boo/tdss

Zpráva

ajdus · #1 Příspěvek od **ajdus** » 24 led 2012 15:52

Ahojte, dostala sa mi do notebooku tato haved -> http://www.bleepingcomputer.com/virus-r ... diagnostic
odstranoval som podla navodu z danej stranky. Vsetko prebehlo hladko, akurat unhide program nezafungoval a ostali v pocitaci nejake zmeny v nastaveniach - start menu... Avira mi nasledne vyhodila, ze nasla rootkit boo/tdss.o , dal som v nej odstranit, ale pocitac napriek tomu siel pomaly a nevratil sa do povodneho stavu. Prebehol som ho este ccleanerom a superantispywarom, po ccleanerovi sa niektore nastavenia vratili do normalu... Pohladal som na nete este ohladom odstranovania tdss rootkitov a stiahol som tdsskiller od kaspersky, ale tento mi ani po premenovani nechce spustit.
Prosim o kontrolu logu, nakolko pocitac je stale pomaly a vypadava skype - pri telefonate, z ineho pocitaca na sieti ide normalne, takisto mi pada IE.

info.txt logfile of random's system information tool 1.09 2012-01-24 15:42:15

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
64 Bit HP CIO Components Installer-->MsiExec.exe /I{5737101A-27C4-408A-8A57-D1DC78DF84B4}
7-Zip 4.64 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0464-000001000000}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe -maintain activex
Adobe Reader X (10.0.1)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}
Android SDK Tools-->C:\Program Files (x86)\Android\android-sdk\uninstall.exe
ArcSoft TotalMedia Theatre 5-->"C:\Program Files (x86)\InstallShield Installation Information\{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}\setup.exe" -runfromtemp -l0x0409 -removeonly
ArcSoft TotalMedia Theatre 5-->C:\Program Files (x86)\InstallShield Installation Information\{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}\setup.exe
Axosoft OnTime 2009 Windows-->C:\Program Files (x86)\Axosoft\OnTime 2009\OnTime Windows\uninstall.exe
Balsamiq Mockups For Desktop-->msiexec /qb /x {0AAB2598-CEC2-9CEF-89FD-3D0E3EC91FAF}
Balsamiq Mockups For Desktop-->MsiExec.exe /I{0AAB2598-CEC2-9CEF-89FD-3D0E3EC91FAF}
Canon LBP3100/LBP3108/LBP3150-->C:\Program Files\Canon\PrnUninstall\Canon LBP3100 LBP3108 LBP3150\CNAB9UND.EXE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Configuration Software LM049-->MsiExec.exe /I{ACCA68D7-7994-489D-975F-B28A22766126}
Dia (iba odstrániť)-->C:\Program Files (x86)\Dia\dia-0.97.1-uninstall.exe
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_A0AC09CE5247ECEF.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP 3D DriveGuard-->MsiExec.exe /X{B0BCE180-9663-46A7-87CC-CBF9958094CD}
HP ESU for Microsoft Windows 7-->MsiExec.exe /X{4392D17C-EBD9-4BF3-B292-FE3DC9BEDE2B}
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
HP Quick Launch Buttons-->"C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\SETUP.EXE" -runfromtemp -l0x041b -removeonly uninst
HP Webcam Driver-->C:\Program Files (x86)\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x001b -removeonly
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\SETUP.EXE" -remove -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Java(TM) 6 Update 24 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416024FF}
Java(TM) 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF}
Java(TM) SE Development Kit 6 Update 24 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0160240}
LM149 Configuration Software version 1.2_Win7-->"C:\Program Files (x86)\LM Technologies\LM149 Configuration Software Win7\unins000.exe"
LSI HDA Modem-->C:\Windows\agrsmdel
Media Player Classic - Home Cinema v1.4.2499.0 x64-->"C:\Program Files\Media Player Classic - Home Cinema\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft Device Emulator (64 bit) version 3.0 - ENU-->MsiExec.exe /X{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}
Microsoft Expression Blend 3 SDK-->MsiExec.exe /X{256E7DAC-9BE8-494E-8DE7-7857BF96B774}
Microsoft Expression Blend 4-->"C:\Program Files (x86)\Microsoft Expression\Blend 4\XSetup.exe" -x -AppLangId:1033 "-manifest:BlendManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Blend 4\Setup\;C:\Users\ajdus\Desktop\FOtos akcia\zliecho\Setup"
Microsoft Expression Blend 4-->MsiExec.exe /X{4C6D5779-A766-45DF-9938-D6F595A66F2B}
Microsoft Expression Blend SDK for .NET 4-->MsiExec.exe /X{9B3A1C97-A361-463E-8817-444F9F88CDFE}
Microsoft Expression Blend SDK for Silverlight 4-->MsiExec.exe /X{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}
Microsoft Expression Design 4-->"C:\Program Files (x86)\Microsoft Expression\Design 4\XSetup.exe" -x -AppLangId:1033 "-manifest:DesignManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Design 4\Setup\;C:\Users\ajdus\Desktop\FOtos akcia\zliecho\Setup"
Microsoft Expression Design 4-->MsiExec.exe /X{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}
Microsoft Expression Encoder 4 Screen Capture Codec-->MsiExec.exe /X{BF127B80-CFD5-4379-9752-E8AF1A5D0141}
Microsoft Expression Encoder 4-->"C:\Program Files (x86)\Microsoft Expression\Encoder 4\XSetup.exe" -x -AppLangId:1033 "-manifest:EncoderManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Encoder 4\Setup\;C:\Users\ajdus\Desktop\FOtos akcia\zliecho\Setup"
Microsoft Expression Encoder 4-->MsiExec.exe /X{07EF3970-F8E5-4A27-A5A3-230484D35026}
Microsoft Expression Studio 4-->"C:\Program Files (x86)\Microsoft Expression\Studio 4\XSetup.exe" -x -AppLangId:1033 "-manifest:ExpressionStudioManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Studio 4\Setup\;C:\Users\ajdus\Desktop\FOtos akcia\zliecho\Setup"
Microsoft Expression Studio 4-->MsiExec.exe /X{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}
Microsoft Help Viewer 1.1-->c:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.1\install.exe
Microsoft Help Viewer 1.1-->MsiExec.exe /X{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight 3 SDK-->MsiExec.exe /X{2012098D-EEE9-4769-8DD3-B038050854D4}
Microsoft Silverlight 4 SDK-->MsiExec.exe /X{05855322-BE43-41FE-B583-D3AE0C326D58}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files (x86)\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2008 R2 Management Objects-->MsiExec.exe /I{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server Compact 3.5 SP2 x64 ENU-->MsiExec.exe /I{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}
Microsoft SQL Server Native Client-->MsiExec.exe /I{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server System CLR Types-->MsiExec.exe /I{877B76B2-F83F-4F5A-B28D-3F398641ADB6}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B636C9B9-A3F2-4DCE-ADCC-72E095018385}
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C# 2010 Express - ENU-->C:\Program Files (x86)\Microsoft Visual Studio 10.0\Microsoft Visual C# 2010 Express - ENU\setup.exe
Microsoft Visual C# 2010 Express - ENU-->MsiExec.exe /X{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219-->MsiExec.exe /X{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219-->MsiExec.exe /X{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools-->MsiExec.exe /X{14DD7530-CCD2-3798-B37D-3839ED6A441C}
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU-->MsiExec.exe /X{BCA26999-EC22-3007-BB79-638913079C9A}
Microsoft Visual Studio 2010 Service Pack 1-->C:\ProgramData\VS\vs10sp1\SetupCache\Setup.exe
Microsoft Visual Studio 2010 Service Pack 1-->MsiExec.exe /X{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->MsiExec.exe /X{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}
Mozilla Thunderbird (8.0)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenVPN 2.1_rc19-->C:\Program Files (x86)\OpenVPN\Uninstall.exe
Paint.NET v3.5.10-->MsiExec.exe /X{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}
RICOH Media Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{F5CC2EF8-20A4-4366-A681-3FE849E65809}\SETUP.EXE" -runfromtemp -l0x0009 anything -removeonly
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}
Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}
Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Groove 2007 (KB2552997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A1CBF7D-4704-40BC-B31C-AA761884A3E4}
Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
SharpKeys-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B6685367-A8AD-4414-A2A3-10B40EC5CF30}\setup.exe" SharpKeys
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
SQL Anywhere 10, Documentation-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3884B191-7826-4A78-8BAF-A41ECE27D883}\setup.exe" -l0x9 -removeonly
SQL Anywhere 10, Software-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{220C7FD5-D9EB-445A-BC17-337B93231774}\is_setup.exe" -l0x9 -removeonly
SQL Anywhere Studio 9, Documentation-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D2B0FD55-03C2-4B7F-A67F-C042C260371F}\setup.exe" -l0x9 UNINSTALLING
SQL Anywhere Studio 9, Software-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F653AB56-DB37-415B-8DDD-EF5BC1982150}\is_setup.exe" -l0x09 UNINSTALLING
SQLite Expert Professional 3.3.34-->"C:\Program Files (x86)\SQLite Expert\Professional 3\unins000.exe"
Sybase ODBC 1.0-->"C:\Windows\SysWOW64\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Telerik RadControls for Silverlight Q1 2011-->MsiExec.exe /I{277A9286-C489-4C41-B266-7C53AD69B07D}
TortoiseSVN 1.6.15.21042 (64 bit)-->MsiExec.exe /X{45EF12B0-F531-4A2C-A1C0-6B1495698E30}
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {48202D27-A6D4-4264-A184-51A6E8AD7C40}
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB2583910)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BDC21583-5601-4B2B-88F3-7919F6DE8FB1}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /X{112C23F2-C036-4D40-BED4-0CB47BF5555C}
VLC media player 1.1.4-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WCF RIA Services V1.0 SP1-->MsiExec.exe /X{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-win7x64-brcm.inf_amd64_neutral_9f61c0dbf5607025\bcbtums-win7x64-brcm.inf
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-vistax64-brcm.inf_amd64_neutral_669857059b361c7a\bcbtums-vistax64-brcm.inf
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbthid64.inf_amd64_neutral_737f347105a3e66a\bcbthid64.inf
Windows Mobile 6.5 Professional Developer Tool Kit - USA-->MsiExec.exe /I{756FCCAB-223D-4814-A207-78ED113F4497}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{92DBCA36-9B41-4DD1-941A-AED149DD37F0}
Windows Mobile Device Center-->MsiExec.exe /X{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}
WPF Toolkit February 2010 (Version 3.5.50211.1)-->MsiExec.exe /X{5EE6E987-1B79-4A93-832B-27472C7D1579}

======System event log======

Computer Name: SKN11005.visicom-ba.in.visicom.sk
Event Code: 1014
Message: Name resolution for the name visicom-ba.in.visicom.sk timed out after none of the configured DNS servers responded.
Record Number: 171881
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20120124003715.828156-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: SKN11005.visicom-ba.in.visicom.sk
Event Code: 1014
Message: Name resolution for the name visicom-ba.in.visicom.sk timed out after none of the configured DNS servers responded.
Record Number: 158978
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20120123233714.377165-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: SKN11005.visicom-ba.in.visicom.sk
Event Code: 129
Message: NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
Record Number: 158977
Source Name: Microsoft-Windows-Time-Service
Time Written: 20120123233707.905795-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: SKN11005.visicom-ba.in.visicom.sk
Event Code: 129
Message: NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
Record Number: 158976
Source Name: Microsoft-Windows-Time-Service
Time Written: 20120123233706.403709-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: SKN11005.visicom-ba.in.visicom.sk
Event Code: 129
Message: NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
Record Number: 158900
Source Name: Microsoft-Windows-Time-Service
Time Written: 20120123233634.890906-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

=====Application event log=====

Computer Name: SKN11005
Event Code: 63
Message: A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 322
Source Name: Microsoft-Windows-WMI
Time Written: 20110324115123.000000-000
Event Type: Warning
User: SKN11005\VisAdmin

Computer Name: SKN11005
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 252
Source Name: Microsoft-Windows-WMI
Time Written: 20110324113906.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: SKN11005
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 251
Source Name: Microsoft-Windows-WMI
Time Written: 20110324113906.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: SKN11005
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1150535564-3758460548-1635682435-1000:
Process 440 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1150535564-3758460548-1635682435-1000

Record Number: 155
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110324113400.321367-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 122
Source Name: Microsoft-Windows-Search
Time Written: 20110324112815.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110324112014.433256-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110324112014.433256-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x55f42
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110324112014.136855-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110324112012.405252-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110324112012.327252-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32;C:\Program Files (x86)\Sybase\Shared\win32;C:\Program Files (x86)\Sybase\SQL Anywhere 9\drivers;C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32;C:\Program Files\SQL Anywhere 10\x64;C:\Program Files\SQL Anywhere 10\win32;C:\Program Files\SQL Anywhere 10\Sybase Central 5.0.0\win32;c:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\TortoiseSVN\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=2502
"ASANY9"=C:\Program Files (x86)\Sybase\SQL Anywhere 9
"ASANYSH9"=C:\Program Files (x86)\Sybase\Shared
"ASANYSAMP9"=C:\Users\Public\Documents\SQL Anywhere 9\Samples
"SQLANY10"=C:\Program Files\SQL Anywhere 10
"SQLANYSH10"=C:\Program Files\SQL Anywhere 10
"SQLANYSAMP10"=C:\Users\Public\Documents\SQL Anywhere 10\Samples

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 24 led 2012 17:13

Zdravim a pekny den preji

Poprosim i o druhy log z RSIT s nazvem log.txt, je ulozen v c:\rsit

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Po dokonceni skenu kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte

ajdus · #3 Příspěvek od **ajdus** » 24 led 2012 17:23

RSIT LOG.TXT ->

Logfile of random's system information tool 1.09 (written by random/random)
Run by ajdus at 2012-01-24 15:41:41
Microsoft Windows 7 Professional
System drive C: has 33 GB (15%) free of 221 GB
Total RAM: 3894 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:42:02, on 24. 1. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\trend micro\ajdus.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://85.248.4.35/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = visicom-ba.in.visicom.sk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = visicom-ba.in.visicom.sk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = visicom-ba.in.visicom.sk
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11255 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"taskhost.exe"
taskeng.exe {C719B121-F8CE-423A-B7A0-631282AAEE77}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
"C:\Program Files\TortoiseSVN\bin\TSVNCache.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YC9AD4T3\RSITx64.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe /Embedding

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814806384-1302983816-2195790352-1525Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814806384-1302983816-2195790352-1525UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-24 458352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-19 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-24 342128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-24 458352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-24 342128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2009-11-18 487424]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-25 186904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-10-10 1861416]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-21 162584]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-21 386840]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-21 417560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNAP2 Launcher]
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [2007-09-05 406944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\ajdus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-29 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS]
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2009-11-04 111640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe /systray /nologon []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-11 287800]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2011-06-15 307200]

C:\Users\ajdus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-03 272896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
wlnotify.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWelcomeScreen"=1
"NoActiveDesktop"=1
"DisablePersonalDirChange"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-01-24 15:41:41 ----D---- C:\rsit
2012-01-24 15:41:41 ----D---- C:\Program Files\trend micro
2012-01-24 15:36:03 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-01-24 15:17:05 ----A---- C:\Windows\system32\PerfStringBackup.TMP
2012-01-24 15:12:40 ----D---- C:\Program Files\CCleaner
2012-01-24 15:12:31 ----D---- C:\Program Files\Google
2012-01-24 15:11:43 ----D---- C:\ProgramData\Google
2012-01-24 15:11:43 ----D---- C:\Program Files (x86)\Google
2012-01-24 08:04:57 ----D---- C:\Users\ajdus\AppData\Roaming\PCToolsFirewallPlus
2012-01-24 08:04:07 ----D---- C:\Users\ajdus\AppData\Roaming\Spam Monitor
2012-01-24 03:19:58 ----D---- C:\Windows\symbols
2012-01-24 03:12:24 ----D---- C:\ProgramData\VS
2012-01-24 03:02:51 ----SHD---- C:\Config.Msi
2012-01-23 21:04:10 ----A---- C:\Windows\system32\drivers\Cat.DB
2012-01-23 09:21:53 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2012-01-23 09:21:53 ----A---- C:\Windows\system32\drivers\usbport.sys
2012-01-23 09:21:53 ----A---- C:\Windows\system32\drivers\usbohci.sys
2012-01-23 09:21:53 ----A---- C:\Windows\system32\drivers\usbhub.sys
2012-01-23 09:21:53 ----A---- C:\Windows\system32\drivers\usbehci.sys
2012-01-23 09:21:53 ----A---- C:\Windows\system32\drivers\usbd.sys
2012-01-23 09:21:53 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2012-01-23 09:21:52 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2012-01-23 09:21:52 ----A---- C:\Windows\system32\drivers\bthport.sys
2012-01-23 09:21:44 ----A---- C:\Windows\system32\esent.dll
2012-01-23 09:21:44 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-01-23 09:21:43 ----A---- C:\Windows\SYSWOW64\esent.dll
2012-01-23 09:21:43 ----A---- C:\Windows\system32\fsutil.exe
2012-01-23 09:21:43 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2012-01-23 09:21:43 ----A---- C:\Windows\system32\drivers\storport.sys
2012-01-23 09:21:43 ----A---- C:\Windows\system32\drivers\nvstor.sys
2012-01-23 09:21:43 ----A---- C:\Windows\system32\drivers\nvraid.sys
2012-01-23 09:21:43 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2012-01-23 09:21:43 ----A---- C:\Windows\system32\drivers\amdxata.sys
2012-01-23 09:21:43 ----A---- C:\Windows\system32\drivers\amdsata.sys
2012-01-23 09:21:42 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2012-01-23 09:20:51 ----A---- C:\Windows\system32\schannel.dll
2012-01-23 09:20:51 ----A---- C:\Windows\system32\lsasrv.dll
2012-01-23 09:20:50 ----A---- C:\Windows\SYSWOW64\webio.dll
2012-01-23 09:20:50 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-01-23 09:20:50 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-01-23 09:20:50 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-01-23 09:20:50 ----A---- C:\Windows\system32\drivers\cng.sys
2012-01-23 09:20:49 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-01-23 09:20:49 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-01-23 09:20:49 ----A---- C:\Windows\system32\webio.dll
2012-01-23 09:20:49 ----A---- C:\Windows\system32\sspisrv.dll
2012-01-23 09:20:49 ----A---- C:\Windows\system32\sspicli.dll
2012-01-23 09:20:49 ----A---- C:\Windows\system32\secur32.dll
2012-01-23 09:20:49 ----A---- C:\Windows\system32\lsass.exe
2012-01-23 08:20:02 ----D---- C:\Windows\SYSWOW64\Wat
2012-01-23 08:20:02 ----D---- C:\Windows\system32\Wat
2012-01-22 22:14:21 ----A---- C:\Windows\SYSWOW64\wcncsvc.dll
2012-01-22 22:14:21 ----A---- C:\Windows\system32\wcncsvc.dll
2012-01-22 22:04:21 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2012-01-22 22:04:21 ----A---- C:\Windows\system32\msv1_0.dll
2012-01-22 21:46:36 ----D---- C:\Program Files (x86)\MSXML 4.0
2012-01-22 21:44:47 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-01-22 21:38:50 ----A---- C:\Windows\system32\browserchoice.exe
2012-01-22 21:14:33 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-01-22 21:14:33 ----A---- C:\Windows\system32\mshtmled.dll
2012-01-22 21:14:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-01-22 21:14:32 ----A---- C:\Windows\SYSWOW64\url.dll
2012-01-22 21:14:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-01-22 21:14:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-01-22 21:14:32 ----A---- C:\Windows\system32\urlmon.dll
2012-01-22 21:14:32 ----A---- C:\Windows\system32\url.dll
2012-01-22 21:14:32 ----A---- C:\Windows\system32\jsproxy.dll
2012-01-22 21:14:32 ----A---- C:\Windows\system32\ieui.dll
2012-01-22 21:14:32 ----A---- C:\Windows\system32\iertutil.dll
2012-01-22 21:14:31 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-01-22 21:14:31 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-01-22 21:14:31 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-01-22 21:14:31 ----A---- C:\Windows\system32\wininet.dll
2012-01-22 21:14:31 ----A---- C:\Windows\system32\jscript9.dll
2012-01-22 21:14:30 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-01-22 21:14:30 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-01-22 21:14:30 ----A---- C:\Windows\system32\jscript.dll
2012-01-22 21:14:28 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-01-22 21:14:28 ----A---- C:\Windows\system32\mshtml.dll
2012-01-22 21:14:28 ----A---- C:\Windows\system32\ieframe.dll
2012-01-22 18:22:39 ----D---- C:\3ee0d68a4f7d2aafdf29dd853885fa
2012-01-22 18:00:47 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2012-01-22 18:00:47 ----A---- C:\Windows\system32\drivers\ks.sys
2012-01-22 17:38:55 ----D---- C:\ProgramData\PC Tools
2012-01-22 17:38:55 ----D---- C:\Program Files (x86)\Spyware Doctor
2012-01-22 17:38:42 ----AD---- C:\ProgramData\TEMP
2012-01-22 17:34:31 ----D---- C:\Users\ajdus\AppData\Roaming\GetRightToGo
2012-01-22 17:19:15 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2012-01-22 17:19:15 ----A---- C:\Windows\system32\xmllite.dll
2012-01-22 17:19:14 ----A---- C:\Windows\system32\kerberos.dll
2012-01-22 17:19:13 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2012-01-22 17:18:07 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2012-01-22 17:18:07 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2012-01-22 17:18:07 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2012-01-22 17:18:07 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2012-01-22 17:18:07 ----A---- C:\Windows\system32\odbctrac.dll
2012-01-22 17:18:07 ----A---- C:\Windows\system32\odbccu32.dll
2012-01-22 17:18:07 ----A---- C:\Windows\system32\odbccr32.dll
2012-01-22 17:18:07 ----A---- C:\Windows\system32\odbccp32.dll
2012-01-22 17:18:06 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2012-01-22 17:17:58 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2012-01-22 17:17:58 ----A---- C:\Windows\system32\asycfilt.dll
2012-01-22 17:17:56 ----A---- C:\Windows\system32\drivers\dfsc.sys
2012-01-22 17:17:41 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2012-01-22 17:17:41 ----A---- C:\Windows\system32\poqexec.exe
2012-01-22 17:17:35 ----A---- C:\Windows\explorer.exe
2012-01-22 17:17:34 ----A---- C:\Windows\SYSWOW64\explorer.exe
2012-01-22 17:17:29 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2012-01-22 17:17:29 ----A---- C:\Windows\system32\CPFilters.dll
2012-01-22 17:17:28 ----A---- C:\Windows\SYSWOW64\sbe.dll
2012-01-22 17:17:28 ----A---- C:\Windows\system32\sbe.dll
2012-01-22 17:17:11 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2012-01-22 17:17:11 ----A---- C:\Windows\SYSWOW64\quartz.dll
2012-01-22 17:17:11 ----A---- C:\Windows\system32\t2embed.dll
2012-01-22 17:17:11 ----A---- C:\Windows\system32\quartz.dll
2012-01-22 17:17:10 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-01-22 17:17:10 ----A---- C:\Windows\system32\qdvd.dll
2012-01-22 17:17:06 ----A---- C:\Windows\system32\ole32.dll
2012-01-22 17:17:05 ----A---- C:\Windows\SYSWOW64\ole32.dll
2012-01-22 17:17:00 ----A---- C:\Windows\system32\schedsvc.dll
2012-01-22 17:16:59 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2012-01-22 17:16:59 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2012-01-22 17:16:59 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2012-01-22 17:16:59 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2012-01-22 17:16:59 ----A---- C:\Windows\system32\wmicmiplugin.dll
2012-01-22 17:16:59 ----A---- C:\Windows\system32\taskschd.dll
2012-01-22 17:16:59 ----A---- C:\Windows\system32\taskeng.exe
2012-01-22 17:16:59 ----A---- C:\Windows\system32\taskcomp.dll
2012-01-22 17:16:59 ----A---- C:\Windows\system32\schtasks.exe
2012-01-22 17:16:52 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2012-01-22 17:16:52 ----A---- C:\Windows\system32\tquery.dll
2012-01-22 17:16:52 ----A---- C:\Windows\system32\mssrch.dll
2012-01-22 17:16:51 ----A---- C:\Windows\SYSWOW64\tquery.dll
2012-01-22 17:16:51 ----A---- C:\Windows\system32\SearchIndexer.exe
2012-01-22 17:16:51 ----A---- C:\Windows\system32\mssph.dll
2012-01-22 17:16:50 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2012-01-22 17:16:50 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2012-01-22 17:16:50 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2012-01-22 17:16:50 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2012-01-22 17:16:50 ----A---- C:\Windows\SYSWOW64\mssph.dll
2012-01-22 17:16:50 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2012-01-22 17:16:50 ----A---- C:\Windows\system32\SearchFilterHost.exe
2012-01-22 17:16:50 ----A---- C:\Windows\system32\mssvp.dll
2012-01-22 17:16:50 ----A---- C:\Windows\system32\msscntrs.dll
2012-01-22 17:16:49 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2012-01-22 17:16:49 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2012-01-22 17:16:49 ----A---- C:\Windows\system32\mssphtb.dll
2012-01-22 17:16:32 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2012-01-22 17:16:32 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2012-01-22 17:16:32 ----A---- C:\Windows\system32\mfc42u.dll
2012-01-22 17:16:32 ----A---- C:\Windows\system32\mfc42.dll
2012-01-22 17:16:26 ----A---- C:\Windows\SYSWOW64\sscore.dll
2012-01-22 17:16:26 ----A---- C:\Windows\system32\srvsvc.dll
2012-01-22 17:16:21 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2012-01-22 17:16:20 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2012-01-22 17:16:20 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2012-01-22 17:16:17 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2012-01-22 17:16:17 ----A---- C:\Windows\system32\StructuredQuery.dll
2012-01-22 17:16:12 ----A---- C:\Windows\system32\shell32.dll
2012-01-22 17:16:11 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-01-22 17:16:05 ----A---- C:\Windows\system32\drivers\afd.sys
2012-01-22 17:15:57 ----A---- C:\Windows\SYSWOW64\CertEnroll.dll
2012-01-22 17:15:57 ----A---- C:\Windows\system32\CertEnroll.dll
2012-01-22 17:15:23 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2012-01-22 17:15:23 ----A---- C:\Windows\SYSWOW64\secproc.dll
2012-01-22 17:15:23 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2012-01-22 17:15:23 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2012-01-22 17:15:23 ----A---- C:\Windows\system32\secproc_isv.dll
2012-01-22 17:15:23 ----A---- C:\Windows\system32\secproc.dll
2012-01-22 17:15:23 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2012-01-22 17:15:23 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2012-01-22 17:15:23 ----A---- C:\Windows\system32\RMActivate_isv.exe
2012-01-22 17:15:23 ----A---- C:\Windows\system32\RMActivate.exe
2012-01-22 17:15:22 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2012-01-22 17:15:22 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2012-01-22 17:15:22 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2012-01-22 17:15:22 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2012-01-22 17:15:22 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2012-01-22 17:15:22 ----A---- C:\Windows\system32\secproc_ssp.dll
2012-01-22 17:15:15 ----A---- C:\Windows\system32\msdri.dll
2012-01-22 17:14:48 ----A---- C:\Windows\system32\csrsrv.dll
2012-01-22 17:14:46 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-01-22 17:14:35 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2012-01-22 17:14:35 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2012-01-22 17:14:16 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2012-01-22 17:14:16 ----A---- C:\Windows\system32\comctl32.dll
2012-01-22 17:14:10 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2012-01-22 17:14:10 ----A---- C:\Windows\system32\XpsPrint.dll
2012-01-22 17:14:00 ----A---- C:\Windows\system32\winlogon.exe
2012-01-22 17:13:53 ----A---- C:\Windows\SYSWOW64\upnp.dll
2012-01-22 17:13:53 ----A---- C:\Windows\system32\upnp.dll
2012-01-22 17:13:53 ----A---- C:\Windows\system32\msxml6.dll
2012-01-22 17:13:53 ----A---- C:\Windows\system32\msxml3.dll
2012-01-22 17:13:52 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-01-22 17:13:52 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-01-22 17:13:52 ----A---- C:\Windows\system32\winhttp.dll
2012-01-22 17:13:51 ----A---- C:\Windows\SYSWOW64\wscapi.dll
2012-01-22 17:13:51 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2012-01-22 17:13:51 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2012-01-22 17:13:51 ----A---- C:\Windows\SYSWOW64\slwga.dll
2012-01-22 17:13:51 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2012-01-22 17:13:51 ----A---- C:\Windows\system32\wscsvc.dll
2012-01-22 17:13:51 ----A---- C:\Windows\system32\wscapi.dll
2012-01-22 17:13:51 ----A---- C:\Windows\system32\WebClnt.dll
2012-01-22 17:13:51 ----A---- C:\Windows\system32\slwga.dll
2012-01-22 17:13:51 ----A---- C:\Windows\system32\davclnt.dll
2012-01-22 17:13:33 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2012-01-22 17:13:32 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2012-01-22 17:13:32 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2012-01-22 17:13:32 ----A---- C:\Windows\system32\fontsub.dll
2012-01-22 17:13:32 ----A---- C:\Windows\system32\atmfd.dll
2012-01-22 17:13:31 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2012-01-22 17:13:31 ----A---- C:\Windows\system32\atmlib.dll
2012-01-22 17:13:22 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2012-01-22 17:13:22 ----A---- C:\Windows\system32\rtutils.dll
2012-01-22 17:12:26 ----A---- C:\Windows\system32\spoolsv.exe
2012-01-22 17:12:25 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2012-01-22 17:12:24 ----A---- C:\Windows\system32\drivers\fvevol.sys
2012-01-22 17:08:31 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2012-01-22 17:08:31 ----A---- C:\Windows\system32\dnsrslvr.dll
2012-01-22 17:08:31 ----A---- C:\Windows\system32\dnsapi.dll
2012-01-22 17:08:30 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2012-01-22 17:08:30 ----A---- C:\Windows\system32\dnscacheugc.exe
2012-01-22 17:08:13 ----A---- C:\Windows\SYSWOW64\wmpmde.dll
2012-01-22 17:08:13 ----A---- C:\Windows\system32\wmpmde.dll
2012-01-22 17:08:12 ----A---- C:\Windows\system32\msvidc32.dll
2012-01-22 17:08:11 ----A---- C:\Windows\SYSWOW64\tsbyuv.dll
2012-01-22 17:08:11 ----A---- C:\Windows\SYSWOW64\msyuv.dll
2012-01-22 17:08:11 ----A---- C:\Windows\SYSWOW64\msvidc32.dll
2012-01-22 17:08:11 ----A---- C:\Windows\SYSWOW64\msrle32.dll
2012-01-22 17:08:11 ----A---- C:\Windows\SYSWOW64\mciavi32.dll
2012-01-22 17:08:11 ----A---- C:\Windows\SYSWOW64\iyuv_32.dll
2012-01-22 17:08:11 ----A---- C:\Windows\SYSWOW64\avifil32.dll
2012-01-22 17:08:11 ----A---- C:\Windows\system32\tsbyuv.dll
2012-01-22 17:08:11 ----A---- C:\Windows\system32\msyuv.dll
2012-01-22 17:08:11 ----A---- C:\Windows\system32\msrle32.dll
2012-01-22 17:08:11 ----A---- C:\Windows\system32\iyuv_32.dll
2012-01-22 17:08:09 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2012-01-22 17:08:09 ----A---- C:\Windows\system32\d3d10_1.dll
2012-01-22 17:08:06 ----A---- C:\Windows\system32\drivers\srvnet.sys
2012-01-22 17:08:06 ----A---- C:\Windows\system32\drivers\srv2.sys
2012-01-22 17:08:06 ----A---- C:\Windows\system32\drivers\srv.sys
2012-01-22 17:07:36 ----A---- C:\Windows\system32\psisdecd.dll
2012-01-22 17:07:35 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2012-01-22 17:05:34 ----A---- C:\Windows\system32\winload.exe
2012-01-22 17:05:33 ----A---- C:\Windows\system32\winresume.exe
2012-01-22 17:05:33 ----A---- C:\Windows\system32\kdusb.dll
2012-01-22 17:05:33 ----A---- C:\Windows\system32\kdcom.dll
2012-01-22 17:05:33 ----A---- C:\Windows\system32\kd1394.dll
2012-01-22 17:05:24 ----A---- C:\Windows\SYSWOW64\mfc40u.dll
2012-01-22 17:05:24 ----A---- C:\Windows\SYSWOW64\mfc40.dll
2012-01-22 17:05:10 ----A---- C:\Windows\SYSWOW64\msasn1.dll
2012-01-22 17:05:10 ----A---- C:\Windows\system32\msasn1.dll
2012-01-22 17:05:07 ----A---- C:\Windows\system32\KernelBase.dll
2012-01-22 17:05:07 ----A---- C:\Windows\system32\kernel32.dll
2012-01-22 17:05:06 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-01-22 17:05:06 ----A---- C:\Windows\system32\wow64win.dll
2012-01-22 17:05:06 ----A---- C:\Windows\system32\winsrv.dll
2012-01-22 17:05:06 ----A---- C:\Windows\system32\conhost.exe
2012-01-22 17:05:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-01-22 17:05:05 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-01-22 17:05:05 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-01-22 17:05:05 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-01-22 17:05:05 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-01-22 17:05:05 ----A---- C:\Windows\system32\wow64cpu.dll
2012-01-22 17:05:05 ----A---- C:\Windows\system32\wow64.dll
2012-01-22 17:05:05 ----A---- C:\Windows\system32\ntvdm64.dll
2012-01-22 17:05:04 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-01-22 17:05:04 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-01-22 17:05:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-01-22 17:05:03 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-01-22 17:05:02 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-01-22 17:05:01 ----A---- C:\Windows\SYSWOW64\user.exe
2012-01-22 17:04:30 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2012-01-22 17:04:30 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2012-01-22 17:04:30 ----A---- C:\Windows\system32\umpnpmgr.dll
2012-01-22 17:04:29 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2012-01-22 17:04:29 ----A---- C:\Windows\SYSWOW64\devobj.dll
2012-01-22 17:04:24 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2012-01-22 17:04:24 ----A---- C:\Windows\system32\mstscax.dll
2012-01-22 17:04:23 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2012-01-22 17:04:23 ----A---- C:\Windows\system32\mstsc.exe
2012-01-22 17:04:17 ----A---- C:\Windows\system32\wmp.dll
2012-01-22 17:04:16 ----A---- C:\Windows\SYSWOW64\wmp.dll
2012-01-22 17:04:15 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2012-01-22 17:04:14 ----A---- C:\Windows\system32\wmploc.DLL
2012-01-22 17:03:52 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2012-01-22 17:03:52 ----A---- C:\Windows\system32\prevhost.exe
2012-01-22 17:03:49 ----A---- C:\Windows\system32\FXSCOVER.exe
2012-01-22 17:03:45 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2012-01-22 17:03:45 ----A---- C:\Windows\system32\inetcomm.dll
2012-01-22 17:03:42 ----A---- C:\Windows\system32\win32k.sys
2012-01-22 17:03:38 ----A---- C:\Windows\system32\consent.exe
2012-01-22 17:03:36 ----A---- C:\Windows\system32\drivers\bowser.sys
2012-01-22 17:03:34 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2012-01-22 17:03:34 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2012-01-22 17:03:34 ----A---- C:\Windows\system32\oleaut32.dll
2012-01-22 17:03:34 ----A---- C:\Windows\system32\oleacc.dll
2012-01-22 17:03:29 ----A---- C:\Windows\system32\EncDec.dll
2012-01-22 17:03:28 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2012-01-22 17:03:18 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-01-22 17:03:18 ----A---- C:\Windows\system32\tzres.dll
2012-01-22 17:02:25 ----A---- C:\Windows\SYSWOW64\odbc32.dll
2012-01-22 17:02:25 ----A---- C:\Windows\system32\odbc32.dll
2012-01-22 17:02:21 ----A---- C:\Windows\system32\ntdll.dll
2012-01-22 17:02:20 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2012-01-22 17:02:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-01-22 17:02:14 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-01-22 17:02:13 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-01-22 16:54:27 ----A---- C:\Windows\system32\packager.dll
2012-01-22 16:54:26 ----A---- C:\Windows\SYSWOW64\packager.dll
2012-01-22 16:03:04 ----A---- C:\Windows\system32\cabview.dll
2012-01-22 16:03:03 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-01-22 16:03:03 ----A---- C:\Windows\SYSWOW64\cabview.dll
2012-01-22 16:03:03 ----A---- C:\Windows\system32\wintrust.dll
2012-01-22 12:44:15 ----D---- C:\Users\ajdus\AppData\Roaming\Malwarebytes
2012-01-22 12:42:12 ----D---- C:\ProgramData\Malwarebytes
2012-01-22 12:42:05 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-22 12:15:35 ----D---- C:\Users\ajdus\AppData\Roaming\QuickScan
2012-01-20 19:28:53 ----D---- C:\ProgramData\Web Installer
2012-01-19 16:33:22 ----D---- C:\Program Files (x86)\sharerapid
2012-01-08 10:57:19 ----D---- C:\Program Files (x86)\RandyRants.com

======List of files/folders modified in the last 1 month======

2012-01-24 15:41:59 ----D---- C:\Windows\Temp
2012-01-24 15:41:41 ----RD---- C:\Program Files
2012-01-24 15:41:39 ----D---- C:\Users\ajdus\AppData\Roaming\Skype
2012-01-24 15:41:29 ----D---- C:\Windows\system32\config
2012-01-24 15:38:36 ----D---- C:\Windows\System32
2012-01-24 15:36:26 ----A---- C:\Windows\SYSWOW64\log.txt
2012-01-24 15:36:25 ----D---- C:\Windows
2012-01-24 15:35:53 ----SHD---- C:\System Volume Information
2012-01-24 15:35:53 ----D---- C:\Windows\system32\drivers
2012-01-24 15:35:52 ----RD---- C:\Program Files (x86)
2012-01-24 15:35:52 ----D---- C:\ProgramData
2012-01-24 15:31:09 ----D---- C:\Windows\system32\catroot
2012-01-24 15:31:08 ----D---- C:\Windows\system32\DriverStore
2012-01-24 15:31:08 ----D---- C:\Windows\inf
2012-01-24 15:27:51 ----D---- C:\Windows\Prefetch
2012-01-24 15:26:32 ----D---- C:\Users\ajdus\AppData\Roaming\Media Player Classic
2012-01-24 15:26:31 ----D---- C:\Users\ajdus\AppData\Roaming\uTorrent
2012-01-24 15:25:36 ----D---- C:\Windows\Panther
2012-01-24 15:25:36 ----D---- C:\Windows\ModemLogs
2012-01-24 15:25:35 ----D---- C:\Windows\Minidump
2012-01-24 15:25:35 ----D---- C:\Windows\Logs
2012-01-24 15:25:35 ----D---- C:\Windows\debug
2012-01-24 15:17:32 ----SHD---- C:\Windows\Installer
2012-01-24 15:12:18 ----D---- C:\Windows\Tasks
2012-01-24 15:12:18 ----D---- C:\Windows\system32\Tasks
2012-01-24 04:35:53 ----D---- C:\Windows\rescache
2012-01-24 04:00:42 ----D---- C:\Windows\winsxs
2012-01-24 03:43:11 ----D---- C:\Windows\SysWOW64
2012-01-24 03:43:10 ----D---- C:\Windows\AppPatch
2012-01-24 03:43:09 ----D---- C:\Windows\SYSWOW64\en-US
2012-01-24 03:43:09 ----D---- C:\Windows\system32\en-US
2012-01-24 03:38:20 ----D---- C:\Windows\Microsoft.NET
2012-01-24 03:38:07 ----RSD---- C:\Windows\assembly
2012-01-24 03:26:57 ----D---- C:\ProgramData\Microsoft Help
2012-01-24 03:21:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-01-24 03:13:22 ----D---- C:\Program Files (x86)\Microsoft SDKs
2012-01-23 08:53:00 ----D---- C:\Windows\system32\catroot2
2012-01-23 08:20:18 ----D---- C:\Program Files\Common Files\System
2012-01-23 08:20:17 ----D---- C:\Windows\ehome
2012-01-23 08:20:13 ----D---- C:\Program Files\Windows Mail
2012-01-23 08:20:13 ----D---- C:\Program Files (x86)\Windows Mail
2012-01-23 08:20:10 ----RSD---- C:\Windows\Fonts
2012-01-23 08:19:54 ----D---- C:\Windows\system32\Boot
2012-01-23 08:19:53 ----D---- C:\Windows\SYSWOW64\migration
2012-01-23 08:19:53 ----D---- C:\Program Files\Internet Explorer
2012-01-23 08:19:53 ----D---- C:\Program Files (x86)\Internet Explorer
2012-01-23 08:19:52 ----D---- C:\Windows\system32\migration
2012-01-23 08:19:48 ----D---- C:\Program Files (x86)\Windows Media Player
2012-01-23 08:19:47 ----D---- C:\Program Files\Windows Media Player
2012-01-22 22:02:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-01-22 22:01:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-22 21:55:25 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2012-01-22 21:51:49 ----D---- C:\Windows\Registration
2012-01-22 21:28:03 ----D---- C:\Program Files (x86)\Microsoft Works
2012-01-22 21:26:38 ----A---- C:\Windows\win.ini
2012-01-22 17:38:55 ----D---- C:\Program Files (x86)\Common Files
2012-01-22 13:02:13 ----D---- C:\Windows\SYSWOW64\drivers
2012-01-22 12:12:04 ----D---- C:\Windows\Downloaded Program Files
2012-01-21 12:26:27 ----D---- C:\_Data_stary_comp
2012-01-21 09:47:47 ----D---- C:\Users\ajdus\AppData\Roaming\vlc
2012-01-20 11:10:51 ----SD---- C:\ProgramData\Microsoft
2012-01-13 14:35:34 ----SD---- C:\Users\ajdus\AppData\Roaming\Microsoft
2012-01-12 14:07:40 ----A---- C:\Windows\ODBC.INI
2012-01-08 10:57:19 ----D---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-08-07 408600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 ArcSec;ArcSec; C:\Windows\system32\drivers\ArcSec.sys [2010-09-21 312184]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2011-06-15 93240]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2007-02-17 296816]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [2009-06-25 67584]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-08-03 1208320]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-09-17 98344]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-09-17 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-09-17 21160]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k62x64.sys [2009-11-05 293552]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 18432]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-03 10628800]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-08-31 317440]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 rismcx64;RICOH Smart Card Reader; C:\Windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-09-17 1805104]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2009-11-18 503296]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-10-10 293936]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-07-16 31232]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys []
S3 AF15BDA;AF9015 BDA Filter; C:\Windows\System32\Drivers\AF15BDA.sys [2006-09-28 362624]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-09-04 873248]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2009-07-08 30520]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-08-25 354840]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe [2009-11-18 244224]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-01-24 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 OpenVPNService;OpenVPN Service; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [2009-07-16 36352]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736]
S4 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2009-03-03 89600]
S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-08-03 16896]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

ajdus · #4 Příspěvek od **ajdus** » 24 led 2012 17:28

MBRscan.log ->

Kód: Vybrat vše

MBRScan v1.0.7

OS             : Windows 7  (64 bit)
PROCESSOR      : Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/01/24 (ISO 8601) at 17:26:44
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST925041 0AS (0006)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	232.9 Go  [Fixed] ==> MaxSS.SST.B MBR Code

MBR_MD5   : 3B5AD586E812466008D3AF82A72610BD
MBR_SHA1  : FC2F70470EAD25DADD09C305977D442971A38B91

Device\Harddisk0\Partition1	300.0 Mo  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	215.6 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition3	15.00 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition4	2.00 Go  	0x0C FAT32 [LBA] 
________________________________________________________________________________


_______MBR   \Device\Harddisk0\DR0  

0x00000000   31 C0 8E D0 BC 00 7C 0E 1F 0E 07 66 60 88 16 00   1À.Ð¼.|....f`...
0x00000010   7E C6 06 04 7E 1E B4 48 BE 04 7E CD 13 B0 50 0F   ~Æ..~.´H¾.~Í.°P.
0x00000020   82 73 01 83 2E 13 04 14 A1 13 04 C1 E0 06 A3 02   .s......¡..Áà.£.
0x00000030   7E 83 EC 0E 6A 10 89 E5 BE 99 7D B9 05 00 66 31   ~.ì.j..å¾.}¹..f1
0x00000040   DB E8 F7 00 FF 36 02 7E 07 8C 46 06 8C 5E 04 E8   Ûè÷..6.~..F..^.è
0x00000050   08 00 83 C4 10 66 61 06 1E CB 66 60 57 66 FF 36   ...Ä.fa..Ëf`Wf.6
0x00000060   14 7E 66 8F 46 08 66 FF 36 18 7E 66 8F 46 0C 66   .~f.F.f.6.~f.F.f
0x00000070   8B 45 10 66 40 66 29 46 08 66 19 5E 0C 8B 45 14   .E.f@f)F.f.^..E.
0x00000080   89 46 02 B4 42 8A 16 00 7E 89 EE CD 13 B0 52 0F   .F.´B...~.îÍ.°R.
0x00000090   82 03 01 31 C0 BA 04 04 BE B4 7D 88 9F 42 7E FE   ...1Àº..¾´}..B~þ
0x000000A0   C3 75 F8 8A 8F 42 7E 02 04 E8 7E 00 46 FE CE 75   Ãuø..B~..è~.FþÎu
0x000000B0   04 29 D6 88 D6 FE C3 75 EA 31 C0 89 C3 8B 56 02   .)Ö.ÖþÃuê1À.Ã.V.
0x000000C0   C1 E2 09 8B 76 04 FE C3 8A 8F 42 7E E8 5B 00 00   Áâ..v.þÃ..B~è[..
0x000000D0   E9 30 ED 89 CF 8A 8D 42 7E 26 30 0C 46 4A 75 E6   é0í.Ï..B~&0.FJuæ
0x000000E0   5F 66 8B 4D 18 66 0F B7 56 04 81 F9 FF 7F B0 53   _f.M.f.·V..ù..°S
0x000000F0   0F 87 A2 00 66 FF 75 1C 66 31 C0 66 89 45 1C 66   ..¢.f.u.f1Àf.E.f
0x00000100   F7 D0 26 67 32 02 66 42 B3 08 66 D1 E8 73 06 66   ÷Ð&g2.fB³.fÑès.f
0x00000110   35 20 83 B8 ED FE CB 75 F1 E2 E7 66 F7 D0 66 5B   5 .¸íþËuñâçf÷Ðf[
0x00000120   66 39 D8 B0 43 75 6F 66 61 C3 00 C8 89 C7 8A AD   f9Ø°CuofaÃ.È.Ç.
0x00000130   42 7E 88 AF 42 7E 88 8D 42 7E C3 66 60 BF 00 80   B~.¯B~..B~Ãf`¿..
0x00000140   8C 4E 06 89 7E 04 66 89 D8 40 89 45 14 66 0F B7   .N..~.f.Ø@.E.f.·
0x00000150   06 B2 7D 66 89 45 10 B8 20 00 E8 FD FE 8B 7E 04   .²}f.E.¸ .èýþ.~.
0x00000160   8B 55 18 FC 60 F3 A6 83 7D FE 5C 74 0D E3 0D 61   .U.ü`ó¦.}þ\t.ã.a
0x00000170   01 C7 29 C2 77 EE B0 4E EB 1C 41 4E 5F 83 C4 0E   .Ç)Âwî°Në.AN_.Ä.
0x00000180   60 89 FE BF 22 7E 59 57 89 C1 F3 A4 61 E3 02 EB   `.þ¿"~YW.Áó¤aã.ë
0x00000190   C9 59 57 66 61 C3 F4 EB FD 5C 62 6F 6F 74 00 00   ÉYWfaÃôëý\boot..
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 02 00 FB 35 C8 1C 0D 2D FD E0 00 00 80 20   ....û5È..-ýà... 
0x000001C0   21 00 07 5E 38 26 00 08 00 00 00 60 09 00 00 5E   !..^8&.....`...^
0x000001D0   39 26 07 FE FF FF 00 68 09 00 00 D8 F2 1A 00 FE   9&.þ...h...Øò..þ
0x000001E0   FF FF 07 FE FF FF 00 40 FC 1A 00 00 E0 01 00 FE   ...þ...@ü...à..þ
0x000001F0   FF FF 0C FE FF FF 00 40 DC 1C 00 D8 3F 00 55 AA   ...þ...@Ü..Ø?.Uª

ajdus · #5 Příspěvek od **ajdus** » 24 led 2012 17:41

... pocas prveho behu aswmbr vyskocila modra obrazovka a po restarte sa win tvari ako nezaregistrovany, mam spustit registraciu?...
aswMBR.txt ->

aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-01-24 17:36:13
-----------------------------
17:36:13.558 OS Version: Windows x64 6.1.7600
17:36:13.558 Number of processors: 4 586 0x2502
17:36:13.558 ComputerName: SKN11005 UserName: ajdus
17:36:24.509 Initialize success
17:36:30.240 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:36:30.256 Disk 0 Vendor: ST925041 0006 Size: 238475MB BusType: 3
17:36:30.271 Disk 0 MBR read successfully
17:36:30.271 Disk 0 MBR scan
17:36:30.271 Disk 0 unknown MBR code
17:36:30.287 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
17:36:30.287 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220763 MB offset 616448
17:36:30.334 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 452739072
17:36:30.396 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 484196352
17:36:30.412 Service scanning
17:36:35.419 Modules scanning
17:36:35.419 Disk 0 trace - called modules:
17:36:35.497 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800580b334]<<hpdskflt.sys ACPI.sys iaStor.sys hal.dll
17:36:35.497 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057f0060]
17:36:35.513 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa800569eb10]
17:36:35.513 \Driver\hpdskflt[0xfffffa8005693960] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800580b334
17:36:35.528 5 hpdskflt.sys[fffff88001402289] -> nt!IofCallDriver -> [0xfffffa8004a24aa0]
17:36:35.528 7 ACPI.sys[fffff88000fa2781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a29050]
17:36:35.544 Scan finished successfully
17:36:57.946 Disk 0 MBR has been saved successfully to "C:\Users\ajdus\Desktop\MBR.dat"
17:36:57.961 The log file has been saved successfully to "C:\Users\ajdus\Desktop\aswMBR.txt"

#6 Příspěvek od **vyosek** » 24 led 2012 19:02

Zatim s PC nic nedelejte, dam konzultaci s kolegou Naughtym. Mate tam jednu z novinek v oblasti haveti a peknou mrchu...

Bud ja nebo kolega se ozvem...zatim, pro jistotu, zazalohujte nejdulezitejsi data...

#7 Příspěvek od **vyosek** » 24 led 2012 19:19

Spustte MBRScan a prejdete na volbu Dump, v nabídce bude Device\Harddisk0\DR0 , kliknete na volbu Dump selected MBR - tim dojde k ulozeni MBR sektoru, ktery budem opravovat - tohle je pro jistotu kdyby slo neco do kytek.

Dump soubor uploadnete sem http://vyosek.ic.cz/havet/uploader.php

Mate nejake jine PC ze ktereho byste mohl komunikovat v pripade problemu a bude treba asi i vykonate nektere kroky (pripravu mazacich utilit) na nekazenem PC

Jedna se o stolni PC ci nejaky notebook? Nejedna se o nejakou sestavu (Dell, Lenovo, HP apod.)?

ajdus · #8 Příspěvek od **ajdus** » 24 led 2012 19:28

- uploadol som dump MBRka
- mam k dispozicii ine PC, cez ktore mozem komunikovat
- ide o notebook HP EliteBook 8440p

kriticke data mam odzalohovane na externom disku, tento asi budem musiet potom tiez riesit...

#9 Příspěvek od **vyosek** » 24 led 2012 19:31

Ok, pockam tedy na kolegu az se pripoji a proberem co dale...

To ze je to notebook bude o to tezsi

ajdus · #10 Příspěvek od **ajdus** » 25 led 2012 09:17

ok, zatial dakujem za vas cas.

ajdus · #11 Příspěvek od **ajdus** » 25 led 2012 13:48

na pocitaci dnes pracujem, takze som vytvoril nejake subory s priponou bmml...
OLD.txt part 1->

OTL logfile created on: 25. 1. 2012 12:36:50 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ajdus\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,80 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 45,85% Memory free
7,60 Gb Paging File | 5,69 Gb Available in Paging File | 74,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215,59 Gb Total Space | 33,11 Gb Free Space | 15,36% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 3,45 Gb Free Space | 23,01% Space Free | Partition Type: NTFS
Drive E: | 1,99 Gb Total Space | 1,48 Gb Free Space | 74,25% Space Free | Partition Type: FAT32

Computer Name: SKN11005 | User Name: ajdus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/25 12:03:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ajdus\Downloads\OTL.exe
PRC - [2011/06/15 07:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2011/05/09 07:43:03 | 000,225,792 | ---- | M] () -- c:\Program Files (x86)\Balsamiq Mockups\Balsamiq Mockups.exe
PRC - [2011/03/28 10:45:24 | 000,102,784 | ---- | M] (Adobe Systems Inc.) -- c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
PRC - [2009/11/11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/11/04 22:46:40 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.EXE
PRC - [2009/11/04 22:46:38 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.EXE
PRC - [2009/08/25 17:57:52 | 000,354,840 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
PRC - [2009/08/25 17:57:44 | 000,186,904 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE

========== Modules (No Company Name) ==========

MOD - [2011/05/09 07:43:03 | 000,225,792 | ---- | M] () -- c:\Program Files (x86)\Balsamiq Mockups\Balsamiq Mockups.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/18 13:19:46 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/09/04 13:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/08/03 21:32:20 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe -- (AESTFilters)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/04 22:46:40 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 22:46:38 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.EXE -- (LMS) Intel(R)
SRV - [2009/08/25 17:57:52 | 000,354,840 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMON.EXE -- (IAANTMON) Intel(R)
SRV - [2009/07/16 10:20:06 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/15 09:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/06/03 12:34:10 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/21 08:07:08 | 000,312,184 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)
DRV:64bit: - [2010/08/31 05:07:04 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/02/26 15:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/11/18 13:19:46 | 000,503,296 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/05 17:36:26 | 000,293,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/10/10 03:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 21:56:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/09/17 21:56:16 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/09/17 21:56:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/09/17 21:56:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/17 19:05:22 | 001,805,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/08/07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/03 21:32:22 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2009/07/16 10:20:26 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/25 15:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009/03/25 15:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009/03/25 15:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009/03/25 15:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009/03/25 15:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV:64bit: - [2009/03/25 15:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009/03/25 15:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008/05/16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008/05/16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008/05/16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008/05/16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008/05/16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008/05/16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2007/02/17 23:22:48 | 000,296,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2007/01/29 05:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2006/09/28 10:47:22 | 000,362,624 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-814806384-1302983816-2195790352-1525\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 F3 B5 25 35 DB CC 01 [binary data]
IE - HKU\S-1-5-21-814806384-1302983816-2195790352-1525\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-814806384-1302983816-2195790352-1525\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ajdus\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ajdus\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/22 10:44:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011/11/22 10:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ajdus\AppData\Roaming\mozilla\Extensions

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-814806384-1302983816-2195790352-1525\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-814806384-1302983816-2195790352-1525\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-814806384-1302983816-2195790352-1525\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-814806384-1302983816-2195790352-1525\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-814806384-1302983816-2195790352-1525\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-814806384-1302983816-2195790352-1525\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-814806384-1302983816-2195790352-1525\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://85.248.4.35/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.29.0.1 172.29.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = visicom-ba.in.visicom.sk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{838D6524-ACD7-4416-81D2-366142DEF2B8}: DhcpNameServer = 172.29.0.1 172.29.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1EF7F75-8043-4F7E-B30C-0AC48B520682}: DhcpNameServer = 160.218.161.60 194.228.211.33
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 17:25:41 | 000,142,336 | ---- | C] (Eric_71) -- C:\Users\ajdus\Desktop\MbrScan.exe
[2012/01/24 15:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/01/24 15:41:41 | 000,000,000 | ---D | C] -- C:\rsit
[2012/01/24 15:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/01/24 15:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/24 15:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/01/24 15:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/01/24 15:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/01/24 15:03:12 | 000,000,000 | ---D | C] -- C:\Users\ajdus\Desktop\RK_Quarantine
[2012/01/24 13:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012/01/24 08:04:57 | 000,000,000 | ---D | C] -- C:\Users\ajdus\AppData\Roaming\PCToolsFirewallPlus
[2012/01/24 08:04:07 | 000,000,000 | ---D | C] -- C:\Users\ajdus\AppData\Roaming\Spam Monitor
[2012/01/24 03:19:58 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2012/01/24 03:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
[2012/01/24 03:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2012/01/24 03:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2012/01/24 03:02:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/23 21:21:05 | 000,000,000 | ---D | C] -- C:\Users\ajdus\AppData\Local\Threat Expert
[2012/01/23 09:21:53 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/01/23 09:21:53 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/01/23 09:21:44 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/01/23 09:21:43 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/01/23 09:21:43 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/01/23 09:21:43 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/01/23 09:21:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/01/23 09:21:43 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/01/23 09:21:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/01/23 09:20:51 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/23 09:20:50 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/23 09:20:49 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/23 09:20:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/23 09:20:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/23 09:20:49 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/23 08:20:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/01/23 08:20:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/01/22 21:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/01/22 21:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012/01/22 21:38:50 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012/01/22 21:14:33 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/22 21:14:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/22 21:14:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/22 21:14:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/22 21:14:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/22 21:14:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/22 21:14:31 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/22 21:14:31 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/22 21:14:31 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/22 21:14:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/22 21:14:30 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/22 20:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/01/22 18:22:39 | 000,000,000 | ---D | C] -- C:\3ee0d68a4f7d2aafdf29dd853885fa
[2012/01/22 17:38:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2012/01/22 17:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/22 17:38:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/01/22 17:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/22 17:34:37 | 000,000,000 | ---D | C] -- C:\Users\ajdus\Desktop\Downloads
[2012/01/22 17:34:31 | 000,000,000 | ---D | C] -- C:\Users\ajdus\AppData\Roaming\GetRightToGo
[2012/01/22 17:29:28 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ajdus\Desktop\tdsskiller.exe
[2012/01/22 17:22:04 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ajdus\Desktop\iexplorer.com
[2012/01/22 17:19:15 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/01/22 17:18:07 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/01/22 17:18:07 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/01/22 17:18:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/01/22 17:18:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/01/22 17:18:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/01/22 17:18:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/01/22 17:18:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/01/22 17:18:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/01/22 17:18:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/01/22 17:17:41 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/01/22 17:17:41 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/01/22 17:17:35 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/01/22 17:17:34 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/01/22 17:17:29 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/01/22 17:17:29 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/01/22 17:17:28 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/01/22 17:17:28 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/01/22 17:17:28 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/01/22 17:17:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/01/22 17:17:11 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/22 17:17:11 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/22 17:17:11 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2012/01/22 17:17:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2012/01/22 17:17:10 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/22 17:17:10 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/22 17:17:06 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2012/01/22 17:16:59 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012/01/22 17:16:59 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012/01/22 17:16:59 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012/01/22 17:16:59 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012/01/22 17:16:59 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012/01/22 17:16:59 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012/01/22 17:16:59 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2012/01/22 17:16:59 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2012/01/22 17:16:52 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/01/22 17:16:52 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/01/22 17:16:52 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/01/22 17:16:51 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/01/22 17:16:51 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/01/22 17:16:50 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/01/22 17:16:50 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/01/22 17:16:50 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/01/22 17:16:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/01/22 17:16:50 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/01/22 17:16:50 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/01/22 17:16:49 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/01/22 17:16:49 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/01/22 17:16:32 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/01/22 17:16:32 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/01/22 17:16:32 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/01/22 17:16:32 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/01/22 17:16:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2012/01/22 17:16:17 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2012/01/22 17:15:57 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2012/01/22 17:15:57 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2012/01/22 17:15:23 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2012/01/22 17:15:23 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2012/01/22 17:15:23 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2012/01/22 17:15:23 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2012/01/22 17:15:23 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2012/01/22 17:15:23 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2012/01/22 17:15:23 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2012/01/22 17:15:23 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2012/01/22 17:15:23 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2012/01/22 17:15:23 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2012/01/22 17:15:22 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2012/01/22 17:15:22 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2012/01/22 17:15:22 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2012/01/22 17:15:22 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2012/01/22 17:15:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2012/01/22 17:15:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2012/01/22 17:15:15 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2012/01/22 17:14:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/01/22 17:14:35 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/01/22 17:14:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/01/22 17:14:16 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2012/01/22 17:14:10 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/01/22 17:14:10 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/01/22 17:14:00 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2012/01/22 17:13:53 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012/01/22 17:13:53 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012/01/22 17:13:51 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/01/22 17:13:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/01/22 17:13:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/01/22 17:13:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/01/22 17:13:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/01/22 17:13:33 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/01/22 17:13:32 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/01/22 17:13:32 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/01/22 17:13:32 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/01/22 17:13:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/01/22 17:13:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/01/22 17:13:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/01/22 17:13:22 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2012/01/22 17:12:25 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2012/01/22 17:08:31 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/01/22 17:08:30 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/01/22 17:08:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/01/22 17:08:13 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2012/01/22 17:08:13 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2012/01/22 17:08:11 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2012/01/22 17:08:11 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2012/01/22 17:08:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/01/22 17:07:36 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/01/22 17:07:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/01/22 17:07:35 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/01/22 17:07:35 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/01/22 17:07:35 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/01/22 17:07:35 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/01/22 17:07:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/01/22 17:07:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/01/22 17:07:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/01/22 17:07:34 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/01/22 17:05:34 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/01/22 17:05:33 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/01/22 17:05:33 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/01/22 17:05:33 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/01/22 17:05:33 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/01/22 17:05:33 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/01/22 17:05:33 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/01/22 17:05:24 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2012/01/22 17:05:24 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2012/01/22 17:05:10 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2012/01/22 17:05:07 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/01/22 17:05:07 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/01/22 17:05:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/01/22 17:05:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/01/22 17:05:06 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/22 17:05:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/01/22 17:05:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/01/22 17:05:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/01/22 17:05:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/01/22 17:05:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/01/22 17:05:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/22 17:05:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/22 17:05:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/01/22 17:05:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/01/22 17:05:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/01/22 17:05:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/01/22 17:05:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/01/22 17:05:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/01/22 17:05:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/01/22 17:05:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/01/22 17:05:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/01/22 17:05:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/01/22 17:05:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/01/22 17:05:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/01/22 17:05:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/01/22 17:05:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/01/22 17:05:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/01/22 17:05:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/01/22 17:05:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/01/22 17:05:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/01/22 17:05:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/01/22 17:05:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/01/22 17:05:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/01/22 17:05:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/01/22 17:05:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/01/22 17:05:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/01/22 17:05:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/01/22 17:05:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/01/22 17:05:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/01/22 17:05:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/01/22 17:05:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/01/22 17:05:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/01/22 17:05:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/01/22 17:04:30 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/01/22 17:04:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/01/22 17:04:24 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/01/22 17:04:24 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/01/22 17:04:23 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/01/22 17:04:23 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/01/22 17:04:17 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2012/01/22 17:04:16 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2012/01/22 17:04:15 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2012/01/22 17:04:14 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2012/01/22 17:03:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/01/22 17:03:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/01/22 17:03:49 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/01/22 17:03:38 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012/01/22 17:03:34 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/01/22 17:03:34 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/01/22 17:03:29 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/01/22 17:03:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/01/22 17:02:25 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012/01/22 17:02:25 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012/01/22 17:02:21 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/22 17:02:15 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/01/22 17:02:14 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/01/22 17:02:13 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/01/22 16:54:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/22 16:54:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/22 16:03:04 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2012/01/22 16:03:03 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/01/22 16:03:03 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2012/01/22 13:11:57 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ajdus\Desktop\mbam-setup (1).exe
[2012/01/22 12:44:15 | 000,000,000 | ---D | C] -- C:\Users\ajdus\AppData\Roaming\Malwarebytes
[2012/01/22 12:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/22 12:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/22 12:15:35 | 000,000,000 | ---D | C] -- C:\Users\ajdus\AppData\Roaming\QuickScan
[2012/01/22 11:55:13 | 000,000,000 | ---D | C] -- C:\Users\ajdus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/21 22:48:38 | 000,000,000 | ---D | C] -- C:\Users\ajdus\Desktop\wcl
[2012/01/21 18:17:25 | 000,000,000 | ---D | C] -- C:\Users\ajdus\Desktop\SygicLubo
[2012/01/20 19:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Installer
[2012/01/19 16:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sharerapid
[2012/01/19 13:10:18 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ajdus\Desktop\123abc123.COM
[2012/01/12 14:48:08 | 000,000,000 | ---D | C] -- C:\Users\ajdus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/01/08 10:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RandyRants.com
[2012/01/08 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RandyRants.com
[2011/03/24 12:45:46 | 000,256,560 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\ajdus\Desktop\*.tmp files -> C:\Users\ajdus\Desktop\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/25 12:31:01 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814806384-1302983816-2195790352-1525UA.job
[2012/01/25 12:22:01 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/25 11:57:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/25 10:58:54 | 000,023,992 | ---- | M] () -- C:\Users\ajdus\Desktop\Activities.bmml
[2012/01/25 08:48:14 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/25 08:43:29 | 000,006,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 08:43:29 | 000,006,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 06:26:53 | 3062,190,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/24 22:31:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814806384-1302983816-2195790352-1525Core.job
[2012/01/24 20:40:18 | 000,001,133 | ---- | M] () -- C:\Users\ajdus\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/01/24 19:22:38 | 000,000,512 | ---- | M] () -- C:\Users\ajdus\Desktop\Dump_DR0.abc
[2012/01/24 17:36:57 | 000,000,512 | ---- | M] () -- C:\Users\ajdus\Desktop\MBR.dat
[2012/01/24 17:32:07 | 511,930,344 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/24 17:29:34 | 000,142,336 | ---- | M] (Eric_71) -- C:\Users\ajdus\Desktop\MbrScan.exe
[2012/01/24 17:28:57 | 000,030,104 | ---- | M] () -- C:\Users\ajdus\Desktop\aswMBR.exe.81upr99.partial
[2012/01/24 15:36:16 | 000,421,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/24 15:12:42 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/24 14:59:35 | 000,334,720 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\ajdus\Desktop\opera.com
[2012/01/24 14:31:52 | 000,002,369 | ---- | M] () -- C:\Users\ajdus\Desktop\Google Chrome.lnk
[2012/01/24 08:24:28 | 002,475,190 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/23 08:28:35 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/01/22 22:02:03 | 000,915,560 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/22 22:01:49 | 000,915,560 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/22 17:29:03 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ajdus\Desktop\tdsskiller.exe
[2012/01/22 17:27:16 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ajdus\Desktop\123abc123.COM
[2012/01/22 16:04:49 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ajdus\Desktop\iexplorer.com
[2012/01/22 13:08:25 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ajdus\Desktop\mbam-setup (1).exe
[2012/01/22 13:00:45 | 001,008,141 | ---- | M] () -- C:\Users\ajdus\Desktop\iExplorea.exe
[2012/01/22 11:58:10 | 000,000,440 | ---- | M] () -- C:\ProgramData\RPeuEvZhDIbKPI
[2012/01/22 11:55:14 | 000,000,272 | ---- | M] () -- C:\ProgramData\~RPeuEvZhDIbKPI
[2012/01/22 11:55:14 | 000,000,168 | ---- | M] () -- C:\ProgramData\~RPeuEvZhDIbKPIr
[2012/01/22 11:55:13 | 000,000,677 | ---- | M] () -- C:\Users\ajdus\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/22 11:55:13 | 000,000,653 | ---- | M] () -- C:\Users\ajdus\Desktop\System Check.lnk
[2012/01/22 11:20:05 | 000,004,078 | ---- | M] () -- C:\Users\ajdus\AppData\Local\SRDownloader.err
[2012/01/21 22:16:09 | 000,001,361 | ---- | M] () -- C:\Users\ajdus\.mlMonitorSettings
[2012/01/20 10:49:11 | 000,000,984 | ---- | M] () -- C:\Users\ajdus\AppData\Local\SRDownloader.nast
[2012/01/20 10:22:07 | 000,150,815 | ---- | M] () -- C:\Users\ajdus\Desktop\prod_details.png
[2012/01/18 16:32:41 | 000,131,043 | ---- | M] () -- C:\Users\ajdus\Documents\Targets_02z.png
[2012/01/18 16:29:54 | 000,259,685 | ---- | M] () -- C:\Users\ajdus\Documents\Targets_02x.png
[2012/01/17 07:57:51 | 000,620,132 | ---- | M] () -- C:\Users\ajdus\Desktop\UI preview.7z
[2012/01/12 14:08:46 | 000,001,731 | ---- | M] () -- C:\Users\ajdus\.isqlPreferences10
[2012/01/12 14:08:46 | 000,000,034 | ---- | M] () -- C:\Users\ajdus\.isqlHistory10
[2012/01/12 14:08:34 | 000,000,287 | ---- | M] () -- C:\Users\ajdus\.jlogon10
[2012/01/12 14:07:40 | 000,001,283 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/01/11 18:38:51 | 000,001,045 | ---- | M] () -- C:\Users\ajdus\Desktop\SFA.png
[2012/01/11 18:28:16 | 000,047,461 | ---- | M] () -- C:\Users\ajdus\Desktop\visicomSFA-logo.jpg
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\ajdus\Desktop\*.tmp files -> C:\Users\ajdus\Desktop\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

ajdus · #12 Příspěvek od **ajdus** » 25 led 2012 13:50

========== Files Created - No Company Name ==========

[2012/01/25 10:25:28 | 000,023,992 | ---- | C] () -- C:\Users\ajdus\Desktop\Activities.bmml
[2012/01/24 19:22:38 | 000,000,512 | ---- | C] () -- C:\Users\ajdus\Desktop\Dump_DR0.abc
[2012/01/24 17:36:57 | 000,000,512 | ---- | C] () -- C:\Users\ajdus\Desktop\MBR.dat
[2012/01/24 17:32:07 | 511,930,344 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/24 17:28:57 | 000,030,104 | ---- | C] () -- C:\Users\ajdus\Desktop\aswMBR.exe.81upr99.partial
[2012/01/24 15:38:35 | 000,006,576 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 15:38:35 | 000,006,576 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 15:36:03 | 000,421,376 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/24 15:12:42 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/24 15:12:18 | 000,000,938 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/24 15:12:17 | 000,000,934 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/23 21:04:10 | 002,475,190 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/23 08:28:53 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/23 08:28:35 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/01/22 13:11:57 | 001,008,141 | ---- | C] () -- C:\Users\ajdus\Desktop\iExplorea.exe
[2012/01/22 11:55:14 | 000,000,272 | ---- | C] () -- C:\ProgramData\~RPeuEvZhDIbKPI
[2012/01/22 11:55:14 | 000,000,168 | ---- | C] () -- C:\ProgramData\~RPeuEvZhDIbKPIr
[2012/01/22 11:55:13 | 000,000,677 | ---- | C] () -- C:\Users\ajdus\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/22 11:55:13 | 000,000,653 | ---- | C] () -- C:\Users\ajdus\Desktop\System Check.lnk
[2012/01/22 11:55:06 | 000,000,440 | ---- | C] () -- C:\ProgramData\RPeuEvZhDIbKPI
[2012/01/21 12:41:30 | 001,579,028 | ---- | C] () -- C:\Users\ajdus\Desktop\SetupSymbianS60.sis
[2012/01/21 08:54:42 | 000,001,361 | ---- | C] () -- C:\Users\ajdus\.mlMonitorSettings
[2012/01/20 10:22:06 | 000,150,815 | ---- | C] () -- C:\Users\ajdus\Desktop\prod_details.png
[2012/01/19 16:36:08 | 000,004,078 | ---- | C] () -- C:\Users\ajdus\AppData\Local\SRDownloader.err
[2012/01/19 16:34:59 | 000,000,984 | ---- | C] () -- C:\Users\ajdus\AppData\Local\SRDownloader.nast
[2012/01/18 16:32:38 | 000,131,043 | ---- | C] () -- C:\Users\ajdus\Documents\Targets_02z.png
[2012/01/18 16:29:49 | 000,259,685 | ---- | C] () -- C:\Users\ajdus\Documents\Targets_02x.png
[2012/01/17 07:57:51 | 000,620,132 | ---- | C] () -- C:\Users\ajdus\Desktop\UI preview.7z
[2012/01/12 14:08:46 | 000,000,034 | ---- | C] () -- C:\Users\ajdus\.isqlHistory10
[2012/01/12 14:08:45 | 000,001,731 | ---- | C] () -- C:\Users\ajdus\.isqlPreferences10
[2012/01/12 14:07:55 | 000,000,287 | ---- | C] () -- C:\Users\ajdus\.jlogon10
[2012/01/11 18:38:50 | 000,001,045 | ---- | C] () -- C:\Users\ajdus\Desktop\SFA.png
[2012/01/11 18:28:37 | 000,047,461 | ---- | C] () -- C:\Users\ajdus\Desktop\visicomSFA-logo.jpg
[2011/09/13 18:54:39 | 000,000,017 | ---- | C] () -- C:\Users\ajdus\AppData\Local\resmon.resmoncfg
[2011/08/16 09:14:30 | 000,673,610 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2011/08/16 09:14:30 | 000,001,091 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2011/06/03 12:32:40 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/06/03 12:32:40 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/06/03 12:32:40 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/04/15 09:11:18 | 000,001,283 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/13 10:34:41 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/03/24 15:51:12 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/24 15:15:09 | 000,003,668 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/03/24 14:26:00 | 000,002,457 | ---- | C] () -- C:\ProgramData\.scRepository
[2011/03/24 14:22:41 | 000,915,560 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/24 12:45:45 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011/03/24 12:45:45 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2005/08/26 14:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 14:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 14:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/07/14 02:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011/10/13 09:27:14 | 017,351,304 | R--- | M] (Skype Technologies S.A.)

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc /s >
"DisplayName" = @%SystemRoot%\system32\cryptsvc.dll,-1001
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\cryptsvc.dll,-1002
"ObjectName" = NT Authority\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RpcSs [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters]
"ServiceDll" = %SystemRoot%\system32\cryptsvc.dll -- [2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation)
"ServiceMain" = CryptServiceMain
"ServiceDllUnloadOnStop" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security]
"Security" = 00 00 0E 00 01 [binary data]

< >

< MD5 for: ACPI.SYS >
[2009/07/14 02:52:21 | 000,334,416 | ---- | M] (Microsoft Corporation) MD5=6F11E88748CDEFD2F76AA215F97DDFE5 -- C:\Windows\SysNative\drivers\acpi.sys
[2009/07/14 02:52:21 | 000,334,416 | ---- | M] (Microsoft Corporation) MD5=6F11E88748CDEFD2F76AA215F97DDFE5 -- C:\Windows\SysNative\DriverStore\FileRepository\acpi.inf_amd64_neutral_2a841284c9de8962\acpi.sys
[2009/07/14 02:52:21 | 000,334,416 | ---- | M] (Microsoft Corporation) MD5=6F11E88748CDEFD2F76AA215F97DDFE5 -- C:\Windows\winsxs\amd64_acpi.inf_31bf3856ad364e35_6.1.7600.16385_none_7e7db5aae7b8d5ef\acpi.sys
[2010/11/20 05:32:48 | 000,334,208 | ---- | M] (Microsoft Corporation) MD5=D81D9E70B8A6DD14D42D7B4EFA65D5F2 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_80aec972e4a75989\acpi.sys

< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/10/01 08:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\SysWOW64\autochk.exe
[2009/10/01 08:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.20538_none_e28cf2983c0715a1\autochk.exe
[2009/10/01 08:42:15 | 000,777,216 | ---- | M] (Microsoft Corporation) MD5=3AE12EC776AB9830462E8197FB5C88CF -- C:\Windows\SysNative\autochk.exe
[2009/10/01 08:42:15 | 000,777,216 | ---- | M] (Microsoft Corporation) MD5=3AE12EC776AB9830462E8197FB5C88CF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.20538_none_3eab8e1bf46486d7\autochk.exe
[2010/11/20 05:24:28 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 04:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CMD.EXE >
[2010/11/20 05:24:34 | 000,345,088 | ---- | M] (Microsoft Corporation) MD5=5746BD7E255DD6A8AFA06F7C42C1BA41 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_e932cc2c30fc13b0\cmd.exe
[2009/07/14 02:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation) MD5=6960D29ABE74341FAB8300DB3E6F883D -- C:\Windows\SysNative\cmd.exe
[2009/07/14 02:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation) MD5=6960D29ABE74341FAB8300DB3E6F883D -- C:\Windows\winsxs\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7600.16385_none_e701b864340d9016\cmd.exe
[2009/07/14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) MD5=8AE6DD9A6D246004DA047F704F0CC487 -- C:\Windows\SysWOW64\cmd.exe
[2009/07/14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) MD5=8AE6DD9A6D246004DA047F704F0CC487 -- C:\Windows\winsxs\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7600.16385_none_f15662b6686e5211\cmd.exe
[2010/11/20 04:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation) MD5=AD7B9C14083B52BC532FBA5948342B98 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_f387767e655cd5ab\cmd.exe

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2010/11/20 05:26:00 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 04:18:26 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\ajdus\AppData\Local\Temp\RarSFX4\procs\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 07:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\ajdus\AppData\Local\Temp\RarSFX4\h\explorer.exe
[2010/11/20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 07:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: FASTFAT.SYS >
[2009/07/14 00:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\SysNative\drivers\fastfat.sys
[2009/07/14 00:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys

< MD5 for: HAL.DLL >
[2009/09/01 07:34:28 | 000,263,256 | ---- | M] (Microsoft Corporation) MD5=01B586A0B8C8D860457892F80B85A5CD -- C:\Windows\SysNative\hal.dll
[2009/09/01 07:34:28 | 000,263,256 | ---- | M] (Microsoft Corporation) MD5=01B586A0B8C8D860457892F80B85A5CD -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16416_none_076a95ef732190e3\hal.dll
[2009/09/01 08:03:17 | 000,263,240 | ---- | M] (Microsoft Corporation) MD5=514D418248FECD24D96E7219162BDFDD -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.20519_none_07f733988c3c7cb2\hal.dll
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 05:33:36 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: I8042PRT.SYS >
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_423c286802951189\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys

< MD5 for: IASTOR.SYS >
[2009/08/07 13:17:26 | 000,330,264 | R--- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IASTOR.SYS
[2009/08/07 13:24:14 | 000,408,600 | R--- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IASTOR.SYS
[2009/08/07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/08/07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iastorv.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: KBDCLASS.SYS >
[2009/07/14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\drivers\kbdclass.sys
[2009/07/14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_423c286802951189\kbdclass.sys
[2009/07/14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\kbdclass.sys
[2009/07/14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys

< MD5 for: LSASS.EXE >
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/17 07:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2011/11/17 08:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\SysNative\lsass.exe
[2011/11/17 08:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011/11/17 07:42:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D21BD47E528CD62E79311FB5DF0150E6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe

< MD5 for: NDIS.SYS >
[2010/11/20 05:33:46 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NTFS.SYS >
[2010/11/20 05:33:48 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2009/07/14 02:48:27 | 001,659,984 | ---- | M] (Microsoft Corporation) MD5=356698A13C4630D5B31C37378D469196 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys
[2011/03/11 07:23:06 | 001,657,216 | ---- | M] (Microsoft Corporation) MD5=378E0E0DFEA67D98AE6EA53ADBBD76BC -- C:\Windows\SysNative\drivers\ntfs.sys
[2011/03/11 07:23:06 | 001,657,216 | ---- | M] (Microsoft Corporation) MD5=378E0E0DFEA67D98AE6EA53ADBBD76BC -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_0273f3c63691c4ea\ntfs.sys
[2011/03/11 07:25:53 | 001,685,888 | ---- | M] (Microsoft Corporation) MD5=867C1395F0100CBE9ACD73B1C2741149 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_032ca00d4f8d24c5\ntfs.sys
[2011/03/11 07:19:20 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011/03/11 07:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys

< MD5 for: NVRAID.SYS >
[2011/03/11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2009/07/14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2010/11/20 05:33:50 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011/03/11 07:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
[2011/03/11 07:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\SysNative\drivers\nvraid.sys
[2011/03/11 07:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
[2011/03/11 07:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvraid.sys
[2011/03/11 07:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: REGEDIT.EXE >
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SMSS.EXE >
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010/08/20 06:38:12 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=8547491BE7086EE317163365D83A37D2 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[2009/07/14 02:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=89E8550C5862999FCF482EA562B0E98E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[2010/11/20 05:25:22 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[2010/11/20 05:25:22 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_7.1.7601.17514_none_25e224d6630ef826\spoolsv.exe
[2010/08/21 07:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- C:\Windows\SysNative\spoolsv.exe
[2010/08/21 07:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 06:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/29 18:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 05:33:58 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/04/25 06:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 06:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/09/29 17:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2011/04/25 07:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/09/29 17:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/09/29 17:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/29 17:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USER32.DLL >
[2010/11/20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\ajdus\AppData\Local\Temp\RarSFX4\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WIN32K.SYS >
[2011/11/24 05:45:10 | 003,146,752 | ---- | M] (Microsoft Corporation) MD5=338E48AB7810E1B223DFECD82C44F5A3 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_176f10b8ca6aac7c\win32k.sys
[2011/11/24 05:52:41 | 003,146,240 | ---- | M] (Microsoft Corporation) MD5=3AD5AEA8772DBEB548D0863714D7959D -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_15691a74cd5be3d5\win32k.sys
[2011/11/24 06:00:47 | 003,141,632 | ---- | M] (Microsoft Corporation) MD5=55CF26CF771B086A393750BD494FD6FC -- C:\Windows\SysNative\win32k.sys
[2011/11/24 06:00:47 | 003,141,632 | ---- | M] (Microsoft Corporation) MD5=55CF26CF771B086A393750BD494FD6FC -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_152454dbb40b98f8\win32k.sys
[2011/11/24 05:52:09 | 003,145,216 | ---- | M] (Microsoft Corporation) MD5=6E810D7C1E3881289733924CE9763B92 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_16ffe1f5b13a20d5\win32k.sys
[2010/11/20 01:53:34 | 003,126,272 | ---- | M] (Microsoft Corporation) MD5=A89392A32BA98468710FD7E38318934B -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_17197f29b1265401\win32k.sys
[2009/07/14 00:40:40 | 003,122,176 | ---- | M] (Microsoft Corporation) MD5=CBEF2EB83438ED9FC39411CC8378B0E7 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16385_none_14e86b61b437d067\win32k.sys

< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\ajdus\AppData\Local\Temp\RarSFX4\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINSRV.DLL >
[2011/07/16 06:26:18 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=0CB6EBF4B461A6043353C570BD72A1E1 -- C:\Windows\SysNative\winsrv.dll
[2011/07/16 06:26:18 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=0CB6EBF4B461A6043353C570BD72A1E1 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16850_none_128f0019b5f25b8f\winsrv.dll
[2009/07/14 02:41:56 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=457B44AB6D502E55F64A867D4F35C76C -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_12738849b6063c52\winsrv.dll
[2011/06/24 06:26:55 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=6D408ABD60A995A2DAB4BAAE38BCA04F -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20995_none_12f25ea6cf2be9d0\winsrv.dll
[2011/06/24 06:27:05 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=C13D05A015346DED3D722BE285814495 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_1504fba6cc30ff4f\winsrv.dll
[2010/11/20 05:27:30 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=E0406AEF04B088D1C49FC78D0546F689 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2011/06/24 06:34:53 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=EB6A48CC998E1090E44E8E7F1009A640 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_14812d55b30fc4e1\winsrv.dll

< MD5 for: WS2_32.DLL >
[2010/11/20 05:27:30 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2009/07/14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009/07/14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2010/11/20 04:21:40 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\612d55b7e47f9437d2e6\d002d047ebac1839af\459c0945e03b9df9328f2665364d\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2011/02/09 11:29:06 | 000,342,016 | ---- | M] (Hewlett-Packard Corporation) --
[2009/07/14 02:41:12 | 000,027,648 | ---- | M] (Microsoft Corporation) --
[2009/07/14 02:41:56 | 000,039,424 | ---- | M] (Microsoft Corporation) --
[2009/07/14 03:30:16 | 000,003,584 | ---- | M] (Lexmark International Inc.) --

< %systemroot%\system32\Spool\prtprocs\*.* /s >
[2011/02/09 11:29:06 | 000,342,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\x64\hpcpp112.dll
[2009/07/14 02:41:12 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\x64\jnwppr.dll
[2009/07/14 02:41:56 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\x64\winprint.dll
[2009/07/14 03:30:16 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\system32\Spool\prtprocs\x64\en-US\LXKPTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /10 >

< %systemroot%\system32\drivers\*.sys /X >
[2011/03/24 12:46:28 | 000,000,000 | RHS- | M] () -- C:\Windows\system32\drivers\103C_HP_bNB_EliteBook 8440p_Y5336AN_0U_QCZC0340GQR_EU_4A_I172A_SHP_V30.2C_68CCU F.0B_T100602_WU48-0_L409_M3894_J250_7Intel_8652_92.53_#110324_N_(VQ659EA#ARL)_XMOBILE_CN10_Z_2_G80860046.MRK
[2009/06/10 22:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2009/06/10 22:14:29 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /10 >
[2012/01/25 11:57:34 | 000,000,122 | ---- | M] () -- C:\Windows\system32\log.txt
[2012/01/22 22:02:03 | 000,915,560 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[2011/11/03 23:46:47 | 009,705,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2011/03/24 14:41:21 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\*.* /lockedfiles >
[2011/11/03 23:46:47 | 009,705,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2011/03/24 14:41:21 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll
[2012/01/25 11:57:34 | 000,000,122 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\log.txt
[2011/11/03 23:31:57 | 002,382,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\mshtml.tlb
[2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msscript.ocx
[2009/07/14 00:43:53 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\stdole2.tlb
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >

< %systemroot%\Tasks\*.job >
[2012/01/25 08:48:14 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/01/25 12:22:01 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/01/24 22:31:01 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-814806384-1302983816-2195790352-1525Core.job
[2012/01/25 12:31:01 | 000,000,954 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-814806384-1302983816-2195790352-1525UA.job

< %systemroot%\*.* /U /s >
[6 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[5 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\SysWOW64\*.tmp files -> C:\Windows\SysWOW64\*.tmp -> ]

< %systemroot%\*. /rp /s >

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2011/03/24 14:41:21 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"JobInactivityTimeout" = 7776000
"JobMinimumRetryDelay" = 600
"JobNoProgressTimeout" = 1209600
"LogFileFlags" = 0
"LogFileMinMemory" = 120
"LogFileSize" = 1
"TimeQuantaLength" = 300
"UseLmCompat" = 2

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems" /v Windows /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\SUBSYSTEMS
WINDOWS REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< >

< type c:\boot.ini >> test.txt /c >

< bcdedit /enum all /v >C:\boot.txt /c >

< type C:\boot.txt >> test1.txt /c >

< echo list vol > C:\prikaz.txt | diskpart /s C:\prikaz.txt > C:\test2.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: SKN11005
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 B No Media
Volume 1 SYSTEM NTFS Partition 300 MB Healthy System
Volume 2 C NTFS Partition 215 GB Healthy Boot
Volume 3 D HP_RECOVERY NTFS Partition 15 GB Healthy
Volume 4 E HP_TOOLS FAT32 Partition 2043 MB Healthy

< >

< >

< %systemroot%\system32\drivers\*.sys /md5 >
[2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=5CF95B35E59E2A38023836FFF31BE64C -- C:\Windows\system32\drivers\wimmount.sys

< %systemroot%\system32\*.sys /md5 >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

#13 Příspěvek od **vyosek** » 26 led 2012 12:01

Takze zde je podrobnejsi navod

Spustte MBRScan a kliknete na moznost Hexa

Ulozeni sektoru se provadi tlacitkem Dump Sector posun mezi sektory tlacitk Sector + a Sector -

Cislo sektoru ve kterem aktualne jste, je nad tim tlacitkem Sector -

Zalohovat budem vsechny tzv.nenulove sektory = sektory kde nejsou same nuly

Takze postupne prochazejte sektory od 0 do 67 a pokud najdete nejaky nenulovy, tak jej ulozte - klik na Dump Sector

Po dokonceni vsechny tyhle zalohy zabalte do raru a zase nekam uploadnete

Takhle vypada sektor, ktery NENI treba ukladat
Obrázek

Takhle vypada sektor, ktery JE potreba ukladat
Obrázek

ajdus · #14 Příspěvek od **ajdus** » 26 led 2012 17:25

prilozene.

#15 Příspěvek od **vyosek** » 26 led 2012 17:29

Muzete to prosim hodit na LP http://leteckaposta.cz/ , mame nejaky problem se serverem

VIRY.CZ

boo/tdss

boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss