\Windows\system32\java.exe
2012-04-22 13:30:06 ----D---- C:\Program Files\Java
2012-04-11 17:29:11 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-11 17:29:10 ----A---- C:\Windows\system32\jscript9.dll
2012-04-11 17:29:10 ----A---- C:\Windows\system32\jscript.dll
2012-04-11 17:29:10 ----A---- C:\Windows\system32\iertutil.dll
2012-04-11 17:29:09 ----A---- C:\Windows\system32\wininet.dll
2012-04-11 17:29:09 ----A---- C:\Windows\system32\url.dll
2012-04-11 17:29:09 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-11 17:29:09 ----A---- C:\Windows\system32\ieui.dll
2012-04-11 17:29:08 ----A---- C:\Windows\system32\urlmon.dll
2012-04-11 17:29:07 ----A---- C:\Windows\system32\ieframe.dll
2012-04-11 17:29:06 ----A---- C:\Windows\system32\mshtml.dll
2012-04-11 17:27:29 ----A---- C:\Windows\system32\wmi.dll
2012-04-11 17:27:29 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-11 17:27:28 ----A---- C:\Windows\system32\wintrust.dll
2012-04-11 17:27:28 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-09 21:17:23 ----D---- C:\Program Files\WinRAR
2012-04-04 21:52:00 ----D---- C:\Windows\SWAT 4
2012-03-23 19:54:14 ----D---- C:\Users\user\AppData\Roaming\NVIDIA 3D Vision Video Player

======List of files/folders modified in the last 2 months======

2012-05-22 10:13:50 ----RD---- C:\Program Files
2012-05-22 10:13:11 ----D---- C:\Users\user\AppData\Roaming\Skype
2012-05-22 10:08:41 ----D---- C:\Windows\system32\config
2012-05-22 10:05:06 ----D---- C:\ProgramData\NVIDIA
2012-05-22 10:02:57 ----D---- C:\Windows
2012-05-22 10:01:58 ----A---- C:\Windows\system.ini
2012-05-22 10:01:53 ----D---- C:\Windows\system32\drivers\etc
2012-05-22 09:59:16 ----D---- C:\Windows\system32\drivers
2012-05-22 09:59:16 ----D---- C:\Windows\System32
2012-05-22 09:59:16 ----D---- C:\Windows\AppPatch
2012-05-22 09:59:15 ----D---- C:\Program Files\Common Files
2012-05-22 09:52:49 ----D---- C:\Windows\Prefetch
2012-05-22 09:50:45 ----D---- C:\Windows\debug
2012-05-22 09:50:41 ----SHD---- C:\System Volume Information
2012-05-22 09:46:52 ----D---- C:\Program Files\Common Files\Steam
2012-05-22 09:39:34 ----D---- C:\Windows\Tasks
2012-05-22 09:39:34 ----D---- C:\Windows\system32\wfp
2012-05-22 09:39:32 ----D---- C:\Windows\system32\wbem
2012-05-22 09:38:49 ----D---- C:\Windows\system32\DriverStore
2012-05-22 09:38:49 ----D---- C:\Windows\system32\drivers\UMDF
2012-05-22 09:38:49 ----D---- C:\Windows\system32\catroot2
2012-05-22 09:38:48 ----D---- C:\Windows\inf
2012-05-22 09:38:48 ----D---- C:\Windows\AppCompat
2012-05-22 09:38:45 ----D---- C:\Windows\registration
2012-05-13 11:55:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-11 13:12:05 ----RSD---- C:\Windows\assembly
2012-05-11 13:12:05 ----D---- C:\Windows\Microsoft.NET
2012-05-11 12:49:26 ----D---- C:\Windows\winsxs
2012-05-11 12:47:51 ----D---- C:\Program Files\Windows Journal
2012-05-10 23:11:58 ----SHD---- C:\Windows\Installer
2012-05-10 23:08:43 ----D---- C:\Windows\system32\catroot
2012-05-10 23:08:21 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-04 13:51:14 ----D---- C:\Windows\system32\wdi
2012-04-30 22:51:34 ----D---- C:\Windows\system32\Tasks
2012-04-30 22:50:44 ----D---- C:\ProgramData
2012-04-22 13:30:08 ----A---- C:\Windows\system32\deployJava1.dll
2012-04-14 19:52:53 ----A---- C:\Windows\system32\PnkBstrB.exe
2012-04-14 15:55:48 ----SD---- C:\Users\user\AppData\Roaming\Microsoft
2012-04-14 15:55:48 ----SD---- C:\ProgramData\Microsoft
2012-04-11 19:12:42 ----D---- C:\Windows\system32\migration
2012-04-11 19:12:42 ----D---- C:\Program Files\Internet Explorer
2012-04-09 21:17:52 ----D---- C:\Users\user\AppData\Roaming\WinRAR

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2010-09-08 230248]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-08 242240]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-04-29 26112]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; F:\programs\avast\AvastSvc.exe [2011-11-28 44768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-12-11 618304]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-02-25 75136]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-10 381248]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-05-19 529232]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-01-31 158856]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-08 1343400]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Danstahr · #2 Příspěvek od **Danstahr** » 22 kvě 2012 09:52

A pročpak spouštíte ComboFix na vlastní pěst? Chcete si zbořit systém

Vložte sem obsah souboru C:\ComboFix.txt.

mike22 · #3 Příspěvek od **mike22** » 22 kvě 2012 10:16

ComboFix 12-05-22.01 - user 22.05.2012 9:56.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3055.2049 [GMT 2:00]
Spuštěný z: h:\download\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\assembly\tmp
c:\users\user\AppData\Roaming\msnsvconfig.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-22 do 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 08:01 . 2012-05-22 08:01 -------- d-----w- c:\users\user\AppData\Local\temp
2012-05-22 08:01 . 2012-05-22 08:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 07:58 . 2012-05-22 07:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCF1A571-2CC6-4D7A-8AE9-2DCB4F029E2E}\offreg.dll
2012-05-22 07:43 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCF1A571-2CC6-4D7A-8AE9-2DCB4F029E2E}\mpengine.dll
2012-05-20 10:38 . 2012-05-20 11:25 -------- d-----w- c:\users\user\AppData\Local\Temporary Projects
2012-05-10 21:02 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 21:02 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 21:02 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 21:02 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 21:02 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 21:02 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 21:02 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 21:02 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 21:01 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 21:01 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-04-30 20:51 . 2012-04-30 20:51 -------- d-----w- c:\users\user\AppData\Roaming\Kodak
2012-04-30 20:51 . 2012-04-30 20:51 -------- d-----w- c:\program files\DIFX
2012-04-30 20:51 . 2012-04-30 20:51 -------- d-----w- c:\program files\Common Files\Kodak
2012-04-30 20:51 . 2012-04-30 20:51 -------- d-----w- c:\program files\Kodak
2012-04-30 20:50 . 2012-04-30 20:50 -------- d-----w- c:\programdata\{FD7CAB3E-E895-4E98-9D68-A307CC601204}
2012-04-28 19:03 . 2012-04-28 19:03 -------- d-----w- c:\users\user\AppData\Roaming\UFOAI
2012-04-22 11:40 . 2012-04-22 11:43 -------- d-----w- c:\users\user\android-sdks
2012-04-22 11:34 . 2012-04-27 10:49 -------- d-----w- c:\users\user\.android
2012-04-22 11:34 . 2012-04-22 11:34 -------- d-----w- c:\program files\Android
2012-04-22 11:30 . 2012-04-22 11:49 -------- d-----w- c:\users\user\AppData\Local\Eclipse
2012-04-22 11:30 . 2012-04-22 11:50 -------- d-----w- c:\users\user\workspace
2012-04-22 11:30 . 2012-04-22 11:30 -------- d-----w- c:\program files\Common Files\Java
2012-04-22 11:30 . 2012-04-22 11:30 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 11:30 . 2012-02-15 19:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-14 17:52 . 2012-02-08 15:35 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-04-09 16:07 . 2012-02-08 15:35 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-04-09 16:07 . 2012-02-08 15:35 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-03-16 12:38 . 2012-03-16 12:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-16 12:38 . 2012-03-16 12:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 12:38 . 2012-03-16 12:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 12:38 . 2012-03-16 12:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 12:38 . 2012-03-16 12:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 12:38 . 2012-03-16 12:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 12:38 . 2012-03-16 12:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 12:38 . 2012-03-16 12:38 367104 ----a-w- c:\windows\system32\html.iec
2012-03-16 12:38 . 2012-03-16 12:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 12:38 . 2012-03-16 12:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 12:38 . 2012-03-16 12:38 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 12:38 . 2012-03-16 12:38 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 12:38 . 2012-03-16 12:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 12:38 . 2012-03-16 12:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 12:38 . 2012-03-16 12:38 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 12:38 . 2012-03-16 12:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 12:38 . 2012-03-16 12:38 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-01 05:46 . 2012-04-11 15:27 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-11 15:27 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-11 15:27 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 15:27 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-11 15:29 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 15:29 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 15:29 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 15:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-27 17:58 . 2012-02-27 17:58 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-25 20:25 . 2012-02-08 15:35 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-24 19:14 . 2012-02-08 15:35 22328 ----a-w- c:\users\user\AppData\Roaming\PnkBstrK.sys
2012-02-24 19:14 . 2012-02-24 19:14 682280 ----a-w- c:\windows\system32\pbsvc.exe
2012-02-23 08:18 . 2012-02-07 20:17 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- f:\programs\avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
"Steam"="f:\steam\Steam.exe" [2012-02-12 1242448]
"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tilt"="c:\program files\GIGABYTE\GHOST\Tilt.exe" [2009-06-26 724992]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-09-07 1634112]
"avast"="f:\programs\avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-08 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-10 381248]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-08 242240]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048173488-3706811368-1503832271-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 20:39]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048173488-3706811368-1503832271-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 20:39]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 10.143.126.9 10.143.128.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-05-22 10:02:56
ComboFix-quarantined-files.txt 2012-05-22 08:02
.
Před spuštěním: Volných bajtů: 45 842 710 528
Po spuštění: Volných bajtů: 46 113 394 688
.
- - End Of File - - D2DA1FA0B471791BDBBE66045C6BA8CA

Danstahr · #4 Příspěvek od **Danstahr** » 22 kvě 2012 19:22

Můžete prosím co nejpodrobněji popsat to, co jste s PC dělal, od nákazy až po současný stav?

mike22 · #5 Příspěvek od **mike22** » 23 kvě 2012 15:04

No. jak se projevil virus okamzite sem zkontroloval štíty avastu jestli sou zapnute, nechal zkontrolovat pc ( nic nenaslo ) tak se m zkusil Windows Defender, neco nasel tak sem to nechal odstranit. Pak sem spustil ComboFix a po nahral drivejsi zalohu win. Od té doby se neprojevil vir pri posilani zprav na fb ale mel sem nejak zpomaleny net.. Tak sem jeste reinstaloval prohlizece a uz je to lepsi, ale clovek nikdy nevi jestli tam virus jeste je..

mike22 · #6 Příspěvek od **mike22** » 23 kvě 2012 20:06

Jo.. a jeste mi obcas problikne cerna obrazovka coz se nikdy nestavalo.. :/ nevim jestli to s tim ma neco spolecneho Kazdopadne dekuju za pomoc

Danstahr · #7 Příspěvek od **Danstahr** » 23 kvě 2012 22:18

Stáhněte MBAM a vložte sem jeho log podle návodu zde, při výběru skenu zvolte Úplný sken.

mike22 · #8 Příspěvek od **mike22** » 26 kvě 2012 20:30

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.05.26.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: PC [administrátor]

Ochrana: Povolena

26.5.2012 20:07:01
mbam-log-2012-05-26 (21-29-53).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 362744
Uplynulý čas: 46 minut, 14 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
H:\download\installer_truespace.exe (PUP.Adbundler) -> Žádná instrukce nebyla provedena.

(konec)

Danstahr · #9 Příspěvek od **Danstahr** » 26 kvě 2012 20:59

Hm, v logu nic nevidno.

Stáhněte OTL z tohoto odkazu a uložte jej na Plochu.

Pokud používáte Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Pokud používáte 64bitový OS, zkontrolujte, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtněte jej.
Zaškrtněte okénko Pro všechny uživatele.
Zaškrtněte okénko Kontrola na havěť "LOP".
Zaškrtněte okénko Kontrola na havěť "Purity".
Stáři souborů změňte z 30 dnů na 7 dnů!!
Do spodního okénka Vlastní skenování/opravy vložte tento script :

Kód: Vybrat vše

CREATERESTOREPOINT

netsvc
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
%userprofile%\Plocha\*.*
%userprofile%\Desktop\*.*
%ALLUSERSPROFILE%\Plocha\*.*
%ALLUSERSPROFILE%\Desktop\*.*
*crack* /s
*keygen* /s
*loader* /s
*RemoveWAT* /s
*minodlogin* /s
*tnod* /s
*TemDono* /s
*AutoKMS* /s
*KMSEmulator* /s
*activator* /s
*serial* /s
*w7lxe* /s
*AutoRearm* /s
%userprofile%\*.bat /s

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s

%SystemDrive%\PhysicalMBR.bin /md5

Klikněte na tlačítko [Prohledat].
Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vložte.
Pokud se nevejdou do jednoho, rozdělte je prosím do více příspěvků.

mike22 · #10 Příspěvek od **mike22** » 26 kvě 2012 22:36

extras:

OTL Extras logfile created on: 26.5.2012 22:56:45 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\user\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,98 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 30,39% Memory free
8,61 Gb Paging File | 6,06 Gb Available in Paging File | 70,36% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 81,82 Gb Total Space | 36,85 Gb Free Space | 45,04% Space Free | Partition Type: NTFS
Drive F: | 134,41 Gb Total Space | 78,56 Gb Free Space | 58,44% Space Free | Partition Type: NTFS
Drive H: | 67,09 Gb Total Space | 31,54 Gb Free Space | 47,01% Space Free | Partition Type: NTFS
Drive V: | 14,59 Gb Total Space | 9,61 Gb Free Space | 65,82% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BE0E53-304F-421B-9438-3931905D4DD5}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{05F7D834-02B8-4CF2-9878-A9A80E74DD40}" = lport=137 | protocol=17 | dir=in | app=system |
"{06D71E44-F98C-49C1-B2E8-5BFB7FB9661A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0B4E2B86-BE96-4ABF-97DD-D3202D7B451C}" = lport=445 | protocol=6 | dir=in | app=system |
"{1236BA2F-1CAB-45E6-8D41-7EFC70B569BE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1316397F-1C3E-4E39-BAC8-2025209FC981}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{197131C5-A277-47C8-A956-060A958121A8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19772C97-A25F-4FCF-918A-6BCC01CFB96C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2A581F3D-3E40-454D-AE67-0B181B7B720A}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{32E143FC-19F7-4E34-ADDB-609966804F3A}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C8DC166-67B4-432B-A27F-F277E312D140}" = rport=139 | protocol=6 | dir=out | app=system |
"{430B0FFF-1036-4569-AC40-DFDAA39A044A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4434092D-5AAE-478D-9147-CC0871EEABA9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{46D271AB-7FE7-4504-BD11-45667C632AB2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C71F4C3-37FC-493E-92E0-E9E384B29E8A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{50EE03CB-0279-4FFD-8267-ADF6671C1082}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51281D49-66FC-42B4-8AC2-680CD34AB028}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52D72FF4-0CEF-42EC-9A92-60701563195F}" = rport=138 | protocol=17 | dir=out | app=system |
"{575362A2-E216-4BC5-9488-ECCDE05EFE22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B24BB74-608B-4017-A508-93CE3BB8BC76}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{65908A18-9D65-433C-9212-44E43439E1B5}" = lport=3389 | protocol=6 | dir=in | app=system |
"{65A1340D-174A-45B7-9B7E-ACB3E8774636}" = lport=139 | protocol=6 | dir=in | app=system |
"{69501105-DB9F-4260-9C66-806D228B2E7F}" = rport=137 | protocol=17 | dir=out | app=system |
"{6E0A4269-F861-411B-8E0D-49E845425DA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{771DFBC1-FCD5-4863-B9FD-7C517763519F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E141B3A-9D33-4884-A78B-AC3F9F854636}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7FBDF72E-CE1D-4696-A4DF-FE0CA1236D33}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9CE9F246-8CEB-4B3F-8B32-C15DE7571D80}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A14061B5-9F14-4782-8E3A-8856B68F8C3F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B9AEC566-CEEC-4728-93BD-A066E3E89916}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BB8A66B8-EEA4-47B9-9364-4EE6C6DB59AC}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{C94A6CEC-3E8C-45FC-91BB-30C6C7D5BCB1}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CF90815A-ED6D-46C7-924C-142224BFE071}" = rport=445 | protocol=6 | dir=out | app=system |
"{D0FD5F2F-09DE-45CB-B276-6AE7786EEF09}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D2661E0F-0B60-4AA0-9EDD-94A55E54CDB5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{D75A50EF-A060-4BA6-A15D-764C7D20CD08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DAD42650-8B03-424E-9F03-9171D70CFABF}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DAE1AFDD-2A49-4B2E-8D2F-82D75490A17B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E12A17E0-5A5A-4CBA-A18F-B7585276B138}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E1D45194-5D56-49D1-A462-0634BDD14012}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E2A20DA7-BCF1-49EB-A4E0-D3ED8419609C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E81E92AB-2CC2-48DF-8A33-7F1C4B9456E8}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{ED912516-7E25-4057-99E3-C3588A204033}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F0148DE9-1CEF-4E02-A288-B116DEABD1BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEE8C648-0D85-44B6-8DC8-BA1D3B27948D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02837EEF-F5CE-4A1B-A5DC-8C02B221AAD0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{0C043EFF-17AE-4F39-BBB5-A35683D8E022}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{109441CA-CE74-4A08-A6C6-C9A7D425AF83}" = protocol=6 | dir=in | app=f:\cod5\codwawmp.exe |
"{1A358EDC-7904-4701-96EE-5C804DCF4075}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F2360B5-652A-4490-B967-299CD3D83EFB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{20C43435-1254-442E-BDCE-693EF2041271}" = protocol=17 | dir=in | app=f:\avat\james cameron's avatar - the game\bin\avatarlauncher.exe |
"{21724C2F-7BFC-4DEF-A9A6-594717D43252}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{22D1663B-F5A8-4E76-92F4-BBBAD39822C9}" = protocol=6 | dir=in | app=f:\cod4\iw3mp.exe |
"{2698AFD3-9FEF-4217-9720-E72E7A5168EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2B35FBA0-4CD8-4B80-B809-382069AE829E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2BAC9048-DE5E-4D42-BB83-C2E1C3A19223}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2F19B1C7-4461-48F9-98DD-23CD6F447BD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3381D460-A917-49AF-9ABA-0079ACC44875}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3B66A6B7-6010-4475-AF82-C3AD41D11E61}" = protocol=6 | dir=out | app=system |
"{4085B8CD-EC61-42F8-8889-228C053AC7A2}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{4560641B-FFAD-4D99-9FFC-532CFA2B4B26}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{474FC923-7FC5-44AD-9EC1-8E195BED6E7F}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{4819DFA2-EE3C-42CD-9A3A-D0952CC1912F}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\brawl busters\launcher.exe |
"{4F8D7014-0745-40B9-BDFE-ADA1E6DDE551}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FA46CCB-C97C-46E6-AA4A-712F89EBB6FE}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\iron grip marauders\prism.exe |
"{5F4A2B6C-A299-4C05-8D2C-9FEDEEF573C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65FDBFA9-D3EA-4F73-B2C3-7477A5515904}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AB974E9-E0DF-45D5-9BAF-D79F074E8EB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B0D3504-6F61-4E78-8DF2-EBDF9A67EE36}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{6BFB0B79-A0B3-4A1A-8C03-AFC1B6E11113}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{70746095-5744-40CC-9C6D-EA2B9B57A6B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73266767-84D8-4E6B-B76F-395B4A5753EF}" = protocol=17 | dir=in | app=f:\cod4\iw3mp.exe |
"{735DCEDC-08C3-40B8-8185-FD3070F349BA}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\brawl busters\launcher.exe |
"{751B04E1-6F98-4CB2-BCCA-E289513983A3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{75868FD8-4002-438E-B1E0-8731DD786505}" = protocol=6 | dir=in | app=f:\avat\james cameron's avatar - the game\bin\avatarlauncher.exe |
"{7885CD18-4647-4A32-9CE1-E54105B11D2D}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\iron grip marauders\prism.exe |
"{7CF84A8C-EF92-4C4A-99D3-414783CFC420}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8015AF4A-37BA-4476-B6A6-2555304F9CA7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{81A611E3-754C-4165-B849-4D83ABED76EF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{81B4A19B-FB86-464F-8F73-2B65EC3F8441}" = protocol=6 | dir=in | app=c:\program files\codemasters\dirt2 demo\dirt2.exe |
"{83478639-49A7-4A7D-917D-96DFAFEFBDC0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{84888E62-6500-4687-8149-F41DDD91DE68}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{863A3569-6681-45F7-AC46-F94086A0F1A5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9077304E-267E-4FBF-869D-8624749E7FF8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9238B372-E82D-4A47-A730-716FFFB8CEB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96CE60DE-4412-4A38-97C8-FAD781C018BC}" = protocol=17 | dir=in | app=c:\program files\id software\enemy territory - quake wars demo 2\etqwded.exe |
"{979C1C57-9C14-4B5A-A9AF-63FB7AB29F24}" = protocol=17 | dir=in | app=f:\cod5\codwaw.exe |
"{A09C31C8-EC31-4E0D-BEE7-082BE8F24FF1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A2E503D4-7D89-470D-AE6B-92E3A0EE1045}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A3985F05-DE45-4631-BB7F-EDC1786A21D3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A3DB3601-F761-404F-9640-3765870E2B78}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A5410D41-F5C2-45E1-BB0A-11D98533A5AB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A63B5C9F-079A-4FB4-B879-F608441035D1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AE39160B-14F4-4225-ACE5-2CF5CFD26573}" = protocol=17 | dir=in | app=f:\cod5\codwawmp.exe |
"{B0BEBFDF-549E-4D73-A9CC-51E5E438A27A}" = protocol=6 | dir=in | app=c:\program files\id software\enemy territory - quake wars demo 2\etqwded.exe |
"{B44DB6E4-10F7-4A71-8FE9-2B4D56F28339}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B92D5249-9C19-4BA0-A41D-43E51CFC7FE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BB1C3A83-82ED-4922-8616-15CE5CB97B39}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BD36CA05-1225-4F5F-B304-6ED45FD4C703}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BE149B08-A658-429C-A65A-797867D447D7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C0819667-36B2-434F-B118-1D91843C2CC1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D8512CC7-827D-467C-9C94-206051C93A85}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D859AC46-C3D8-45CA-B23E-1F3516ACAB68}" = protocol=17 | dir=in | app=f:\avat\james cameron's avatar - the game\bin\avatar.exe |
"{DAD8A5CC-E21D-43BE-9EA4-4E509E144194}" = protocol=17 | dir=in | app=c:\program files\codemasters\dirt2 demo\dirt2.exe |
"{DC7B2C77-E41B-498C-9306-B9A23A040F1A}" = protocol=6 | dir=in | app=c:\program files\id software\enemy territory - quake wars demo 2\etqw.exe |
"{EB0AA337-C42A-487E-BD89-989314639201}" = protocol=6 | dir=in | app=f:\avat\james cameron's avatar - the game\bin\avatar.exe |
"{EE707E01-6A3C-44A6-BF1B-FF3C18EA2CE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFAA1B9F-0638-40E5-98E9-34A82B5F57A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F02FA1A3-F712-402F-BFCB-C73EB510AFF4}" = protocol=6 | dir=in | app=f:\cod5\codwaw.exe |
"{F1177760-B8DE-48E2-AF03-F7EC59591FF3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F48DB2D9-E3F0-4E01-9DA9-BD804D5274DC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F689FD50-80A0-48CD-95CE-B6ACF880C946}" = protocol=17 | dir=in | app=c:\program files\id software\enemy territory - quake wars demo 2\etqw.exe |
"{F6C8342E-80D2-4171-97C0-528D2F8869D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE3E34FE-33CD-48FB-A457-AC62DBB2F8D5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{027A1839-8300-43FB-B4CC-2E4300DA828D}E:\cs1.6\hl.exe" = protocol=6 | dir=in | app=e:\cs1.6\hl.exe |
"TCP Query User{08A5FEBF-C23C-4511-9216-7C80B1104848}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{4EC491E2-CA83-4269-8085-03B03D5767B8}F:\ufoai-2.4\ufo.exe" = protocol=6 | dir=in | app=f:\ufoai-2.4\ufo.exe |
"TCP Query User{613DCF14-7930-42E4-B688-6368BA900CE8}F:\cod4\iw3mp.exe" = protocol=6 | dir=in | app=f:\cod4\iw3mp.exe |
"TCP Query User{955ED459-FA61-49A0-ABFE-A285B6F21D1E}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"TCP Query User{9EB0562E-0046-406E-8483-9BBAD3BA1287}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{ABE01265-11AF-4227-BB5E-7D6B58592EC6}F:\steam\steamapps\misa_shadow\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\misa_shadow\team fortress 2\hl2.exe |
"TCP Query User{BB622695-DF78-4635-824E-EA7157EF01B4}E:\aoe2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=e:\aoe2\age2_x1\age2_x1.exe |
"TCP Query User{CEBF2F72-C259-4CDB-A05B-7524A150CD44}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{D04D05A8-5985-44A6-9C17-72CF71A18245}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe |
"TCP Query User{D4C5793B-3A33-4E9B-9B70-504073BC8EE8}F:\cs1.6\hl.exe" = protocol=6 | dir=in | app=f:\cs1.6\hl.exe |
"UDP Query User{2CC199B3-CE22-4EAD-A6F9-F189AA5F7B47}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{32943B4B-D5FA-4044-8B73-F658B8332371}F:\steam\steamapps\misa_shadow\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\misa_shadow\team fortress 2\hl2.exe |
"UDP Query User{535FA1C8-8247-43CB-96A4-67B699016D8A}F:\cs1.6\hl.exe" = protocol=17 | dir=in | app=f:\cs1.6\hl.exe |
"UDP Query User{5448F1B6-23C1-43EB-9680-A362A8764F10}F:\cod4\iw3mp.exe" = protocol=17 | dir=in | app=f:\cod4\iw3mp.exe |
"UDP Query User{54F71BA4-4BBB-43C6-84BF-41782E2DE906}E:\aoe2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=e:\aoe2\age2_x1\age2_x1.exe |
"UDP Query User{55AFD2BB-8AC2-42D3-8FA9-CEC1559BE8E9}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{65E23F06-CD38-4FB8-B1CD-C1BA0A88B731}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"UDP Query User{BA09C0B2-9EAF-4CD5-B384-A3C00EFDDEFD}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{BAEDC0A1-19A4-4168-BF3D-5E42CAEDD6E2}F:\ufoai-2.4\ufo.exe" = protocol=17 | dir=in | app=f:\ufoai-2.4\ufo.exe |
"UDP Query User{C1766FDF-408B-40A8-908C-DF3A699FE0D0}E:\cs1.6\hl.exe" = protocol=17 | dir=in | app=e:\cs1.6\hl.exe |
"UDP Query User{F80B7429-EBF1-456D-B4A4-7E4CB6016A6F}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E1B773B-B396-4FA4-BBB9-01F8D1F74C57}" = Enemy Territory - QUAKE Wars(TM) Demo 2
"{16B2498C-C6C1-4AE7-95EF-D2A09F50071C}" = Aplikace KODAK Share Button
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C3AB990-1F33-3D6B-9F34-8D5189FA04D3}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5542F72D-45E4-371C-BE4B-A7CB70C11E9D}" = Windows Phone Emulator - ENU
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7E19B002-4CA3-4C9F-BA92-91D101B97219}" = James Cameron's AVATAR(tm): THE GAME
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum zařízení Windows Mobile
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{AC968B0F-024A-4323-BD6B-C2A85D183F34}" = GHOST
"{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}" = DiRT2 Demo
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 276.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 276.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 276.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 276.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B86149D3-18A2-41FD-A153-60AF944E47FE}" = Microsoft Windows Phone 7 Developer Resources
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{CFB91CB0-17D9-44EB-BFB2-5307AB7E7DDC}" = Microsoft Visual Studio 2010 Express for Windows Phone - ENU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1846BA1-6118-3EDF-8C57-6E1A04646738}" = Microsoft Visual C++ 2008 Express Edition - ENU
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D5B94160-4A07-4956-9C73-8C5EEFEF180F}" = OpenOffice.org 3.3
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DAE449A1-A082-4E20-9694-5D680E969559}" = NVIDIA 3D Vision Video Player
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Balíček ovladače systému Windows - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Android SDK Tools" = Android SDK Tools
"avast" = avast! Free Antivirus
"Blend_4.0.20901.0" = Microsoft Expression Blend 4
"Blender" = Blender
"Caligari trueSpace7.6_is1" = Uninstall trueSpace7.6
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"DAEMON Tools Lite" = DAEMON Tools Lite
"Inkscape" = Inkscape 0.48.2
"InstallShield_{0E1B773B-B396-4FA4-BBB9-01F8D1F74C57}" = Enemy Territory - QUAKE Wars(TM) Demo 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Microsoft Visual C++ 2008 Express Edition - ENU" = Microsoft Visual C++ 2008 Express Edition - ENU
"Microsoft Visual Studio 2010 Express for Windows Phone - ENU" = Microsoft Windows Phone Developer Tools - ENU
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Steam App 109410" = Brawl Busters
"Steam App 31740" = Iron Grip: Marauders
"Steam App 440" = Team Fortress 2
"SWAT 4" = SWAT 4
"UFO:Alien Invasion" = UFO:AI 2.4
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2048173488-3706811368-1503832271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8bd5b2b8f0f1a0ac" = Series3D1
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

mike22 · #11 Příspěvek od **mike22** » 26 kvě 2012 22:38

OTL logfile created on: 26.5.2012 22:56:45 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\user\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,98 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 30,39% Memory free
8,61 Gb Paging File | 6,06 Gb Available in Paging File | 70,36% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 81,82 Gb Total Space | 36,85 Gb Free Space | 45,04% Space Free | Partition Type: NTFS
Drive F: | 134,41 Gb Total Space | 78,56 Gb Free Space | 58,44% Space Free | Partition Type: NTFS
Drive H: | 67,09 Gb Total Space | 31,54 Gb Free Space | 47,01% Space Free | Partition Type: NTFS
Drive V: | 14,59 Gb Total Space | 9,61 Gb Free Space | 65,82% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.05.26 22:55:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2012.05.19 18:53:29 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.12 17:23:54 | 001,242,448 | ---- | M] (Valve Corporation) -- F:\steam\Steam.exe
PRC - [2012.02.03 14:14:44 | 000,108,032 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011.12.11 05:36:43 | 000,842,048 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.12.10 22:12:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.11.28 20:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- F:\programs\avast\AvastUI.exe
PRC - [2011.11.28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- F:\programs\avast\AvastSvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.17 17:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 17:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.06.26 07:17:02 | 000,724,992 | ---- | M] () -- C:\Program Files\GIGABYTE\GHOST\Tilt.exe

========== Modules (No Company Name) ==========

MOD - [2012.05.23 03:56:50 | 000,441,880 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
MOD - [2012.05.23 03:56:49 | 003,922,456 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012.05.23 03:55:35 | 000,553,496 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012.05.23 03:55:33 | 000,117,784 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012.05.23 03:55:24 | 000,134,696 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012.05.23 03:55:23 | 000,250,408 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012.05.23 03:55:21 | 002,375,720 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012.05.23 03:06:23 | 008,743,584 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012.05.23 03:06:23 | 008,743,584 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll
MOD - [2012.05.19 18:53:28 | 020,313,384 | ---- | M] () -- F:\steam\bin\libcef.dll
MOD - [2012.05.19 18:53:28 | 000,895,312 | ---- | M] () -- F:\steam\bin\chromehtml.dll
MOD - [2012.05.19 18:53:27 | 001,099,576 | ---- | M] () -- F:\steam\bin\avcodec-53.dll
MOD - [2012.05.19 18:53:27 | 000,190,776 | ---- | M] () -- F:\steam\bin\avformat-53.dll
MOD - [2012.05.19 18:53:27 | 000,123,192 | ---- | M] () -- F:\steam\bin\avutil-51.dll
MOD - [2012.02.17 20:55:36 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2012.02.15 21:28:53 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.06.26 07:17:02 | 000,724,992 | ---- | M] () -- C:\Program Files\GIGABYTE\GHOST\Tilt.exe

========== Win32 Services (SafeList) ==========

SRV - [2012.05.19 18:53:29 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.08 18:17:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.10 22:12:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.11.28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- F:\programs\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.05.26 20:06:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.08 20:08:20 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.12.11 07:00:00 | 010,774,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.11.28 19:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 19:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 19:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 19:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 19:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 19:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.08 16:42:16 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010.04.29 05:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009.12.30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2048173488-3706811368-1503832271-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2048173488-3706811368-1503832271-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2048173488-3706811368-1503832271-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://webstore.isotx.com/igmaraudersL.html"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

[2012.03.03 09:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.03.03 09:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.05.22 10:01:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\programs\avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\programs\avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] F:\programs\avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Tilt] C:\Program Files\GIGABYTE\GHOST\Tilt.exe ()
O4 - HKU\S-1-5-21-2048173488-3706811368-1503832271-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2048173488-3706811368-1503832271-1000..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-21-2048173488-3706811368-1503832271-1000..\Run: [Steam] F:\steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2048173488-3706811368-1503832271-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2048173488-3706811368-1503832271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.143.126.9 10.143.128.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAFE1EC1-3BBF-4334-9C96-AACA5B43F0B7}: DhcpNameServer = 10.143.126.9 10.143.128.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.05.26 20:06:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.26 14:37:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012.05.26 14:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.26 14:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.26 14:37:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.26 14:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.26 12:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.05.26 12:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.05.26 12:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.05.26 12:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.05.26 12:40:15 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.05.22 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.22 10:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.05.22 10:13:50 | 000,000,000 | ---D | C] -- C:\rsit
[2012.05.22 10:02:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.05.22 10:02:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.05.22 10:02:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp
[2012.05.22 09:55:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.05.22 09:55:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.05.22 09:55:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.05.22 09:55:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.05.22 09:53:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.05.22 09:52:57 | 000,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 7 Days ==========

[2012.05.26 22:59:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.05.26 22:37:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2048173488-3706811368-1503832271-1000UA.job
[2012.05.26 20:06:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.26 19:52:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.26 18:39:44 | 000,022,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.26 18:39:44 | 000,022,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.26 18:32:07 | 2402,840,576 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.26 13:09:42 | 000,388,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.26 11:49:35 | 000,714,604 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.05.26 11:49:35 | 000,699,346 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.26 11:49:35 | 000,158,274 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.05.26 11:49:35 | 000,139,212 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.22 10:37:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2048173488-3706811368-1503832271-1000Core.job
[2012.05.22 10:01:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

========== Files Created - No Company Name ==========

[2012.05.26 22:59:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.05.22 10:32:29 | 000,000,958 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2048173488-3706811368-1503832271-1000UA.job
[2012.05.22 10:32:28 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2048173488-3706811368-1503832271-1000Core.job
[2012.05.22 09:55:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.05.22 09:55:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.05.22 09:55:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.05.22 09:55:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.05.22 09:55:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.24 21:18:11 | 000,000,267 | ---- | C] () -- C:\Windows\game.ini
[2012.02.24 21:14:22 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.02.19 19:32:15 | 000,000,033 | ---- | C] () -- C:\Windows\Caligari.ini
[2012.02.08 17:35:59 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.02.08 17:35:59 | 000,022,328 | ---- | C] () -- C:\Users\user\AppData\Roaming\PnkBstrK.sys
[2012.02.08 17:35:34 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.02.08 17:35:19 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.02.07 20:57:54 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2011.12.10 22:12:58 | 000,307,008 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.11.21 01:42:47 | 000,714,604 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2010.11.21 01:42:47 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2010.11.21 01:42:47 | 000,158,274 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2010.11.21 01:42:47 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012.02.19 22:28:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Blender Foundation
[2012.02.08 20:10:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2012.02.17 23:57:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2012.02.11 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\inkscape
[2012.02.15 21:29:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2012.03.03 09:04:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Prism
[2012.04.28 21:03:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UFOAI
[2012.04.23 11:49:57 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< netsvc >

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 23:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 23:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SVCHOST.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2010.11.20 23:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2011.09.29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\ERDNT\cache\tcpip.sys
[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers\tcpip.sys
[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2012.03.30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< >

< %systemroot%*.* /U /s >
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.02.07 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
[2012.02.19 22:28:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Blender Foundation
[2012.02.08 20:10:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2012.02.17 23:57:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2012.02.07 13:17:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities
[2012.02.11 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\inkscape
[2012.04.30 22:51:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Kodak
[2012.02.07 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
[2012.05.26 14:37:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2010.11.21 01:47:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2012.05.26 12:57:03 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
[2012.03.03 09:04:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla
[2012.03.23 19:54:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NVIDIA 3D Vision Video Player
[2012.02.15 21:29:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2012.03.03 09:04:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Prism
[2012.05.26 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skype
[2012.04.28 21:03:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UFOAI
[2012.04.09 21:17:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2012.03.16 14:38:01 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< %systemroot%\Tasks\*.job >
[2012.05.22 10:37:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048173488-3706811368-1503832271-1000Core.job
[2012.05.26 22:37:00 | 000,000,958 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048173488-3706811368-1503832271-1000UA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2012.03.16 14:38:01 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.05.26 18:39:44 | 000,022,224 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.26 18:39:44 | 000,022,224 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.26 13:09:42 | 000,388,032 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2012.05.26 11:49:35 | 000,158,274 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.05.26 11:49:35 | 000,139,212 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.05.26 11:49:35 | 000,714,604 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.05.26 11:49:35 | 000,699,346 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.05.26 11:49:35 | 001,707,972 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< %userprofile%\Plocha\*.* >

< %userprofile%\Desktop\*.* >
[2012.02.08 17:56:33 | 000,000,858 | ---- | M] () -- C:\Users\user\Desktop\3D Vision Photo Viewer.lnk
[2012.05.17 15:55:55 | 000,109,518 | ---- | M] () -- C:\Users\user\Desktop\544877_3099315484424_1310253769_32202676_2117815745_n.jpg
[2012.04.16 21:39:12 | 000,007,168 | ---- | M] () -- C:\Users\user\Desktop\ads.doc
[2012.04.16 21:13:37 | 000,012,963 | ---- | M] () -- C:\Users\user\Desktop\Bez názvu 1.odt
[2012.02.19 22:23:14 | 000,000,714 | ---- | M] () -- C:\Users\user\Desktop\Blender.lnk
[2012.02.24 19:58:11 | 000,000,202 | ---- | M] () -- C:\Users\user\Desktop\Brawl Busters.url
[2012.05.05 00:12:37 | 000,000,922 | ---- | M] () -- C:\Users\user\Desktop\Centrum zařízení Windows Mobile.lnk
[2012.05.04 15:37:52 | 116,387,646 | ---- | M] () -- C:\Users\user\Desktop\cm9.zip
[2012.02.17 19:55:56 | 000,000,282 | -HS- | M] () -- C:\Users\user\Desktop\desktop.ini
[2012.05.14 21:08:40 | 000,001,747 | ---- | M] () -- C:\Users\user\Desktop\eng.txt
[2012.05.03 19:19:18 | 120,686,371 | ---- | M] () -- C:\Users\user\Desktop\Gen.Y_PX-D_R0_Standard.7z
[2012.05.13 13:41:50 | 000,358,400 | ---- | M] () -- C:\Users\user\Desktop\Heinzová 1.doc
[2012.05.05 23:09:43 | 000,027,229 | ---- | M] () -- C:\Users\user\Desktop\htc-with-htc-sence-i2319543239.html
[2012.02.24 20:01:01 | 000,000,201 | ---- | M] () -- C:\Users\user\Desktop\Iron Grip Marauders.url
[2012.05.26 21:29:56 | 000,002,316 | ---- | M] () -- C:\Users\user\Desktop\mbam-log-2012-05-26 (21-29-53).txt
[2012.05.01 20:42:51 | 000,204,922 | ---- | M] () -- C:\Users\user\Desktop\máj.jpg
[2012.05.15 15:57:29 | 000,028,027 | ---- | M] () -- C:\Users\user\Desktop\oceantide.wav
[2012.05.13 19:36:50 | 000,177,664 | ---- | M] () -- C:\Users\user\Desktop\rp.doc
[2012.04.04 22:18:07 | 000,000,848 | ---- | M] () -- C:\Users\user\Desktop\SWAT 4 - The Stetchkov Syndicate.lnk
[2012.04.04 22:18:07 | 000,000,776 | ---- | M] () -- C:\Users\user\Desktop\Swat 4.lnk
[2012.05.17 21:23:41 | 002,579,456 | ---- | M] () -- C:\Users\user\Desktop\syry.ppt
[2012.02.12 17:31:40 | 000,000,199 | ---- | M] () -- C:\Users\user\Desktop\Team Fortress 2.url
[2012.05.23 21:47:20 | 000,000,294 | ---- | M] () -- C:\Users\user\Desktop\trav.txt
[2012.02.19 19:33:20 | 000,000,672 | ---- | M] () -- C:\Users\user\Desktop\trueSpace7.6.lnk
[2012.04.28 20:59:04 | 968,718,755 | ---- | M] () -- C:\Users\user\Desktop\ufoai-2.4-win32.exe
[2012.04.28 21:02:24 | 000,000,533 | ---- | M] () -- C:\Users\user\Desktop\UFOAlien Invasion-2.4.lnk
[2012.04.20 20:01:45 | 000,000,084 | ---- | M] () -- C:\Users\user\Desktop\wm rom ver.txt
[2012.02.08 17:28:12 | 000,001,028 | ---- | M] () -- C:\Users\user\Desktop\Wolfenstein - Enemy Territory.lnk

< %ALLUSERSPROFILE%\Plocha\*.* >

< %ALLUSERSPROFILE%\Desktop\*.* >

< *crack* /s >
[2010.11.09 09:49:48 | 040,868,256 | ---- | M] () -- \Program Files\Activision\Call of Duty - Black Ops\zone\Common\mp_cracked.ff
[2010.11.09 09:49:48 | 000,019,296 | ---- | M] () -- \Program Files\Activision\Call of Duty - Black Ops\zone\English\en_mp_cracked.ff
[2012.02.05 21:10:38 | 000,062,238 | ---- | M] () -- \Program Files\GIMP-2.0\share\gimp\2.0\patterns\cracked.pat
[2012.04.04 21:50:36 | 000,000,511 | ---- | M] () -- \Users\user\AppData\Roaming\Microsoft\Windows\Recent\SWAT-4---Full-game-(PC)-Crack+CZ.iso.lnk

< *keygen* /s >

< *loader* /s >
[2012.04.22 13:44:00 | 000,001,652 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\android\app\ApplicationLoaders.class
[2012.04.22 13:43:42 | 000,003,098 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\android\app\LoadedApk$WarningContextClassLoader.class
[2012.04.22 13:43:43 | 000,005,226 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\com\android\internal\telephony\AdnRecordLoader.class
[2012.04.22 13:44:03 | 000,007,157 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\com\android\internal\telephony\gsm\stk\IconLoader.class
[2012.04.22 13:44:01 | 000,000,239 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\com\android\layoutlib\bridge\FontLoader$1.class
[2012.04.22 13:43:59 | 000,004,235 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\com\android\layoutlib\bridge\FontLoader$FontDefinitionParser.class
[2012.04.22 13:43:42 | 000,000,605 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\com\android\layoutlib\bridge\FontLoader$FontInfo.class
[2012.04.22 13:44:01 | 000,006,665 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\com\android\layoutlib\bridge\FontLoader.class
[2012.04.22 13:43:40 | 000,001,211 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\dalvik\system\PathClassLoader$EnumerateListArray.class
[2012.04.22 13:44:00 | 000,008,114 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\dalvik\system\PathClassLoader.class
[2012.04.22 13:43:59 | 000,000,677 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw\loaderror.html
[2012.04.22 13:43:43 | 000,000,643 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-ar\loaderror.html
[2012.04.22 13:43:59 | 000,000,682 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-cs\loaderror.html
[2012.04.22 13:43:41 | 000,000,612 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-da\loaderror.html
[2012.04.22 13:43:43 | 000,000,605 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-de\loaderror.html
[2012.04.22 13:43:59 | 000,000,579 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-en-rGB\loaderror.html
[2012.04.22 13:44:02 | 000,000,607 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-es\loaderror.html
[2012.04.22 13:43:43 | 000,000,633 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-fi\loaderror.html
[2012.04.22 13:44:00 | 000,000,613 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-fr\loaderror.html
[2012.04.22 13:43:41 | 000,000,628 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-hu\loaderror.html
[2012.04.22 13:43:59 | 000,000,622 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-it\loaderror.html
[2012.04.22 13:43:59 | 000,000,638 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-iw\loaderror.html
[2012.04.22 13:44:01 | 000,000,656 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-ja\loaderror.html
[2012.04.22 13:43:40 | 000,000,648 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-ko\loaderror.html
[2012.04.22 13:44:00 | 000,000,592 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-nl\loaderror.html
[2012.04.22 13:44:00 | 000,000,628 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-pl\loaderror.html
[2012.04.22 13:44:03 | 000,000,676 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-pt-rBR\loaderror.html
[2012.04.22 13:44:00 | 000,000,705 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-ru\loaderror.html
[2012.04.22 13:43:43 | 000,000,678 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-th\loaderror.html
[2012.04.22 13:43:43 | 000,000,570 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-tr\loaderror.html
[2012.04.22 13:43:40 | 000,000,556 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-zh-rCN\loaderror.html
[2012.04.22 13:44:03 | 000,000,635 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\res\raw-zh-rTW\loaderror.html
[2012.04.22 13:46:46 | 000,000,677 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw\loaderror.html
[2012.04.22 13:47:07 | 000,000,643 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-ar\loaderror.html
[2012.04.22 13:46:46 | 000,000,682 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-cs\loaderror.html
[2012.04.22 13:47:09 | 000,000,612 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-da\loaderror.html
[2012.04.22 13:47:06 | 000,000,605 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-de\loaderror.html
[2012.04.22 13:47:09 | 000,000,579 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-en-rGB\loaderror.html
[2012.04.22 13:46:46 | 000,000,607 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-es\loaderror.html
[2012.04.22 13:46:46 | 000,000,633 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-fi\loaderror.html
[2012.04.22 13:47:07 | 000,000,613 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-fr\loaderror.html
[2012.04.22 13:47:09 | 000,000,628 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-hu\loaderror.html
[2012.04.22 13:46:47 | 000,000,622 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-it\loaderror.html
[2012.04.22 13:46:46 | 000,000,638 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-iw\loaderror.html
[2012.04.22 13:47:05 | 000,000,656 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-ja\loaderror.html
[2012.04.22 13:46:46 | 000,000,648 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-ko\loaderror.html
[2012.04.22 13:47:05 | 000,000,592 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-nl\loaderror.html
[2012.04.22 13:46:46 | 000,000,628 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-pl\loaderror.html
[2012.04.22 13:47:06 | 000,000,676 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-pt-rBR\loaderror.html
[2012.04.22 13:47:07 | 000,000,705 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-ru\loaderror.html
[2012.04.22 13:46:47 | 000,000,678 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-th\loaderror.html
[2012.04.22 13:47:07 | 000,000,570 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-tr\loaderror.html
[2012.04.22 13:46:47 | 000,000,556 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-zh-rCN\loaderror.html
[2012.04.22 13:47:09 | 000,000,635 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-8\data\res\raw-zh-rTW\loaderror.html
[2009.10.28 12:11:50 | 000,000,115 | R--- | M] () -- \Program Files\Codemasters\DiRT2 Demo\audio\audio_loader.xml
[2010.03.19 00:21:56 | 000,063,312 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7Debug\coloader80.dll
[2010.03.18 01:17:14 | 000,004,096 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7Debug\coloader80.tlb
[2010.10.07 04:36:40 | 000,265,552 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2010.10.07 04:36:40 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2010.02.07 22:40:00 | 000,000,543 | ---- | M] () -- \Program Files\GIMP-2.0\etc\gtk-2.0\gdk-pixbuf.loaders
[2009.12.15 18:58:18 | 000,017,056 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ani.dll
[2009.12.15 18:58:20 | 000,018,592 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-bmp.dll
[2009.12.15 18:58:24 | 000,026,272 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-gif.dll
[2009.12.15 18:58:26 | 000,012,960 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-icns.dll
[2009.12.15 18:58:28 | 000,017,568 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ico.dll
[2009.12.15 18:58:56 | 000,019,616 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-jpeg.dll
[2009.12.15 18:59:04 | 000,015,008 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pcx.dll
[2009.12.15 18:59:06 | 000,019,104 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll
[2009.12.15 18:59:10 | 000,017,056 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pnm.dll
[2009.12.15 18:59:14 | 000,012,448 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ras.dll
[2009.12.15 18:59:16 | 000,016,544 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tga.dll
[2009.12.15 18:59:20 | 000,016,544 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tiff.dll
[2009.12.15 18:59:22 | 000,011,936 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-wbmp.dll
[2009.12.15 18:59:24 | 000,013,984 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xbm.dll
[2009.12.15 18:59:28 | 000,028,320 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xpm.dll
[2009.05.01 20:42:00 | 000,009,880 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\svg_loader.dll
[2012.02.03 14:14:06 | 000,012,583 | ---- | M] () -- \Program Files\Kodak\KODAK Share Button App\web\gg\ViewUploadError.js
[2012.02.03 14:14:24 | 000,003,208 | ---- | M] () -- \Program Files\Kodak\KODAK Share Button App\web\yui\2.8.0r4\build\assets\skins\sam\ajax-loader.gif
[2012.02.03 14:14:26 | 000,003,208 | ---- | M] () -- \Program Files\Kodak\KODAK Share Button App\web\yui\2.8.0r4\build\carousel\assets\ajax-loader.gif
[2012.02.03 14:14:26 | 000,003,208 | ---- | M] () -- \Program Files\Kodak\KODAK Share Button App\web\yui\2.8.0r4\build\carousel\assets\skins\sam\ajax-loader.gif
[2012.02.03 14:14:30 | 000,005,279 | ---- | M] () -- \Program Files\Kodak\KODAK Share Button App\web\yui\2.8.0r4\build\imageloader\imageloader-min.js
[2012.02.03 14:14:34 | 000,011,376 | ---- | M] () -- \Program Files\Kodak\KODAK Share Button App\web\yui\2.8.0r4\build\uploader\uploader-min.js
[2012.02.03 14:14:34 | 000,007,098 | ---- | M] () -- \Program Files\Kodak\KODAK Share Button App\web\yui\2.8.0r4\build\uploader\assets\uploader.swf
[2012.02.03 14:14:34 | 000,029,527 | ---- | M] () -- \Program Files\Kodak\KODAK Share Button App\web\yui\2.8.0r4\build\yuiloader\yuiloader-min.js
[2010.09.01 03:36:32 | 000,023,040 | ---- | M] () -- \Program Files\Microsoft Expression\Blend 4\Microsoft.VisualStudio.AssetSystem.Loader.dll
[2005.10.14 12:49:47 | 000,017,624 | ---- | M] () -- \Program Files\Microsoft SQL Server\90\Tools\Binn\SqlResourceLoader.dll
[2005.10.14 12:49:47 | 000,017,624 | ---- | M] () -- \Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SqlResourceLoader.dll
[2011.01.17 17:21:04 | 000,006,263 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2012.02.15 21:28:51 | 000,021,504 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2011.01.17 18:00:08 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2012.02.15 21:28:55 | 000,029,184 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2010.11.19 13:24:20 | 000,003,689 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2012.01.31 16:08:26 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.01.31 16:08:26 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.01.31 16:08:26 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.01.31 16:08:26 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.04.22 13:45:52 | 000,000,679 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw\loaderror.html
[2012.04.22 13:45:41 | 000,000,659 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-ar\loaderror.html
[2012.04.22 13:45:44 | 000,000,682 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-cs\loaderror.html
[2012.04.22 13:45:52 | 000,000,612 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-da\loaderror.html
[2012.04.22 13:45:51 | 000,000,605 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-de\loaderror.html
[2012.04.22 13:45:47 | 000,000,579 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-en-rGB\loaderror.html
[2012.04.22 13:45:48 | 000,000,607 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-es\loaderror.html
[2012.04.22 13:45:45 | 000,000,633 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-fi\loaderror.html
[2012.04.22 13:45:47 | 000,000,613 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-fr\loaderror.html
[2012.04.22 13:45:42 | 000,000,628 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-hu\loaderror.html
[2012.04.22 13:45:43 | 000,000,622 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-it\loaderror.html
[2012.04.22 13:45:45 | 000,000,654 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-iw\loaderror.html
[2012.04.22 13:45:45 | 000,000,656 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-ja\loaderror.html
[2012.04.22 13:45:43 | 000,000,648 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-ko\loaderror.html
[2012.04.22 13:45:42 | 000,000,592 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-nl\loaderror.html
[2012.04.22 13:45:46 | 000,000,628 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-pl\loaderror.html
[2012.04.22 13:45:47 | 000,000,676 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-pt-rBR\loaderror.html
[2012.04.22 13:45:51 | 000,000,617 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-rm\loaderror.html
[2012.04.22 13:45:45 | 000,000,705 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-ru\loaderror.html
[2012.04.22 13:45:52 | 000,000,678 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-th\loaderror.html
[2012.04.22 13:45:47 | 000,000,570 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-tr\loaderror.html
[2012.04.22 13:45:43 | 000,000,556 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-zh-rCN\loaderror.html
[2012.04.22 13:45:53 | 000,000,635 | ---- | M] () -- \Users\user\android-sdks\platforms\android-15\data\res\raw-zh-rTW\loaderror.html
[2012.04.22 13:48:01 | 000,000,677 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw\loaderror.html
[2012.04.22 13:47:54 | 000,000,643 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-ar\loaderror.html
[2012.04.22 13:48:01 | 000,000,682 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-cs\loaderror.html
[2012.04.22 13:48:01 | 000,000,612 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-da\loaderror.html
[2012.04.22 13:47:58 | 000,000,605 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-de\loaderror.html
[2012.04.22 13:48:00 | 000,000,579 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-en-rGB\loaderror.html
[2012.04.22 13:47:54 | 000,000,607 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-es\loaderror.html
[2012.04.22 13:48:02 | 000,000,633 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-fi\loaderror.html
[2012.04.22 13:48:01 | 000,000,613 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-fr\loaderror.html
[2012.04.22 13:48:02 | 000,000,628 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-hu\loaderror.html
[2012.04.22 13:47:54 | 000,000,622 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-it\loaderror.html
[2012.04.22 13:48:01 | 000,000,638 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-iw\loaderror.html
[2012.04.22 13:48:01 | 000,000,656 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-ja\loaderror.html
[2012.04.22 13:47:54 | 000,000,648 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-ko\loaderror.html
[2012.04.22 13:47:57 | 000,000,592 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-nl\loaderror.html
[2012.04.22 13:47:57 | 000,000,628 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-pl\loaderror.html
[2012.04.22 13:47:54 | 000,000,676 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-pt-rBR\loaderror.html
[2012.04.22 13:48:02 | 000,000,705 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-ru\loaderror.html
[2012.04.22 13:47:59 | 000,000,678 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-th\loaderror.html
[2012.04.22 13:47:56 | 000,000,570 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-tr\loaderror.html
[2012.04.22 13:48:01 | 000,000,556 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-zh-rCN\loaderror.html
[2012.04.22 13:48:00 | 000,000,635 | ---- | M] () -- \Users\user\android-sdks\platforms\android-7\data\res\raw-zh-rTW\loaderror.html
[2012.02.08 20:08:46 | 000,057,728 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2012.02.08 20:08:46 | 000,057,728 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2012.02.08 20:08:46 | 000,057,728 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2012.02.08 20:08:46 | 000,057,728 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2012.02.08 20:08:46 | 000,057,728 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2012.02.08 20:08:46 | 000,061,770 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2012.02.08 20:08:46 | 000,061,770 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2012.05.22 10:06:12 | 000,010,519 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IHE1IZQ\AdLoader-aee74f28845638b42a47bb02dc06a7c6.min[1].js
[2012.05.22 10:06:12 | 000,000,652 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F82M18GX\AdLoader[1].htm
[2012.05.22 10:31:13 | 000,000,905 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQ3L162T\TooltipLoader[1].css
[2012.05.22 10:31:13 | 000,014,290 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQ3L162T\TooltipLoader[1].js
[2012.03.02 16:33:42 | 000,001,849 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3SA4TCTO\zoomloader[1].gif

mike22 · #12 Příspěvek od **mike22** » 26 kvě 2012 22:39

[2012.04.07 23:45:03 | 000,003,917 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HHHQ0NSJ\441564m-preloader-svetly[1].gif
[2012.03.02 16:33:43 | 000,000,673 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WK0CSTSL\loader.white[1].gif
[2012.03.16 20:35:32 | 000,009,051 | ---- | M] () -- \Users\user\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\loader.gif
[2012.03.16 20:35:32 | 000,016,119 | ---- | M] () -- \Users\user\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.jpg
[2012.03.16 20:35:32 | 000,018,434 | ---- | M] () -- \Users\user\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.png
[2012.03.16 20:35:32 | 000,006,553 | ---- | M] () -- \Users\user\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\ImageInfoLoader.js
[2012.04.30 22:21:12 | 000,000,494 | ---- | M] () -- \Users\user\AppData\Roaming\Microsoft\Windows\Recent\bootloader4.lnk
[2012.05.04 15:56:15 | 000,000,743 | ---- | M] () -- \Users\user\AppData\Roaming\Microsoft\Windows\Recent\lk_bootloader_and_recovery.rar.lnk
[2012.04.14 10:32:14 | 000,000,601 | ---- | M] () -- \Users\user\AppData\Roaming\Microsoft\Windows\Recent\mskip_HD_Mini_Android_Loader_V1.0.cab.lnk
[2012.04.29 11:39:36 | 004,525,705 | ---- | M] () -- \Users\user\Desktop\CM9.0\lk_bootloader_and_recovery.rar
[2012.02.17 20:13:51 | 000,000,051 | ---- | M] () -- \Users\user\Desktop\CM9.0\lk_bootloader_and_recovery\bootloader.bat
[2012.04.22 13:30:55 | 000,001,824 | ---- | M] () -- \Users\user\Desktop\eclipse\configuration\org.eclipse.osgi\bundles\96\1\.cp\org\eclipse\epp\usagedata\internal\ui\uploaders\AskUserUploader$1.class
[2012.04.22 13:30:55 | 000,001,361 | ---- | M] () -- \Users\user\Desktop\eclipse\configuration\org.eclipse.osgi\bundles\96\1\.cp\org\eclipse\epp\usagedata\internal\ui\uploaders\AskUserUploader$2.class
[2012.04.22 13:30:55 | 000,005,630 | ---- | M] () -- \Users\user\Desktop\eclipse\configuration\org.eclipse.osgi\bundles\96\1\.cp\org\eclipse\epp\usagedata\internal\ui\uploaders\AskUserUploader.class
[2012.04.22 13:30:55 | 000,002,360 | ---- | M] () -- \Users\user\Desktop\eclipse\configuration\org.eclipse.osgi\bundles\96\1\.cp\org\eclipse\epp\usagedata\internal\ui\wizards\AskUserUploaderWizard.class
[2008.06.16 16:03:36 | 000,685,056 | ---- | M] () -- \Users\user\Desktop\hardSpl\EnterBootloader.exe
[2012.04.29 11:39:36 | 004,525,705 | ---- | M] () -- \Users\user\Desktop\odpadandroid\bootloader4\lk_bootloader_and_recovery.rar
[2012.02.17 20:13:51 | 000,000,051 | ---- | M] () -- \Users\user\Desktop\odpadandroid\bootloader4\lk_bootloader_and_recovery\bootloader.bat
[2012.01.23 14:02:46 | 000,000,059 | ---- | M] () -- \Users\user\Desktop\odpadandroid\cm7.2rom\pc\Fastboot\bootloader.bat
[2012.01.23 14:02:46 | 000,000,059 | ---- | M] () -- \Users\user\Desktop\odpadandroid\Fastboot\bootloader.bat
[2012.04.08 21:41:39 | 000,000,080 | ---- | M] () -- \Users\user\Desktop\odpadandroid\lk\bootloader.bat
[2012.05.11 13:06:27 | 000,083,456 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\9cbddfcee12d09b6101cab70831c391d\Microsoft.VisualStudio.AssetSystem.Loader.ni.dll
[2010.03.24 20:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2010.03.24 20:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2007.11.07 11:21:26 | 000,072,192 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\1AB6481D8116FDE3C875E6A140467683\9.0.21022\FL_coloader80_dll_128691_128691_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2007.11.06 21:10:00 | 000,004,096 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\1AB6481D8116FDE3C875E6A140467683\9.0.21022\FL_coloader80_tlb_128927_128927_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2007.11.07 11:21:26 | 000,072,192 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C22470D253ACA5733A8A6313BA58FB5E\9.0.21022\FL_coloader80_dll_128691_128691_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2007.11.06 21:10:00 | 000,004,096 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C22470D253ACA5733A8A6313BA58FB5E\9.0.21022\FL_coloader80_tlb_128927_128927_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2010.11.21 01:42:36 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2010.11.21 01:42:36 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2010.11.21 01:42:36 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2010.11.20 23:31:02 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2010.11.20 23:31:02 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2010.11.20 23:31:02 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2010.11.21 01:41:52 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2010.11.20 23:23:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.01.14 14:22:40 | 000,068,096 | ---- | M] () -- \xampp\MercuryMail\loader.exe
[2009.12.20 00:00:00 | 000,014,987 | ---- | M] () -- \xampp\perl\lib\AutoLoader.pm
[2009.12.20 00:00:00 | 000,025,806 | ---- | M] () -- \xampp\perl\lib\DynaLoader.pm
[2009.12.20 00:00:00 | 000,017,341 | ---- | M] () -- \xampp\perl\lib\SelfLoader.pm
[2009.12.20 00:00:00 | 000,010,882 | ---- | M] () -- \xampp\perl\lib\XSLoader.pm
[2009.12.20 00:00:00 | 000,001,329 | ---- | M] () -- \xampp\perl\lib\Locale\Maketext\GutsLoader.pm
[2009.12.20 00:00:00 | 000,001,027 | ---- | M] () -- \xampp\perl\site\lib\Apache2\XSLoader.pm
[2009.12.20 00:00:00 | 000,001,031 | ---- | M] () -- \xampp\perl\site\lib\APR\XSLoader.pm
[2009.12.20 00:00:00 | 000,010,700 | ---- | M] () -- \xampp\perl\site\lib\ModPerl\RegistryLoader.pm
[2008.12.22 12:17:00 | 000,006,914 | ---- | M] () -- \xampp\php\PEAR\PEAR\Autoloader.php
[2008.12.22 12:17:00 | 000,070,142 | ---- | M] () -- \xampp\php\PEAR\PEAR\Downloader.php
[2011.08.05 10:19:10 | 000,005,449 | ---- | M] () -- \xampp\php\PEAR\PHPUnit\Runner\StandardTestSuiteLoader.php
[2011.08.05 10:19:10 | 000,002,817 | ---- | M] () -- \xampp\php\PEAR\PHPUnit\Runner\TestSuiteLoader.php
[2011.08.05 10:19:10 | 000,004,758 | ---- | M] () -- \xampp\php\PEAR\PHPUnit\Util\Fileloader.php
[2008.12.22 12:52:24 | 000,004,609 | ---- | M] () -- \xampp\php\PEAR\PHPUnit2\Runner\StandardTestSuiteLoader.php
[2008.12.22 12:52:24 | 000,003,186 | ---- | M] () -- \xampp\php\PEAR\PHPUnit2\Runner\TestSuiteLoader.php
[2008.12.22 12:52:24 | 000,003,767 | ---- | M] () -- \xampp\php\PEAR\PHPUnit2\Util\Fileloader.php
[2011.06.11 11:35:48 | 000,015,342 | ---- | M] () -- \xampp\tomcat\webapps\docs\class-loader-howto.html
[2011.06.11 11:35:48 | 000,013,138 | ---- | M] () -- \xampp\tomcat\webapps\docs\config\loader.html

< *RemoveWAT* /s >

< *minodlogin* /s >

< *tnod* /s >
[2012.04.22 13:30:56 | 000,000,200 | ---- | M] () -- \Users\user\Desktop\eclipse\configuration\org.eclipse.osgi\bundles\183\1\.cp\org\eclipse\m2e\core\ui\internal\views\nodes\IArtifactNode.class
[2012.04.22 13:30:56 | 000,002,900 | ---- | M] () -- \Users\user\Desktop\eclipse\configuration\org.eclipse.osgi\bundles\183\1\.cp\org\eclipse\m2e\core\ui\internal\views\nodes\IndexedArtifactNode.class
[2012.04.22 13:30:56 | 000,001,903 | ---- | M] () -- \Users\user\Desktop\eclipse\configuration\org.eclipse.osgi\bundles\183\1\.cp\org\eclipse\m2e\core\ui\internal\views\nodes\LocalRepositoryRootNode.class

< *TemDono* /s >

< *AutoKMS* /s >

< *KMSEmulator* /s >

< *activator* /s >
[2010.09.01 03:40:42 | 000,016,824 | ---- | M] () -- \Program Files\Microsoft Expression\Blend 4\Microsoft.Expression.LicenseActivator.exe
[2010.09.01 03:40:42 | 000,016,832 | ---- | M] () -- \Program Files\Microsoft Expression\Blend 4\Microsoft.Expression.LicensePhoneActivator.exe
[2012.04.22 13:30:56 | 000,005,077 | ---- | M] () -- \Users\user\Desktop\eclipse\configuration\org.eclipse.osgi\bundles\183\1\.cp\org\eclipse\m2e\core\ui\internal\M2EUIPluginActivator.class
[2012.04.22 13:30:55 | 000,002,831 | ---- | M] () -- \Users\user\Desktop\eclipse\configuration\org.eclipse.osgi\bundles\96\1\.cp\org\eclipse\epp\usagedata\internal\ui\Activator.class

< *serial* /s >
[2012.04.22 13:43:43 | 000,008,955 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\com\android\internal\util\FastXmlSerializer.class
[2012.04.22 13:43:40 | 000,001,633 | ---- | M] () -- \Program Files\Android\android-sdk\platforms\android-10\data\org\xmlpull\v1\XmlSerializer.class
[2009.08.17 23:35:44 | 000,141,168 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\System.Runtime.Serialization.Json.dll
[2009.04.14 10:47:30 | 000,000,464 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\System.Runtime.Serialization.Json.extmap.xml
[2009.06.11 05:20:48 | 000,006,699 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\System.Runtime.Serialization.Json.xml
[2009.08.17 23:35:44 | 000,321,392 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\System.Xml.Serialization.dll
[2009.04.14 10:56:20 | 000,000,437 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\System.Xml.Serialization.extmap.xml
[2009.06.11 05:20:48 | 000,149,896 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\System.Xml.Serialization.xml
[2009.08.17 23:35:44 | 000,022,408 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\de\System.Runtime.Serialization.Json.Resources.dll
[2009.08.17 23:35:44 | 000,046,976 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\de\System.Xml.Serialization.Resources.dll
[2009.08.17 23:35:44 | 000,022,408 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\es\System.Runtime.Serialization.Json.Resources.dll
[2009.08.17 23:35:44 | 000,046,968 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\es\System.Xml.Serialization.Resources.dll
[2009.08.17 23:35:44 | 000,022,936 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\fr\System.Runtime.Serialization.Json.Resources.dll
[2009.08.17 23:35:44 | 000,046,968 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\fr\System.Xml.Serialization.Resources.dll
[2009.08.17 23:35:44 | 000,022,424 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\it\System.Runtime.Serialization.Json.Resources.dll
[2009.08.17 23:35:44 | 000,046,968 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\it\System.Xml.Serialization.Resources.dll
[2009.08.17 23:35:44 | 000,034,712 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\ja\System.Runtime.Serialization.Json.Resources.dll
[2009.08.17 23:35:44 | 000,051,072 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\ja\System.Xml.Serialization.Resources.dll
[2009.08.17 23:35:44 | 000,022,408 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\ko\System.Runtime.Serialization.Json.Resources.dll
[2009.08.17 23:35:44 | 000,046,968 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\ko\System.Xml.Serialization.Resources.dll
[2009.08.17 23:35:44 | 000,030,616 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\zh-Hans\System.Runtime.Serialization.Json.Resources.dll
[2009.08.17 23:35:44 | 000,042,880 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\zh-Hans\System.Xml.Serialization.Resources.dll
[2009.08.17 23:35:44 | 000,030,616 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\zh-Hant\System.Runtime.Serialization.Json.Resources.dll
[2009.08.17 23:35:44 | 000,042,872 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v3.0\Libraries\Client\zh-Hant\System.Xml.Serialization.Resources.dll
[2010.08.26 03:17:48 | 000,141,184 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\System.Runtime.Serialization.Json.dll
[2009.04.14 10:47:30 | 000,000,464 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\System.Runtime.Serialization.Json.extmap.xml
[2010.02.26 03:01:10 | 000,006,753 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\System.Runtime.Serialization.Json.xml
[2010.08.26 03:17:48 | 000,321,392 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\System.Xml.Serialization.dll
[2009.04.14 10:56:20 | 000,000,437 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\System.Xml.Serialization.extmap.xml
[2010.03.06 06:00:46 | 000,152,855 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\System.Xml.Serialization.xml
[2010.08.26 03:17:48 | 000,021,912 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\de\System.Runtime.Serialization.Json.Resources.dll
[2010.08.26 03:17:48 | 000,046,976 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\de\System.Xml.Serialization.Resources.dll
[2010.08.26 03:17:48 | 000,021,912 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\es\System.Runtime.Serialization.Json.Resources.dll
[2010.08.26 03:17:48 | 000,046,976 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\es\System.Xml.Serialization.Resources.dll
[2010.08.26 03:17:48 | 000,022,936 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\fr\System.Runtime.Serialization.Json.Resources.dll
[2010.08.26 03:17:48 | 000,046,976 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\fr\System.Xml.Serialization.Resources.dll
[2010.08.26 03:17:48 | 000,021,912 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\it\System.Runtime.Serialization.Json.Resources.dll
[2010.08.26 03:17:48 | 000,046,976 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\it\System.Xml.Serialization.Resources.dll
[2010.08.26 03:17:48 | 000,034,712 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\ja\System.Runtime.Serialization.Json.Resources.dll
[2010.08.26 03:17:48 | 000,051,072 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\ja\System.Xml.Serialization.Resources.dll
[2010.08.26 03:17:48 | 000,021,912 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\ko\System.Runtime.Serialization.Json.Resources.dll
[2010.08.26 03:17:48 | 000,046,976 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\ko\System.Xml.Serialization.Resources.dll
[2010.08.26 03:17:48 | 000,026,008 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\ru\System.Runtime.Serialization.Json.Resources.dll
[2010.08.26 03:17:48 | 000,055,168 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\ru\System.Xml.Serialization.Resources.dll
[2010.08.26 03:17:48 | 000,030,616 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\zh-Hans\System.Runtime.Serialization.Json.Resources.dll
[2010.08.26 03:17:48 | 000,042,880 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\zh-Hans\System.Xml.Serialization.Resources.dll
[2010.08.26 03:17:48 | 000,030,616 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\zh-Hant\System.Runtime.Serialization.Json.Resources.dll
[2010.08.26 03:17:48 | 000,042,880 | ---- | M] () -- \Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\zh-Hant\System.Xml.Serialization.Resources.dll
[2012.03.29 06:01:00 | 000,413,696 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.dll
[2012.05.10 23:08:35 | 001,186,816 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.ni.dll
[2010.09.01 13:34:08 | 000,017,920 | ---- | M] () -- \Program Files\Microsoft XNA\XNA Game Studio\v4.0\References\Xbox360\System.Xml.Serialization.dll
[2010.09.01 13:34:08 | 000,000,094 | ---- | M] () -- \Program Files\Microsoft XNA\XNA Game Studio\v4.0\References\Xbox360\System.Xml.Serialization.xml
[2010.03.18 20:31:26 | 000,370,552 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\Client\System.Runtime.Serialization.dll
[2010.03.18 20:31:26 | 000,042,904 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\Client\System.Runtime.Serialization.Formatters.Soap.dll
[2009.04.04 05:54:40 | 000,009,272 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\Client\System.Runtime.Serialization.Formatters.Soap.xml
[2009.04.04 05:54:40 | 000,285,032 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\Client\System.Runtime.Serialization.xml
[2010.03.18 20:31:26 | 000,429,432 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\System.Runtime.Serialization.dll
[2010.03.18 20:31:26 | 000,032,664 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\System.Runtime.Serialization.Formatters.Soap.dll
[2009.04.04 05:10:34 | 000,007,862 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\System.Runtime.Serialization.Formatters.Soap.xml
[2009.12.16 22:57:08 | 000,332,539 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\System.Runtime.Serialization.xml
[2010.03.18 20:31:26 | 000,429,432 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\Profile\Client\System.Runtime.Serialization.dll
[2010.03.18 20:31:26 | 000,032,664 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\Profile\Client\System.Runtime.Serialization.Formatters.Soap.dll
[2009.04.04 05:10:34 | 000,007,862 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\Profile\Client\System.Runtime.Serialization.Formatters.Soap.xml
[2009.12.16 22:57:08 | 000,332,539 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\Profile\Client\System.Runtime.Serialization.xml
[2009.08.17 22:34:48 | 000,415,592 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v3.0\System.Runtime.Serialization.dll
[2009.06.11 05:20:48 | 000,165,919 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v3.0\system.runtime.serialization.xml
[2009.08.17 23:09:06 | 000,063,384 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v3.0\en-us\System.Runtime.Serialization.debug.resources.dll
[2010.08.26 01:59:40 | 000,419,704 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\System.Runtime.Serialization.dll
[2010.03.09 02:42:30 | 000,176,857 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\system.runtime.serialization.xml
[2010.08.26 02:33:54 | 000,063,384 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\en-us\System.Runtime.Serialization.debug.resources.dll
[2010.09.01 04:51:10 | 000,034,608 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone\System.Runtime.Serialization.dll
[2010.08.17 16:00:18 | 000,176,892 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone\System.Runtime.Serialization.xml
[2010.09.01 04:51:10 | 000,025,392 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone\System.Xml.Serialization.dll
[2010.08.17 16:00:18 | 000,152,908 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone\System.Xml.Serialization.xml
[2010.11.20 23:29:48 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.21 01:42:25 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2009.04.04 05:54:40 | 000,285,032 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\en\System.Runtime.Serialization.xml
[2012.04.22 13:30:55 | 000,004,964 | ---- | M] () -- \Users\user\Desktop\eclipse\configuration\org.eclipse.osgi\bundles\92\1\.cp\org\eclipse\epp\internal\mpc\ui\wizards\SelectionModelStateSerializer.class
[2012.02.16 14:09:44 | 000,293,199 | ---- | M] () -- \Users\user\Desktop\eclipse\plugins\org.apache.xml.serializer_2.7.1.v201005080400.jar
[2010.11.21 01:42:20 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.21 01:42:25 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2010.11.20 23:29:48 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.05.11 12:50:19 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.11 13:02:24 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
[2012.05.11 13:07:12 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5a4d233916a69d48fa12a9f7f103d893\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.11 13:09:02 | 002,647,040 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
[2012.05.11 13:11:30 | 000,009,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\4b540b784465ca3f0742990e5af444e3\System.Xml.Serialization.ni.dll
[2012.02.09 23:24:37 | 000,017,840 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.05.10 23:11:22 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.02.09 23:24:37 | 000,099,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2012.05.10 23:11:22 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.05.10 23:11:26 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.21 01:42:16 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.04.04 05:54:40 | 000,009,272 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\en\System.Runtime.Serialization.Formatters.Soap.xml
[2010.11.20 23:29:48 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.06 17:48:20 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2010.06.15 03:33:16 | 000,017,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.06.15 03:33:16 | 000,099,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2010.11.21 01:42:17 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2010.11.21 01:42:22 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009.07.14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009.07.14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009.07.14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2010.11.21 01:42:36 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2010.11.20 23:24:56 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2010.11.21 01:42:00 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2010.11.20 23:24:56 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2009.07.14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2010.11.20 23:24:56 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.21 01:42:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.20 23:29:48 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2010.11.21 01:42:25 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010.11.20 23:29:48 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2009.07.14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2010.11.21 01:42:16 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_c233d4df09982c29\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.21 01:42:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010.11.21 01:42:25 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2010.11.21 01:42:22 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009.07.14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2010.11.20 23:29:48 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2009.12.20 00:00:00 | 000,002,030 | ---- | M] () -- \xampp\perl\site\lib\SOAP\Deserializer.pod
[2009.12.20 00:00:00 | 000,013,276 | ---- | M] () -- \xampp\perl\site\lib\SOAP\Serializer.pod
[2008.12.22 12:55:36 | 000,060,332 | ---- | M] () -- \xampp\php\PEAR\.registry\xml_serializer.reg
[2008.12.22 12:55:36 | 000,039,996 | ---- | M] () -- \xampp\php\PEAR\XML\Serializer.php
[2008.12.22 12:55:36 | 000,030,074 | ---- | M] () -- \xampp\php\PEAR\XML\Unserializer.php

< *w7lxe* /s >

< *AutoRearm* /s >

< %userprofile%\*.bat /s >
[2012.04.22 13:42:45 | 000,002,618 | ---- | M] () -- C:\Users\user\android-sdks\platform-tools\dx.bat
[2012.04.22 13:43:55 | 000,003,419 | ---- | M] () -- C:\Users\user\android-sdks\tools\android.bat
[2012.04.22 13:43:52 | 000,001,444 | ---- | M] () -- C:\Users\user\android-sdks\tools\apkbuilder.bat
[2012.04.22 13:43:54 | 000,002,304 | ---- | M] () -- C:\Users\user\android-sdks\tools\ddms.bat
[2012.04.22 13:43:53 | 000,001,445 | ---- | M] () -- C:\Users\user\android-sdks\tools\draw9patch.bat
[2012.04.22 13:43:55 | 000,002,378 | ---- | M] () -- C:\Users\user\android-sdks\tools\hierarchyviewer.bat
[2012.04.22 13:43:53 | 000,001,885 | ---- | M] () -- C:\Users\user\android-sdks\tools\lint.bat
[2012.04.22 13:43:53 | 000,001,926 | ---- | M] () -- C:\Users\user\android-sdks\tools\monkeyrunner.bat
[2012.04.22 13:43:55 | 000,001,919 | ---- | M] () -- C:\Users\user\android-sdks\tools\traceview.bat
[2012.04.22 13:43:54 | 000,001,991 | ---- | M] () -- C:\Users\user\android-sdks\tools\lib\find_java.bat
[2012.04.22 13:43:54 | 000,001,631 | ---- | M] () -- C:\Users\user\android-sdks\tools\lib\post_tools_install.bat
[2012.04.22 13:43:55 | 000,000,427 | ---- | M] () -- C:\Users\user\android-sdks\tools\proguard\bin\proguard.bat
[2012.04.22 13:43:54 | 000,000,441 | ---- | M] () -- C:\Users\user\android-sdks\tools\proguard\bin\proguardgui.bat
[2012.04.22 13:43:55 | 000,000,454 | ---- | M] () -- C:\Users\user\android-sdks\tools\proguard\bin\retrace.bat
[2012.02.17 20:13:51 | 000,000,051 | ---- | M] () -- C:\Users\user\Desktop\CM9.0\lk_bootloader_and_recovery\bootloader.bat
[2012.02.17 18:46:41 | 000,000,066 | ---- | M] () -- C:\Users\user\Desktop\CM9.0\lk_bootloader_and_recovery\recovery.bat
[2012.01.19 16:38:04 | 000,007,472 | ---- | M] () -- C:\Users\user\Desktop\eclipse\plugins\org.apache.ant_1.8.2.v20120109-1030\bin\ant.bat
[2012.01.19 16:38:04 | 000,001,536 | ---- | M] () -- C:\Users\user\Desktop\eclipse\plugins\org.apache.ant_1.8.2.v20120109-1030\bin\antRun.bat
[2012.01.19 16:38:04 | 000,001,116 | ---- | M] () -- C:\Users\user\Desktop\eclipse\plugins\org.apache.ant_1.8.2.v20120109-1030\bin\lcp.bat
[2012.02.17 20:13:51 | 000,000,051 | ---- | M] () -- C:\Users\user\Desktop\odpadandroid\bootloader4\lk_bootloader_and_recovery\bootloader.bat
[2012.02.17 18:46:41 | 000,000,066 | ---- | M] () -- C:\Users\user\Desktop\odpadandroid\bootloader4\lk_bootloader_and_recovery\recovery.bat
[2012.01.23 14:02:46 | 000,000,059 | ---- | M] () -- C:\Users\user\Desktop\odpadandroid\cm7.2rom\pc\Fastboot\bootloader.bat
[2012.01.23 14:03:03 | 000,000,053 | ---- | M] () -- C:\Users\user\Desktop\odpadandroid\cm7.2rom\pc\Fastboot\recovery.bat
[2012.01.23 14:02:46 | 000,000,059 | ---- | M] () -- C:\Users\user\Desktop\odpadandroid\Fastboot\bootloader.bat
[2012.01.23 14:03:03 | 000,000,053 | ---- | M] () -- C:\Users\user\Desktop\odpadandroid\Fastboot\recovery.bat
[2012.04.08 21:41:39 | 000,000,080 | ---- | M] () -- C:\Users\user\Desktop\odpadandroid\lk\bootloader.bat
[2012.04.08 21:43:24 | 000,000,169 | ---- | M] () -- C:\Users\user\Desktop\odpadandroid\lk\recovery.bat

< >

< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Tilt" = C:\Program Files\GIGABYTE\GHOST\Tilt.exe -- [2009.06.26 07:17:02 | 000,724,992 | ---- | M] ()
"Windows Mobile Device Center" = %windir%\WindowsMobile\wmdc.exe -- [2007.05.31 10:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation)
"nwiz" = C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet -- [2011.09.07 11:43:08 | 001,634,112 | ---- | M] ()
"avast" = "F:\programs\avast\avastUI.exe" /nogui -- [2011.11.28 20:01:24 | 003,744,552 | ---- | M] (AVAST Software)
"SunJavaUpdateSched" = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" -- [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.)
"Malwarebytes' Anti-Malware" = "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray -- [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation)

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2012.02.29 09:55:08 | 017,148,552 | R--- | M] (Skype Technologies S.A.)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2012.01.19 19:08:34 | 003,477,312 | ---- | M] (DT Soft Ltd)
"Steam" = "F:\steam\Steam.exe" -silent -- [2012.02.12 17:23:54 | 001,242,448 | ---- | M] (Valve Corporation)
"KGShareApp" = C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe -- [2012.02.03 14:16:32 | 000,394,752 | ---- | M] (Eastman Kodak Company)
"Google Update" = "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2012.05.22 10:32:28 | 000,116,648 | ---- | M] (Google Inc.)

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.05.26 22:59:05 | 000,000,512 | ---- | M] () MD5=BA75492B0057747B1F028054EA80D85D -- C:\PhysicalMBR.bin

< End of report >

Danstahr · #13 Příspěvek od **Danstahr** » 27 kvě 2012 17:50

Proskenujte PC pomocí AVPTool (http://www.viry.cz/forum/viewtopic.php?t=58179).

VIRY.CZ

FB virus :(

FB virus :(

Re: FB virus :(

Re: FB virus :(

Re: FB virus :(

Re: FB virus :(

Re: FB virus :(

Re: FB virus :(

Re: FB virus :(

Re: FB virus :(

Re: FB virus :(

Re: FB virus :(

Re: FB virus :(

Re: FB virus :(