prosim o kontrolu logu

Zpráva

#16 Příspěvek od **Márty84** » 18 lis 2012 19:35

BlackAngel píše:Jo, aha....tak musite dat nejaky odkaz nebo vysvetleni co to vubec MBAM je

No, ja odkaz daval hned, stacilo se podivat. Tam je navod vcetne obrazku a hned na prvnim radku (kdyz nepocitam pozdrav) je napsano, co to MBAM je.

BlackAngel píše:No ja teda nevim, kam vede odkaz vas....ale me veda takto

Ano, nejdrive se musi kliknout na free download (coz si myslim ze vetsine lidi dojde) a tam uz je pak zmineny napis download now, kterym uz se MBAM stahne. Ale to je jedno, hlavne ze se to nakonec povedlo.

Nalezy MBAM nechte odstranit. A zkopirujte sem log, ktery by se mel po odstraneni objevit. Abych videl, zda se to zdarilo, nebo se neco brani.

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

BlackAngel · #17 Příspěvek od **BlackAngel** » 19 lis 2012 10:08

Jo, prominte, tak ja jsem jel postupne a uz jsem se nedival na ten zacatek. Moje chyba. Tady ten log a jdu udelat tu druhou cast.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.11.18.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Nasgharet :: BLACKANGEL [administrátor]

18.11.2012 18:08:09
mbam-log-2012-11-18 (18-08-09).txt

Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 339597
Uplynulý čas: 42 minut, 23 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 6
C:\Windows\AutoKMS.exe (Riskware.Keygen) -> Umístnění do karantény a smazání se zdařilo.
D:\---Download---\---Vuze Download---\Nero 8 FULL CZ\nero-8.x-keygen\Nero 8.x KeyGen.exe (RiskWare.Tool.CK) -> Umístnění do karantény a smazání se zdařilo.
D:\---Games--\---ISO---\TERA_EURO\Client\Binaries\TERA.exe (VirTool.Vbcrypt) -> Umístnění do karantény a smazání se zdařilo.
D:\---Games--\L2 - Gracia final\system\msxml4b.dll (Spyware.Agent) -> Umístnění do karantény a smazání se zdařilo.
D:\---Games--\L2 - Gracia final\system\msxml4c.dll (Trojan.Spy.Agent) -> Umístnění do karantény a smazání se zdařilo.
D:\---Games--\Super Meat Boy\Uninstall.exe (Malware.Packer.Krunchy) -> Umístnění do karantény a smazání se zdařilo.

(konec)

#18 Příspěvek od **Márty84** » 19 lis 2012 11:32

V pohode

Tak ted ten druhy. Vecer na to kouknu, za chvili jdu totiz zas do prace.

BlackAngel · #19 Příspěvek od **BlackAngel** » 19 lis 2012 15:10

Ten druhy jsem nechal jet a ted jsem prisel ze skoly a mel tam chybu ze nemuze vytvorit cmd.bat. Nemel jsem ho teda ale ulozeny na plose jak jste psal. Byl jinde, ale jako spravce jsem ho spustil. Zkusim to znovu.....ale musim za chvilku pryc, nevim jestli to stihne dojet. Pokud ne, tak to sem hodim vecer jak prijdu....snad to pujde.

BlackAngel · #20 Příspěvek od **BlackAngel** » 19 lis 2012 15:26

Tady to je

OTL logfile created on: 19.11.2012 15:10:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nasgharet\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,07% Memory free
8,00 Gb Paging File | 6,23 Gb Available in Paging File | 77,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 28,89 Gb Free Space | 29,61% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 15,14 Gb Free Space | 4,11% Space Free | Partition Type: NTFS
Drive G: | 308,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: BLACKANGEL | User Name: Nasgharet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.19 10:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nasgharet\Desktop\OTL.exe
PRC - [2012.11.02 07:11:27 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.10.18 22:35:11 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012.10.09 10:53:54 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Nasgharet\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 15:57:27 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.05 11:33:02 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2007.09.20 15:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.09.20 15:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2012.11.02 07:11:26 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.11.02 07:11:22 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.11.02 07:11:22 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012.11.02 07:11:22 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.11.02 07:11:22 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.09.07 15:57:27 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.09.05 11:33:02 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012.07.27 18:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.11.15 18:01:16 | 002,461,104 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.02 07:11:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.07 15:57:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.05 11:37:33 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.27 20:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.27 17:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.13 22:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009.07.13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.19 18:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 12:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2026935260-663704885-634960974-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2026935260-663704885-634960974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2026935260-663704885-634960974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 15:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.09.05 11:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nasgharet\AppData\Roaming\Mozilla\Extensions
[2012.09.20 23:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nasgharet\AppData\Roaming\Mozilla\Firefox\Profiles\1kc8j041.default-1348185830213\extensions
[2012.09.05 11:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nasgharet\AppData\Roaming\Mozilla\Firefox\Profiles\gbf35yhf.default\extensions
[2012.09.20 16:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nasgharet\AppData\Roaming\Mozilla\Firefox\Profiles\gbf35yhf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012.09.07 15:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.09.07 15:57:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.24 21:07:30 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2012.08.24 21:07:30 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.08.24 21:07:30 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2012.08.24 21:07:30 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.08.24 21:07:31 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.06.10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [Akamai NetSession Interface] C:\Users\Nasgharet\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [AppVodBurner] C:\Program Files (x86)\VodBurner\vodburner.exe ()
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files (x86)\MemTurbo 4\MemTurbo.exe (SammSoft (www.sammsoft.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{089EB734-6F5A-4BDD-8E76-E10956AEED0E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.25 10:10:41 | 000,000,071 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3727e42f-f743-11e1-9293-4061861e37cb}\Shell - "" = AutoRun
O33 - MountPoints2\{3727e42f-f743-11e1-9293-4061861e37cb}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2010.08.25 10:10:41 | 000,481,923 | R--- | M] (Team17 )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.20 17:02:17 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\OGUpdater
[2012.12.20 16:54:04 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2012.12.20 16:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lineage II
[2012.12.20 16:41:25 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Roaming\InstallShield
[2012.11.19 15:09:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nasgharet\Desktop\OTL.exe
[2012.11.19 09:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2012.11.18 18:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.18 18:05:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.18 18:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.18 18:03:41 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.11.18 18:03:41 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.11.18 17:59:10 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.11.18 17:59:10 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.11.18 17:59:10 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.11.18 17:59:00 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.11.18 17:59:00 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.11.18 17:59:00 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.11.18 17:58:48 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.11.18 17:58:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.11.18 17:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MemTurbo
[2012.11.18 17:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MemTurbo 4
[2012.11.17 15:45:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.17 10:34:39 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\Akamai
[2012.11.17 01:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2012.11.16 23:51:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.16 15:00:08 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\Documents\Nero Home
[2012.11.16 14:59:24 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\Ahead
[2012.11.16 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\Nero
[2012.11.16 14:59:16 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Roaming\Nero
[2012.11.16 14:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2012.11.16 14:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.11.16 14:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.11.16 14:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.11.16 14:42:23 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.11.16 14:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.11.16 14:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.11.16 08:12:31 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\Aeria Games
[2012.11.16 08:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.11.16 08:11:16 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.16 08:08:22 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.11.16 08:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.16 08:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012.11.16 01:11:14 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2012.11.16 00:31:16 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012.11.07 10:02:42 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\PokerStars.BE
[2012.11.07 10:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.BE
[2012.11.07 10:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.BE
[2012.11.07 09:48:14 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\FullTiltPoker
[2012.11.07 09:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker
[2012.11.01 08:41:46 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.11.01 08:41:46 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.11.01 08:41:46 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.11.01 08:41:46 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.11.01 08:41:46 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.11.01 08:41:46 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.11.01 08:41:45 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.11.01 08:41:45 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.11.01 08:41:45 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.11.01 08:41:45 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.11.01 08:41:44 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012.11.01 08:41:44 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012.11.01 08:41:44 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.11.01 08:41:44 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.11.01 08:41:44 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.11.01 08:41:44 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.11.01 08:41:43 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012.11.01 08:41:43 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.11.01 08:41:42 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012.11.01 08:41:42 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012.11.01 08:41:41 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012.11.01 08:41:41 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.11.01 08:41:40 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012.11.01 08:41:40 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012.11.01 08:41:39 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012.11.01 08:41:39 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012.11.01 08:41:38 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012.11.01 08:41:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012.11.01 08:41:38 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012.11.01 08:41:38 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012.11.01 08:41:37 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012.11.01 08:41:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.11.01 08:41:37 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.11.01 08:41:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.11.01 08:41:36 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012.11.01 08:41:36 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2012.11.01 08:41:36 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012.11.01 08:41:36 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2012.11.01 08:41:35 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012.11.01 08:41:34 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012.11.01 08:41:34 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012.11.01 08:41:34 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012.11.01 08:41:34 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012.11.01 08:41:34 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012.11.01 08:41:34 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.11.01 08:41:33 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012.11.01 08:41:33 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012.11.01 08:41:33 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012.11.01 08:41:33 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012.11.01 08:41:33 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012.11.01 08:41:33 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012.11.01 08:41:32 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012.11.01 08:41:32 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012.11.01 08:41:32 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012.11.01 08:41:32 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.11.01 08:41:32 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.11.01 08:41:32 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012.11.01 08:41:32 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012.11.01 08:41:32 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.11.01 08:41:32 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012.11.01 08:41:32 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.11.01 08:41:31 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012.11.01 08:41:31 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.11.01 08:41:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.11.01 08:41:31 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012.11.01 08:41:31 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.11.01 08:41:31 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.11.01 08:41:30 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012.11.01 08:41:30 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.11.01 08:41:30 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012.11.01 08:41:30 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.11.01 08:41:30 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012.11.01 08:41:30 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.11.01 08:41:29 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012.11.01 08:41:29 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012.11.01 08:41:29 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012.11.01 08:41:29 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012.11.01 08:41:29 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012.11.01 08:41:29 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012.11.01 08:41:29 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012.11.01 08:41:29 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012.11.01 08:41:28 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012.11.01 08:41:28 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012.11.01 08:41:28 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012.11.01 08:41:28 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012.11.01 08:41:28 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012.11.01 08:41:28 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012.11.01 08:41:27 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012.11.01 08:41:27 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012.11.01 08:41:27 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012.11.01 08:41:27 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012.11.01 08:41:26 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012.11.01 08:41:26 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012.11.01 08:41:26 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012.11.01 08:41:26 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012.11.01 08:41:26 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012.11.01 08:41:26 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012.11.01 08:41:25 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012.11.01 08:41:25 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012.11.01 08:41:25 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012.11.01 08:41:25 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012.11.01 08:41:24 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012.11.01 08:41:24 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012.11.01 08:41:24 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012.11.01 08:41:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012.11.01 08:41:23 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012.11.01 08:41:23 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012.11.01 08:41:23 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012.11.01 08:41:23 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012.11.01 08:41:22 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012.11.01 08:41:22 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012.11.01 08:41:22 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012.11.01 08:41:22 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012.11.01 08:41:22 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012.11.01 08:41:22 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012.11.01 08:41:21 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012.11.01 08:41:21 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012.11.01 08:41:21 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012.11.01 08:41:21 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.11.01 08:41:21 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012.11.01 08:41:21 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.11.01 08:41:21 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012.11.01 08:41:21 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012.11.01 08:41:20 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012.11.01 08:41:20 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012.11.01 08:41:20 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012.11.01 08:41:19 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012.11.01 08:41:19 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012.11.01 08:41:19 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012.11.01 08:41:19 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012.11.01 08:41:19 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012.11.01 08:41:19 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012.11.01 08:41:18 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012.11.01 08:41:18 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012.11.01 08:41:18 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012.11.01 08:41:17 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012.11.01 08:41:17 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012.11.01 08:41:17 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012.11.01 08:41:17 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012.11.01 08:41:16 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.11.01 08:41:16 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.11.01 08:41:16 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012.11.01 08:41:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012.11.01 08:41:16 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012.11.01 08:41:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012.11.01 08:41:15 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012.11.01 08:41:15 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.11.01 08:41:14 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012.11.01 08:41:14 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012.11.01 08:41:14 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012.11.01 08:41:14 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012.11.01 08:41:14 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012.11.01 08:41:14 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012.11.01 08:41:08 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012.11.01 08:41:08 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012.11.01 08:41:07 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012.11.01 08:41:07 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012.11.01 08:41:07 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012.11.01 08:41:07 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012.11.01 08:41:06 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012.11.01 08:41:06 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012.11.01 08:41:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012.11.01 08:41:06 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012.11.01 08:41:05 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012.11.01 08:41:05 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012.11.01 08:41:04 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012.11.01 08:41:04 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012.10.30 16:07:15 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Roaming\Sun
[2012.10.25 15:12:44 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\Documents\VodBurner
[2012.10.25 15:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VodBurner
[2012.10.25 15:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VodBurner
[2012.10.21 22:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17

========== Files - Modified Within 30 Days ==========

[2012.11.19 10:10:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.11.19 10:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nasgharet\Desktop\OTL.exe
[2012.11.19 10:06:48 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 10:06:48 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 10:06:08 | 000,782,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.19 10:06:08 | 000,654,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.19 10:06:08 | 000,121,424 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 10:00:43 | 000,001,015 | ---- | M] () -- C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2012.11.19 09:58:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.19 09:58:37 | 3220,725,760 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.19 09:13:13 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2012.11.18 18:05:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.18 17:44:41 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\MemTurbo - PC Optimizer.lnk
[2012.11.18 17:44:41 | 000,000,977 | ---- | M] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\MemTurbo - PC Optimizer.lnk
[2012.11.17 15:51:19 | 000,411,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.17 10:36:53 | 000,002,595 | ---- | M] () -- C:\Help.sgi
[2012.11.16 23:56:14 | 000,000,176 | ---- | M] () -- C:\Users\Nasgharet\Desktop\DKżÂ¶óŔÎ.url
[2012.11.16 23:51:02 | 000,001,663 | ---- | M] () -- C:\Users\Nasgharet\Desktop\DK Online.lnk
[2012.11.16 14:52:43 | 000,002,765 | ---- | M] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012.11.16 14:52:43 | 000,002,741 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012.11.16 14:52:43 | 000,002,701 | ---- | M] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012.11.16 14:52:43 | 000,002,677 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2012.11.16 14:51:25 | 000,000,026 | ---- | M] () -- C:\Windows\Irremote.ini
[2012.11.16 14:42:20 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.11.16 08:11:16 | 000,001,639 | ---- | M] () -- C:\Users\Nasgharet\Desktop\Shaiya.lnk
[2012.11.16 08:08:22 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012.11.16 00:31:16 | 000,000,806 | ---- | M] () -- C:\Users\Nasgharet\Desktop\Warhammer Online - Age of Reckoning.lnk
[2012.11.10 10:08:20 | 000,028,032 | ---- | M] () -- C:\Users\Nasgharet\Desktop\red_dwarf_series_3_r4_01.jpg
[2012.11.08 16:45:03 | 000,022,659 | ---- | M] () -- C:\Users\Nasgharet\Desktop\nemcina.csv
[2012.11.07 15:44:28 | 000,241,121 | ---- | M] () -- C:\Users\Nasgharet\Desktop\FullTilt.png
[2012.11.07 10:02:42 | 000,001,108 | ---- | M] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.be.lnk
[2012.11.07 10:02:42 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.be.lnk
[2012.11.04 16:52:57 | 000,001,579 | ---- | M] () -- C:\Users\Nasgharet\Desktop\Heroes3 - Shortcut.lnk
[2012.10.31 21:42:23 | 000,000,219 | ---- | M] () -- C:\Users\Nasgharet\Desktop\Dota 2.url
[2012.10.25 06:45:52 | 000,083,069 | ---- | M] () -- C:\Users\Nasgharet\Desktop\matematika.jpg
[2012.10.21 22:57:17 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk

========== Files Created - No Company Name ==========

[2012.12.20 16:54:04 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2012.11.19 10:10:54 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.11.19 09:13:13 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2012.11.18 18:05:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.18 17:44:41 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\MemTurbo - PC Optimizer.lnk
[2012.11.18 17:44:41 | 000,001,015 | ---- | C] () -- C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2012.11.18 17:44:41 | 000,000,977 | ---- | C] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\MemTurbo - PC Optimizer.lnk
[2012.11.16 23:56:14 | 000,000,176 | ---- | C] () -- C:\Users\Nasgharet\Desktop\DKżÂ¶óŔÎ.url
[2012.11.16 23:52:17 | 000,002,595 | ---- | C] () -- C:\Help.sgi
[2012.11.16 23:51:02 | 000,001,663 | ---- | C] () -- C:\Users\Nasgharet\Desktop\DK Online.lnk
[2012.11.16 14:52:43 | 000,002,765 | ---- | C] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012.11.16 14:52:43 | 000,002,741 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012.11.16 14:52:43 | 000,002,701 | ---- | C] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012.11.16 14:52:43 | 000,002,677 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2012.11.16 14:51:25 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.11.16 08:11:16 | 000,001,639 | ---- | C] () -- C:\Users\Nasgharet\Desktop\Shaiya.lnk
[2012.11.16 08:08:22 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012.11.16 00:31:16 | 000,000,806 | ---- | C] () -- C:\Users\Nasgharet\Desktop\Warhammer Online - Age of Reckoning.lnk
[2012.11.10 10:08:16 | 000,028,032 | ---- | C] () -- C:\Users\Nasgharet\Desktop\red_dwarf_series_3_r4_01.jpg
[2012.11.07 15:44:28 | 000,241,121 | ---- | C] () -- C:\Users\Nasgharet\Desktop\FullTilt.png
[2012.11.07 10:02:42 | 000,001,108 | ---- | C] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.be.lnk
[2012.11.07 10:02:42 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.be.lnk
[2012.11.04 16:52:57 | 000,001,579 | ---- | C] () -- C:\Users\Nasgharet\Desktop\Heroes3 - Shortcut.lnk
[2012.10.31 21:42:23 | 000,000,219 | ---- | C] () -- C:\Users\Nasgharet\Desktop\Dota 2.url
[2012.10.29 18:54:08 | 000,022,659 | ---- | C] () -- C:\Users\Nasgharet\Desktop\nemcina.csv
[2012.10.25 06:45:49 | 000,083,069 | ---- | C] () -- C:\Users\Nasgharet\Desktop\matematika.jpg
[2012.10.21 22:57:17 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2012.09.18 12:39:28 | 000,764,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.05 12:21:33 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012.09.05 02:19:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.27 17:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.27 17:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.12 14:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.09.07 10:36:58 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.09.07 10:36:58 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.10.18 10:01:15 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\.minecraft
[2012.10.18 10:19:54 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\.techniclauncher
[2012.10.13 08:07:04 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Autodesk
[2012.11.16 14:20:00 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Azureus
[2012.10.13 08:06:43 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\DAEMON Tools Lite
[2012.09.29 08:23:07 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\GHISLER
[2012.11.19 10:01:42 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\ICQ
[2012.09.05 13:13:40 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\TS3Client

========== Purity Check ==========

< End of report >

BlackAngel · #21 Příspěvek od **BlackAngel** » 19 lis 2012 15:27

OTL Extras logfile created on: 19.11.2012 15:10:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nasgharet\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,07% Memory free
8,00 Gb Paging File | 6,23 Gb Available in Paging File | 77,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 28,89 Gb Free Space | 29,61% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 15,14 Gb Free Space | 4,11% Space Free | Partition Type: NTFS
Drive G: | 308,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: BLACKANGEL | User Name: Nasgharet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2026935260-663704885-634960974-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0732F199-30A4-435B-9933-D8006CF9B9B7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{0969774B-4DFB-4AE9-A207-085E13787D72}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{12B137CB-E9A7-4BB1-A662-5F241E9E68BF}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{152F6B17-F97C-4B09-A50D-53E3D0764AE8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{201E40D2-D550-4F7D-8A7A-A23E394755AF}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{24EB676C-3B2F-4C30-B693-EBABEEE5D067}" = protocol=6 | dir=in | app=d:\---games--\terraria 1.1.2\terrariaserver.exe |
"{3322381B-C322-4706-8164-B4C72540FC7D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{792F4A00-977C-4909-B33F-8B33078D2AEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{79D3F16D-8BC2-41FE-9C2B-51DB19F9517A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8B8B22A8-5424-465F-A135-B123E45AC499}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{8D1D506B-86CF-49FA-87B6-C587D40E8EF5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A1E10ADF-E823-4EBF-A94A-DAD2F1F08EB2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A94DDE65-BFC1-41E6-9E94-496BC2350CD6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B05B337B-7F25-47A3-83EF-C5A229937E1C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B1CA92C5-7C15-4390-99C6-F755806F6E25}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{BBDE4FF0-6A5C-44E8-B8DB-2A820AC42955}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{C2C0F6C0-884A-405D-877F-872E71D2917A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{CBAEED6F-CD54-44A1-9083-E1D29AE5846E}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{CC4F118E-2241-46C2-888A-F5B07C2EAD39}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{DB235692-9A90-49D5-B76F-E890A79F6FBA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nasgharet\counter-strike\hl.exe |
"{E2A94261-27BF-4902-82A3-A0B79FFE797C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{ECB24ED4-E215-46BD-91DE-87800FC906C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nasgharet\counter-strike\hl.exe |
"{F01B8F4A-9FEE-42B3-826B-38BB7F85E91C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{F1E16ADD-4119-49E9-A7C8-4B93814FBC6B}" = protocol=17 | dir=in | app=d:\---games--\terraria 1.1.2\terrariaserver.exe |
"{F61D4EDB-72E2-4720-AD40-2A1BE3E64A7F}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{F9DC7C98-D8CB-49F9-86F8-F61B9F691B00}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"TCP Query User{5C97B0A6-267F-4887-8BE6-584B012FFC65}D:\---games--\terraria 1.1.2\terrariaserver.exe" = protocol=6 | dir=in | app=d:\---games--\terraria 1.1.2\terrariaserver.exe |
"TCP Query User{84B0F50E-E32B-4A3E-8DC1-3B9D5F08CFE2}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{A3334093-1B12-4B8F-9E48-C4F5CF795B0A}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{17DFE534-58E7-40DF-B688-1B02EDD9BE6E}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{3E1A94D4-82DC-4355-A576-469800265E79}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{9851CC3F-DE59-4A93-ADDB-EBC20192336B}D:\---games--\terraria 1.1.2\terrariaserver.exe" = protocol=17 | dir=in | app=d:\---games--\terraria 1.1.2\terrariaserver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0857F88E-C72B-B4C4-6019-5A6D2050229C}" = AMD Catalyst Install Manager
"{2BA8381A-F47A-0A1A-8CDC-9EED42CBF73A}" = AMD Media Foundation Decoders
"{328EAC95-9299-BF47-BDBE-83F94AE07D71}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{C5CFDA3B-64EC-21EE-6652-0E9AFC41FF8F}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B9D184-F3C5-48B2-6DBA-56D5DCD85E97}" = CCC Help Chinese Traditional
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{062BC4B4-891A-C58D-B335-7A6358BB438C}" = CCC Help English
"{0E4545D7-2B4B-1EF1-505E-1B9E512980F1}" = CCC Help Portuguese
"{11F26C09-3821-46E5-8351-612BE5953F22}_is1" = Minecraft 1.2.5 with Technic Pack [FEarBG] version 1
"{15DA32B6-4726-AABE-E3BD-761DA0DE4132}" = CCC Help Norwegian
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2764C49D-4BFD-A240-F64D-E11AF855C714}" = CCC Help Swedish
"{29E21CFC-5DEE-6441-AD4A-C15655BFC146}" = CCC Help Chinese Standard
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C03DD9D-D28B-9D33-22DA-AB1C007B8412}" = CCC Help Spanish
"{2DE1BCDB-48F7-723F-1DF0-FAB7B4184CE4}" = CCC Help Danish
"{2FF505C2-318E-7B51-FA77-51B9E6F0677D}" = CCC Help Czech
"{30E02033-8A23-ABF8-474C-1CD0C7504659}" = CCC Help French
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{43BAB72A-5430-FD3B-ADBD-02105E4AEE03}" = CCC Help Thai
"{492B292A-8A5E-EE0D-5EAA-B303CCB1F14D}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B487EAF-EC47-EDEF-599B-CA45F17DD5D0}" = Catalyst Control Center Graphics Previews Common
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59FB5F5C-B127-D725-72CF-D8ECEF40163D}" = CCC Help Finnish
"{656957B8-41DB-4E43-AAA1-B128C2213D50}" = VodBurner
"{6DFCEE0F-17DA-93D0-65EE-C280DA539FFD}" = CCC Help Korean
"{6F8A555E-F2E1-415D-AD8A-67C0A7671029}" = Nero 8
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{78482808-3AE8-5650-52AD-2E73D0C6BB43}" = Catalyst Control Center Localization All
"{815928D4-B230-40C7-AEEF-FCC3DC4B3C59}" = Aeria Ignite
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D4B4AB4-C554-66E3-1214-5C109C504220}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A60C5BE1-9644-01E7-5E8A-5F0318D268C6}" = Catalyst Control Center
"{A9674831-B5FC-32DA-D7F7-067DB3FC36C8}" = CCC Help Polish
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Czech
"{B24A294A-5BA2-E73D-2064-80BB7A940102}" = CCC Help Japanese
"{BECC92A2-F74A-9003-214D-7F2B059B61D1}" = CCC Help Turkish
"{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1" = MemTurbo 4
"{D1953F1B-F323-B5BC-4513-BC82EFED21DD}" = CCC Help Dutch
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DDB9AF26-1CA1-99F6-A3E5-3D76D6D45BE7}" = CCC Help Greek
"{E0FA217A-9661-02A8-E259-A2702CBD8C40}" = CCC Help German
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes
"{EBC8C5A1-7745-419F-B6C6-B0DD87F24D52}" = LogMeIn Hamachi
"{EBD2E918-2C91-A25B-DFA8-E9E96673061D}" = CCC Help Russian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F950EC87-8370-F6BC-4996-1C2A0B486E5F}" = CCC Help Hungarian
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.10.1721" = Aeria Ignite
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dishonored_is1" = Dishonored
"DK Online" = DK Online
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 15.0.1 (x86 cs)" = Mozilla Firefox 15.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PokerStars.be" = PokerStars.be
"Shaiya" = Shaiya
"Steam App 10" = Counter-Strike
"Steam App 570" = Dota 2
"VLC media player" = VLC media player 2.0.3
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"World of Warcraft" = World of Warcraft
"Worms Reloaded_is1" = Worms Reloaded

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2026935260-663704885-634960974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18.10.2012 14:09:55 | Computer Name = BlackAngel | Source = Application Hang | ID = 1002
Description = The program java.exe version 7.0.70.10 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 550 Start Time:
01cdad5b5e753df1 Termination Time: 347 Application Path: C:\Program Files (x86)\Java\jre7\bin\java.exe

Report
Id: f2a51bc5-194e-11e2-8e82-dbc3994f24ee

Error - 22.10.2012 2:58:34 | Computer Name = BlackAngel | Source = Application Hang | ID = 1002
Description = The program SKIDROW.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: e34 Start Time:
01cdb02298d858c9 Termination Time: 214 Application Path: D:\---Games--\Worms Reloaded\SKIDROW.exe

Report
Id: e2afe7bf-1c15-11e2-a82e-aec156b509ef

Error - 28.10.2012 2:35:52 | Computer Name = BlackAngel | Source = Application Error | ID = 1000
Description = Faulting application name: ts3client_win64.exe, version: 3.0.8.0,
time stamp: 0x501695aa Faulting module name: ntdll.dll, version: 6.1.7600.16559,
time stamp: 0x4ba9b802 Exception code: 0xc0000374 Fault offset: 0x00000000000c6df2
Faulting
process id: 0xf30 Faulting application start time: 0x01cdb47387bc34e1 Faulting application
path: C:\Users\Nasgharet\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: b79859c7-20c9-11e2-9530-8c48f7b979ef

Error - 1.11.2012 12:55:07 | Computer Name = BlackAngel | Source = Application Error | ID = 1000
Description = Faulting application name: dota.exe, version: 0.0.0.0, time stamp:
0x50803000 Faulting module name: tier0.dll, version: 0.0.0.0, time stamp: 0x508ffa64
Exception
code: 0x40000015 Fault offset: 0x000240f4 Faulting process id: 0xf78 Faulting application
start time: 0x01cdb84fca316134 Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\dota
2 beta\dota.exe Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\dota
2 beta\bin\tier0.dll Report Id: e35151b1-2444-11e2-9530-8c48f7b979ef

Error - 6.11.2012 21:49:57 | Computer Name = BlackAngel | Source = Application Error | ID = 1000
Description = Faulting application name: Heroes3.exe, version: 4.0.0.0, time stamp:
0x31313931 Faulting module name: Heroes3.exe, version: 4.0.0.0, time stamp: 0x31313931
Exception
code: 0xc0000005 Fault offset: 0x000c7f74 Faulting process id: 0xb10 Faulting application
start time: 0x01cdbc89aeb065b1 Faulting application path: D:\---Download---\---Vuze
Download---\Heroes of Might and Magic III Complete\Heroes3.exe Faulting module path:
D:\---Download---\---Vuze Download---\Heroes of Might and Magic III Complete\Heroes3.exe
Report
Id: 6e4b6596-287d-11e2-8964-881867c43bee

Error - 6.11.2012 21:50:01 | Computer Name = BlackAngel | Source = Application Error | ID = 1000
Description = Faulting application name: Heroes3.exe, version: 4.0.0.0, time stamp:
0x31313931 Faulting module name: MP3DEC.ASI, version: 3.0.0.0, time stamp: 0x36910efa
Exception
code: 0xc0000005 Fault offset: 0x000018e5 Faulting process id: 0xb10 Faulting application
start time: 0x01cdbc89aeb065b1 Faulting application path: D:\---Download---\---Vuze
Download---\Heroes of Might and Magic III Complete\Heroes3.exe Faulting module path:
D:\---Download---\---Vuze Download---\Heroes of Might and Magic III Complete\MP3DEC.ASI
Report
Id: 71201402-287d-11e2-8964-881867c43bee

Error - 16.11.2012 22:28:42 | Computer Name = BlackAngel | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 17.11.2012 7:47:16 | Computer Name = BlackAngel | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 18.11.2012 8:25:19 | Computer Name = BlackAngel | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 19.11.2012 14:50:38 | Computer Name = BlackAngel | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

[ System Events ]
Error - 14.11.2012 1:06:52 | Computer Name = BlackAngel | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
MANNI-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{089EB734-6F5A-4BDD-8E76-E10956AEED0E}. The master browser is stopping
or an election is being forced.

Error - 15.11.2012 13:13:13 | Computer Name = BlackAngel | Source = DCOM | ID = 10000
Description =

Error - 16.11.2012 18:42:23 | Computer Name = BlackAngel | Source = Service Control Manager | ID = 7030
Description = The LogMeIn Hamachi Tunneling Engine service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 16.11.2012 18:42:24 | Computer Name = BlackAngel | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the LogMeIn
Hamachi Tunneling Engine service to connect.

Error - 16.11.2012 18:42:24 | Computer Name = BlackAngel | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error: %%1053

Error - 17.11.2012 19:50:16 | Computer Name = BlackAngel | Source = DCOM | ID = 10005
Description =

Error - 17.11.2012 19:50:15 | Computer Name = BlackAngel | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 17.11.2012 19:50:15 | Computer Name = BlackAngel | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 17.11.2012 20:23:56 | Computer Name = BlackAngel | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{089EB734-6F5A-4BDD-8E76-E10956AEED0E}. The
backup browser is stopping.

Error - 19.11.2012 13:08:20 | Computer Name = BlackAngel | Source = DCOM | ID = 10000
Description =

< End of report >

#22 Příspěvek od **Márty84** » 19 lis 2012 18:08

Ten prvni log ale zdaleka neni cely. Vy jste tam nezkopiroval ten skript, ze? Potrebuju ho tam, abych videl i ruzna zakouti a prisel pripadne na toho spiona, co vas porad okrada o ta hesla

Kdyz OTL hodilo tu chybu, zkuste ho spustit jeste jednou - podle predchoziho navodu - ale tentokrat s timto upravenym skriptem.

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

BlackAngel · #23 Příspěvek od **BlackAngel** » 20 lis 2012 10:00

Tak jeste jednou....snad to bude dobre ted .)

OTL logfile created on: 20.11.2012 9:11:24 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nasgharet\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,38% Memory free
8,00 Gb Paging File | 6,34 Gb Available in Paging File | 79,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 28,15 Gb Free Space | 28,86% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 15,07 Gb Free Space | 4,09% Space Free | Partition Type: NTFS
Drive G: | 308,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: BLACKANGEL | User Name: Nasgharet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.19 10:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nasgharet\Desktop\OTL.exe
PRC - [2012.11.15 18:01:18 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.11.02 07:11:27 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.10.18 22:35:11 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012.10.09 10:53:54 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Nasgharet\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.10 10:08:48 | 001,411,224 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
PRC - [2012.09.07 15:57:27 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.05 11:40:49 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7M\ICQ.exe
PRC - [2012.09.05 11:33:02 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.07.24 14:52:02 | 003,121,760 | ---- | M] (SammSoft (www.sammsoft.com)) -- C:\Program Files (x86)\MemTurbo 4\MemTurbo.exe
PRC - [2007.09.20 15:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.09.20 15:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2012.11.20 04:07:50 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\9311f49d8bebb8687a2b64f9d94a9801\System.Management.ni.dll
MOD - [2012.11.20 04:05:08 | 000,786,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\91460dc11f908ad83396eafebde3091a\System.EnterpriseServices.ni.dll
MOD - [2012.11.20 04:05:08 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\91460dc11f908ad83396eafebde3091a\System.EnterpriseServices.Wrapper.dll
MOD - [2012.11.20 04:05:07 | 000,646,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\77539ca3b526574131bfbe589f6e2038\System.Transactions.ni.dll
MOD - [2012.11.20 04:05:04 | 002,637,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\11b2c681b23124b8e7542acde7f84d4b\System.Runtime.Serialization.ni.dll
MOD - [2012.11.20 04:04:24 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\0b801691747989b5fc13d01a4e77fc1f\System.Xaml.ni.dll
MOD - [2012.11.20 03:51:46 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ea6c5347136d9b78d6b5a9f00ea7f570\PresentationFramework.ni.dll
MOD - [2012.11.20 03:51:29 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9449584edbf7fe06cc994200930cd8c7\PresentationCore.ni.dll
MOD - [2012.11.20 03:51:24 | 013,197,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f177e23504c88f09268b8096b60e3f50\System.Windows.Forms.ni.dll
MOD - [2012.11.20 03:51:15 | 003,856,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\23337265154a53b88147465d510f06f2\WindowsBase.ni.dll
MOD - [2012.11.20 03:51:14 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9e991f406612b87641919631724c2139\System.Drawing.ni.dll
MOD - [2012.11.20 03:45:28 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\99411977c0cadb9fb6498de49a115085\PresentationFramework.Aero.ni.dll
MOD - [2012.11.20 03:22:46 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1c6fc314811b346232c3b5d7b18f96aa\System.Configuration.ni.dll
MOD - [2012.11.20 03:22:44 | 006,798,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\31a789742615730be7065769843a427e\System.Data.ni.dll
MOD - [2012.11.20 03:22:37 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\dd73fc37a7f30d5cdb9cb52f89dd5ce0\System.Xml.ni.dll
MOD - [2012.11.20 03:22:32 | 007,052,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\85de9d99776ec89231c32b278902c085\System.Core.ni.dll
MOD - [2012.11.20 03:22:18 | 009,092,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\159cdf862129dcb9f9f7513b345163b0\System.ni.dll
MOD - [2012.11.20 03:22:10 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\685f73e04393b5342bd1cebe701496ad\mscorlib.ni.dll
MOD - [2012.11.02 07:11:26 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.11.02 07:11:22 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.11.02 07:11:22 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012.11.02 07:11:22 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.11.02 07:11:22 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.09.07 15:57:27 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.09.05 11:33:02 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2009.08.13 12:05:48 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\MemTurbo 4\soref.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012.07.27 18:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.11.15 18:01:16 | 002,461,104 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.02 07:11:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.07 15:57:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.05 11:37:33 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.27 20:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.27 17:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.13 22:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.02.29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.19 18:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 12:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2026935260-663704885-634960974-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2026935260-663704885-634960974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2026935260-663704885-634960974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 15:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.09.05 11:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nasgharet\AppData\Roaming\Mozilla\Extensions
[2012.09.20 23:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nasgharet\AppData\Roaming\Mozilla\Firefox\Profiles\1kc8j041.default-1348185830213\extensions
[2012.09.05 11:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nasgharet\AppData\Roaming\Mozilla\Firefox\Profiles\gbf35yhf.default\extensions
[2012.09.20 16:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nasgharet\AppData\Roaming\Mozilla\Firefox\Profiles\gbf35yhf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012.09.07 15:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.09.07 15:57:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.24 21:07:30 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2012.08.24 21:07:30 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.08.24 21:07:30 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2012.08.24 21:07:30 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.08.24 21:07:31 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.06.10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [Akamai NetSession Interface] C:\Users\Nasgharet\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [AppVodBurner] C:\Program Files (x86)\VodBurner\vodburner.exe ()
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files (x86)\MemTurbo 4\MemTurbo.exe (SammSoft (www.sammsoft.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{089EB734-6F5A-4BDD-8E76-E10956AEED0E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.25 10:10:41 | 000,000,071 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3727e42f-f743-11e1-9293-4061861e37cb}\Shell - "" = AutoRun
O33 - MountPoints2\{3727e42f-f743-11e1-9293-4061861e37cb}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2010.08.25 10:10:41 | 000,481,923 | R--- | M] (Team17 )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012.12.20 17:02:17 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\OGUpdater
[2012.12.20 16:54:04 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2012.12.20 16:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lineage II
[2012.12.20 16:41:25 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Roaming\InstallShield
[2012.11.20 04:30:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.11.20 04:30:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.11.20 03:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.11.20 03:31:57 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.11.20 03:27:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.20 03:27:42 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.11.20 03:27:42 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.11.20 03:27:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.11.20 03:27:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.11.20 03:27:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.11.20 03:27:41 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.11.20 03:27:41 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.11.20 03:27:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.20 03:27:41 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.11.20 03:27:41 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.11.20 03:27:41 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.11.20 03:27:41 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.11.20 03:27:41 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.11.20 03:27:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.20 03:27:40 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.11.20 03:27:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.20 03:27:40 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.11.20 03:27:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.11.20 03:27:40 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.11.20 03:27:40 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.11.20 03:27:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.11.20 03:27:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.20 03:27:40 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.11.20 03:27:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.11.20 03:27:40 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.11.20 03:27:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.11.20 03:27:39 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.11.20 03:27:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.11.20 03:27:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.20 03:27:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.11.20 03:27:39 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.11.20 03:27:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.11.20 03:27:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.20 03:27:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.20 03:27:38 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.11.20 03:27:38 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.11.20 03:27:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.11.20 03:27:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.20 03:27:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.11.20 03:27:38 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.11.20 03:27:38 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.11.20 03:27:38 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.11.20 03:27:38 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.11.20 03:27:38 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.11.20 03:27:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.11.20 03:27:38 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.11.20 03:27:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.11.20 03:27:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.11.20 03:27:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.11.20 03:27:37 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.11.20 03:27:37 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.11.20 03:27:37 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.11.20 03:27:37 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.11.20 03:27:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.20 03:27:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.20 03:27:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.11.20 03:27:37 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.11.20 03:27:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.11.20 03:27:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.11.20 03:27:37 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.11.20 03:27:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.11.20 03:27:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.11.20 03:27:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.11.20 03:27:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.20 03:27:36 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.20 03:27:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.20 03:27:36 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.11.20 03:27:36 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.11.20 03:27:36 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.11.20 03:27:36 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.20 03:27:36 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.11.20 03:26:18 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012.11.20 03:26:18 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012.11.20 03:26:18 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012.11.20 03:26:18 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012.11.20 03:26:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012.11.20 03:26:18 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012.11.20 03:26:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.11.20 03:26:18 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.11.20 03:26:18 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.11.20 03:26:18 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.11.20 03:26:18 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012.11.20 03:26:18 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012.11.20 03:26:18 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012.11.20 03:26:18 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012.11.20 03:26:18 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012.11.20 03:26:18 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012.11.20 03:26:18 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012.11.20 03:03:04 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.11.20 03:03:04 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.11.19 15:09:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nasgharet\Desktop\OTL.exe
[2012.11.19 13:53:19 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2012.11.19 13:53:19 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2012.11.19 13:53:18 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.11.19 13:52:32 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012.11.19 13:52:32 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012.11.19 13:52:32 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012.11.19 13:52:31 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012.11.19 13:52:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012.11.19 13:52:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012.11.19 13:52:31 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012.11.19 13:52:31 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012.11.19 13:52:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012.11.19 13:52:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012.11.19 09:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2012.11.19 03:21:40 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012.11.19 03:21:40 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012.11.19 03:21:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012.11.19 03:21:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012.11.19 03:21:40 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012.11.19 03:21:40 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012.11.19 03:21:40 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012.11.19 03:21:40 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012.11.19 03:21:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012.11.19 03:21:38 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.11.19 03:21:37 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.11.19 03:21:37 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.11.19 03:21:37 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.11.19 03:21:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.11.19 03:21:19 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012.11.19 03:21:19 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012.11.19 03:21:18 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012.11.19 03:21:18 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012.11.19 03:21:18 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012.11.19 03:21:18 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012.11.19 03:21:18 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012.11.19 03:21:18 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012.11.19 03:21:15 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2012.11.19 03:21:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2012.11.19 03:20:33 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.11.19 03:20:33 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.11.19 03:20:32 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.11.19 03:20:32 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.11.19 03:20:30 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2012.11.19 03:20:29 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012.11.19 03:20:29 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012.11.19 03:20:28 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012.11.19 03:20:28 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012.11.19 03:20:28 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012.11.19 03:20:28 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012.11.19 03:20:28 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2012.11.19 03:20:28 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2012.11.19 03:20:27 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2012.11.19 03:20:21 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.11.19 03:20:21 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.11.19 03:19:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012.11.19 03:19:37 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2012.11.19 03:19:35 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.11.19 03:19:34 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.11.19 03:19:34 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.11.19 03:19:30 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012.11.19 03:19:29 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012.11.19 03:19:29 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012.11.19 03:19:29 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012.11.19 03:19:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.11.19 03:19:23 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.11.19 03:19:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.11.19 03:19:21 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.11.19 03:19:21 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.11.19 03:19:20 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.11.19 03:19:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.11.19 03:19:20 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.11.19 03:19:13 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.11.19 03:19:13 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.11.19 03:19:13 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.11.19 03:19:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.11.19 03:19:11 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012.11.19 03:19:11 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012.11.19 03:19:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012.11.19 03:18:51 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.19 03:18:51 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.19 03:18:49 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012.11.19 03:18:49 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012.11.19 03:18:49 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012.11.19 03:18:49 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012.11.19 03:18:49 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012.11.19 03:18:49 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012.11.19 03:18:49 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012.11.19 03:18:38 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2012.11.19 03:18:38 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2012.11.19 03:18:36 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.11.19 03:18:36 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.11.19 03:18:36 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.11.19 03:18:35 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.11.19 03:18:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.11.19 03:18:35 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.11.19 03:18:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.11.19 03:18:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.11.19 03:18:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.11.19 03:18:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.11.19 03:18:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.11.19 03:18:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.11.19 03:18:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.11.19 03:18:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.11.19 03:18:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.11.19 03:18:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.19 03:18:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.19 03:18:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.19 03:18:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.19 03:18:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.11.19 03:18:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.11.19 03:18:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.11.19 03:18:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.11.19 03:18:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.11.19 03:18:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.19 03:18:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.19 03:18:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.19 03:18:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.19 03:18:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.11.19 03:18:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.11.19 03:18:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.11.19 03:18:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.11.19 03:18:31 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012.11.19 03:18:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012.11.19 03:18:29 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.11.19 03:18:29 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.11.19 03:18:29 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.11.19 03:18:29 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.11.19 03:18:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.11.19 03:18:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.11.19 03:18:27 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.11.19 03:18:24 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2012.11.19 03:18:22 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2012.11.19 03:18:20 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2012.11.19 03:18:19 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2012.11.19 03:18:17 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012.11.19 03:18:16 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.11.19 03:18:16 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012.11.19 03:18:14 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.11.19 03:18:11 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012.11.19 03:18:11 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012.11.19 03:18:09 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012.11.19 03:18:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012.11.19 03:17:59 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012.11.19 03:17:59 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012.11.19 03:17:57 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.11.19 03:17:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2012.11.19 03:17:51 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.11.19 03:17:51 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.11.19 03:17:39 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.11.19 03:17:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.11.18 18:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.18 18:05:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.18 18:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.18 18:03:41 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.11.18 18:03:41 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.11.18 17:59:10 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.11.18 17:59:10 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.11.18 17:59:10 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.11.18 17:59:00 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.11.18 17:59:00 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.11.18 17:59:00 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.11.18 17:58:48 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.11.18 17:58:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.11.18 17:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MemTurbo
[2012.11.18 17:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MemTurbo 4
[2012.11.17 10:34:39 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\Akamai
[2012.11.17 01:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2012.11.16 23:51:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.16 15:00:08 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\Documents\Nero Home
[2012.11.16 14:59:24 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\Ahead
[2012.11.16 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\Nero
[2012.11.16 14:59:16 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Roaming\Nero
[2012.11.16 14:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2012.11.16 14:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.11.16 14:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.11.16 14:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.11.16 14:42:23 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.11.16 14:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.11.16 14:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.11.16 08:12:31 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\Aeria Games
[2012.11.16 08:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.11.16 08:11:16 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.16 08:08:22 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.11.16 08:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.16 08:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012.11.16 01:11:14 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2012.11.16 00:31:16 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012.11.07 10:02:42 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\PokerStars.BE
[2012.11.07 10:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.BE
[2012.11.07 10:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.BE
[2012.11.07 09:48:14 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Local\FullTiltPoker
[2012.11.07 09:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker

BlackAngel · #24 Příspěvek od **BlackAngel** » 20 lis 2012 10:02

[2012.11.01 08:41:46 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.11.01 08:41:46 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.11.01 08:41:46 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.11.01 08:41:46 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.11.01 08:41:46 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.11.01 08:41:46 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.11.01 08:41:45 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.11.01 08:41:45 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.11.01 08:41:45 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.11.01 08:41:45 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.11.01 08:41:44 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012.11.01 08:41:44 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012.11.01 08:41:44 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.11.01 08:41:44 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.11.01 08:41:44 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.11.01 08:41:44 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.11.01 08:41:43 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012.11.01 08:41:43 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.11.01 08:41:42 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012.11.01 08:41:42 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012.11.01 08:41:41 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012.11.01 08:41:41 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.11.01 08:41:40 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012.11.01 08:41:40 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012.11.01 08:41:39 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012.11.01 08:41:39 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012.11.01 08:41:38 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012.11.01 08:41:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012.11.01 08:41:38 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012.11.01 08:41:38 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012.11.01 08:41:37 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012.11.01 08:41:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.11.01 08:41:37 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.11.01 08:41:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.11.01 08:41:36 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012.11.01 08:41:36 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2012.11.01 08:41:36 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012.11.01 08:41:36 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2012.11.01 08:41:35 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012.11.01 08:41:34 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012.11.01 08:41:34 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012.11.01 08:41:34 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012.11.01 08:41:34 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012.11.01 08:41:34 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012.11.01 08:41:34 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.11.01 08:41:33 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012.11.01 08:41:33 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012.11.01 08:41:33 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012.11.01 08:41:33 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012.11.01 08:41:33 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012.11.01 08:41:33 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012.11.01 08:41:32 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012.11.01 08:41:32 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012.11.01 08:41:32 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012.11.01 08:41:32 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.11.01 08:41:32 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.11.01 08:41:32 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012.11.01 08:41:32 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012.11.01 08:41:32 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.11.01 08:41:32 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012.11.01 08:41:32 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.11.01 08:41:31 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012.11.01 08:41:31 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.11.01 08:41:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.11.01 08:41:31 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012.11.01 08:41:31 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.11.01 08:41:31 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.11.01 08:41:30 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012.11.01 08:41:30 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.11.01 08:41:30 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012.11.01 08:41:30 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.11.01 08:41:30 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012.11.01 08:41:30 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.11.01 08:41:29 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012.11.01 08:41:29 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012.11.01 08:41:29 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012.11.01 08:41:29 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012.11.01 08:41:29 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012.11.01 08:41:29 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012.11.01 08:41:29 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012.11.01 08:41:29 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012.11.01 08:41:28 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012.11.01 08:41:28 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012.11.01 08:41:28 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012.11.01 08:41:28 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012.11.01 08:41:28 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012.11.01 08:41:28 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012.11.01 08:41:27 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012.11.01 08:41:27 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012.11.01 08:41:27 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012.11.01 08:41:27 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012.11.01 08:41:26 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012.11.01 08:41:26 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012.11.01 08:41:26 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012.11.01 08:41:26 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012.11.01 08:41:26 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012.11.01 08:41:26 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012.11.01 08:41:25 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012.11.01 08:41:25 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012.11.01 08:41:25 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012.11.01 08:41:25 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012.11.01 08:41:24 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012.11.01 08:41:24 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012.11.01 08:41:24 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012.11.01 08:41:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012.11.01 08:41:23 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012.11.01 08:41:23 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012.11.01 08:41:23 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012.11.01 08:41:23 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012.11.01 08:41:22 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012.11.01 08:41:22 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012.11.01 08:41:22 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012.11.01 08:41:22 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012.11.01 08:41:22 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012.11.01 08:41:22 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012.11.01 08:41:21 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012.11.01 08:41:21 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012.11.01 08:41:21 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012.11.01 08:41:21 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.11.01 08:41:21 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012.11.01 08:41:21 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.11.01 08:41:21 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012.11.01 08:41:21 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012.11.01 08:41:20 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012.11.01 08:41:20 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012.11.01 08:41:20 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012.11.01 08:41:19 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012.11.01 08:41:19 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012.11.01 08:41:19 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012.11.01 08:41:19 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012.11.01 08:41:19 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012.11.01 08:41:19 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012.11.01 08:41:18 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012.11.01 08:41:18 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012.11.01 08:41:18 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012.11.01 08:41:17 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012.11.01 08:41:17 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012.11.01 08:41:17 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012.11.01 08:41:17 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012.11.01 08:41:16 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.11.01 08:41:16 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.11.01 08:41:16 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012.11.01 08:41:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012.11.01 08:41:16 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012.11.01 08:41:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012.11.01 08:41:15 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012.11.01 08:41:15 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.11.01 08:41:14 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012.11.01 08:41:14 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012.11.01 08:41:14 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012.11.01 08:41:14 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012.11.01 08:41:14 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012.11.01 08:41:14 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012.11.01 08:41:08 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012.11.01 08:41:08 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012.11.01 08:41:07 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012.11.01 08:41:07 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012.11.01 08:41:07 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012.11.01 08:41:07 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012.11.01 08:41:06 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012.11.01 08:41:06 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012.11.01 08:41:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012.11.01 08:41:06 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012.11.01 08:41:05 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012.11.01 08:41:05 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012.11.01 08:41:04 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012.11.01 08:41:04 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012.10.30 16:07:15 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\AppData\Roaming\Sun
[2012.10.25 15:12:44 | 000,000,000 | ---D | C] -- C:\Users\Nasgharet\Documents\VodBurner
[2012.10.25 15:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VodBurner
[2012.10.25 15:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VodBurner
[2012.10.21 22:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17

========== Files - Modified Within 30 Days ==========

[2012.11.20 09:13:06 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.11.20 06:41:01 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 06:41:01 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 04:41:12 | 000,782,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 04:41:12 | 000,655,006 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 04:41:12 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.20 04:37:06 | 000,001,015 | ---- | M] () -- C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2012.11.20 04:36:11 | 000,001,437 | ---- | M] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.11.20 04:33:09 | 000,411,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.20 04:33:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.20 04:32:39 | 3220,725,760 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.20 03:27:42 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.20 03:27:42 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.11.20 03:27:42 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.11.20 03:27:42 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.11.20 03:27:42 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.11.20 03:27:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.11.20 03:27:42 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.11.20 03:27:41 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.11.20 03:27:41 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.11.20 03:27:41 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.20 03:27:41 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.11.20 03:27:41 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.11.20 03:27:41 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.11.20 03:27:41 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.11.20 03:27:40 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.20 03:27:40 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.11.20 03:27:40 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.20 03:27:40 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.11.20 03:27:40 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.11.20 03:27:40 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.11.20 03:27:40 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.11.20 03:27:40 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.11.20 03:27:40 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.20 03:27:40 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.11.20 03:27:40 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.11.20 03:27:40 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.11.20 03:27:40 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.11.20 03:27:40 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.11.20 03:27:39 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.11.20 03:27:39 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.11.20 03:27:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.11.20 03:27:39 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.20 03:27:39 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.11.20 03:27:39 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.11.20 03:27:39 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.11.20 03:27:38 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.20 03:27:38 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.20 03:27:38 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.11.20 03:27:38 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.11.20 03:27:38 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.20 03:27:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.11.20 03:27:38 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.11.20 03:27:38 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.11.20 03:27:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.11.20 03:27:38 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.11.20 03:27:38 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.11.20 03:27:38 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.11.20 03:27:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.11.20 03:27:38 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.11.20 03:27:38 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.11.20 03:27:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.11.20 03:27:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.11.20 03:27:37 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.11.20 03:27:37 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.11.20 03:27:37 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.11.20 03:27:37 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.11.20 03:27:37 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.20 03:27:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.20 03:27:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.11.20 03:27:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.11.20 03:27:37 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.11.20 03:27:37 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.11.20 03:27:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.11.20 03:27:37 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.11.20 03:27:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.11.20 03:27:37 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.11.20 03:27:36 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.20 03:27:36 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.20 03:27:36 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.20 03:27:36 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.11.20 03:27:36 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.11.20 03:27:36 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.11.20 03:27:36 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.20 03:27:36 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.11.20 03:26:18 | 004,068,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012.11.20 03:26:18 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012.11.20 03:26:18 | 001,888,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012.11.20 03:26:18 | 001,863,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012.11.20 03:26:18 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012.11.20 03:26:18 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012.11.20 03:26:18 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.11.20 03:26:18 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.11.20 03:26:18 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.11.20 03:26:18 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.11.20 03:26:18 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012.11.20 03:26:18 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012.11.20 03:26:18 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012.11.20 03:26:18 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012.11.20 03:26:18 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012.11.20 03:26:18 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012.11.20 03:26:18 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012.11.20 03:12:23 | 000,768,154 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.19 10:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nasgharet\Desktop\OTL.exe
[2012.11.19 09:13:13 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2012.11.18 18:05:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.18 17:44:41 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\MemTurbo - PC Optimizer.lnk
[2012.11.18 17:44:41 | 000,000,977 | ---- | M] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\MemTurbo - PC Optimizer.lnk
[2012.11.17 10:36:53 | 000,002,595 | ---- | M] () -- C:\Help.sgi
[2012.11.16 23:56:14 | 000,000,176 | ---- | M] () -- C:\Users\Nasgharet\Desktop\DKżÂ¶óŔÎ.url
[2012.11.16 23:51:02 | 000,001,663 | ---- | M] () -- C:\Users\Nasgharet\Desktop\DK Online.lnk
[2012.11.16 14:52:43 | 000,002,765 | ---- | M] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012.11.16 14:52:43 | 000,002,741 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012.11.16 14:52:43 | 000,002,701 | ---- | M] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012.11.16 14:52:43 | 000,002,677 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2012.11.16 14:51:25 | 000,000,026 | ---- | M] () -- C:\Windows\Irremote.ini
[2012.11.16 14:42:20 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.11.16 08:11:16 | 000,001,639 | ---- | M] () -- C:\Users\Nasgharet\Desktop\Shaiya.lnk
[2012.11.16 08:08:22 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012.11.16 00:31:16 | 000,000,806 | ---- | M] () -- C:\Users\Nasgharet\Desktop\Warhammer Online - Age of Reckoning.lnk
[2012.11.10 10:08:20 | 000,028,032 | ---- | M] () -- C:\Users\Nasgharet\Desktop\red_dwarf_series_3_r4_01.jpg
[2012.11.08 16:45:03 | 000,022,659 | ---- | M] () -- C:\Users\Nasgharet\Desktop\nemcina.csv
[2012.11.07 15:44:28 | 000,241,121 | ---- | M] () -- C:\Users\Nasgharet\Desktop\FullTilt.png
[2012.11.07 10:02:42 | 000,001,108 | ---- | M] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.be.lnk
[2012.11.07 10:02:42 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.be.lnk
[2012.11.04 16:52:57 | 000,001,579 | ---- | M] () -- C:\Users\Nasgharet\Desktop\Heroes3 - Shortcut.lnk
[2012.10.31 21:42:23 | 000,000,219 | ---- | M] () -- C:\Users\Nasgharet\Desktop\Dota 2.url
[2012.10.25 06:45:52 | 000,083,069 | ---- | M] () -- C:\Users\Nasgharet\Desktop\matematika.jpg
[2012.10.21 22:57:17 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk

BlackAngel · #25 Příspěvek od **BlackAngel** » 20 lis 2012 10:03

========== Files Created - No Company Name ==========

[2012.12.20 16:54:04 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2012.11.20 03:27:40 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.11.20 03:27:37 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.11.19 10:10:54 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.11.19 09:13:13 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2012.11.18 18:05:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.18 17:44:41 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\MemTurbo - PC Optimizer.lnk
[2012.11.18 17:44:41 | 000,001,015 | ---- | C] () -- C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2012.11.18 17:44:41 | 000,000,977 | ---- | C] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\MemTurbo - PC Optimizer.lnk
[2012.11.16 23:56:14 | 000,000,176 | ---- | C] () -- C:\Users\Nasgharet\Desktop\DKżÂ¶óŔÎ.url
[2012.11.16 23:52:17 | 000,002,595 | ---- | C] () -- C:\Help.sgi
[2012.11.16 23:51:02 | 000,001,663 | ---- | C] () -- C:\Users\Nasgharet\Desktop\DK Online.lnk
[2012.11.16 14:52:43 | 000,002,765 | ---- | C] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012.11.16 14:52:43 | 000,002,741 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012.11.16 14:52:43 | 000,002,701 | ---- | C] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012.11.16 14:52:43 | 000,002,677 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2012.11.16 14:51:25 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.11.16 08:11:16 | 000,001,639 | ---- | C] () -- C:\Users\Nasgharet\Desktop\Shaiya.lnk
[2012.11.16 08:08:22 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012.11.16 00:31:16 | 000,000,806 | ---- | C] () -- C:\Users\Nasgharet\Desktop\Warhammer Online - Age of Reckoning.lnk
[2012.11.10 10:08:16 | 000,028,032 | ---- | C] () -- C:\Users\Nasgharet\Desktop\red_dwarf_series_3_r4_01.jpg
[2012.11.07 15:44:28 | 000,241,121 | ---- | C] () -- C:\Users\Nasgharet\Desktop\FullTilt.png
[2012.11.07 10:02:42 | 000,001,108 | ---- | C] () -- C:\Users\Nasgharet\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.be.lnk
[2012.11.07 10:02:42 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.be.lnk
[2012.11.04 16:52:57 | 000,001,579 | ---- | C] () -- C:\Users\Nasgharet\Desktop\Heroes3 - Shortcut.lnk
[2012.10.31 21:42:23 | 000,000,219 | ---- | C] () -- C:\Users\Nasgharet\Desktop\Dota 2.url
[2012.10.29 18:54:08 | 000,022,659 | ---- | C] () -- C:\Users\Nasgharet\Desktop\nemcina.csv
[2012.10.25 06:45:49 | 000,083,069 | ---- | C] () -- C:\Users\Nasgharet\Desktop\matematika.jpg
[2012.10.21 22:57:17 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2012.09.18 12:39:28 | 000,768,154 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.05 12:21:33 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012.09.05 02:19:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.27 17:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.27 17:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.12 14:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 21:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 20:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.10.18 10:01:15 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\.minecraft
[2012.10.18 10:19:54 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\.techniclauncher
[2012.10.13 08:07:04 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Autodesk
[2012.11.16 14:20:00 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Azureus
[2012.10.13 08:06:43 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\DAEMON Tools Lite
[2012.09.29 08:23:07 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\GHISLER
[2012.11.20 04:37:19 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\ICQ
[2012.09.05 13:13:40 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\TS3Client

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.13 21:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.13 21:08:49 | 000,014,144 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< >

< MD5 for: ATAPI.SYS >
[2009.07.13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.13 17:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.13 17:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.13 17:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.13 17:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.13 15:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.13 15:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.13 15:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.07.13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010.09.07 10:20:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010.09.07 10:20:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.09.07 10:17:02 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010.09.07 10:20:51 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010.09.07 10:20:51 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.09.07 10:17:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.09.07 10:20:51 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.09.07 10:17:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.09.07 10:20:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.09.07 10:17:02 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.13 17:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.13 17:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.13 17:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.13 17:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009.07.13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.09.07 10:22:47 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2012.03.30 02:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2012.03.30 03:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012.03.30 03:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012.03.30 02:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010.09.07 10:22:47 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.13 17:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2012.03.30 03:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.09.07 10:20:51 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.09.07 10:20:51 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.09.07 10:20:51 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[9 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2010.11.06 04:29:17 | 026,690,560 | ---- | M] (Microsoft Corporation) -- C:\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.exe
[2012.09.05 12:35:57 | 123,231,216 | ---- | M] (Blizzard Entertainment) -- C:\World-of-Warcraft-Setup-enUS.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.10.18 10:01:15 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\.minecraft
[2012.10.18 10:19:54 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\.techniclauncher
[2012.09.07 10:52:59 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Adobe
[2012.09.05 11:25:15 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\ATI
[2012.10.13 08:07:04 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Autodesk
[2012.11.16 14:20:00 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Azureus
[2012.10.13 08:06:43 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\DAEMON Tools Lite
[2012.09.29 08:23:07 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\GHISLER
[2012.11.20 04:37:19 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\ICQ
[2012.09.05 10:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Identities
[2012.12.20 16:41:25 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\InstallShield
[2012.09.05 11:33:09 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Macromedia
[2012.10.10 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Malwarebytes
[2009.07.13 23:44:38 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Media Center Programs
[2012.12.20 16:02:29 | 000,000,000 | --SD | M] -- C:\Users\Nasgharet\AppData\Roaming\Microsoft
[2012.09.05 11:25:18 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Mozilla
[2012.11.16 14:59:16 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Nero
[2012.09.07 12:04:53 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\QuosaDDM
[2012.11.15 09:12:00 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Skype
[2012.10.30 16:07:15 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\Sun
[2012.09.05 13:13:40 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\TS3Client
[2012.11.18 23:55:03 | 000,000,000 | ---D | M] -- C:\Users\Nasgharet\AppData\Roaming\vlc

< %APPDATA%\*.exe /s >
[2012.08.12 13:21:56 | 000,617,969 | ---- | M] () -- C:\Users\Nasgharet\AppData\Roaming\.techniclauncher\tekkit_launcher_cracked.exe
[2012.10.18 10:18:40 | 000,733,685 | ---- | M] () -- C:\Users\Nasgharet\AppData\Roaming\.techniclauncher\unins000.exe
[2012.09.08 14:14:49 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Nasgharet\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2012.11.16 14:09:54 | 007,239,632 | ---- | M] (Azureus Software, Inc.) -- C:\Users\Nasgharet\AppData\Roaming\Azureus\tmp\AZU8102207419901671939.tmp\Vuze_4.8.0.0a_win32.exe
[2012.10.13 08:27:01 | 000,786,492 | ---- | M] () -- C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Templates\cryptedcybertoirrent.exe
[2012.10.13 08:27:04 | 015,823,872 | ---- | M] () -- C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Templates\Office 2010 Toolkit.exe
[2012.10.13 08:27:01 | 000,107,008 | ---- | M] () -- C:\Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Templates\Torrant.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.11.20 03:27:39 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\admparse.dll
[2012.11.20 03:27:41 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2012.11.20 03:27:41 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2012.11.20 03:26:18 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ExplorerFrame.dll
[2012.11.20 03:27:41 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\html.iec
[2012.11.20 03:27:40 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll
[2012.11.20 03:27:40 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ie4uinit.exe
[2012.11.20 03:27:42 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll
[2012.11.20 03:27:42 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll
[2012.11.20 03:27:39 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll
[2012.11.20 03:27:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll
[2012.11.20 03:27:41 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dat
[2012.11.20 03:27:40 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll
[2012.11.20 03:27:40 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2012.11.20 03:27:41 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2012.11.20 03:27:42 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2012.11.20 03:27:40 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2012.11.20 03:27:42 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2012.11.20 03:27:40 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2012.11.20 03:27:41 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2012.11.20 03:27:41 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.11.20 03:27:40 | 000,072,822 | ---- | M] () -- C:\Windows\system32\ieuinit.inf
[2012.11.20 03:27:39 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieUnatt.exe
[2012.11.20 03:27:40 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iexpress.exe
[2012.11.20 03:27:39 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll
[2012.11.20 03:27:40 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inetcpl.cpl
[2012.11.20 03:27:40 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll
[2012.11.20 03:27:42 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2012.11.20 03:27:42 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2012.11.20 03:27:42 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.11.20 03:27:40 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2012.11.20 03:26:18 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mf.dll
[2012.11.20 03:26:18 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfreadwrite.dll
[2012.11.20 03:27:40 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2012.11.20 03:27:42 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2012.11.20 03:27:42 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedssync.exe
[2012.11.20 03:27:39 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshta.exe
[2012.11.20 03:27:40 | 012,320,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2012.11.20 03:27:40 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.tlb
[2012.11.20 03:27:40 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2012.11.20 03:27:41 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll
[2012.11.20 03:27:42 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll
[2012.11.20 03:27:42 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll
[2012.11.20 03:27:39 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2012.11.20 03:12:23 | 000,768,154 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2012.11.20 03:27:40 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll
[2012.11.20 03:27:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\RegisterIEPKEYs.exe
[2012.11.20 03:27:41 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SetIEInstalledDate.exe
[2012.11.20 03:27:41 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tdc.ocx
[2012.11.20 03:27:40 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2012.11.20 03:27:42 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.11.20 03:27:40 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012.11.20 03:27:40 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll
[2012.11.20 03:27:40 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wextract.exe
[2012.11.20 03:27:42 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2012.11.20 03:26:18 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL
[2012.11.20 03:26:18 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2012.11.20 03:26:18 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll
[2012.11.20 03:26:18 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsRasterService.dll

< %SYSTEMDRIVE%\*.exe >
[2010.11.06 04:29:17 | 026,690,560 | ---- | M] (Microsoft Corporation) -- C:\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.exe
[2012.09.05 12:35:57 | 123,231,216 | ---- | M] (Blizzard Entertainment) -- C:\World-of-Warcraft-Setup-enUS.exe

< >

< *crack* /s >
[2012.08.12 13:21:56 | 000,617,969 | ---- | M] () -- \Users\Nasgharet\AppData\Roaming\.techniclauncher\tekkit_launcher_cracked.exe
[2012.06.24 05:01:48 | 000,568,305 | ---- | M] () -- \Users\Nasgharet\AppData\Roaming\.techniclauncher\tekkit_launcher_cracked.jar

< *keygen* /s >
[2010.11.06 04:29:17 | 026,690,560 | ---- | M] () -- \Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.exe

< *loader* /s >
[2007.09.26 19:37:48 | 000,107,816 | ---- | M] () -- \Program Files (x86)\Common Files\Nero\Shared\NSCLoader.dll
[2012.11.13 09:56:50 | 000,048,315 | ---- | M] () -- \Program Files (x86)\Full Tilt Poker\Graphics\Cashier\WebDialog\cashier_loader.mng
[2012.11.13 09:56:50 | 000,015,895 | ---- | M] () -- \Program Files (x86)\Full Tilt Poker\Graphics\Lobby\Backgrounds\LoaderChip.gif
[2010.11.29 23:32:34 | 000,170,288 | ---- | M] () -- \Program Files (x86)\Cheat Engine 6.2\Kernelmoduleunloader.exe
[2012.09.05 11:40:47 | 000,005,795 | ---- | M] () -- \Program Files (x86)\ICQ7M\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2012.09.05 11:40:47 | 000,004,180 | ---- | M] () -- \Program Files (x86)\ICQ7M\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2012.09.05 11:40:47 | 000,005,520 | ---- | M] () -- \Program Files (x86)\ICQ7M\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.09.05 11:42:09 | 000,000,402 | ---- | M] () -- \Program Files (x86)\ICQ7M\Xtraz\icq\content\profile_lightboxs\preloader.html
[2007.09.18 11:59:00 | 000,000,232 | ---- | M] () -- \ProgramData\Nero\Nero8\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.06.18 11:39:40 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.06.18 11:39:40 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2007.09.18 11:59:00 | 000,000,232 | ---- | M] () -- \Users\All Users\Nero\Nero8\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.06.18 11:39:40 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.06.18 11:39:40 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.10.18 22:15:17 | 000,079,438 | ---- | M] () -- \Users\Nasgharet\AppData\Roaming\.techniclauncher\technicssp\ForgeModLoader-0.log
[2012.10.18 10:15:29 | 000,082,914 | ---- | M] () -- \Users\Nasgharet\AppData\Roaming\.techniclauncher\technicssp\ForgeModLoader-1.log
[2012.10.18 10:11:43 | 000,082,571 | ---- | M] () -- \Users\Nasgharet\AppData\Roaming\.techniclauncher\technicssp\ForgeModLoader-2.log
[2012.08.12 13:55:08 | 000,001,980 | ---- | M] () -- \Users\Nasgharet\AppData\Roaming\.techniclauncher\tekkit\mods\ComputerCraft\org\luaj\vm2\luajc\JavaLoader.class
[2012.08.12 13:59:16 | 000,004,966 | ---- | M] () -- \Users\Nasgharet\AppData\Roaming\.techniclauncher\voxelmodpack\ModLoader.txt
[2012.08.12 13:59:10 | 000,000,250 | ---- | M] () -- \Users\Nasgharet\AppData\Roaming\.techniclauncher\voxelmodpack\config\ModLoader.cfg
[2012.08.12 13:57:36 | 000,000,833 | ---- | M] () -- \Users\Nasgharet\AppData\Roaming\.techniclauncher\yogbox\config\ModLoader.cfg
[2012.08.12 13:57:30 | 000,000,047 | ---- | M] () -- \Users\Nasgharet\AppData\Roaming\.techniclauncher\yogbox\config\mod_ModLoaderMp.cfg
[2012.10.15 14:37:41 | 000,000,986 | ---- | M] () -- \Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Recent\minecraft-1.3.2.rar+ModLoader+--OptiFine-HD+--TooManyItems-1-3-2+--X-Ray-Mod-Diamond-Edition-New-Functions-MineCraft-1-3-2+--1-3-2ReiMinimap+(1).rar.lnk
[2012.10.15 14:24:07 | 000,000,977 | ---- | M] () -- \Users\Nasgharet\AppData\Roaming\Microsoft\Windows\Recent\minecraft-1.3.2.rar+ModLoader+--OptiFine-HD+--TooManyItems-1-3-2+--X-Ray-Mod-Diamond-Edition-New-Functions-MineCraft-1-3-2+--1-3-2ReiMinimap+.rar.lnk
[2012.08.21 09:57:16 | 000,000,847 | ---- | M] () -- \Users\Nasgharet\Desktop\Původní data aplikace Firefox\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\CT2504091\content\tb\al\ac\img\ajax-loader.gif
[2012.08.21 09:57:16 | 000,001,135 | ---- | M] () -- \Users\Nasgharet\Desktop\Původní data aplikace Firefox\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\CT2504091\content\tb\al\ac\img\loader-icon.png
[2012.08.21 09:57:16 | 000,003,208 | ---- | M] () -- \Users\Nasgharet\Desktop\Původní data aplikace Firefox\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\CT2504091\content\tb\al\ui\gf\img\loader.gif
[2012.08.21 09:57:16 | 000,001,849 | ---- | M] () -- \Users\Nasgharet\Desktop\Původní data aplikace Firefox\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\CT2504091\content\tb\al\wa\TWITTER\resources\ajax-loader.gif
[2010.11.20 12:09:38 | 000,004,290 | ---- | M] () -- \Windows\SoftwareDistribution\Download\b04beb0563968a5dd8fb42f3a97a0f82\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_73a52105efe44483.manifest
[2010.11.20 14:33:18 | 000,004,338 | ---- | M] () -- \Windows\SoftwareDistribution\Download\b04beb0563968a5dd8fb42f3a97a0f82\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_344529e2e1c53ac6.manifest
[4 \Windows\SoftwareDistribution\Download\b04beb0563968a5dd8fb42f3a97a0f82\*.tmp files -> \Windows\SoftwareDistribution\Download\b04beb0563968a5dd8fb42f3a97a0f82\*.tmp -> ]
[2011.02.05 05:09:50 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_9c05f879842e1792.manifest
[2011.02.05 05:05:03 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_9c6455949d6c2720.manifest
[2011.02.05 09:34:40 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_9deb553581556a27.manifest
[2011.02.05 05:10:12 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_9e73f1b69a73f09a.manifest
[2011.07.15 20:19:58 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.13 17:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011.07.15 20:19:58 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.13 17:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.13 17:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.13 17:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.15 21:04:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_66c2596d956d1920\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.15 21:06:43 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_67770e0aae6a7c68\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.15 21:21:03 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.15 21:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.13 21:37:37 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.13 21:37:37 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009.07.13 21:37:37 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009.07.13 21:37:37 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009.07.13 21:37:37 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2012.11.20 03:06:40 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2012.11.20 03:06:40 | 000,640,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winload.efi_75834aa0
[2012.11.20 03:06:40 | 000,603,976 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winload.exe_75835076
[2012.11.20 03:06:40 | 000,556,928 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winresume.efi_85cd069f
[2012.11.20 03:06:40 | 000,518,160 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winresume.exe_85cd1215
[2009.07.13 18:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.13 18:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.13 18:44:20 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.13 18:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 05:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 05:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010.11.20 06:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 09:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 05:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.13 18:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.13 17:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.13 17:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.15 20:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.15 20:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.15 20:15:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.15 20:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >
[2012.09.05 12:21:33 | 000,000,161 | ---- | M] () -- \Windows\AutoKMS.ini

< *activator* /s >
[2010.11.06 04:29:17 | 026,690,560 | ---- | M] () -- \Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.exe

< *serial* /s >
[2011.03.09 23:43:26 | 000,413,696 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.dll
[2012.09.05 11:38:25 | 001,186,816 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.ni.dll
[2012.11.07 10:02:40 | 000,005,687 | ---- | M] () -- \Program Files (x86)\PokerStars.BE\gx\tokenserial.jpg
[2009.06.10 13:13:54 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2012.09.06 00:57:22 | 000,009,157 | ---- | M] () -- \Program Files (x86)\World of Warcraft\Interface\AddOns\Recount\Libs\AceSerializer-3.0\AceSerializer-3.0.lua
[2012.09.06 00:57:22 | 000,000,219 | ---- | M] () -- \Program Files (x86)\World of Warcraft\Interface\AddOns\Recount\Libs\AceSerializer-3.0\AceSerializer-3.0.xml
[2009.06.10 12:30:43 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.06.10 13:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 13:13:54 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009.07.13 20:56:20 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
[2012.11.20 04:42:53 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c1bff5f46cf9ec5186685b6621fef5b5\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2009.07.13 20:55:32 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.11.20 04:46:11 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\efa9e54ec6d1c234a78aca6ecbb6c862\System.Runtime.Serialization.ni.dll
[2009.07.13 20:59:40 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\12aaff696a0c54773664b4c5407deaa2\System.Runtime.Serialization.ni.dll
[2012.11.20 04:53:04 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\3178f4c6df1fb2ca82ca83b6a925a0b5\System.Runtime.Serialization.ni.dll
[2012.11.20 04:37:40 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\60365c7159f18e4eff8f76f8e4912af7\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2009.07.13 20:57:59 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\d0c6d3aadce1e38bbcb06905e132a503\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.11.20 04:05:04 | 002,637,312 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\11b2c681b23124b8e7542acde7f84d4b\System.Runtime.Serialization.ni.dll
[2012.11.20 04:04:41 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2d44f6e93ea648bf26c40404b4db1b53\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.11.20 03:33:16 | 003,403,776 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1ff4adedd899791ab77eb3eb4b54f385\System.Runtime.Serialization.ni.dll
[2012.11.20 03:35:52 | 000,376,320 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\48ee371e63daee05040c8fb5a78a7f3e\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.11.20 03:50:46 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.11.20 03:50:44 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009.06.10 13:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 13:14:06 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010.03.18 12:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 12:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 12:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 12:30:46 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010.03.18 12:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 12:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.20 05:55:00 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_hu-hu_1778ab4419ab99ad.manifest
[2010.11.20 05:50:38 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_nl-nl_28520112cd09eae9.manifest
[2010.11.20 05:54:56 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_sv-se_0bbde5ad62777806.manifest
[2010.11.20 06:45:14 | 000,001,638 | ---- | M] () -- \Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_zh-cn_493a46a2345c6076.manifest
[2010.11.20 06:43:54 | 000,001,638 | ---- | M] () -- \Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_zh-tw_48d9179c34a52b86.manifest
[1 \Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\*.tmp files -> \Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\*.tmp -> ]
[2009.07.13 17:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.13 16:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 12:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009.07.13 18:10:04 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009.07.13 17:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2009.07.13 18:10:04 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\en-US\serialui.dll.mui
[2009.07.13 18:26:50 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781\serialui.dll.mui
[2009.07.13 17:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2009.07.13 18:30:28 | 000,010,240 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_64015f894ce7c72a\serial.sys.mui
[2009.07.13 16:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 12:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 12:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2009.06.10 12:30:46 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c\System.Runtime.Serialization.dll
[2009.06.10 12:30:43 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05\System.Runtime.Serialization.dll
[2012.11.20 03:06:40 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2012.11.20 03:06:40 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933_kdcom.dll_db5e7744
[2009.07.13 21:37:34 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781_serialui.dll.mui_7d29d2a3
[2009.07.13 18:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2009.07.13 21:37:35 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009.07.13 18:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.13 18:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 05:10:43 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2011.02.05 05:05:47 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1.manifest
[2011.02.05 09:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 05:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.13 18:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2009.07.13 18:26:23 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c.manifest
[2010.11.20 06:21:24 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2009.07.13 18:27:09 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05.manifest
[2010.11.20 06:22:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2009.07.13 17:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010.11.20 05:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2009.07.13 18:42:40 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2009.07.13 17:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010.11.20 05:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2009.07.13 17:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010.11.20 05:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2009.06.10 13:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 13:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2009.06.10 13:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2009.07.13 18:10:04 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009.07.13 17:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.06.10 13:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT

< End of report >

#26 Příspěvek od **Márty84** » 20 lis 2012 11:05

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
SkypeUpdate
AdobeARMservice
Nero BackItUp Scheduler 3
NMIndexingService

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Users\Nasgharet\AppData\Local\Akamai
C:\Windows\AutoKMS.exe

:otl
O4:64bit: - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe File not found
O4 - HKU\S-1-5-21-2026935260-663704885-634960974-1000..\Run: [Akamai NetSession Interface] C:\Users\Nasgharet\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012.09.05 12:21:33 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[9 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[2010.11.06 04:29:17 | 026,690,560 | ---- | M] (Microsoft Corporation) -- C:\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.exe
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AutoKMS"=-
"BCSSync"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"ICQ"=-
"Akamai NetSession Interface"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=-
"SunJavaUpdateSched"=-
"Adobe ARM"=-
"Aeria Ignite"=-
"NBKeyScan"=-

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

BlackAngel · #27 Příspěvek od **BlackAngel** » 20 lis 2012 16:21

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nasgharet
->Temp folder emptied: 1367405362 bytes
->Temporary Internet Files folder emptied: 655963 bytes
->Java cache emptied: 3177543 bytes
->FireFox cache emptied: 154883503 bytes
->Flash cache emptied: 20694 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71646849 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46426966 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 568,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Nasgharet
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service Nero BackItUp Scheduler 3 stopped successfully!
Service Nero BackItUp Scheduler 3 deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Users\Nasgharet\AppData\Local\Akamai\Logs\dump folder moved successfully.
C:\Users\Nasgharet\AppData\Local\Akamai\Logs folder moved successfully.
C:\Users\Nasgharet\AppData\Local\Akamai\Languages folder moved successfully.
C:\Users\Nasgharet\AppData\Local\Akamai\Cache folder moved successfully.
C:\Users\Nasgharet\AppData\Local\Akamai folder moved successfully.
File\Folder C:\Windows\AutoKMS.exe not found.
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2026935260-663704885-634960974-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
File C:\Users\Nasgharet\AppData\Local\Akamai\netsession_win.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\AutoKMS.ini moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.exe moved successfully.
ADS C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Aeria Ignite deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\NBKeyScan deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 11202012_161357

Files\Folders moved on Reboot...
C:\Users\Nasgharet\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#28 Příspěvek od **Márty84** » 20 lis 2012 19:09

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

BlackAngel · #29 Příspěvek od **BlackAngel** » 21 lis 2012 00:05

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows 7 (6.1.7600 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : Nasgharet [Práva správce]
Mód : Kontrola -- Datum : 11/21/2012 00:02:53

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] ts3client_win64.exe -- C:\Users\Nasgharet\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe -> KILLED [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM500JI ATA Device +++++
--- User ---
[MBR] 003d3b3a90a7f531d567bee20befc88d
[BSP] 83503e9f536c2403b58219c365181281 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204800000 | Size: 376938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_11212012_02d0002.txt >>
RKreport[1]_S_11212012_02d0002.txt

#30 Příspěvek od **Márty84** » 21 lis 2012 09:52

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

Pak zkuste nainstalovat Avast http://www.stahuj.centrum.cz/utility_a_ ... tni/avast/ a napiste, jak se to chova.

VIRY.CZ

prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu