Zdravím,
na notebooku jsem chytil tento supr virus ( XP security 2012 ) a nyní nelze nic spouštět, proto musím pracovat pouze v nouzovém režimu.
Kdyby se tu našla chytrá hlava která by mi pomohla, byl bych nesmírně vděčný.
Děkuji
Log RSITu:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-12-19 18:24:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 64 GB (85%) free of 76 GB
Total RAM: 894 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:24:35, on 19.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 5304 bytes
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\x606e4kl.default
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11"
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
aboutRights.js
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat
C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2009-10-23 36972]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-07-06 544768]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"UMonit"=C:\WINDOWS\system32\UMonit.exe [2005-08-25 237568]
"PowerManager"=C:\Program Files\Power Manager\PM.exe [2005-09-16 31744]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-10-27 77824]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-08-31 1047208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2005-04-15 172032]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-03 46080]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avmgma_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gozer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
======List of files/folders created in the last 1 month======
2011-12-19 18:24:28 ----D---- C:\Program Files\trend micro
2011-12-19 18:24:27 ----D---- C:\rsit
2011-12-19 16:38:40 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2011-12-19 16:38:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-12-19 16:38:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-12-19 16:38:31 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-12-19 16:36:51 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2011-12-19 16:30:59 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2011-12-19 16:28:23 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2011-12-19 16:28:17 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2011-12-19 16:27:50 ----A---- C:\WINDOWS\ntbtlog.txt
2011-12-19 15:42:03 ----D---- C:\WINDOWS\pss
======List of files/folders modified in the last 1 month======
2011-12-19 18:24:28 ----RD---- C:\Program Files
2011-12-19 18:20:53 ----D---- C:\Program Files\Mozilla Firefox
2011-12-19 18:16:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-19 18:15:47 ----D---- C:\Program Files\TrustPort Antivirus
2011-12-19 18:15:46 ----D---- C:\WINDOWS\system32\drivers
2011-12-19 18:15:46 ----D---- C:\Program Files\Common Files\TrustPort
2011-12-19 18:14:51 ----D---- C:\WINDOWS
2011-12-19 18:12:20 ----D---- C:\WINDOWS\system32\Lang
2011-12-19 18:12:08 ----D---- C:\WINDOWS\Temp
2011-12-19 17:04:55 ----D---- C:\WINDOWS\twain_32
2011-12-19 16:28:10 ----D---- C:\Documents and Settings
2011-12-19 15:49:31 ----D---- C:\WINDOWS\Prefetch
2011-12-19 15:43:56 ----SH---- C:\boot.ini
2011-12-19 15:43:56 ----A---- C:\WINDOWS\win.ini
2011-12-19 15:43:56 ----A---- C:\WINDOWS\system.ini
2011-11-22 11:05:56 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-22 09:02:58 ----HD---- C:\WINDOWS\inf
2011-11-21 16:27:17 ----D---- C:\WINDOWS\network diagnostic
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-04-22 112751]
R3 BCM43XX;Broadcom 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
S1 WINIO;WINIO; \??\C:\WINDOWS\system32\WinIo.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-03 1273344]
S3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys [2005-08-17 9216]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-07-06 840100]
S3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-03 380928]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Virus - XP security 2012 - nelze smazat
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Virus - XP security 2012 - nelze smazat
Děkuji,
Extras v příloze a OTL log rozdělen do dvou příspěvků.
OTL logfile created on: 19.12.2011 18:42:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
894,17 Mb Total Physical Memory | 667,66 Mb Available Physical Memory | 74,67% Memory free
2,12 Gb Paging File | 2,00 Gb Available in Paging File | 94,28% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 62,97 Gb Free Space | 84,50% Space Free | Partition Type: NTFS
Computer Name: TOMAS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.12.19 18:40:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2009.06.03 04:49:20 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
========== Driver Services (SafeList) ==========
DRV - [2005.09.23 17:56:00 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.09.09 17:56:12 | 000,006,144 | ---- | M] (http://www.internals.com) [Kernel | System | Stopped] -- C:\WINDOWS\system32\WinIo.sys -- (WINIO)
DRV - [2005.08.17 18:25:00 | 000,009,216 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor)
DRV - [2005.08.03 22:10:00 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.07.06 03:54:00 | 000,840,100 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.04.22 15:54:00 | 000,112,751 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005.03.09 14:53:00 | 000,042,496 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.12.22 00:32:00 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004.10.27 14:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1532298954-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.19 16:31:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.10.27 08:31:13 | 000,000,000 | ---D | M]
[2011.12.19 16:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2011.12.19 16:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\x606e4kl.default\extensions
[2009.10.26 10:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.03.31 20:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2008.03.31 20:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2008.01.27 10:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2008.01.27 10:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 20:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2004.08.18 13:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Truneček\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1532298954-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{614672A9-5D9E-4212-A9DF-2D44A1764901}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.23 13:40:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 7 Days ==========
[2011.12.19 18:40:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2011.12.19 18:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.12.19 18:24:27 | 000,000,000 | ---D | C] -- C:\rsit
[2011.12.19 16:40:14 | 004,344,514 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
[2011.12.19 16:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2011.12.19 16:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.12.19 16:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.12.19 16:38:31 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.19 16:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.19 16:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\RK_Quarantine
[2011.12.19 16:35:55 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Plocha\mbam-setup.exe
[2011.12.19 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
[2011.12.19 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2011.12.19 16:29:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011.12.19 16:28:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011.12.19 16:28:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2011.12.19 16:28:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Data aplikací
[2011.12.19 16:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty
[2011.12.19 16:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft
[2011.12.19 16:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2011.12.19 16:28:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Příslušenství
[2011.12.19 16:28:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
[2011.12.19 16:28:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start
[2011.12.19 16:28:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011.12.19 16:28:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011.12.19 16:28:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Šablony
[2011.12.19 16:28:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011.12.19 16:28:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní tiskárny
[2011.12.19 16:28:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní síť
[2011.12.19 16:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha
[2011.12.19 16:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Oblíbené položky
[2011.12.19 15:42:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.12.19 18:42:45 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.12.19 18:40:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2011.12.19 18:24:04 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2011.12.19 18:19:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.19 18:14:51 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.12.19 18:14:51 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011.12.19 18:12:22 | 000,012,572 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\6n7r81j25dakl4lgju8b5t3up23rf3023528qh
[2011.12.19 16:40:37 | 004,344,514 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
[2011.12.19 16:38:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.19 16:36:51 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011.12.19 16:36:43 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Plocha\mbam-setup.exe
[2011.12.19 16:36:16 | 000,771,072 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\RogueKiller.exe
[2011.12.19 15:43:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011.12.18 16:03:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.12.19 18:42:45 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.12.19 18:24:03 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2011.12.19 16:38:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.19 16:36:51 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011.12.19 16:36:15 | 000,771,072 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\RogueKiller.exe
[2011.12.19 16:28:19 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Vzdálená pomoc.lnk
[2011.12.19 16:28:19 | 000,001,227 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Recovery-Info.lnk
[2011.12.19 16:28:19 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Windows Media Player.lnk
[2011.12.18 16:59:02 | 000,012,572 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\6n7r81j25dakl4lgju8b5t3up23rf3023528qh
[2011.07.30 18:00:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.27 08:57:32 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP21.INI
[2009.10.27 08:44:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009.10.27 08:44:08 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009.10.27 08:40:56 | 000,000,921 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009.10.26 10:34:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.10.23 15:24:39 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.10.23 15:23:10 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.23 14:37:05 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\UMonit.exe
[2009.10.23 14:37:05 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ustor.dll
[2009.10.23 14:37:05 | 000,001,084 | ---- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2009.10.23 14:14:36 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.10.23 14:14:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.10.23 14:13:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2009.10.23 14:13:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2009.10.23 14:13:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2009.10.23 14:13:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2009.10.23 14:13:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2009.10.23 14:13:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2009.10.23 14:13:15 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2009.10.23 14:13:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2009.10.23 14:13:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2009.10.23 14:03:18 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.10.23 13:46:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.10.23 13:43:31 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009.10.23 13:36:46 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.18 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 13:00:00 | 000,380,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.18 13:00:00 | 000,379,806 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.08.18 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 13:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.08.18 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 13:00:00 | 000,062,336 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.08.18 13:00:00 | 000,053,098 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.18 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 13:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.08.18 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.18 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.07.30 10:48:28 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003.07.30 09:49:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
========== LOP Check ==========
[2009.10.27 09:19:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2009.10.27 08:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OLYMPUS
[2009.10.27 09:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ScanSoft
[2009.10.27 08:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SSScanAppDataDir
[2009.10.27 08:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SSScanWizard
[2009.11.30 16:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Truneček\Data aplikací\Canon
[2009.10.26 10:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Truneček\Data aplikací\OpenOffice.org
[2009.10.27 09:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Truneček\Data aplikací\ScanSoft
========== Purity Check ==========
========== Custom Scans ==========
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\CTFMON.EXE -- [2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc /s >
"DependOnService" = RpcSs [binary data] -- [2009.02.09 11:56:06 | 000,401,408 | ---- | M] (Microsoft Corporation)
"Description" = Poskytuje tři služby pro správu: Databázovou službu katalogu, která potvrzuje podpisy souborů systému Windows; službu Ochrany kořenových certifikátů, která přidává a odebírá důvěryhodné kořenové Certifikační úřady; službu Správy klíčů, která pomáhá přihlásit počítač k odběru certifikátů. Je-li tato služba zastavena, nebudou tyto služby správy správně fungovat. Je-li tato služba zakázána, pak se spuštění všech služeb výslovně závislých na této službě nezdaří.
"DisplayName" = Šifrování
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"Start" = 2
"Type" = 32
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters]
"ServiceDll" = %SystemRoot%\System32\cryptsvc.dll -- [2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation)
"ServiceMain" = CryptServiceMain
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security]
"Security" = 00 00 0E 00 01 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Enum]
"0" = Root\LEGACY_CRYPTSVC\0000
"Count" = 1
"NextInstance" = 1
< >
< MD5 for: ACPI.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:acpi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:acpi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:acpi.sys
[2008.04.14 06:35:42 | 000,188,288 | ---- | M] (Microsoft Corporation) MD5=4FE34F1F3126B61FCC6B2043AA8112C9 -- C:\WINDOWS\ServicePackFiles\i386\acpi.sys
[2008.04.14 06:35:42 | 000,188,288 | ---- | M] (Microsoft Corporation) MD5=4FE34F1F3126B61FCC6B2043AA8112C9 -- C:\WINDOWS\system32\drivers\acpi.sys
[2004.08.18 13:00:00 | 000,188,288 | ---- | M] (Microsoft Corporation) MD5=FA2FBCDA96D2385F773B059FE5A125A6 -- C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
< MD5 for: AGP440.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CMD.EXE >
[2004.08.18 13:00:00 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=4E5BE66CD70D52637589E9C3E2C1696D -- C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
[2008.04.14 07:52:16 | 000,390,144 | ---- | M] (Microsoft Corporation) MD5=58A4129B7AB2CF2E7F00256F7EDAEAC2 -- C:\WINDOWS\ServicePackFiles\i386\cmd.exe
[2008.04.14 07:52:16 | 000,390,144 | ---- | M] (Microsoft Corporation) MD5=58A4129B7AB2CF2E7F00256F7EDAEAC2 -- C:\WINDOWS\system32\cmd.exe
< MD5 for: CRYPTSVC.DLL >
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: CSRSS.EXE >
[2004.08.18 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=490E6E57E54FAF5F23F658EA188405A1 -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
[2008.04.14 07:52:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008.04.14 07:52:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\csrss.exe
< MD5 for: EVENTLOG.DLL >
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: FASTFAT.SYS >
[2004.08.18 13:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3117F595E9615E04F05A54FC15A03B20 -- C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys
[2008.04.13 23:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
[2008.04.13 23:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys
< MD5 for: HAL.DLL >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 23:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 23:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.18 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 23:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: I8042PRT.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:i8042prt.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys
[2004.08.17 14:44:12 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=0F42DE9909B5DBF2C48DD1A79D491AF5 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys
[2004.08.18 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=0F42DE9909B5DBF2C48DD1A79D491AF5 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\i8042prt.sys
[2008.04.14 06:51:16 | 000,052,096 | ---- | M] (Microsoft Corporation) MD5=C528E27945367191E7BAE364930B6932 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2008.04.14 06:51:16 | 000,052,096 | ---- | M] (Microsoft Corporation) MD5=C528E27945367191E7BAE364930B6932 -- C:\WINDOWS\system32\drivers\i8042prt.sys
< MD5 for: IASTOR.SYS >
[2004.09.26 14:24:54 | 000,477,952 | ---- | M] (Intel Corporation) MD5=DD19FDD8BB262F64A11C50CC23FC6F70 -- C:\WINDOWS\OEM\iaStor\iaStor.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: KBDCLASS.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:kbdclass.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:kbdclass.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:kbdclass.sys
[2008.04.14 06:59:08 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=1B6162FE7F66B1A71A4B70F941C4AA9B -- C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[2008.04.14 06:59:08 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=1B6162FE7F66B1A71A4B70F941C4AA9B -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=6F877BF8DC01A550CD666F3BEDB2213C -- C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys
< MD5 for: LSASS.EXE >
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NTFS.SYS >
[2008.04.13 23:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008.04.13 23:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004.08.18 13:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
< MD5 for: NVATA.SYS >
[2006.05.01 16:27:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=49628180ADB2E043CE017D85014BB751 -- C:\NVIDIA\nForceWinXP\9.35\IDE\WinXP\sata_ide\nvata.sys
< MD5 for: NVATABUS.SYS >
[2006.05.01 16:27:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=49628180ADB2E043CE017D85014BB751 -- C:\NVIDIA\nForceWinXP\9.35\IDE\WinXP\sataraid\nvatabus.sys
[2004.09.02 08:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\OEM\nvatabus\nvatabus.sys
< MD5 for: NVRAID.SYS >
[2006.05.01 16:27:06 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=1163D19CDD6EB65892655E181D89D053 -- C:\NVIDIA\nForceWinXP\9.35\IDE\WinXP\sataraid\nvraid.sys
[2004.09.02 08:24:40 | 000,067,968 | ---- | M] (NVIDIA Corporation) MD5=DF8D51C884B93A0D3BEAAAFAC485D6A3 -- C:\WINDOWS\OEM\nvraid\nvraid.sys
< MD5 for: REGEDIT.EXE >
[2004.08.18 13:00:00 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=CB5A91928D94224E7E30EE277B45E8A3 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 07:52:44 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=FDEB1D02CAE38665CBF114F44E6B997E -- C:\WINDOWS\regedit.exe
[2008.04.14 07:52:44 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=FDEB1D02CAE38665CBF114F44E6B997E -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
< MD5 for: SCECLI.DLL >
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.02.09 12:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2004.08.18 13:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe
[2008.04.14 07:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 07:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
< MD5 for: SMSS.EXE >
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SPOOLSV.EXE >
[2004.08.18 13:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=21B6FAA88044A41640E03EBB68BE93E8 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2010.08.17 14:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2008.04.14 07:52:50 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008.04.14 07:52:50 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USER32.DLL >
[2004.08.18 13:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1B4CCC59980DA34E75F20E42B283B027 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 07:52:06 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=E16E0990967374E76F3E40CACAFD3D53 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:06 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=E16E0990967374E76F3E40CACAFD3D53 -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2006.03.31 01:29:00 | 000,114,952 | ---- | M] () MD5=7FA61BA47E0CDBCC0FA3581C98718747 -- C:\RECYCLER\S-1-5-21-507921405-1532298954-839522115-1005\Dc9\drvdisk\i386\NT4\viamraid.sys
[2006.03.31 01:29:00 | 000,114,952 | ---- | M] () MD5=7FA61BA47E0CDBCC0FA3581C98718747 -- C:\RECYCLER\S-1-5-21-507921405-1532298954-839522115-1005\Dc9\VIARAID\driver\winnt40\viamraid.sys
[2006.03.31 01:18:00 | 000,100,992 | ---- | M] () MD5=9F3F276C7300ED211129757A411B605F -- C:\RECYCLER\S-1-5-21-507921405-1532298954-839522115-1005\Dc9\drvdisk\i386\NT5\viamraid.sys
[2006.03.31 01:18:00 | 000,100,992 | ---- | M] () MD5=9F3F276C7300ED211129757A411B605F -- C:\RECYCLER\S-1-5-21-507921405-1532298954-839522115-1005\Dc9\VIARAID\driver\winxp\viamraid.sys
[2004.05.18 14:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEM\viapdsk\viamraid.sys
< MD5 for: WIN32K.SYS >
[2009.04.19 20:52:07 | 001,847,168 | ---- | M] (Microsoft Corporation) MD5=0E523CA1CDAC4AA36CD797B5564AB661 -- C:\WINDOWS\$NtUninstallKB969947$\win32k.sys
[2008.04.14 06:45:36 | 001,845,632 | ---- | M] (Microsoft Corporation) MD5=16AA352EC7D8E6D9DE50265BF0F9E016 -- C:\WINDOWS\$NtUninstallKB968537$\win32k.sys
[2008.04.14 06:45:36 | 001,845,632 | ---- | M] (Microsoft Corporation) MD5=16AA352EC7D8E6D9DE50265BF0F9E016 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
[2010.06.24 22:30:08 | 001,861,120 | ---- | M] (Microsoft Corporation) MD5=1D6A389B0152D2164343731F4151079F -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys
[2010.09.01 08:57:41 | 001,852,800 | ---- | M] (Microsoft Corporation) MD5=21171C673C110D875FE031908409FE23 -- C:\WINDOWS\$NtUninstallKB2436673$\win32k.sys
[2010.06.24 10:02:48 | 001,851,904 | ---- | M] (Microsoft Corporation) MD5=21A48AA96D99AEF0193526F5E762E21B -- C:\WINDOWS\$NtUninstallKB981957$\win32k.sys
[2011.06.06 12:36:17 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=44E7131AA0EB70AACADBA6034B443D0B -- C:\WINDOWS\$hf_mig$\KB2555917\SP3QFE\win32k.sys
[2010.10.26 15:04:46 | 001,862,272 | ---- | M] (Microsoft Corporation) MD5=470811C7406C06BAD6CCEA5445D879C9 -- C:\WINDOWS\$hf_mig$\KB2436673\SP3QFE\win32k.sys
[2010.10.26 14:58:35 | 001,853,312 | ---- | M] (Microsoft Corporation) MD5=4FF440A38D242AA40D40F990C566DF32 -- C:\WINDOWS\$NtUninstallKB2479628$\win32k.sys
[2011.06.06 12:35:21 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=5477E9351066CA7F70A92461A35F5310 -- C:\WINDOWS\$NtUninstallKB2567053$\win32k.sys
[2010.09.01 08:57:07 | 001,861,888 | ---- | M] (Microsoft Corporation) MD5=5577EC6934D639CB20EA0C90A8AF4923 -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys
[2011.03.03 14:52:12 | 001,866,880 | ---- | M] (Microsoft Corporation) MD5=570FB1C8ABCF6375169E94C23537019C -- C:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys
[2009.08.14 16:15:39 | 001,850,624 | ---- | M] (Microsoft Corporation) MD5=670C868CDBDF46269EB7CC39B05A7513 -- C:\WINDOWS\$NtUninstallKB979559$\win32k.sys
[2010.05.02 09:03:50 | 001,860,352 | ---- | M] (Microsoft Corporation) MD5=8402F80D7FCA8CD3A4BCF027773CAD34 -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys
[2009.08.14 17:00:31 | 001,859,712 | ---- | M] (Microsoft Corporation) MD5=862CAA1CB5EF221C09918FF185DF14D7 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys
[2010.05.02 09:09:42 | 001,851,264 | ---- | M] (Microsoft Corporation) MD5=8DFA2A74176D58E671C7FD9F8966DE99 -- C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys
[2011.03.03 14:53:33 | 001,857,920 | ---- | M] (Microsoft Corporation) MD5=958A81E06C4E3510AEA1F6BCD258EF4C -- C:\WINDOWS\$NtUninstallKB2555917$\win32k.sys
[2010.12.31 15:04:07 | 001,854,976 | ---- | M] (Microsoft Corporation) MD5=AE4BFDE8B2841CE7F6AFAB0F43435445 -- C:\WINDOWS\$NtUninstallKB2506223$\win32k.sys
[2011.09.06 15:08:32 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=B14465CDD6AFA31154396B54254F2BA8 -- C:\WINDOWS\$hf_mig$\KB2567053\SP3QFE\win32k.sys
[2009.04.19 20:44:06 | 001,847,808 | ---- | M] (Microsoft Corporation) MD5=BBD63526356719F71BFBDF691ED40DF4 -- C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys
[2010.12.31 15:02:56 | 001,864,064 | ---- | M] (Microsoft Corporation) MD5=D8525ABDAFFB6F08CDEF1D87B509B17B -- C:\WINDOWS\$hf_mig$\KB2479628\SP3QFE\win32k.sys
[2011.09.06 15:10:02 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=EC7DE8AE321E0B01C23770A2AD4AA66F -- C:\WINDOWS\system32\dllcache\win32k.sys
[2011.09.06 15:10:02 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=EC7DE8AE321E0B01C23770A2AD4AA66F -- C:\WINDOWS\system32\win32k.sys
[2004.08.18 13:00:00 | 001,835,904 | ---- | M] (Microsoft Corporation) MD5=F935B816A5B3D08E519D9EEBD65A6672 -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
< MD5 for: WINLOGON.EXE >
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WINSRV.DLL >
[2011.04.26 12:02:48 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=169D34A85EC9E415C4C3A03AA62A34B6 -- C:\WINDOWS\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
[2011.04.26 12:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=43B8BD54F87BFFFE5C560B2965E13C26 -- C:\WINDOWS\$NtUninstallKB2567680$\winsrv.dll
[2011.06.20 18:44:52 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=4F1340B27E7590D3E42541769ABD5872 -- C:\WINDOWS\system32\dllcache\winsrv.dll
[2011.06.20 18:44:52 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=4F1340B27E7590D3E42541769ABD5872 -- C:\WINDOWS\system32\winsrv.dll
[2010.06.18 18:46:19 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=681CB546E0EF9C44FDE21EE0D4307DF0 -- C:\WINDOWS\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
[2008.04.14 07:52:06 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=77A41C497ADB0C96D1E8DF6F71D843C0 -- C:\WINDOWS\$NtUninstallKB2121546$\winsrv.dll
[2008.04.14 07:52:06 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=77A41C497ADB0C96D1E8DF6F71D843C0 -- C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
[2010.06.18 18:47:41 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=D7F6130150643691D61E957A2CD48D1B -- C:\WINDOWS\$NtUninstallKB2507938$\winsrv.dll
[2004.08.18 13:00:00 | 000,290,816 | ---- | M] (Microsoft Corporation) MD5=E4E57FBA176F2752527B1D53A663D2D7 -- C:\WINDOWS\$NtServicePackUninstall$\winsrv.dll
[2011.06.20 18:43:23 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=EF9951D90C530C39DEAB56C16160D837 -- C:\WINDOWS\$hf_mig$\KB2567680\SP3QFE\winsrv.dll
< MD5 for: WS2_32.DLL >
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< >
< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2006.09.12 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
[2006.09.12 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
< %systemroot%\system32\Spool\prtprocs\*.* /s >
[2006.09.12 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPD83.DLL
[2006.09.12 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPP83.DLL
< %systemroot%\system32\drivers\*.sys /10 >
[2011.12.19 16:36:51 | 000,111,872 | ---- | M] () -- C:\WINDOWS\system32\drivers\TrueSight.sys
< %systemroot%\system32\drivers\*.sys /X >
[2008.04.14 07:51:38 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 07:51:38 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 07:51:38 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 07:51:38 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 07:51:38 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 07:51:38 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 07:51:38 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2005.08.03 21:08:00 | 000,040,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2005.07.11 15:12:00 | 000,524,850 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativcaxx.cpa
[2005.07.11 15:12:00 | 000,000,929 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativcaxx.vp
[2005.06.08 14:45:00 | 000,058,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativckxx.vp
[2006.12.29 19:21:08 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2005.08.04 01:20:00 | 000,021,712 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativvpxx.vp
[2008.04.14 07:51:38 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 07:51:38 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 07:51:38 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 07:51:38 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 07:51:38 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008.04.14 07:51:40 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2007.04.02 20:36:04 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2004.08.18 13:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2004.08.18 13:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2006.12.29 19:02:50 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2008.04.14 07:51:56 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008.04.14 07:52:06 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.* /10 >
[2011.12.18 16:03:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\config\*.sav >
[2009.10.23 15:22:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.10.23 15:22:18 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.10.23 15:22:18 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\Tasks\*.job >
< %systemroot%\*.* /U /s >
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
< %systemroot%\*. /rp /s >
< %ALLUSERSPROFILE%\Data Aplikací\*.* >
[2011.12.19 18:12:22 | 000,012,572 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\6n7r81j25dakl4lgju8b5t3up23rf3023528qh
[2009.10.23 15:24:03 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
< %ALLUSERSPROFILE%\Nabídka Start\*.lnk /x >
[2009.10.23 15:42:25 | 000,000,293 | -HS- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\desktop.ini
< %ALLUSERSPROFILE%\Data Aplikácií\*.* >
< %ALLUSERSPROFILE%\Data Aplikácií\*.exe /s >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %APPDATA%\*. >
[2011.12.19 16:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2011.12.19 16:38:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2011.12.19 16:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
< %APPDATA%\*.* >
[2009.10.23 15:24:03 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
< %APPDATA%\*.exe /s >
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32|bak;true;false;false /fp >
< %PROGRAMFILES%|bak;true;false;false /fp >
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2009.06.03 04:49:20 | 000,307,704 | ---- | M] (Mozilla Corporation) MD5=26C3F01DF1B1AA6CFEC22D75F1E072F9 -- C:\Program Files\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-11 16:06:27
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 0
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems" /v Windows /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\SUBSYSTEMS
WINDOWS REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
< bcdedit /v >C:\boot.txt /c >
< type C:\boot.txt >> test1.txt /c >
< echo list vol > C:\commands.txt | diskpart /s C:\commands.txt > C:\DiskReport.txt /c >
Microsoft DiskPart version 5.1.3564
Copyright (C) 1999-2003 Microsoft Corporation.
V poźˇtaźi: TOMAS
Svazek ### Ltr Jmenovka Fs Typ Velikost Stav Informace
---------- --- ----------- ----- ---------- ------- --------- --------
Svazek 0 D DVD-ROM 0 B
Svazek 1 C NTFS Oddˇl 75 GB V poý dku Syst‚m
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.12.19 18:42:45 | 000,000,512 | ---- | M] () MD5=40D8E866A4E90FD559C263F95860BBD7 -- C:\PhysicalMBR.bin
[1 C:\*.tmp files -> C:\*.tmp -> ]
Extras v příloze a OTL log rozdělen do dvou příspěvků.
OTL logfile created on: 19.12.2011 18:42:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
894,17 Mb Total Physical Memory | 667,66 Mb Available Physical Memory | 74,67% Memory free
2,12 Gb Paging File | 2,00 Gb Available in Paging File | 94,28% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 62,97 Gb Free Space | 84,50% Space Free | Partition Type: NTFS
Computer Name: TOMAS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.12.19 18:40:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2009.06.03 04:49:20 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
========== Driver Services (SafeList) ==========
DRV - [2005.09.23 17:56:00 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.09.09 17:56:12 | 000,006,144 | ---- | M] (http://www.internals.com) [Kernel | System | Stopped] -- C:\WINDOWS\system32\WinIo.sys -- (WINIO)
DRV - [2005.08.17 18:25:00 | 000,009,216 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor)
DRV - [2005.08.03 22:10:00 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.07.06 03:54:00 | 000,840,100 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.04.22 15:54:00 | 000,112,751 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005.03.09 14:53:00 | 000,042,496 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.12.22 00:32:00 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004.10.27 14:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1532298954-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.19 16:31:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.10.27 08:31:13 | 000,000,000 | ---D | M]
[2011.12.19 16:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2011.12.19 16:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\x606e4kl.default\extensions
[2009.10.26 10:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.03.31 20:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2008.03.31 20:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2008.01.27 10:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2008.01.27 10:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 20:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2004.08.18 13:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Truneček\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1532298954-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{614672A9-5D9E-4212-A9DF-2D44A1764901}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.23 13:40:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 7 Days ==========
[2011.12.19 18:40:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2011.12.19 18:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.12.19 18:24:27 | 000,000,000 | ---D | C] -- C:\rsit
[2011.12.19 16:40:14 | 004,344,514 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
[2011.12.19 16:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2011.12.19 16:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.12.19 16:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.12.19 16:38:31 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.19 16:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.19 16:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\RK_Quarantine
[2011.12.19 16:35:55 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Plocha\mbam-setup.exe
[2011.12.19 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
[2011.12.19 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2011.12.19 16:29:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011.12.19 16:28:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011.12.19 16:28:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2011.12.19 16:28:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Data aplikací
[2011.12.19 16:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty
[2011.12.19 16:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft
[2011.12.19 16:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2011.12.19 16:28:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Příslušenství
[2011.12.19 16:28:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
[2011.12.19 16:28:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start
[2011.12.19 16:28:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011.12.19 16:28:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011.12.19 16:28:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Šablony
[2011.12.19 16:28:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011.12.19 16:28:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní tiskárny
[2011.12.19 16:28:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní síť
[2011.12.19 16:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha
[2011.12.19 16:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Oblíbené položky
[2011.12.19 15:42:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.12.19 18:42:45 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.12.19 18:40:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2011.12.19 18:24:04 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2011.12.19 18:19:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.19 18:14:51 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.12.19 18:14:51 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011.12.19 18:12:22 | 000,012,572 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\6n7r81j25dakl4lgju8b5t3up23rf3023528qh
[2011.12.19 16:40:37 | 004,344,514 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
[2011.12.19 16:38:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.19 16:36:51 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011.12.19 16:36:43 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Plocha\mbam-setup.exe
[2011.12.19 16:36:16 | 000,771,072 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\RogueKiller.exe
[2011.12.19 15:43:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011.12.18 16:03:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.12.19 18:42:45 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.12.19 18:24:03 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2011.12.19 16:38:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.19 16:36:51 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011.12.19 16:36:15 | 000,771,072 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\RogueKiller.exe
[2011.12.19 16:28:19 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Vzdálená pomoc.lnk
[2011.12.19 16:28:19 | 000,001,227 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Recovery-Info.lnk
[2011.12.19 16:28:19 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Windows Media Player.lnk
[2011.12.18 16:59:02 | 000,012,572 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\6n7r81j25dakl4lgju8b5t3up23rf3023528qh
[2011.07.30 18:00:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.27 08:57:32 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP21.INI
[2009.10.27 08:44:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009.10.27 08:44:08 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009.10.27 08:40:56 | 000,000,921 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009.10.26 10:34:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.10.23 15:24:39 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.10.23 15:23:10 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.23 14:37:05 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\UMonit.exe
[2009.10.23 14:37:05 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ustor.dll
[2009.10.23 14:37:05 | 000,001,084 | ---- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2009.10.23 14:14:36 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.10.23 14:14:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.10.23 14:13:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2009.10.23 14:13:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2009.10.23 14:13:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2009.10.23 14:13:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2009.10.23 14:13:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2009.10.23 14:13:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2009.10.23 14:13:15 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2009.10.23 14:13:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2009.10.23 14:13:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2009.10.23 14:03:18 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.10.23 13:46:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.10.23 13:43:31 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009.10.23 13:36:46 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.18 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 13:00:00 | 000,380,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.18 13:00:00 | 000,379,806 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.08.18 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 13:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.08.18 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 13:00:00 | 000,062,336 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.08.18 13:00:00 | 000,053,098 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.18 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 13:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.08.18 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.18 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.07.30 10:48:28 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003.07.30 09:49:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
========== LOP Check ==========
[2009.10.27 09:19:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2009.10.27 08:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OLYMPUS
[2009.10.27 09:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ScanSoft
[2009.10.27 08:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SSScanAppDataDir
[2009.10.27 08:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SSScanWizard
[2009.11.30 16:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Truneček\Data aplikací\Canon
[2009.10.26 10:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Truneček\Data aplikací\OpenOffice.org
[2009.10.27 09:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Truneček\Data aplikací\ScanSoft
========== Purity Check ==========
========== Custom Scans ==========
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\CTFMON.EXE -- [2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc /s >
"DependOnService" = RpcSs [binary data] -- [2009.02.09 11:56:06 | 000,401,408 | ---- | M] (Microsoft Corporation)
"Description" = Poskytuje tři služby pro správu: Databázovou službu katalogu, která potvrzuje podpisy souborů systému Windows; službu Ochrany kořenových certifikátů, která přidává a odebírá důvěryhodné kořenové Certifikační úřady; službu Správy klíčů, která pomáhá přihlásit počítač k odběru certifikátů. Je-li tato služba zastavena, nebudou tyto služby správy správně fungovat. Je-li tato služba zakázána, pak se spuštění všech služeb výslovně závislých na této službě nezdaří.
"DisplayName" = Šifrování
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"Start" = 2
"Type" = 32
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters]
"ServiceDll" = %SystemRoot%\System32\cryptsvc.dll -- [2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation)
"ServiceMain" = CryptServiceMain
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security]
"Security" = 00 00 0E 00 01 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Enum]
"0" = Root\LEGACY_CRYPTSVC\0000
"Count" = 1
"NextInstance" = 1
< >
< MD5 for: ACPI.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:acpi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:acpi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:acpi.sys
[2008.04.14 06:35:42 | 000,188,288 | ---- | M] (Microsoft Corporation) MD5=4FE34F1F3126B61FCC6B2043AA8112C9 -- C:\WINDOWS\ServicePackFiles\i386\acpi.sys
[2008.04.14 06:35:42 | 000,188,288 | ---- | M] (Microsoft Corporation) MD5=4FE34F1F3126B61FCC6B2043AA8112C9 -- C:\WINDOWS\system32\drivers\acpi.sys
[2004.08.18 13:00:00 | 000,188,288 | ---- | M] (Microsoft Corporation) MD5=FA2FBCDA96D2385F773B059FE5A125A6 -- C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
< MD5 for: AGP440.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CMD.EXE >
[2004.08.18 13:00:00 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=4E5BE66CD70D52637589E9C3E2C1696D -- C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
[2008.04.14 07:52:16 | 000,390,144 | ---- | M] (Microsoft Corporation) MD5=58A4129B7AB2CF2E7F00256F7EDAEAC2 -- C:\WINDOWS\ServicePackFiles\i386\cmd.exe
[2008.04.14 07:52:16 | 000,390,144 | ---- | M] (Microsoft Corporation) MD5=58A4129B7AB2CF2E7F00256F7EDAEAC2 -- C:\WINDOWS\system32\cmd.exe
< MD5 for: CRYPTSVC.DLL >
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: CSRSS.EXE >
[2004.08.18 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=490E6E57E54FAF5F23F658EA188405A1 -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
[2008.04.14 07:52:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008.04.14 07:52:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\csrss.exe
< MD5 for: EVENTLOG.DLL >
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: FASTFAT.SYS >
[2004.08.18 13:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3117F595E9615E04F05A54FC15A03B20 -- C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys
[2008.04.13 23:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
[2008.04.13 23:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys
< MD5 for: HAL.DLL >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 23:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 23:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.18 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 23:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: I8042PRT.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:i8042prt.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys
[2004.08.17 14:44:12 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=0F42DE9909B5DBF2C48DD1A79D491AF5 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys
[2004.08.18 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=0F42DE9909B5DBF2C48DD1A79D491AF5 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\i8042prt.sys
[2008.04.14 06:51:16 | 000,052,096 | ---- | M] (Microsoft Corporation) MD5=C528E27945367191E7BAE364930B6932 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2008.04.14 06:51:16 | 000,052,096 | ---- | M] (Microsoft Corporation) MD5=C528E27945367191E7BAE364930B6932 -- C:\WINDOWS\system32\drivers\i8042prt.sys
< MD5 for: IASTOR.SYS >
[2004.09.26 14:24:54 | 000,477,952 | ---- | M] (Intel Corporation) MD5=DD19FDD8BB262F64A11C50CC23FC6F70 -- C:\WINDOWS\OEM\iaStor\iaStor.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: KBDCLASS.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:kbdclass.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:kbdclass.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:kbdclass.sys
[2008.04.14 06:59:08 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=1B6162FE7F66B1A71A4B70F941C4AA9B -- C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[2008.04.14 06:59:08 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=1B6162FE7F66B1A71A4B70F941C4AA9B -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=6F877BF8DC01A550CD666F3BEDB2213C -- C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys
< MD5 for: LSASS.EXE >
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NTFS.SYS >
[2008.04.13 23:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008.04.13 23:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004.08.18 13:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
< MD5 for: NVATA.SYS >
[2006.05.01 16:27:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=49628180ADB2E043CE017D85014BB751 -- C:\NVIDIA\nForceWinXP\9.35\IDE\WinXP\sata_ide\nvata.sys
< MD5 for: NVATABUS.SYS >
[2006.05.01 16:27:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=49628180ADB2E043CE017D85014BB751 -- C:\NVIDIA\nForceWinXP\9.35\IDE\WinXP\sataraid\nvatabus.sys
[2004.09.02 08:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\OEM\nvatabus\nvatabus.sys
< MD5 for: NVRAID.SYS >
[2006.05.01 16:27:06 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=1163D19CDD6EB65892655E181D89D053 -- C:\NVIDIA\nForceWinXP\9.35\IDE\WinXP\sataraid\nvraid.sys
[2004.09.02 08:24:40 | 000,067,968 | ---- | M] (NVIDIA Corporation) MD5=DF8D51C884B93A0D3BEAAAFAC485D6A3 -- C:\WINDOWS\OEM\nvraid\nvraid.sys
< MD5 for: REGEDIT.EXE >
[2004.08.18 13:00:00 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=CB5A91928D94224E7E30EE277B45E8A3 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 07:52:44 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=FDEB1D02CAE38665CBF114F44E6B997E -- C:\WINDOWS\regedit.exe
[2008.04.14 07:52:44 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=FDEB1D02CAE38665CBF114F44E6B997E -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
< MD5 for: SCECLI.DLL >
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.02.09 12:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2004.08.18 13:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe
[2008.04.14 07:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 07:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
< MD5 for: SMSS.EXE >
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SPOOLSV.EXE >
[2004.08.18 13:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=21B6FAA88044A41640E03EBB68BE93E8 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2010.08.17 14:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2008.04.14 07:52:50 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008.04.14 07:52:50 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USER32.DLL >
[2004.08.18 13:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1B4CCC59980DA34E75F20E42B283B027 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 07:52:06 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=E16E0990967374E76F3E40CACAFD3D53 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:06 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=E16E0990967374E76F3E40CACAFD3D53 -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2006.03.31 01:29:00 | 000,114,952 | ---- | M] () MD5=7FA61BA47E0CDBCC0FA3581C98718747 -- C:\RECYCLER\S-1-5-21-507921405-1532298954-839522115-1005\Dc9\drvdisk\i386\NT4\viamraid.sys
[2006.03.31 01:29:00 | 000,114,952 | ---- | M] () MD5=7FA61BA47E0CDBCC0FA3581C98718747 -- C:\RECYCLER\S-1-5-21-507921405-1532298954-839522115-1005\Dc9\VIARAID\driver\winnt40\viamraid.sys
[2006.03.31 01:18:00 | 000,100,992 | ---- | M] () MD5=9F3F276C7300ED211129757A411B605F -- C:\RECYCLER\S-1-5-21-507921405-1532298954-839522115-1005\Dc9\drvdisk\i386\NT5\viamraid.sys
[2006.03.31 01:18:00 | 000,100,992 | ---- | M] () MD5=9F3F276C7300ED211129757A411B605F -- C:\RECYCLER\S-1-5-21-507921405-1532298954-839522115-1005\Dc9\VIARAID\driver\winxp\viamraid.sys
[2004.05.18 14:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEM\viapdsk\viamraid.sys
< MD5 for: WIN32K.SYS >
[2009.04.19 20:52:07 | 001,847,168 | ---- | M] (Microsoft Corporation) MD5=0E523CA1CDAC4AA36CD797B5564AB661 -- C:\WINDOWS\$NtUninstallKB969947$\win32k.sys
[2008.04.14 06:45:36 | 001,845,632 | ---- | M] (Microsoft Corporation) MD5=16AA352EC7D8E6D9DE50265BF0F9E016 -- C:\WINDOWS\$NtUninstallKB968537$\win32k.sys
[2008.04.14 06:45:36 | 001,845,632 | ---- | M] (Microsoft Corporation) MD5=16AA352EC7D8E6D9DE50265BF0F9E016 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
[2010.06.24 22:30:08 | 001,861,120 | ---- | M] (Microsoft Corporation) MD5=1D6A389B0152D2164343731F4151079F -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys
[2010.09.01 08:57:41 | 001,852,800 | ---- | M] (Microsoft Corporation) MD5=21171C673C110D875FE031908409FE23 -- C:\WINDOWS\$NtUninstallKB2436673$\win32k.sys
[2010.06.24 10:02:48 | 001,851,904 | ---- | M] (Microsoft Corporation) MD5=21A48AA96D99AEF0193526F5E762E21B -- C:\WINDOWS\$NtUninstallKB981957$\win32k.sys
[2011.06.06 12:36:17 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=44E7131AA0EB70AACADBA6034B443D0B -- C:\WINDOWS\$hf_mig$\KB2555917\SP3QFE\win32k.sys
[2010.10.26 15:04:46 | 001,862,272 | ---- | M] (Microsoft Corporation) MD5=470811C7406C06BAD6CCEA5445D879C9 -- C:\WINDOWS\$hf_mig$\KB2436673\SP3QFE\win32k.sys
[2010.10.26 14:58:35 | 001,853,312 | ---- | M] (Microsoft Corporation) MD5=4FF440A38D242AA40D40F990C566DF32 -- C:\WINDOWS\$NtUninstallKB2479628$\win32k.sys
[2011.06.06 12:35:21 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=5477E9351066CA7F70A92461A35F5310 -- C:\WINDOWS\$NtUninstallKB2567053$\win32k.sys
[2010.09.01 08:57:07 | 001,861,888 | ---- | M] (Microsoft Corporation) MD5=5577EC6934D639CB20EA0C90A8AF4923 -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys
[2011.03.03 14:52:12 | 001,866,880 | ---- | M] (Microsoft Corporation) MD5=570FB1C8ABCF6375169E94C23537019C -- C:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys
[2009.08.14 16:15:39 | 001,850,624 | ---- | M] (Microsoft Corporation) MD5=670C868CDBDF46269EB7CC39B05A7513 -- C:\WINDOWS\$NtUninstallKB979559$\win32k.sys
[2010.05.02 09:03:50 | 001,860,352 | ---- | M] (Microsoft Corporation) MD5=8402F80D7FCA8CD3A4BCF027773CAD34 -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys
[2009.08.14 17:00:31 | 001,859,712 | ---- | M] (Microsoft Corporation) MD5=862CAA1CB5EF221C09918FF185DF14D7 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys
[2010.05.02 09:09:42 | 001,851,264 | ---- | M] (Microsoft Corporation) MD5=8DFA2A74176D58E671C7FD9F8966DE99 -- C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys
[2011.03.03 14:53:33 | 001,857,920 | ---- | M] (Microsoft Corporation) MD5=958A81E06C4E3510AEA1F6BCD258EF4C -- C:\WINDOWS\$NtUninstallKB2555917$\win32k.sys
[2010.12.31 15:04:07 | 001,854,976 | ---- | M] (Microsoft Corporation) MD5=AE4BFDE8B2841CE7F6AFAB0F43435445 -- C:\WINDOWS\$NtUninstallKB2506223$\win32k.sys
[2011.09.06 15:08:32 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=B14465CDD6AFA31154396B54254F2BA8 -- C:\WINDOWS\$hf_mig$\KB2567053\SP3QFE\win32k.sys
[2009.04.19 20:44:06 | 001,847,808 | ---- | M] (Microsoft Corporation) MD5=BBD63526356719F71BFBDF691ED40DF4 -- C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys
[2010.12.31 15:02:56 | 001,864,064 | ---- | M] (Microsoft Corporation) MD5=D8525ABDAFFB6F08CDEF1D87B509B17B -- C:\WINDOWS\$hf_mig$\KB2479628\SP3QFE\win32k.sys
[2011.09.06 15:10:02 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=EC7DE8AE321E0B01C23770A2AD4AA66F -- C:\WINDOWS\system32\dllcache\win32k.sys
[2011.09.06 15:10:02 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=EC7DE8AE321E0B01C23770A2AD4AA66F -- C:\WINDOWS\system32\win32k.sys
[2004.08.18 13:00:00 | 001,835,904 | ---- | M] (Microsoft Corporation) MD5=F935B816A5B3D08E519D9EEBD65A6672 -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
< MD5 for: WINLOGON.EXE >
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WINSRV.DLL >
[2011.04.26 12:02:48 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=169D34A85EC9E415C4C3A03AA62A34B6 -- C:\WINDOWS\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
[2011.04.26 12:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=43B8BD54F87BFFFE5C560B2965E13C26 -- C:\WINDOWS\$NtUninstallKB2567680$\winsrv.dll
[2011.06.20 18:44:52 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=4F1340B27E7590D3E42541769ABD5872 -- C:\WINDOWS\system32\dllcache\winsrv.dll
[2011.06.20 18:44:52 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=4F1340B27E7590D3E42541769ABD5872 -- C:\WINDOWS\system32\winsrv.dll
[2010.06.18 18:46:19 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=681CB546E0EF9C44FDE21EE0D4307DF0 -- C:\WINDOWS\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
[2008.04.14 07:52:06 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=77A41C497ADB0C96D1E8DF6F71D843C0 -- C:\WINDOWS\$NtUninstallKB2121546$\winsrv.dll
[2008.04.14 07:52:06 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=77A41C497ADB0C96D1E8DF6F71D843C0 -- C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
[2010.06.18 18:47:41 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=D7F6130150643691D61E957A2CD48D1B -- C:\WINDOWS\$NtUninstallKB2507938$\winsrv.dll
[2004.08.18 13:00:00 | 000,290,816 | ---- | M] (Microsoft Corporation) MD5=E4E57FBA176F2752527B1D53A663D2D7 -- C:\WINDOWS\$NtServicePackUninstall$\winsrv.dll
[2011.06.20 18:43:23 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=EF9951D90C530C39DEAB56C16160D837 -- C:\WINDOWS\$hf_mig$\KB2567680\SP3QFE\winsrv.dll
< MD5 for: WS2_32.DLL >
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< >
< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2006.09.12 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
[2006.09.12 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
< %systemroot%\system32\Spool\prtprocs\*.* /s >
[2006.09.12 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPD83.DLL
[2006.09.12 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPP83.DLL
< %systemroot%\system32\drivers\*.sys /10 >
[2011.12.19 16:36:51 | 000,111,872 | ---- | M] () -- C:\WINDOWS\system32\drivers\TrueSight.sys
< %systemroot%\system32\drivers\*.sys /X >
[2008.04.14 07:51:38 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 07:51:38 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 07:51:38 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 07:51:38 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 07:51:38 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 07:51:38 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 07:51:38 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2005.08.03 21:08:00 | 000,040,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2005.07.11 15:12:00 | 000,524,850 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativcaxx.cpa
[2005.07.11 15:12:00 | 000,000,929 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativcaxx.vp
[2005.06.08 14:45:00 | 000,058,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativckxx.vp
[2006.12.29 19:21:08 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2005.08.04 01:20:00 | 000,021,712 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativvpxx.vp
[2008.04.14 07:51:38 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 07:51:38 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 07:51:38 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 07:51:38 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 07:51:38 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008.04.14 07:51:40 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2007.04.02 20:36:04 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2004.08.18 13:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2004.08.18 13:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2006.12.29 19:02:50 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2008.04.14 07:51:56 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008.04.14 07:52:06 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.* /10 >
[2011.12.18 16:03:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\config\*.sav >
[2009.10.23 15:22:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.10.23 15:22:18 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.10.23 15:22:18 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\Tasks\*.job >
< %systemroot%\*.* /U /s >
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
< %systemroot%\*. /rp /s >
< %ALLUSERSPROFILE%\Data Aplikací\*.* >
[2011.12.19 18:12:22 | 000,012,572 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\6n7r81j25dakl4lgju8b5t3up23rf3023528qh
[2009.10.23 15:24:03 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
< %ALLUSERSPROFILE%\Nabídka Start\*.lnk /x >
[2009.10.23 15:42:25 | 000,000,293 | -HS- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\desktop.ini
< %ALLUSERSPROFILE%\Data Aplikácií\*.* >
< %ALLUSERSPROFILE%\Data Aplikácií\*.exe /s >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %APPDATA%\*. >
[2011.12.19 16:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2011.12.19 16:38:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2011.12.19 16:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
< %APPDATA%\*.* >
[2009.10.23 15:24:03 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
< %APPDATA%\*.exe /s >
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32|bak;true;false;false /fp >
< %PROGRAMFILES%|bak;true;false;false /fp >
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2009.06.03 04:49:20 | 000,307,704 | ---- | M] (Mozilla Corporation) MD5=26C3F01DF1B1AA6CFEC22D75F1E072F9 -- C:\Program Files\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-11 16:06:27
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 0
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems" /v Windows /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\SUBSYSTEMS
WINDOWS REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
< bcdedit /v >C:\boot.txt /c >
< type C:\boot.txt >> test1.txt /c >
< echo list vol > C:\commands.txt | diskpart /s C:\commands.txt > C:\DiskReport.txt /c >
Microsoft DiskPart version 5.1.3564
Copyright (C) 1999-2003 Microsoft Corporation.
V poźˇtaźi: TOMAS
Svazek ### Ltr Jmenovka Fs Typ Velikost Stav Informace
---------- --- ----------- ----- ---------- ------- --------- --------
Svazek 0 D DVD-ROM 0 B
Svazek 1 C NTFS Oddˇl 75 GB V poý dku Syst‚m
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.12.19 18:42:45 | 000,000,512 | ---- | M] () MD5=40D8E866A4E90FD559C263F95860BBD7 -- C:\PhysicalMBR.bin
[1 C:\*.tmp files -> C:\*.tmp -> ]
- Přílohy
-
- Extras.zip
- LOG Extras
- (4.87 KiB) Staženo 44 x
Re: Virus - XP security 2012 - nelze smazat
Pokračování OTL logu:
< %systemroot%\system32\drivers\*.sys /md5 >
[2008.04.13 23:16:20 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=C1536905AD2067812A238BCE998F4BFF -- C:\WINDOWS\system32\drivers\1394bus.sys
[2008.04.14 06:35:42 | 000,188,288 | ---- | M] (Microsoft Corporation) MD5=4FE34F1F3126B61FCC6B2043AA8112C9 -- C:\WINDOWS\system32\drivers\acpi.sys
[2004.08.18 13:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=AFDFF022A01F0B11C776F0860C3B282F -- C:\WINDOWS\system32\drivers\acpiec.sys
[2008.04.13 21:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2008.04.13 23:06:40 | 000,044,928 | ---- | M] (Microsoft Corporation) MD5=03A7E0922ACFE1B07D5DB2EEB0773063 -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2008.04.13 23:06:40 | 000,042,752 | ---- | M] (Microsoft Corporation) MD5=CB08AED0DE2DD889A8A820CD8082D83C -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008.04.13 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) MD5=95B4FB835E28AA1336CEEB07FD5B9398 -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008.04.14 06:38:34 | 000,041,216 | ---- | M] (Microsoft Corporation) MD5=AA2D3A86F7B551AA227B17EFAEAB7D22 -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008.04.14 06:38:34 | 000,041,600 | ---- | M] (Microsoft Corporation) MD5=3980814F8027D27EA003E2E3D9D4F604 -- C:\WINDOWS\system32\drivers\amdk7.sys
[2005.03.09 14:53:00 | 000,042,496 | ---- | M] (Advanced Micro Devices) MD5=99BD5596B5D06C2EAD3CECC6F11999F5 -- C:\WINDOWS\system32\drivers\AmdK8.sys
[2005.04.22 15:54:00 | 000,112,751 | ---- | M] (Alps Electric Co., Ltd.) MD5=E1E803933B17C3F3FA4E7385B97FC4F2 -- C:\WINDOWS\system32\drivers\Apfiltr.sys
[2008.04.13 23:21:26 | 000,060,800 | ---- | M] (Microsoft Corporation) MD5=B5B8A80875C1DEDEDA8B02765642C32F -- C:\WINDOWS\system32\drivers\arp1394.sys
[2008.04.13 23:27:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 21:04:18 | 000,056,623 | ---- | M] (ATI Technologies Inc.) MD5=D649C57DA6FA762C64013747E5D7D2D6 -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2008.04.13 21:04:18 | 000,011,615 | ---- | M] (ATI Technologies Inc.) MD5=60B6AA2DC1521DA343F781B70EB7895A -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2008.04.13 21:04:18 | 000,012,047 | ---- | M] (ATI Technologies Inc.) MD5=6FDC61E8E8E17F6ECC2D9A10FA8DF347 -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2008.04.13 21:04:18 | 000,030,671 | ---- | M] (ATI Technologies Inc.) MD5=9D318099BF3876A4AF4BC75966D27603 -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2008.04.13 21:04:18 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2008.04.13 21:04:18 | 000,026,367 | ---- | M] (ATI Technologies Inc.) MD5=DAC7D785CF62F5BD41441E9D6F5A6EFE -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2008.04.13 21:04:18 | 000,021,343 | ---- | M] (ATI Technologies Inc.) MD5=F7706DAE7D101F1B19CE552D772EBFCE -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2008.04.13 21:04:18 | 000,036,463 | ---- | M] (ATI Technologies Inc.) MD5=6F714B4720DD80FFA9F8D2731594EA4C -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2008.04.13 21:04:20 | 000,029,455 | ---- | M] (ATI Technologies Inc.) MD5=67FFBC158DD4D27BA3FC92C6ACD87F73 -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2008.04.13 21:04:20 | 000,034,735 | ---- | M] (ATI Technologies Inc.) MD5=0D8CAB1F08F7D3C4DE228B49E12E596A -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2008.04.14 06:40:46 | 000,326,912 | ---- | M] (ATI Technologies Inc.) MD5=6C6416058635B6FA00263D22A1740E37 -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2005.08.03 22:10:00 | 001,273,344 | ---- | M] (ATI Technologies Inc.) MD5=03621F7F968FF63713943405DEB777F9 -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2008.04.13 21:04:18 | 000,057,856 | ---- | M] (ATI Technologies Inc.) MD5=993E7BD6438FE989E328C6B4BCA246A9 -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2008.04.13 21:04:18 | 000,013,824 | ---- | M] (ATI Technologies Inc.) MD5=ED4C2BF8403F4437987C0BA09CF48716 -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2008.04.13 21:04:18 | 000,014,336 | ---- | M] (ATI Technologies Inc.) MD5=E90AC2B14E98F1A4372E5891B4278784 -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2008.04.13 21:04:18 | 000,052,224 | ---- | M] (ATI Technologies Inc.) MD5=DA36687D701C833430605A298731410B -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2008.04.13 21:04:18 | 000,104,960 | ---- | M] (ATI Technologies Inc.) MD5=A7A01B907DB63898D40B0A14248FF9A2 -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2008.04.13 21:04:18 | 000,028,672 | ---- | M] (ATI Technologies Inc.) MD5=CEDDEE2E0591894D19654D458FD3B9BE -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2008.04.13 21:04:18 | 000,013,824 | ---- | M] (ATI Technologies Inc.) MD5=D80A8F6C0A717446496C3A06D33B0D9C -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2008.04.13 21:04:18 | 000,073,216 | ---- | M] (ATI Technologies Inc.) MD5=EDD66332608D27F4FD5069BCD0BC5164 -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2008.04.13 21:04:20 | 000,031,744 | ---- | M] (ATI Technologies Inc.) MD5=3E7D485CBD0B0D9F6EA2AD9442411831 -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2008.04.13 21:04:20 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008.04.13 23:21:26 | 000,059,904 | ---- | M] (Microsoft Corporation) MD5=9916C1225104BA14794209CFA8012159 -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2004.08.18 13:00:00 | 000,031,360 | ---- | M] (Microsoft Corporation) MD5=39A0A59180F19946374275745B21AEBA -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008.04.13 23:21:32 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=AE76348A2605FB197FA8FF1D6F547836 -- C:\WINDOWS\system32\drivers\atmlane.sys
[2004.08.18 13:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) MD5=E7EF69B38D17BA01F914AE8F66216A38 -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001.08.17 22:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=D9F724AA26C010A217C97606B160ED68 -- C:\WINDOWS\system32\drivers\audstub.sys
[2008.04.13 23:06:34 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=0D93976F7801B7FCD8135CC77257BBD0 -- C:\WINDOWS\system32\drivers\battc.sys
[2004.12.22 00:32:00 | 000,369,024 | ---- | M] (Broadcom Corporation) MD5=38CA1443660D0F5F06887C6A2E692AEB -- C:\WINDOWS\system32\drivers\BCMWL5.SYS
[2004.08.18 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
[2008.04.13 23:23:24 | 000,071,552 | ---- | M] (Microsoft Corporation) MD5=F934D1B230F84E1D19DD00AC5A7A83ED -- C:\WINDOWS\system32\drivers\bridge.sys
[2008.04.13 23:16:34 | 000,017,024 | ---- | M] (Microsoft Corporation) MD5=B279426E3C0C344893ED78A613A73BDE -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008.04.13 23:16:34 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=FCA6F069597B62D42495191ACE3FC6C1 -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008.04.13 23:21:36 | 000,101,120 | ---- | M] (Microsoft Corporation) MD5=80602B8746D3738F5886CE3D67EF06B6 -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008.06.14 18:35:31 | 000,272,128 | ---- | M] (Microsoft Corporation) MD5=F338662A6C1FC11DD9508F6DFF2C06A2 -- C:\WINDOWS\system32\drivers\bthport.sys
[2008.04.13 23:16:32 | 000,036,480 | ---- | M] (Microsoft Corporation) MD5=BB68CEBFFD181E18A26112D1B9F90F3D -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008.04.13 23:16:30 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=61364CD71EF63B0F038B7E9DF00F1EFA -- C:\WINDOWS\system32\drivers\bthusb.sys
[2004.08.18 13:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) MD5=90A673FC8E12A79AFBED2576F6A7AAF9 -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2004.08.18 13:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) MD5=C1B486A7658353D33A10CC15211A873B -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008.04.13 23:44:22 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=C885B02847F5D2FD45A24E219ED93B32 -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 13:00:00 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) MD5=30274D9BC25A43BF14891E710216EBC4 -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008.04.13 23:46:24 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- C:\WINDOWS\system32\drivers\classpnp.sys
[2008.04.13 23:06:38 | 000,013,952 | ---- | M] (Microsoft Corporation) MD5=0F6C187D38D98F8DF904589A5F94D411 -- C:\WINDOWS\system32\drivers\cmbatt.sys
[2008.04.13 23:06:38 | 000,010,240 | ---- | M] (Microsoft Corporation) MD5=6E4C9F21F0FAE8940661144F41B13203 -- C:\WINDOWS\system32\drivers\compbatt.sys
[2004.08.18 13:00:00 | 000,011,776 | ---- | M] (Compaq Computer Corporation) MD5=9624293E55AD405415862B504CA95B73 -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008.04.14 06:56:50 | 000,040,576 | ---- | M] (Microsoft Corporation) MD5=57FFB078B71F5B5E7A3DFF40F0F47711 -- C:\WINDOWS\system32\drivers\crusoe.sys
[2008.04.13 23:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
[2008.04.13 23:10:46 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=E65E2353A5D74EA89971CB918EEEB2F6 -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008.04.14 07:00:50 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) MD5=DB5FD2BF5B07DC54BFCB3664FF05BD7C -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008.04.14 07:01:04 | 000,153,856 | ---- | M] (Microsoft Corp., Veritas Software) MD5=FFF1720AF51171F32F1EAD5CF71F2810 -- C:\WINDOWS\system32\drivers\dmio.sys
[2004.08.18 13:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) MD5=E9317282A63CA4D188C0DF5E09C6AC5F -- C:\WINDOWS\system32\drivers\dmload.sys
[2008.04.13 23:15:02 | 000,052,864 | ---- | M] (Microsoft Corporation) MD5=8A208DFCF89792A484E76C40E5F50B45 -- C:\WINDOWS\system32\drivers\dmusic.sys
[2008.04.13 23:15:16 | 000,060,160 | ---- | M] (Microsoft Corporation) MD5=6CB08593487F5701D2D2254E693EAFCE -- C:\WINDOWS\system32\drivers\drmk.sys
[2008.04.13 23:15:14 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=8F5FCFF8E8848AFAC920905FBD9D33C8 -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2004.08.18 13:00:00 | 000,010,496 | ---- | M] (Microsoft Corporation) MD5=FE97D0343ACFDEBDD578FC67CC91FA87 -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008.04.13 23:08:30 | 000,071,168 | ---- | M] (Microsoft Corporation) MD5=AC7280566A7BB85CB3291F04DDC1198E -- C:\WINDOWS\system32\drivers\dxg.sys
[2004.08.18 13:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2001.08.17 22:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=80D1B490B60E74E002DC116EC5D41748 -- C:\WINDOWS\system32\drivers\enum1394.sys
[2008.04.13 23:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008.04.13 23:10:26 | 000,027,392 | ---- | M] (Microsoft Corporation) MD5=92CDD60B6730B9F50F6A1A0C1F8CDC81 -- C:\WINDOWS\system32\drivers\fdc.sys
[2008.04.14 06:43:24 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=AC366695A0796560AA37215AD5762AAF -- C:\WINDOWS\system32\drivers\fips.sys
[2005.08.17 18:25:00 | 000,009,216 | ---- | M] (Genesys Logic) MD5=36F552DAB68673D9125B3E9583623C02 -- C:\WINDOWS\system32\drivers\fixustor.sys
[2008.04.13 23:10:26 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=9D27E7B80BFCDF1CDD9B555862D5E7F0 -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008.04.13 23:03:00 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004.08.18 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=9996A605D10E8C7DAA29A380EAEF51AE -- C:\WINDOWS\system32\drivers\fsvga.sys
[2004.08.18 13:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) MD5=3E1E2BD4F39B0E2B7DC4F4D2BCC2779A -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2004.08.18 13:00:00 | 000,125,184 | ---- | M] (Microsoft Corporation) MD5=4E664D8541DB4A66B73A24257E322E1F -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008.04.13 23:06:42 | 000,046,464 | ---- | M] (Microsoft Corporation) MD5=3A74C423CF6BCCA6982715878F450A3B -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2008.04.13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) MD5=573C7D0A32852B48F3058CFD8026F511 -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2004.10.27 14:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) MD5=F58D2900C66A1E773E3375098E0E9337 -- C:\WINDOWS\system32\drivers\Hdaudio.sys
[2008.04.14 06:49:08 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=0D349DC78C6EE16E655557E325A67D9C -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008.04.13 23:15:28 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=1AF592532532A402ED7C060F6954004F -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008.04.13 23:15:28 | 000,019,200 | ---- | M] (Microsoft Corporation) MD5=BB1A6FB7D35A91E599973FA74A619056 -- C:\WINDOWS\system32\drivers\hidir.sys
[2008.04.13 23:15:24 | 000,024,960 | ---- | M] (Microsoft Corporation) MD5=96ECCF28FDBF1B2CC12725818A63628D -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008.04.13 23:15:28 | 000,010,368 | ---- | M] (Microsoft Corporation) MD5=CCF82C5EC8A7326C3066DE870C06DAF1 -- C:\WINDOWS\system32\drivers\hidusb.sys
[2008.04.13 22:53:50 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) MD5=970178E8E003EB1481293830069624B9 -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2008.04.13 22:53:52 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) MD5=1225EBEA76AAC3C84DF6C54FE5E5D8BE -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2008.04.13 22:53:54 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) MD5=EBB354438A4C5A3327FB97306260714A -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2009.10.20 17:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) MD5=F80A415EF82CD06FFAF0D971528EAD38 -- C:\WINDOWS\system32\drivers\http.sys
[2008.04.14 06:51:16 | 000,052,096 | ---- | M] (Microsoft Corporation) MD5=C528E27945367191E7BAE364930B6932 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2008.04.13 23:11:00 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\system32\drivers\imapi.sys
[2008.04.14 06:55:56 | 000,040,192 | ---- | M] (Microsoft Corporation) MD5=27B290D632AF2CF3CF40BFDDB7370985 -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008.04.13 23:23:36 | 000,036,608 | ---- | M] (Microsoft Corporation) MD5=3BB22519A194418D5FEC05D800A19AD0 -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2004.08.18 13:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) MD5=731F22BA402EE4B62748ADAF6363C182 -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008.04.13 23:27:08 | 000,020,864 | ---- | M] (Microsoft Corporation) MD5=B87AB476DCF76E72010632B5550955F5 -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008.04.13 23:27:16 | 000,152,832 | ---- | M] (Microsoft Corporation) MD5=CC748EA12C6EFFDE940EE98098BF96BB -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008.04.13 23:24:30 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=C93C9FF7B04D772627A3646D89F7BF89 -- C:\WINDOWS\system32\drivers\irenum.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 06:59:08 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=1B6162FE7F66B1A71A4B70F941C4AA9B -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008.04.13 23:15:10 | 000,172,416 | ---- | M] (Microsoft Corporation) MD5=692BCF44383D056AED41B045A323D378 -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008.04.13 23:46:38 | 000,141,056 | ---- | M] (Microsoft Corporation) MD5=0753515F78DF7F271A5E61C20BCD36A1 -- C:\WINDOWS\system32\drivers\ks.sys
[2009.06.24 12:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) MD5=B467646C54CC746128904E1654C750C1 -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) MD5=69A6268D7F81E53D568AB4E7E991CAF3 -- C:\WINDOWS\system32\drivers\mbam.sys
[2004.08.18 13:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D1F8BE91ED4DDB671D42E473E3FE71AB -- C:\WINDOWS\system32\drivers\mcd.sys
[2008.04.13 22:53:58 | 000,011,868 | ---- | M] (Conexant) MD5=195741AEE20369980796B557358CD774 -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008.04.13 23:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=A7DA20AB18A1BDAE28B0F349E57DA0D1 -- C:\WINDOWS\system32\drivers\mf.sys
[2004.08.18 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4AE068242760A1FB6E1A44BF4E16AFA6 -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008.04.14 06:36:20 | 000,030,080 | ---- | M] (Microsoft Corporation) MD5=44032B0C6D9954D3FD26438330B99EE7 -- C:\WINDOWS\system32\drivers\modem.sys
[2008.04.14 06:36:34 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=4CB582831DBDE63CE43B45D771218374 -- C:\WINDOWS\system32\drivers\mouclass.sys
[2004.08.18 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=BB269EBA740737AB749B214D568B6812 -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008.04.13 23:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008.04.13 23:02:46 | 000,180,608 | ---- | M] (Microsoft Corporation) MD5=11D42BB6206F33FBB3BA0288D3EF81BD -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2011.07.15 14:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008.04.13 23:02:40 | 000,019,072 | ---- | M] (Microsoft Corporation) MD5=C941EA2454BA8350021D774DAF0F1027 -- C:\WINDOWS\system32\drivers\msfs.sys
[2008.04.13 23:26:34 | 000,035,072 | ---- | M] (Microsoft Corporation) MD5=0A02C63C8B144BD8C86B103DEE7C86A2 -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008.04.13 23:09:54 | 000,007,552 | ---- | M] (Microsoft Corporation) MD5=D1575E71568F4D9E14CA56B7B0453BF1 -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008.04.13 23:09:52 | 000,005,376 | ---- | M] (Microsoft Corporation) MD5=325BB26842FC7CCC1FCCE2C457317F3E -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008.04.13 23:09:52 | 000,004,992 | ---- | M] (Microsoft Corporation) MD5=BAD59648BA099DA4A17680B39730CB3D -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008.04.13 23:06:48 | 000,015,488 | ---- | M] (Microsoft Corporation) MD5=AF5F4F3F14A8EA2C26DE30F7A1E17136 -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2008.04.13 22:53:42 | 000,126,686 | ---- | M] (Smart Link) MD5=C53775780148884AC87C455489A0C070 -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2008.04.13 22:53:40 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2008.04.13 21:04:28 | 000,452,736 | ---- | M] (Matrox Graphics Inc.) MD5=6DDA78A0BE692B61B668FAB860F276CF -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2011.04.21 14:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=DE6A75F5C270E756C5508D94B6CF68F5 -- C:\WINDOWS\system32\drivers\mup.sys
[2008.04.13 23:13:56 | 000,012,672 | ---- | M] (Microsoft Corporation) MD5=B538DCD9816EA35FA4F637CFC261AAA8 -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2011.07.08 15:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) MD5=0109C4F3850DFBAB279542515386AE22 -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008.04.13 23:26:00 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=F927A4434C5028758A842943EF1A3849 -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008.04.13 23:50:44 | 000,091,520 | ---- | M] (Microsoft Corporation) MD5=EDC1531A49C80614B2CFDA43CA8659AB -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2010.11.02 16:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) MD5=9282BD12DFB069D3889EB3FCC1000A9B -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008.04.13 23:26:04 | 000,034,688 | ---- | M] (Microsoft Corporation) MD5=5D81CF9A2F1A3A756B66CF684911CDF0 -- C:\WINDOWS\system32\drivers\netbios.sys
[2008.04.13 23:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys
[2008.04.13 23:21:26 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=E9E47CFB2D461FA0FC75B7A74C6383EA -- C:\WINDOWS\system32\drivers\nic1394.sys
[2004.08.18 13:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=BE984D604D91C217355CDD3737AAD25D -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008.04.13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) MD5=1E421A6BCF2203CC61B821ADA9DE878B -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008.04.13 23:02:40 | 000,030,848 | ---- | M] (Microsoft Corporation) MD5=3182D64AE053D6FB034F44B6DEF8034A -- C:\WINDOWS\system32\drivers\npfs.sys
[2008.04.13 23:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2008.04.13 22:53:42 | 000,180,360 | ---- | M] (Smart Link) MD5=576B34CEAE5B7E5D9FD2775E93B3DB53 -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2004.08.18 13:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=73C1E1F395918BC2C6DD67AF7591A3AD -- C:\WINDOWS\system32\drivers\null.sys
[2008.04.13 21:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2004.08.18 13:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) MD5=B305F3FAD35083837EF46A0BBCE2FC57 -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2004.08.18 13:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) MD5=C99B3415198D1AAB7227F2C88FD664B9 -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008.04.13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) MD5=8B8B1BE2DBA4025DA6786C645F77F123 -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2004.08.18 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) MD5=56D34A67C05E94E16377C60609741FF8 -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2004.08.18 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) MD5=C0BB7D1615E1ACBDC99757F6CEAF8CF0 -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008.04.13 23:16:20 | 000,061,696 | ---- | M] (Microsoft Corporation) MD5=CA33832DF41AFB202EE7AEB05145922F -- C:\WINDOWS\system32\drivers\ohci1394.sys
[2004.08.18 13:00:00 | 000,003,456 | ---- | M] (Microsoft Corporation) MD5=4BB30DDC53EBC76895E38694580CDFE9 -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008.04.14 07:10:18 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=3FC38E7FBE91DB40C34731195F4116C2 -- C:\WINDOWS\system32\drivers\p3.sys
[2008.04.14 07:10:22 | 000,080,000 | ---- | M] (Microsoft Corporation) MD5=46F8DB73B4A53E543F8E371DC7C75BAE -- C:\WINDOWS\system32\drivers\parport.sys
[2008.04.13 23:10:50 | 000,019,712 | ---- | M] (Microsoft Corporation) MD5=BEB3BA25197665D82EC7065B724171C6 -- C:\WINDOWS\system32\drivers\partmgr.sys
[2004.08.18 13:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) MD5=1FAE19D0457176318BBA4A8795656EBC -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008.04.14 07:10:38 | 000,068,736 | ---- | M] (Microsoft Corporation) MD5=6CE351D149CB4BEFC702951E471E1730 -- C:\WINDOWS\system32\drivers\pci.sys
[2004.08.18 13:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=2DA4EC85E0EA7A45C6B2A05820492D5A -- C:\WINDOWS\system32\drivers\pciide.sys
[2008.04.13 23:10:30 | 000,024,960 | ---- | M] (Microsoft Corporation) MD5=52E60F29221D0D1AC16737E8DBF7C3E9 -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008.04.14 07:10:46 | 000,120,064 | ---- | M] (Microsoft Corporation) MD5=4FC31E6C19A5CE5198B1ABFF94CAE758 -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2008.04.13 23:49:42 | 000,146,048 | ---- | M] (Microsoft Corporation) MD5=E82A496C3961EFC6828B508C310CE98F -- C:\WINDOWS\system32\drivers\portcls.sys
[2008.04.14 06:41:00 | 000,039,680 | ---- | M] (Microsoft Corporation) MD5=7EB15DCE4EC3A0220BD796A15C18186E -- C:\WINDOWS\system32\drivers\processr.sys
[2008.04.13 23:26:40 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=09298EC810B07E5D582CB3A3F9255424 -- C:\WINDOWS\system32\drivers\psched.sys
[2004.08.18 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) MD5=80D317BD1C3DBC5D4FE7B1678C60CADD -- C:\WINDOWS\system32\drivers\ptilink.sys
[2004.08.18 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008.04.13 23:49:44 | 000,051,328 | ---- | M] (Microsoft Corporation) MD5=11B4A627BC9614B885C4969BFA5FF8A6 -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008.04.13 23:27:34 | 000,041,472 | ---- | M] (Microsoft Corporation) MD5=5BC962F2654137C9909C3D4603587DEE -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008.04.13 23:49:50 | 000,048,384 | ---- | M] (Microsoft Corporation) MD5=EFEEC01B1D3CF84F16DDD24D9D9D8F99 -- C:\WINDOWS\system32\drivers\raspptp.sys
[2004.08.18 13:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) MD5=FDBB1D60066FCFBB7452FD8F9829B242 -- C:\WINDOWS\system32\drivers\raspti.sys
[2004.08.18 13:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) MD5=01524CD237223B18ADBB48F70083F101 -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008.04.13 23:58:40 | 000,175,744 | ---- | M] (Microsoft Corporation) MD5=7AD224AD1A1437FE28D89CF22B17780A -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004.08.18 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008.04.13 23:02:52 | 000,196,224 | ---- | M] (Microsoft Corporation) MD5=15CABD0F7C00C47C70124907916AF3F1 -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2011.06.24 15:10:39 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=FC105DD312ED64EB66BFF111E8EC6EAC -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2008.04.13 22:53:44 | 000,013,776 | ---- | M] (Smart Link) MD5=E9AAA0092D74A9D371659C4C38882E12 -- C:\WINDOWS\system32\drivers\recagent.sys
[2008.04.14 06:44:54 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=611BFD220305BE3A85AE876EA47D4AA5 -- C:\WINDOWS\system32\drivers\redbook.sys
[2008.04.13 23:16:34 | 000,059,136 | ---- | M] (Microsoft Corporation) MD5=851C30DF2807FCFA21E4C681A7D6440E -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2004.08.18 13:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=A56FE08EC7473E8580A390BB1081CDD7 -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2004.08.18 13:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=0A854DF84C77A0BE205BFEAB2AE4F0EC -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008.05.08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) MD5=96F7A9A7BF0C9C0440A967440065D33C -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008.04.13 23:26:50 | 000,030,592 | ---- | M] (Microsoft Corporation) MD5=601844CBCF617FF8C868130CA5B2039D -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008.04.13 23:26:50 | 000,030,592 | ---- | M] (Microsoft Corporation) MD5=726548542AFECA56257FF01EB13BB6D7 -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2004.08.18 13:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=D8B0B4ADE32574B2D9C5CC34DC0DBBE7 -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2005.09.23 17:56:00 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) MD5=A30685283F90AE02F1CD50972C6065E3 -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
[2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) MD5=D507C1400284176573224903819FFDA3 -- C:\WINDOWS\system32\drivers\RTL8139.sys
[2008.04.13 21:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) MD5=0DBCC071A268E0340A2BA6BDD98BACE4 -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008.04.13 23:10:32 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=76C465F570E90C28942D52CCB2580A10 -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008.04.13 23:06:46 | 000,079,232 | ---- | M] (Microsoft Corporation) MD5=8D04819A3CE51B9EB47E5689B44D43C4 -- C:\WINDOWS\system32\drivers\sdbus.sys
[2008.04.13 21:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=90A3935D05B494A5A39D37E71F09A677 -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008.04.13 23:10:14 | 000,015,744 | ---- | M] (Microsoft Corporation) MD5=0F29512CCD6BEAD730039FB4BD2C85CE -- C:\WINDOWS\system32\drivers\serenum.sys
[2008.04.14 06:51:10 | 000,064,256 | ---- | M] (Microsoft Corporation) MD5=B842729337C9B921615C40D3C1A1AF96 -- C:\WINDOWS\system32\drivers\serial.sys
[2008.04.13 23:10:48 | 000,011,904 | ---- | M] (Microsoft Corporation) MD5=0FA803C64DF0914B41F807EA276BF2A6 -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008.04.13 23:10:50 | 000,010,240 | ---- | M] (Microsoft Corporation) MD5=D66D22D76878BF3483A6BE30183FB648 -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008.04.13 23:10:48 | 000,011,008 | ---- | M] (Microsoft Corporation) MD5=C17C331E435ED8737525C86A7557B3AC -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008.04.13 23:10:50 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008.04.13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) MD5=6B33D0EBD30DB32E27D1D78FE946A754 -- C:\WINDOWS\system32\drivers\sisagp.sys
[2008.04.13 22:53:44 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2008.04.13 22:53:46 | 000,404,990 | ---- | M] (Smart Link) MD5=2C1779C0FEB1F4A6033600305EBA623A -- C:\WINDOWS\system32\drivers\slntamr.sys
[2008.04.13 22:53:48 | 000,095,424 | ---- | M] (Smart Link) MD5=F9B8E30E82EE95CF3E1D3E495599B99C -- C:\WINDOWS\system32\drivers\slnthal.sys
[2008.04.13 22:53:48 | 000,013,240 | ---- | M] (Smart Link) MD5=DB56BB2C55723815CF549D7FC50CFCEB -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008.04.13 23:06:36 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=895BE38A993B9BD5ABBE570D63D88A2E -- C:\WINDOWS\system32\drivers\smbali.sys
[2004.08.18 13:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=017DAECF0ED3AA731313433601EC40FA -- C:\WINDOWS\system32\drivers\smclib.sys
[2005.07.06 03:54:00 | 000,840,100 | ---- | M] (Motorola Inc.) MD5=DECD0A37DDB9121EE19983F074A6AF2A -- C:\WINDOWS\system32\drivers\smserial.sys
[2008.04.13 23:16:08 | 000,025,344 | ---- | M] (Microsoft Corporation) MD5=489703624DAC94ED943C2ABDA022A1CD -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2008.04.13 23:15:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
[2008.04.14 07:11:28 | 000,073,344 | ---- | M] (Microsoft Corporation) MD5=94610C8653635E4459316A0050D55CE7 -- C:\WINDOWS\system32\drivers\sr.sys
[2011.02.17 14:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) MD5=47DDFC2F003F7F9F0592C6874962A2E7 -- C:\WINDOWS\system32\drivers\srv.sys
[2008.04.13 23:15:16 | 000,049,408 | ---- | M] (Microsoft Corporation) MD5=3E5D89099DED9E86E5639F411693218F -- C:\WINDOWS\system32\drivers\stream.sys
[2008.04.13 23:09:54 | 000,004,352 | ---- | M] (Microsoft Corporation) MD5=3941D127AEF12E93ADDF6FE6EE027E0F -- C:\WINDOWS\system32\drivers\swenum.sys
[2008.04.13 23:15:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2008.04.13 23:45:56 | 000,060,800 | ---- | M] (Microsoft Corporation) MD5=8B83F3ED0F1688B4958F77CD6D2BF290 -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008.04.13 23:10:52 | 000,014,976 | ---- | M] (Microsoft Corporation) MD5=FD6093E3DECD925F1CFFC8A0DD539D72 -- C:\WINDOWS\system32\drivers\tape.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) MD5=4E53BBCC4BE37D7A4BD6EF1098C89FF7 -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008.04.13 23:30:06 | 000,019,072 | ---- | M] (Microsoft Corporation) MD5=0539D5E53587F82D1B4FD74C5BE205CF -- C:\WINDOWS\system32\drivers\tdi.sys
[2008.04.14 07:53:28 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008.04.14 07:53:28 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008.04.14 07:53:26 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
[2004.08.18 13:00:00 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=699450901C5CCFD82357CBC531CEDD23 -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2009.09.08 10:52:38 | 000,017,752 | ---- | M] (TrustPort, a.s.) MD5=9BE7E948038F4E1DA896A2DA67D7239B -- C:\WINDOWS\system32\drivers\tpsec.sys
[2011.12.19 16:36:51 | 000,111,872 | ---- | M] () MD5=F69641EFDB19ACB4753B0155F7FDEED5 -- C:\WINDOWS\system32\drivers\TrueSight.sys
[2004.08.18 13:00:00 | 000,021,376 | ---- | M] (Toshiba Corporation) MD5=D74A8EC75305F1D3CFDE7C7FC1BD62A9 -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008.04.13 23:26:02 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=8F861EDA21C05857EB8197300A92501C -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008.04.13 23:06:42 | 000,044,672 | ---- | M] (Microsoft Corporation) MD5=D85938F272D1BCF3DB3A31FC0A048928 -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008.04.13 23:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) MD5=5787B80C2E3C5E2F56C2A233D91FA2C9 -- C:\WINDOWS\system32\drivers\udfs.sys
[2008.04.13 23:09:48 | 000,384,768 | ---- | M] (Microsoft Corporation) MD5=402DDC88356B1BAC0EE3DD1580C76A31 -- C:\WINDOWS\system32\drivers\update.sys
[2008.04.13 23:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=BEE793D4A059CAEA55D6AC20E19B3A8F -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008.04.13 23:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=B6CC50279D6CD28E090A5D33244ADC9A -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2008.04.13 23:15:42 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=1C1A47B40C23358245AA8D0443B6935E -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008.04.13 23:15:42 | 000,025,728 | ---- | M] (Microsoft Corporation) MD5=CE97845D2E3F0D274B8BAC1ED07C6149 -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008.04.14 00:15:40 | 000,032,128 | ---- | M] (Microsoft Corporation) MD5=173F317CE0DB8E21322E71B7E60A27E8 -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2004.08.18 13:00:00 | 000,004,736 | ---- | M] (Microsoft Corporation) MD5=596EB39B50D6EBD9B734DC4AE0544693 -- C:\WINDOWS\system32\drivers\usbd.sys
[2008.04.13 23:15:36 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=65DCF09D0E37D4C6B11B5B0B76D470A7 -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008.04.13 23:15:38 | 000,059,520 | ---- | M] (Microsoft Corporation) MD5=1AB3CDDE553B6E064D2E754EFE20285C -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008.04.13 23:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=290913DC4F1125E5A82DE52579A44C43 -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008.04.13 23:15:36 | 000,017,152 | ---- | M] (Microsoft Corporation) MD5=0DAECCE65366EA32B162F85F07C6753B -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008.04.13 23:15:38 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=791912E524CC2CC6F50B5F2B52D1EB71 -- C:\WINDOWS\system32\drivers\usbport.sys
[2008.04.14 00:17:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008.04.14 00:15:36 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008.04.13 23:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008.04.13 23:16:22 | 000,121,984 | ---- | M] (Microsoft Corporation) MD5=63BBFCA7F390F4C49ED4B96BFB1633E0 -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2004.08.18 13:00:00 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) MD5=55E01061C74A8CEFFF58DC36114A8D3F -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008.04.13 23:14:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=0D3A8FAFCEACD8B7625CD549757A7DF1 -- C:\WINDOWS\system32\drivers\vga.sys
[2008.04.13 23:06:42 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=754292CE5848B3738281B4F3607EAEF4 -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008.04.13 23:14:42 | 000,081,664 | ---- | M] (Microsoft Corporation) MD5=E28726B72C46821A28830E077D39A55B -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008.04.14 06:42:06 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=28A4B296B47782173C346E376CB374D1 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008.04.13 23:13:56 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=ACED8C149B30F8496C237BCBA3727B48 -- C:\WINDOWS\system32\drivers\wacompen.sys
[2008.04.13 21:04:28 | 000,011,807 | ---- | M] (Intel(R) Corporation) MD5=0308AEF61941E4AF478FA1A0F83812F5 -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2008.04.13 21:04:28 | 000,011,295 | ---- | M] (Intel(R) Corporation) MD5=714038A8AA5DE08E12062202CD7EAEB5 -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2008.04.13 21:04:28 | 000,011,871 | ---- | M] (Intel(R) Corporation) MD5=7BB3AA595E4507A788DE1CDC63F4C8C4 -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2008.04.13 21:04:30 | 000,011,935 | ---- | M] (Intel(R) Corporation) MD5=36E6C405B6143D09687F4056FD9A0D10 -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008.04.13 23:27:22 | 000,034,560 | ---- | M] (Microsoft Corporation) MD5=E20B95BAEDB550F32DD489265C1DA1F6 -- C:\WINDOWS\system32\drivers\wanarp.sys
[2008.04.13 21:04:30 | 000,022,271 | ---- | M] (Intel(R) Corporation) MD5=352FA0E98BC461CE1CE5D41F64DB558D -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2008.04.13 21:04:30 | 000,025,471 | ---- | M] (Intel(R) Corporation) MD5=791CC45DE6E50445BE72E8AD6401FF45 -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2008.04.13 23:47:20 | 000,083,072 | ---- | M] (Microsoft Corporation) MD5=6768ACF64B18196494413695F0C3A00F -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2004.08.18 13:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) MD5=2F31B7F954BED437F2C75026C65CAF7B -- C:\WINDOWS\system32\drivers\wmilib.sys
[2004.08.11 01:45:06 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=C1B3D9D75C3FB735F5FA3A5806ADED57 -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2004.08.18 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\*.sys /md5 >
[2004.08.18 13:00:00 | 000,009,035 | ---- | M] () MD5=A0D62056B9B494C09EE9AC6FD94E4074 -- C:\WINDOWS\system32\ansi.sys
[2004.08.18 13:00:00 | 000,027,097 | ---- | M] () MD5=0FE9F16075C9ACB941C957B7C649176E -- C:\WINDOWS\system32\country.sys
[2004.08.18 13:00:00 | 000,004,880 | ---- | M] () MD5=2DE9700B53CD22189CCAEE42246DF396 -- C:\WINDOWS\system32\himem.sys
[2004.08.18 13:00:00 | 000,042,809 | ---- | M] () MD5=582BCDD47CF4B68B5CB528F18E3CB808 -- C:\WINDOWS\system32\key01.sys
[2004.08.18 13:00:00 | 000,042,537 | ---- | M] () MD5=FBBCFEC1379C5C02D88A361993EDF1B8 -- C:\WINDOWS\system32\keyboard.sys
[2004.08.18 13:00:00 | 000,027,898 | ---- | M] () MD5=C1B822C0E789D22ADBFFE4FB3B2CEC7A -- C:\WINDOWS\system32\ntdos.sys
[2004.08.18 13:00:00 | 000,029,146 | ---- | M] () MD5=CF9ED169FF86D935E47999E82359E898 -- C:\WINDOWS\system32\ntdos404.sys
[2004.08.18 13:00:00 | 000,029,370 | ---- | M] () MD5=03B945AC0481CD8BB161C3569D8ED1C3 -- C:\WINDOWS\system32\ntdos411.sys
[2004.08.18 13:00:00 | 000,029,274 | ---- | M] () MD5=BBC957DC18C17CC027EB80B7C77F2AEA -- C:\WINDOWS\system32\ntdos412.sys
[2004.08.18 13:00:00 | 000,029,146 | ---- | M] () MD5=3CFFAEFFF23B0D208214A6D3061A5B1B -- C:\WINDOWS\system32\ntdos804.sys
[2004.08.18 13:00:00 | 000,033,904 | ---- | M] () MD5=8856178A5F96B98C55F3C7987F02F36B -- C:\WINDOWS\system32\ntio.sys
[2004.08.18 13:00:00 | 000,034,560 | ---- | M] () MD5=6F73F50162DEF60C84B725C18CD9140F -- C:\WINDOWS\system32\ntio404.sys
[2004.08.18 13:00:00 | 000,035,648 | ---- | M] () MD5=0FDD5E69C1FF3B58043D44F2CC743D45 -- C:\WINDOWS\system32\ntio411.sys
[2004.08.18 13:00:00 | 000,035,424 | ---- | M] () MD5=8842837C4D8311BF8E72BEE8CCC42217 -- C:\WINDOWS\system32\ntio412.sys
[2004.08.18 13:00:00 | 000,034,560 | ---- | M] () MD5=6B56CEB3C6F9D5CD7293DBD9FE23B311 -- C:\WINDOWS\system32\ntio804.sys
[2008.04.13 23:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) MD5=9A10AACBFDC4922715375FB4065EC930 -- C:\WINDOWS\system32\watchdog.sys
[2011.09.06 15:10:02 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=EC7DE8AE321E0B01C23770A2AD4AA66F -- C:\WINDOWS\system32\win32k.sys
[2005.09.09 17:56:12 | 000,006,144 | ---- | M] (http://www.internals.com) MD5=6943C8F5CBA301E07A1F69DF69B09257 -- C:\WINDOWS\system32\WinIo.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< >
< End of report >
< %systemroot%\system32\drivers\*.sys /md5 >
[2008.04.13 23:16:20 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=C1536905AD2067812A238BCE998F4BFF -- C:\WINDOWS\system32\drivers\1394bus.sys
[2008.04.14 06:35:42 | 000,188,288 | ---- | M] (Microsoft Corporation) MD5=4FE34F1F3126B61FCC6B2043AA8112C9 -- C:\WINDOWS\system32\drivers\acpi.sys
[2004.08.18 13:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=AFDFF022A01F0B11C776F0860C3B282F -- C:\WINDOWS\system32\drivers\acpiec.sys
[2008.04.13 21:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2008.04.13 23:06:40 | 000,044,928 | ---- | M] (Microsoft Corporation) MD5=03A7E0922ACFE1B07D5DB2EEB0773063 -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2008.04.13 23:06:40 | 000,042,752 | ---- | M] (Microsoft Corporation) MD5=CB08AED0DE2DD889A8A820CD8082D83C -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008.04.13 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) MD5=95B4FB835E28AA1336CEEB07FD5B9398 -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008.04.14 06:38:34 | 000,041,216 | ---- | M] (Microsoft Corporation) MD5=AA2D3A86F7B551AA227B17EFAEAB7D22 -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008.04.14 06:38:34 | 000,041,600 | ---- | M] (Microsoft Corporation) MD5=3980814F8027D27EA003E2E3D9D4F604 -- C:\WINDOWS\system32\drivers\amdk7.sys
[2005.03.09 14:53:00 | 000,042,496 | ---- | M] (Advanced Micro Devices) MD5=99BD5596B5D06C2EAD3CECC6F11999F5 -- C:\WINDOWS\system32\drivers\AmdK8.sys
[2005.04.22 15:54:00 | 000,112,751 | ---- | M] (Alps Electric Co., Ltd.) MD5=E1E803933B17C3F3FA4E7385B97FC4F2 -- C:\WINDOWS\system32\drivers\Apfiltr.sys
[2008.04.13 23:21:26 | 000,060,800 | ---- | M] (Microsoft Corporation) MD5=B5B8A80875C1DEDEDA8B02765642C32F -- C:\WINDOWS\system32\drivers\arp1394.sys
[2008.04.13 23:27:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 21:04:18 | 000,056,623 | ---- | M] (ATI Technologies Inc.) MD5=D649C57DA6FA762C64013747E5D7D2D6 -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2008.04.13 21:04:18 | 000,011,615 | ---- | M] (ATI Technologies Inc.) MD5=60B6AA2DC1521DA343F781B70EB7895A -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2008.04.13 21:04:18 | 000,012,047 | ---- | M] (ATI Technologies Inc.) MD5=6FDC61E8E8E17F6ECC2D9A10FA8DF347 -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2008.04.13 21:04:18 | 000,030,671 | ---- | M] (ATI Technologies Inc.) MD5=9D318099BF3876A4AF4BC75966D27603 -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2008.04.13 21:04:18 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2008.04.13 21:04:18 | 000,026,367 | ---- | M] (ATI Technologies Inc.) MD5=DAC7D785CF62F5BD41441E9D6F5A6EFE -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2008.04.13 21:04:18 | 000,021,343 | ---- | M] (ATI Technologies Inc.) MD5=F7706DAE7D101F1B19CE552D772EBFCE -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2008.04.13 21:04:18 | 000,036,463 | ---- | M] (ATI Technologies Inc.) MD5=6F714B4720DD80FFA9F8D2731594EA4C -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2008.04.13 21:04:20 | 000,029,455 | ---- | M] (ATI Technologies Inc.) MD5=67FFBC158DD4D27BA3FC92C6ACD87F73 -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2008.04.13 21:04:20 | 000,034,735 | ---- | M] (ATI Technologies Inc.) MD5=0D8CAB1F08F7D3C4DE228B49E12E596A -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2008.04.14 06:40:46 | 000,326,912 | ---- | M] (ATI Technologies Inc.) MD5=6C6416058635B6FA00263D22A1740E37 -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2005.08.03 22:10:00 | 001,273,344 | ---- | M] (ATI Technologies Inc.) MD5=03621F7F968FF63713943405DEB777F9 -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2008.04.13 21:04:18 | 000,057,856 | ---- | M] (ATI Technologies Inc.) MD5=993E7BD6438FE989E328C6B4BCA246A9 -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2008.04.13 21:04:18 | 000,013,824 | ---- | M] (ATI Technologies Inc.) MD5=ED4C2BF8403F4437987C0BA09CF48716 -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2008.04.13 21:04:18 | 000,014,336 | ---- | M] (ATI Technologies Inc.) MD5=E90AC2B14E98F1A4372E5891B4278784 -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2008.04.13 21:04:18 | 000,052,224 | ---- | M] (ATI Technologies Inc.) MD5=DA36687D701C833430605A298731410B -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2008.04.13 21:04:18 | 000,104,960 | ---- | M] (ATI Technologies Inc.) MD5=A7A01B907DB63898D40B0A14248FF9A2 -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2008.04.13 21:04:18 | 000,028,672 | ---- | M] (ATI Technologies Inc.) MD5=CEDDEE2E0591894D19654D458FD3B9BE -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2008.04.13 21:04:18 | 000,013,824 | ---- | M] (ATI Technologies Inc.) MD5=D80A8F6C0A717446496C3A06D33B0D9C -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2008.04.13 21:04:18 | 000,073,216 | ---- | M] (ATI Technologies Inc.) MD5=EDD66332608D27F4FD5069BCD0BC5164 -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2008.04.13 21:04:20 | 000,031,744 | ---- | M] (ATI Technologies Inc.) MD5=3E7D485CBD0B0D9F6EA2AD9442411831 -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2008.04.13 21:04:20 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008.04.13 23:21:26 | 000,059,904 | ---- | M] (Microsoft Corporation) MD5=9916C1225104BA14794209CFA8012159 -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2004.08.18 13:00:00 | 000,031,360 | ---- | M] (Microsoft Corporation) MD5=39A0A59180F19946374275745B21AEBA -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008.04.13 23:21:32 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=AE76348A2605FB197FA8FF1D6F547836 -- C:\WINDOWS\system32\drivers\atmlane.sys
[2004.08.18 13:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) MD5=E7EF69B38D17BA01F914AE8F66216A38 -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001.08.17 22:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=D9F724AA26C010A217C97606B160ED68 -- C:\WINDOWS\system32\drivers\audstub.sys
[2008.04.13 23:06:34 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=0D93976F7801B7FCD8135CC77257BBD0 -- C:\WINDOWS\system32\drivers\battc.sys
[2004.12.22 00:32:00 | 000,369,024 | ---- | M] (Broadcom Corporation) MD5=38CA1443660D0F5F06887C6A2E692AEB -- C:\WINDOWS\system32\drivers\BCMWL5.SYS
[2004.08.18 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
[2008.04.13 23:23:24 | 000,071,552 | ---- | M] (Microsoft Corporation) MD5=F934D1B230F84E1D19DD00AC5A7A83ED -- C:\WINDOWS\system32\drivers\bridge.sys
[2008.04.13 23:16:34 | 000,017,024 | ---- | M] (Microsoft Corporation) MD5=B279426E3C0C344893ED78A613A73BDE -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008.04.13 23:16:34 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=FCA6F069597B62D42495191ACE3FC6C1 -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008.04.13 23:21:36 | 000,101,120 | ---- | M] (Microsoft Corporation) MD5=80602B8746D3738F5886CE3D67EF06B6 -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008.06.14 18:35:31 | 000,272,128 | ---- | M] (Microsoft Corporation) MD5=F338662A6C1FC11DD9508F6DFF2C06A2 -- C:\WINDOWS\system32\drivers\bthport.sys
[2008.04.13 23:16:32 | 000,036,480 | ---- | M] (Microsoft Corporation) MD5=BB68CEBFFD181E18A26112D1B9F90F3D -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008.04.13 23:16:30 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=61364CD71EF63B0F038B7E9DF00F1EFA -- C:\WINDOWS\system32\drivers\bthusb.sys
[2004.08.18 13:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) MD5=90A673FC8E12A79AFBED2576F6A7AAF9 -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2004.08.18 13:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) MD5=C1B486A7658353D33A10CC15211A873B -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008.04.13 23:44:22 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=C885B02847F5D2FD45A24E219ED93B32 -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 13:00:00 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) MD5=30274D9BC25A43BF14891E710216EBC4 -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008.04.13 23:46:24 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- C:\WINDOWS\system32\drivers\classpnp.sys
[2008.04.13 23:06:38 | 000,013,952 | ---- | M] (Microsoft Corporation) MD5=0F6C187D38D98F8DF904589A5F94D411 -- C:\WINDOWS\system32\drivers\cmbatt.sys
[2008.04.13 23:06:38 | 000,010,240 | ---- | M] (Microsoft Corporation) MD5=6E4C9F21F0FAE8940661144F41B13203 -- C:\WINDOWS\system32\drivers\compbatt.sys
[2004.08.18 13:00:00 | 000,011,776 | ---- | M] (Compaq Computer Corporation) MD5=9624293E55AD405415862B504CA95B73 -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008.04.14 06:56:50 | 000,040,576 | ---- | M] (Microsoft Corporation) MD5=57FFB078B71F5B5E7A3DFF40F0F47711 -- C:\WINDOWS\system32\drivers\crusoe.sys
[2008.04.13 23:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
[2008.04.13 23:10:46 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=E65E2353A5D74EA89971CB918EEEB2F6 -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008.04.14 07:00:50 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) MD5=DB5FD2BF5B07DC54BFCB3664FF05BD7C -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008.04.14 07:01:04 | 000,153,856 | ---- | M] (Microsoft Corp., Veritas Software) MD5=FFF1720AF51171F32F1EAD5CF71F2810 -- C:\WINDOWS\system32\drivers\dmio.sys
[2004.08.18 13:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) MD5=E9317282A63CA4D188C0DF5E09C6AC5F -- C:\WINDOWS\system32\drivers\dmload.sys
[2008.04.13 23:15:02 | 000,052,864 | ---- | M] (Microsoft Corporation) MD5=8A208DFCF89792A484E76C40E5F50B45 -- C:\WINDOWS\system32\drivers\dmusic.sys
[2008.04.13 23:15:16 | 000,060,160 | ---- | M] (Microsoft Corporation) MD5=6CB08593487F5701D2D2254E693EAFCE -- C:\WINDOWS\system32\drivers\drmk.sys
[2008.04.13 23:15:14 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=8F5FCFF8E8848AFAC920905FBD9D33C8 -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2004.08.18 13:00:00 | 000,010,496 | ---- | M] (Microsoft Corporation) MD5=FE97D0343ACFDEBDD578FC67CC91FA87 -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008.04.13 23:08:30 | 000,071,168 | ---- | M] (Microsoft Corporation) MD5=AC7280566A7BB85CB3291F04DDC1198E -- C:\WINDOWS\system32\drivers\dxg.sys
[2004.08.18 13:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2001.08.17 22:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=80D1B490B60E74E002DC116EC5D41748 -- C:\WINDOWS\system32\drivers\enum1394.sys
[2008.04.13 23:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008.04.13 23:10:26 | 000,027,392 | ---- | M] (Microsoft Corporation) MD5=92CDD60B6730B9F50F6A1A0C1F8CDC81 -- C:\WINDOWS\system32\drivers\fdc.sys
[2008.04.14 06:43:24 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=AC366695A0796560AA37215AD5762AAF -- C:\WINDOWS\system32\drivers\fips.sys
[2005.08.17 18:25:00 | 000,009,216 | ---- | M] (Genesys Logic) MD5=36F552DAB68673D9125B3E9583623C02 -- C:\WINDOWS\system32\drivers\fixustor.sys
[2008.04.13 23:10:26 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=9D27E7B80BFCDF1CDD9B555862D5E7F0 -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008.04.13 23:03:00 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004.08.18 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=9996A605D10E8C7DAA29A380EAEF51AE -- C:\WINDOWS\system32\drivers\fsvga.sys
[2004.08.18 13:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) MD5=3E1E2BD4F39B0E2B7DC4F4D2BCC2779A -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2004.08.18 13:00:00 | 000,125,184 | ---- | M] (Microsoft Corporation) MD5=4E664D8541DB4A66B73A24257E322E1F -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008.04.13 23:06:42 | 000,046,464 | ---- | M] (Microsoft Corporation) MD5=3A74C423CF6BCCA6982715878F450A3B -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2008.04.13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) MD5=573C7D0A32852B48F3058CFD8026F511 -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2004.10.27 14:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) MD5=F58D2900C66A1E773E3375098E0E9337 -- C:\WINDOWS\system32\drivers\Hdaudio.sys
[2008.04.14 06:49:08 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=0D349DC78C6EE16E655557E325A67D9C -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008.04.13 23:15:28 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=1AF592532532A402ED7C060F6954004F -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008.04.13 23:15:28 | 000,019,200 | ---- | M] (Microsoft Corporation) MD5=BB1A6FB7D35A91E599973FA74A619056 -- C:\WINDOWS\system32\drivers\hidir.sys
[2008.04.13 23:15:24 | 000,024,960 | ---- | M] (Microsoft Corporation) MD5=96ECCF28FDBF1B2CC12725818A63628D -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008.04.13 23:15:28 | 000,010,368 | ---- | M] (Microsoft Corporation) MD5=CCF82C5EC8A7326C3066DE870C06DAF1 -- C:\WINDOWS\system32\drivers\hidusb.sys
[2008.04.13 22:53:50 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) MD5=970178E8E003EB1481293830069624B9 -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2008.04.13 22:53:52 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) MD5=1225EBEA76AAC3C84DF6C54FE5E5D8BE -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2008.04.13 22:53:54 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) MD5=EBB354438A4C5A3327FB97306260714A -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2009.10.20 17:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) MD5=F80A415EF82CD06FFAF0D971528EAD38 -- C:\WINDOWS\system32\drivers\http.sys
[2008.04.14 06:51:16 | 000,052,096 | ---- | M] (Microsoft Corporation) MD5=C528E27945367191E7BAE364930B6932 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2008.04.13 23:11:00 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\system32\drivers\imapi.sys
[2008.04.14 06:55:56 | 000,040,192 | ---- | M] (Microsoft Corporation) MD5=27B290D632AF2CF3CF40BFDDB7370985 -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008.04.13 23:23:36 | 000,036,608 | ---- | M] (Microsoft Corporation) MD5=3BB22519A194418D5FEC05D800A19AD0 -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2004.08.18 13:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) MD5=731F22BA402EE4B62748ADAF6363C182 -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008.04.13 23:27:08 | 000,020,864 | ---- | M] (Microsoft Corporation) MD5=B87AB476DCF76E72010632B5550955F5 -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008.04.13 23:27:16 | 000,152,832 | ---- | M] (Microsoft Corporation) MD5=CC748EA12C6EFFDE940EE98098BF96BB -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008.04.13 23:24:30 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=C93C9FF7B04D772627A3646D89F7BF89 -- C:\WINDOWS\system32\drivers\irenum.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 06:59:08 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=1B6162FE7F66B1A71A4B70F941C4AA9B -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008.04.13 23:15:10 | 000,172,416 | ---- | M] (Microsoft Corporation) MD5=692BCF44383D056AED41B045A323D378 -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008.04.13 23:46:38 | 000,141,056 | ---- | M] (Microsoft Corporation) MD5=0753515F78DF7F271A5E61C20BCD36A1 -- C:\WINDOWS\system32\drivers\ks.sys
[2009.06.24 12:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) MD5=B467646C54CC746128904E1654C750C1 -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) MD5=69A6268D7F81E53D568AB4E7E991CAF3 -- C:\WINDOWS\system32\drivers\mbam.sys
[2004.08.18 13:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D1F8BE91ED4DDB671D42E473E3FE71AB -- C:\WINDOWS\system32\drivers\mcd.sys
[2008.04.13 22:53:58 | 000,011,868 | ---- | M] (Conexant) MD5=195741AEE20369980796B557358CD774 -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008.04.13 23:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=A7DA20AB18A1BDAE28B0F349E57DA0D1 -- C:\WINDOWS\system32\drivers\mf.sys
[2004.08.18 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4AE068242760A1FB6E1A44BF4E16AFA6 -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008.04.14 06:36:20 | 000,030,080 | ---- | M] (Microsoft Corporation) MD5=44032B0C6D9954D3FD26438330B99EE7 -- C:\WINDOWS\system32\drivers\modem.sys
[2008.04.14 06:36:34 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=4CB582831DBDE63CE43B45D771218374 -- C:\WINDOWS\system32\drivers\mouclass.sys
[2004.08.18 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=BB269EBA740737AB749B214D568B6812 -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008.04.13 23:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008.04.13 23:02:46 | 000,180,608 | ---- | M] (Microsoft Corporation) MD5=11D42BB6206F33FBB3BA0288D3EF81BD -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2011.07.15 14:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008.04.13 23:02:40 | 000,019,072 | ---- | M] (Microsoft Corporation) MD5=C941EA2454BA8350021D774DAF0F1027 -- C:\WINDOWS\system32\drivers\msfs.sys
[2008.04.13 23:26:34 | 000,035,072 | ---- | M] (Microsoft Corporation) MD5=0A02C63C8B144BD8C86B103DEE7C86A2 -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008.04.13 23:09:54 | 000,007,552 | ---- | M] (Microsoft Corporation) MD5=D1575E71568F4D9E14CA56B7B0453BF1 -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008.04.13 23:09:52 | 000,005,376 | ---- | M] (Microsoft Corporation) MD5=325BB26842FC7CCC1FCCE2C457317F3E -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008.04.13 23:09:52 | 000,004,992 | ---- | M] (Microsoft Corporation) MD5=BAD59648BA099DA4A17680B39730CB3D -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008.04.13 23:06:48 | 000,015,488 | ---- | M] (Microsoft Corporation) MD5=AF5F4F3F14A8EA2C26DE30F7A1E17136 -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2008.04.13 22:53:42 | 000,126,686 | ---- | M] (Smart Link) MD5=C53775780148884AC87C455489A0C070 -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2008.04.13 22:53:40 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2008.04.13 21:04:28 | 000,452,736 | ---- | M] (Matrox Graphics Inc.) MD5=6DDA78A0BE692B61B668FAB860F276CF -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2011.04.21 14:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=DE6A75F5C270E756C5508D94B6CF68F5 -- C:\WINDOWS\system32\drivers\mup.sys
[2008.04.13 23:13:56 | 000,012,672 | ---- | M] (Microsoft Corporation) MD5=B538DCD9816EA35FA4F637CFC261AAA8 -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2011.07.08 15:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) MD5=0109C4F3850DFBAB279542515386AE22 -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008.04.13 23:26:00 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=F927A4434C5028758A842943EF1A3849 -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008.04.13 23:50:44 | 000,091,520 | ---- | M] (Microsoft Corporation) MD5=EDC1531A49C80614B2CFDA43CA8659AB -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2010.11.02 16:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) MD5=9282BD12DFB069D3889EB3FCC1000A9B -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008.04.13 23:26:04 | 000,034,688 | ---- | M] (Microsoft Corporation) MD5=5D81CF9A2F1A3A756B66CF684911CDF0 -- C:\WINDOWS\system32\drivers\netbios.sys
[2008.04.13 23:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys
[2008.04.13 23:21:26 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=E9E47CFB2D461FA0FC75B7A74C6383EA -- C:\WINDOWS\system32\drivers\nic1394.sys
[2004.08.18 13:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=BE984D604D91C217355CDD3737AAD25D -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008.04.13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) MD5=1E421A6BCF2203CC61B821ADA9DE878B -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008.04.13 23:02:40 | 000,030,848 | ---- | M] (Microsoft Corporation) MD5=3182D64AE053D6FB034F44B6DEF8034A -- C:\WINDOWS\system32\drivers\npfs.sys
[2008.04.13 23:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2008.04.13 22:53:42 | 000,180,360 | ---- | M] (Smart Link) MD5=576B34CEAE5B7E5D9FD2775E93B3DB53 -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2004.08.18 13:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=73C1E1F395918BC2C6DD67AF7591A3AD -- C:\WINDOWS\system32\drivers\null.sys
[2008.04.13 21:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2004.08.18 13:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) MD5=B305F3FAD35083837EF46A0BBCE2FC57 -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2004.08.18 13:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) MD5=C99B3415198D1AAB7227F2C88FD664B9 -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008.04.13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) MD5=8B8B1BE2DBA4025DA6786C645F77F123 -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2004.08.18 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) MD5=56D34A67C05E94E16377C60609741FF8 -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2004.08.18 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) MD5=C0BB7D1615E1ACBDC99757F6CEAF8CF0 -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008.04.13 23:16:20 | 000,061,696 | ---- | M] (Microsoft Corporation) MD5=CA33832DF41AFB202EE7AEB05145922F -- C:\WINDOWS\system32\drivers\ohci1394.sys
[2004.08.18 13:00:00 | 000,003,456 | ---- | M] (Microsoft Corporation) MD5=4BB30DDC53EBC76895E38694580CDFE9 -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008.04.14 07:10:18 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=3FC38E7FBE91DB40C34731195F4116C2 -- C:\WINDOWS\system32\drivers\p3.sys
[2008.04.14 07:10:22 | 000,080,000 | ---- | M] (Microsoft Corporation) MD5=46F8DB73B4A53E543F8E371DC7C75BAE -- C:\WINDOWS\system32\drivers\parport.sys
[2008.04.13 23:10:50 | 000,019,712 | ---- | M] (Microsoft Corporation) MD5=BEB3BA25197665D82EC7065B724171C6 -- C:\WINDOWS\system32\drivers\partmgr.sys
[2004.08.18 13:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) MD5=1FAE19D0457176318BBA4A8795656EBC -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008.04.14 07:10:38 | 000,068,736 | ---- | M] (Microsoft Corporation) MD5=6CE351D149CB4BEFC702951E471E1730 -- C:\WINDOWS\system32\drivers\pci.sys
[2004.08.18 13:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=2DA4EC85E0EA7A45C6B2A05820492D5A -- C:\WINDOWS\system32\drivers\pciide.sys
[2008.04.13 23:10:30 | 000,024,960 | ---- | M] (Microsoft Corporation) MD5=52E60F29221D0D1AC16737E8DBF7C3E9 -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008.04.14 07:10:46 | 000,120,064 | ---- | M] (Microsoft Corporation) MD5=4FC31E6C19A5CE5198B1ABFF94CAE758 -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2008.04.13 23:49:42 | 000,146,048 | ---- | M] (Microsoft Corporation) MD5=E82A496C3961EFC6828B508C310CE98F -- C:\WINDOWS\system32\drivers\portcls.sys
[2008.04.14 06:41:00 | 000,039,680 | ---- | M] (Microsoft Corporation) MD5=7EB15DCE4EC3A0220BD796A15C18186E -- C:\WINDOWS\system32\drivers\processr.sys
[2008.04.13 23:26:40 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=09298EC810B07E5D582CB3A3F9255424 -- C:\WINDOWS\system32\drivers\psched.sys
[2004.08.18 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) MD5=80D317BD1C3DBC5D4FE7B1678C60CADD -- C:\WINDOWS\system32\drivers\ptilink.sys
[2004.08.18 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008.04.13 23:49:44 | 000,051,328 | ---- | M] (Microsoft Corporation) MD5=11B4A627BC9614B885C4969BFA5FF8A6 -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008.04.13 23:27:34 | 000,041,472 | ---- | M] (Microsoft Corporation) MD5=5BC962F2654137C9909C3D4603587DEE -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008.04.13 23:49:50 | 000,048,384 | ---- | M] (Microsoft Corporation) MD5=EFEEC01B1D3CF84F16DDD24D9D9D8F99 -- C:\WINDOWS\system32\drivers\raspptp.sys
[2004.08.18 13:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) MD5=FDBB1D60066FCFBB7452FD8F9829B242 -- C:\WINDOWS\system32\drivers\raspti.sys
[2004.08.18 13:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) MD5=01524CD237223B18ADBB48F70083F101 -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008.04.13 23:58:40 | 000,175,744 | ---- | M] (Microsoft Corporation) MD5=7AD224AD1A1437FE28D89CF22B17780A -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004.08.18 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008.04.13 23:02:52 | 000,196,224 | ---- | M] (Microsoft Corporation) MD5=15CABD0F7C00C47C70124907916AF3F1 -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2011.06.24 15:10:39 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=FC105DD312ED64EB66BFF111E8EC6EAC -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2008.04.13 22:53:44 | 000,013,776 | ---- | M] (Smart Link) MD5=E9AAA0092D74A9D371659C4C38882E12 -- C:\WINDOWS\system32\drivers\recagent.sys
[2008.04.14 06:44:54 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=611BFD220305BE3A85AE876EA47D4AA5 -- C:\WINDOWS\system32\drivers\redbook.sys
[2008.04.13 23:16:34 | 000,059,136 | ---- | M] (Microsoft Corporation) MD5=851C30DF2807FCFA21E4C681A7D6440E -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2004.08.18 13:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=A56FE08EC7473E8580A390BB1081CDD7 -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2004.08.18 13:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=0A854DF84C77A0BE205BFEAB2AE4F0EC -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008.05.08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) MD5=96F7A9A7BF0C9C0440A967440065D33C -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008.04.13 23:26:50 | 000,030,592 | ---- | M] (Microsoft Corporation) MD5=601844CBCF617FF8C868130CA5B2039D -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008.04.13 23:26:50 | 000,030,592 | ---- | M] (Microsoft Corporation) MD5=726548542AFECA56257FF01EB13BB6D7 -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2004.08.18 13:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=D8B0B4ADE32574B2D9C5CC34DC0DBBE7 -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2005.09.23 17:56:00 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) MD5=A30685283F90AE02F1CD50972C6065E3 -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
[2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) MD5=D507C1400284176573224903819FFDA3 -- C:\WINDOWS\system32\drivers\RTL8139.sys
[2008.04.13 21:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) MD5=0DBCC071A268E0340A2BA6BDD98BACE4 -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008.04.13 23:10:32 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=76C465F570E90C28942D52CCB2580A10 -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008.04.13 23:06:46 | 000,079,232 | ---- | M] (Microsoft Corporation) MD5=8D04819A3CE51B9EB47E5689B44D43C4 -- C:\WINDOWS\system32\drivers\sdbus.sys
[2008.04.13 21:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=90A3935D05B494A5A39D37E71F09A677 -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008.04.13 23:10:14 | 000,015,744 | ---- | M] (Microsoft Corporation) MD5=0F29512CCD6BEAD730039FB4BD2C85CE -- C:\WINDOWS\system32\drivers\serenum.sys
[2008.04.14 06:51:10 | 000,064,256 | ---- | M] (Microsoft Corporation) MD5=B842729337C9B921615C40D3C1A1AF96 -- C:\WINDOWS\system32\drivers\serial.sys
[2008.04.13 23:10:48 | 000,011,904 | ---- | M] (Microsoft Corporation) MD5=0FA803C64DF0914B41F807EA276BF2A6 -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008.04.13 23:10:50 | 000,010,240 | ---- | M] (Microsoft Corporation) MD5=D66D22D76878BF3483A6BE30183FB648 -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008.04.13 23:10:48 | 000,011,008 | ---- | M] (Microsoft Corporation) MD5=C17C331E435ED8737525C86A7557B3AC -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008.04.13 23:10:50 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008.04.13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) MD5=6B33D0EBD30DB32E27D1D78FE946A754 -- C:\WINDOWS\system32\drivers\sisagp.sys
[2008.04.13 22:53:44 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2008.04.13 22:53:46 | 000,404,990 | ---- | M] (Smart Link) MD5=2C1779C0FEB1F4A6033600305EBA623A -- C:\WINDOWS\system32\drivers\slntamr.sys
[2008.04.13 22:53:48 | 000,095,424 | ---- | M] (Smart Link) MD5=F9B8E30E82EE95CF3E1D3E495599B99C -- C:\WINDOWS\system32\drivers\slnthal.sys
[2008.04.13 22:53:48 | 000,013,240 | ---- | M] (Smart Link) MD5=DB56BB2C55723815CF549D7FC50CFCEB -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008.04.13 23:06:36 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=895BE38A993B9BD5ABBE570D63D88A2E -- C:\WINDOWS\system32\drivers\smbali.sys
[2004.08.18 13:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=017DAECF0ED3AA731313433601EC40FA -- C:\WINDOWS\system32\drivers\smclib.sys
[2005.07.06 03:54:00 | 000,840,100 | ---- | M] (Motorola Inc.) MD5=DECD0A37DDB9121EE19983F074A6AF2A -- C:\WINDOWS\system32\drivers\smserial.sys
[2008.04.13 23:16:08 | 000,025,344 | ---- | M] (Microsoft Corporation) MD5=489703624DAC94ED943C2ABDA022A1CD -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2008.04.13 23:15:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
[2008.04.14 07:11:28 | 000,073,344 | ---- | M] (Microsoft Corporation) MD5=94610C8653635E4459316A0050D55CE7 -- C:\WINDOWS\system32\drivers\sr.sys
[2011.02.17 14:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) MD5=47DDFC2F003F7F9F0592C6874962A2E7 -- C:\WINDOWS\system32\drivers\srv.sys
[2008.04.13 23:15:16 | 000,049,408 | ---- | M] (Microsoft Corporation) MD5=3E5D89099DED9E86E5639F411693218F -- C:\WINDOWS\system32\drivers\stream.sys
[2008.04.13 23:09:54 | 000,004,352 | ---- | M] (Microsoft Corporation) MD5=3941D127AEF12E93ADDF6FE6EE027E0F -- C:\WINDOWS\system32\drivers\swenum.sys
[2008.04.13 23:15:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2008.04.13 23:45:56 | 000,060,800 | ---- | M] (Microsoft Corporation) MD5=8B83F3ED0F1688B4958F77CD6D2BF290 -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008.04.13 23:10:52 | 000,014,976 | ---- | M] (Microsoft Corporation) MD5=FD6093E3DECD925F1CFFC8A0DD539D72 -- C:\WINDOWS\system32\drivers\tape.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) MD5=4E53BBCC4BE37D7A4BD6EF1098C89FF7 -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008.04.13 23:30:06 | 000,019,072 | ---- | M] (Microsoft Corporation) MD5=0539D5E53587F82D1B4FD74C5BE205CF -- C:\WINDOWS\system32\drivers\tdi.sys
[2008.04.14 07:53:28 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008.04.14 07:53:28 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008.04.14 07:53:26 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
[2004.08.18 13:00:00 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=699450901C5CCFD82357CBC531CEDD23 -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2009.09.08 10:52:38 | 000,017,752 | ---- | M] (TrustPort, a.s.) MD5=9BE7E948038F4E1DA896A2DA67D7239B -- C:\WINDOWS\system32\drivers\tpsec.sys
[2011.12.19 16:36:51 | 000,111,872 | ---- | M] () MD5=F69641EFDB19ACB4753B0155F7FDEED5 -- C:\WINDOWS\system32\drivers\TrueSight.sys
[2004.08.18 13:00:00 | 000,021,376 | ---- | M] (Toshiba Corporation) MD5=D74A8EC75305F1D3CFDE7C7FC1BD62A9 -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008.04.13 23:26:02 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=8F861EDA21C05857EB8197300A92501C -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008.04.13 23:06:42 | 000,044,672 | ---- | M] (Microsoft Corporation) MD5=D85938F272D1BCF3DB3A31FC0A048928 -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008.04.13 23:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) MD5=5787B80C2E3C5E2F56C2A233D91FA2C9 -- C:\WINDOWS\system32\drivers\udfs.sys
[2008.04.13 23:09:48 | 000,384,768 | ---- | M] (Microsoft Corporation) MD5=402DDC88356B1BAC0EE3DD1580C76A31 -- C:\WINDOWS\system32\drivers\update.sys
[2008.04.13 23:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=BEE793D4A059CAEA55D6AC20E19B3A8F -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008.04.13 23:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=B6CC50279D6CD28E090A5D33244ADC9A -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2008.04.13 23:15:42 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=1C1A47B40C23358245AA8D0443B6935E -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008.04.13 23:15:42 | 000,025,728 | ---- | M] (Microsoft Corporation) MD5=CE97845D2E3F0D274B8BAC1ED07C6149 -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008.04.14 00:15:40 | 000,032,128 | ---- | M] (Microsoft Corporation) MD5=173F317CE0DB8E21322E71B7E60A27E8 -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2004.08.18 13:00:00 | 000,004,736 | ---- | M] (Microsoft Corporation) MD5=596EB39B50D6EBD9B734DC4AE0544693 -- C:\WINDOWS\system32\drivers\usbd.sys
[2008.04.13 23:15:36 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=65DCF09D0E37D4C6B11B5B0B76D470A7 -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008.04.13 23:15:38 | 000,059,520 | ---- | M] (Microsoft Corporation) MD5=1AB3CDDE553B6E064D2E754EFE20285C -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008.04.13 23:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=290913DC4F1125E5A82DE52579A44C43 -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008.04.13 23:15:36 | 000,017,152 | ---- | M] (Microsoft Corporation) MD5=0DAECCE65366EA32B162F85F07C6753B -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008.04.13 23:15:38 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=791912E524CC2CC6F50B5F2B52D1EB71 -- C:\WINDOWS\system32\drivers\usbport.sys
[2008.04.14 00:17:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008.04.14 00:15:36 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008.04.13 23:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008.04.13 23:16:22 | 000,121,984 | ---- | M] (Microsoft Corporation) MD5=63BBFCA7F390F4C49ED4B96BFB1633E0 -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2004.08.18 13:00:00 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) MD5=55E01061C74A8CEFFF58DC36114A8D3F -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008.04.13 23:14:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=0D3A8FAFCEACD8B7625CD549757A7DF1 -- C:\WINDOWS\system32\drivers\vga.sys
[2008.04.13 23:06:42 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=754292CE5848B3738281B4F3607EAEF4 -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008.04.13 23:14:42 | 000,081,664 | ---- | M] (Microsoft Corporation) MD5=E28726B72C46821A28830E077D39A55B -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008.04.14 06:42:06 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=28A4B296B47782173C346E376CB374D1 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008.04.13 23:13:56 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=ACED8C149B30F8496C237BCBA3727B48 -- C:\WINDOWS\system32\drivers\wacompen.sys
[2008.04.13 21:04:28 | 000,011,807 | ---- | M] (Intel(R) Corporation) MD5=0308AEF61941E4AF478FA1A0F83812F5 -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2008.04.13 21:04:28 | 000,011,295 | ---- | M] (Intel(R) Corporation) MD5=714038A8AA5DE08E12062202CD7EAEB5 -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2008.04.13 21:04:28 | 000,011,871 | ---- | M] (Intel(R) Corporation) MD5=7BB3AA595E4507A788DE1CDC63F4C8C4 -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2008.04.13 21:04:30 | 000,011,935 | ---- | M] (Intel(R) Corporation) MD5=36E6C405B6143D09687F4056FD9A0D10 -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008.04.13 23:27:22 | 000,034,560 | ---- | M] (Microsoft Corporation) MD5=E20B95BAEDB550F32DD489265C1DA1F6 -- C:\WINDOWS\system32\drivers\wanarp.sys
[2008.04.13 21:04:30 | 000,022,271 | ---- | M] (Intel(R) Corporation) MD5=352FA0E98BC461CE1CE5D41F64DB558D -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2008.04.13 21:04:30 | 000,025,471 | ---- | M] (Intel(R) Corporation) MD5=791CC45DE6E50445BE72E8AD6401FF45 -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2008.04.13 23:47:20 | 000,083,072 | ---- | M] (Microsoft Corporation) MD5=6768ACF64B18196494413695F0C3A00F -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2004.08.18 13:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) MD5=2F31B7F954BED437F2C75026C65CAF7B -- C:\WINDOWS\system32\drivers\wmilib.sys
[2004.08.11 01:45:06 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=C1B3D9D75C3FB735F5FA3A5806ADED57 -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2004.08.18 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\*.sys /md5 >
[2004.08.18 13:00:00 | 000,009,035 | ---- | M] () MD5=A0D62056B9B494C09EE9AC6FD94E4074 -- C:\WINDOWS\system32\ansi.sys
[2004.08.18 13:00:00 | 000,027,097 | ---- | M] () MD5=0FE9F16075C9ACB941C957B7C649176E -- C:\WINDOWS\system32\country.sys
[2004.08.18 13:00:00 | 000,004,880 | ---- | M] () MD5=2DE9700B53CD22189CCAEE42246DF396 -- C:\WINDOWS\system32\himem.sys
[2004.08.18 13:00:00 | 000,042,809 | ---- | M] () MD5=582BCDD47CF4B68B5CB528F18E3CB808 -- C:\WINDOWS\system32\key01.sys
[2004.08.18 13:00:00 | 000,042,537 | ---- | M] () MD5=FBBCFEC1379C5C02D88A361993EDF1B8 -- C:\WINDOWS\system32\keyboard.sys
[2004.08.18 13:00:00 | 000,027,898 | ---- | M] () MD5=C1B822C0E789D22ADBFFE4FB3B2CEC7A -- C:\WINDOWS\system32\ntdos.sys
[2004.08.18 13:00:00 | 000,029,146 | ---- | M] () MD5=CF9ED169FF86D935E47999E82359E898 -- C:\WINDOWS\system32\ntdos404.sys
[2004.08.18 13:00:00 | 000,029,370 | ---- | M] () MD5=03B945AC0481CD8BB161C3569D8ED1C3 -- C:\WINDOWS\system32\ntdos411.sys
[2004.08.18 13:00:00 | 000,029,274 | ---- | M] () MD5=BBC957DC18C17CC027EB80B7C77F2AEA -- C:\WINDOWS\system32\ntdos412.sys
[2004.08.18 13:00:00 | 000,029,146 | ---- | M] () MD5=3CFFAEFFF23B0D208214A6D3061A5B1B -- C:\WINDOWS\system32\ntdos804.sys
[2004.08.18 13:00:00 | 000,033,904 | ---- | M] () MD5=8856178A5F96B98C55F3C7987F02F36B -- C:\WINDOWS\system32\ntio.sys
[2004.08.18 13:00:00 | 000,034,560 | ---- | M] () MD5=6F73F50162DEF60C84B725C18CD9140F -- C:\WINDOWS\system32\ntio404.sys
[2004.08.18 13:00:00 | 000,035,648 | ---- | M] () MD5=0FDD5E69C1FF3B58043D44F2CC743D45 -- C:\WINDOWS\system32\ntio411.sys
[2004.08.18 13:00:00 | 000,035,424 | ---- | M] () MD5=8842837C4D8311BF8E72BEE8CCC42217 -- C:\WINDOWS\system32\ntio412.sys
[2004.08.18 13:00:00 | 000,034,560 | ---- | M] () MD5=6B56CEB3C6F9D5CD7293DBD9FE23B311 -- C:\WINDOWS\system32\ntio804.sys
[2008.04.13 23:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) MD5=9A10AACBFDC4922715375FB4065EC930 -- C:\WINDOWS\system32\watchdog.sys
[2011.09.06 15:10:02 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=EC7DE8AE321E0B01C23770A2AD4AA66F -- C:\WINDOWS\system32\win32k.sys
[2005.09.09 17:56:12 | 000,006,144 | ---- | M] (http://www.internals.com) MD5=6943C8F5CBA301E07A1F69DF69B09257 -- C:\WINDOWS\system32\WinIo.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< >
< End of report >
Re: Virus - XP security 2012 - nelze smazat
Tak to se velice omlouvám..
Combofix jsem nespouštel.
Log z RogueKiler:
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Remove -- Date : 12/19/2011 16:37:33
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 7 ¤¤¤
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Documents and Settings\Truneček\Local Settings\Data aplikací\sft.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe")
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Documents and Settings\Truneček\Local Settings\Data aplikací\sft.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\Truneček\Local Settings\Data aplikací\sft.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files\internet explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] 40d8e866a4e90fd559c263f95860bbd7
[BSP] adc81e2159aff7dbc86a8e218bdc1a25 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 80015 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Combofix jsem nespouštel.
Log z RogueKiler:
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Remove -- Date : 12/19/2011 16:37:33
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 7 ¤¤¤
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Documents and Settings\Truneček\Local Settings\Data aplikací\sft.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe")
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Documents and Settings\Truneček\Local Settings\Data aplikací\sft.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\Truneček\Local Settings\Data aplikací\sft.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files\internet explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] 40d8e866a4e90fd559c263f95860bbd7
[BSP] adc81e2159aff7dbc86a8e218bdc1a25 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 80015 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Re: Virus - XP security 2012 - nelze smazat
Stále stejné, hned po startu se spoustí a od té doby končí i moje práce..
Kompletně blokuje internet a stále dokola spouští "scan".. Takže v normálním režimu naprosto nepoužitelné.
Kompletně blokuje internet a stále dokola spouští "scan".. Takže v normálním režimu naprosto nepoužitelné.
Re: Virus - XP security 2012 - nelze smazat
Nejprve ti sem hodim ty logy a půjdu na ten combofix. (Snad je ten MbrScan správně)
MBRCheck zde:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 86):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7BE5000 \WINDOWS\system32\KDCOM.DLL
0xF7AF5000 \WINDOWS\system32\BOOTVID.dll
0xF7696000 ACPI.sys
0xF7BE7000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7685000 pci.sys
0xF76E5000 isapnp.sys
0xF76F5000 ohci1394.sys
0xF7705000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7AF9000 compbatt.sys
0xF7AFD000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7CAD000 pciide.sys
0xF7965000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7715000 MountMgr.sys
0xF7666000 ftdisk.sys
0xF796D000 PartMgr.sys
0xF7725000 VolSnap.sys
0xF764E000 atapi.sys
0xF7735000 disk.sys
0xF7745000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF762E000 fltmgr.sys
0xF761C000 sr.sys
0xF7605000 KSecDD.sys
0xF7578000 Ntfs.sys
0xF754B000 NDIS.sys
0xF7531000 Mup.sys
0xF7995000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF74DC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF799D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7765000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7775000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7785000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF74B9000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7491000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7795000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF79B5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF744E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF79BD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF73F3000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF79C5000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF77A5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B85000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF73DC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77B5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77C5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79E5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF73CB000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77D5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79F5000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A05000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77E5000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BED000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF736D000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B99000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77F5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BF1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7805000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7BF9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D83000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BFD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A45000 \SystemRoot\System32\drivers\vga.sys
0xF7331000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF7C01000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A55000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A65000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7BCD000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF72FE000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF72A5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF727D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF725B000 \SystemRoot\System32\drivers\afd.sys
0xF7815000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7230000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF71C0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7835000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF70E0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C07000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7B81000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7A9D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CB6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF70000 \SystemRoot\System32\framebuf.dll
0xF6E80000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6BE0000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 15):
0 System Idle Process
4 System
528 C:\WINDOWS\system32\smss.exe
584 csrss.exe
608 C:\WINDOWS\system32\winlogon.exe
652 C:\WINDOWS\system32\services.exe
664 C:\WINDOWS\system32\lsass.exe
812 C:\WINDOWS\system32\svchost.exe
884 svchost.exe
1020 C:\WINDOWS\system32\svchost.exe
1092 svchost.exe
1200 svchost.exe
548 C:\WINDOWS\explorer.exe
1328 C:\Program Files\Mozilla Firefox\firefox.exe
1396 C:\Documents and Settings\Administrator\Plocha\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST9808210A, Rev: 3.05
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 41CDAF6C1E640C22E5FA4D3CF4848309BA7CA593
Done!
Zde je MbrScan:
MBR Analyzer v1.0
File : C:\Documents and Settings\Administrator\Plocha\test0.dat
--------------------------------------------------------------
--OFFSET-- 0-1-2-3-4-5-6-7-8-9-A-B-C-D-E-F- 0123456789ABCDEF
0x00000000 33C08ED0BC007CFB5007501FFCBE1B7C 3À.м.|ûP.P.ü¾.|
0x00000010 BF1B065057B9E501F3A4CBBDBE07B104 ¿..PW¹å.ó¤Ë½¾.±.
0x00000020 386E007C09751383C510E2F4CD188BF5 8n.|.u..Å.âôÍ..õ
0x00000030 83C610497419382C74F6A0B507B4078B .Æ.It.8,tö.µ.´..
0x00000040 F0AC3C0074FCBB0700B40ECD10EBF288 ð¬<.tü»..´.Í.ëò.
0x00000050 4E10E84600732AFE4610807E040B740B N.èF.s*þF..~..t.
0x00000060 807E040C7405A0B60775D28046020683 .~..t..¶.uÒ.F...
0x00000070 46080683560A00E821007305A0B607EB F...V..è!.s..¶.ë
0x00000080 BC813EFE7D55AA740B807E100074C8A0 ¼.>þ}Uªt..~..tÈ.
0x00000090 B707EBA98BFC1E578BF5CBBF05008A56 ·.ë©.ü.W.õË¿...V
0x000000A0 00B408CD1372238AC1243F988ADE8AFC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43F7E38BD186D6B106D2EE42F7E23956 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A77237205394608731CB80102BB007C .w#r.9F.s.¸..».|
0x000000D0 8B4E028B5600CD1373514F744E32E48A .N..V.Í.sQOtN2ä.
0x000000E0 5600CD13EBE48A560060BBAA55B441CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13723681FB55AA7530F6C101742B6160 .r6.ûUªu0öÁ.t+a`
0x00000100 6A006A00FF760AFF76086A0068007C6A j.j..v..v.j.h.|j
0x00000110 016A10B4428BF4CD136161730E4F740B .j.´B.ôÍ.aas.Ot.
0x00000120 32E48A5600CD13EBD661F9C34E65706C 2ä.V.Í.ëÖaùÃNepl
0x00000130 61746EA020746162756C6B61206F6464 atn. tabulka odd
0x00000140 A16C850043687962612070FD69206E61 ¡l..Chyba pýi na
0x00000150 9FA174A06EA1206F706572619F6EA168 .¡t.n¡ opera.n¡h
0x00000160 6F2073797374826D75004F706572619F o syst.mu.Opera.
0x00000170 6EA12073797374826D206E656E616C65 n¡ syst.m nenale
0x00000180 7A656E00000000000000000000000000 zen.............
0x00000190 00000000000000000000000000000000 ................
0x000001A0 00000000000000000000000000000000 ................
0x000001B0 00000000002C446A306038BF00008001 .....,Dj0`8¿....
0x000001C0 010007FEFFFF3F000000C1A550090000 ...þ..?...Á¥P...
0x000001D0 00000000000000000000000000000000 ................
0x000001E0 00000000000000000000000000000000 ................
0x000001F0 000000000000000000000000000055AA ..............Uª
---------------------------[ MBR ]----------------------------
MBR_CODE : XP MBR Code
MD5 : 40D8E866A4E90FD559C263F95860BBD7
PARTITIONS : 1
DISK_SIGNATURE : 306038BF
SIGNATURE_ID : AA55h
-----------------------[ PARTITION 1 ]------------------------
BOOTABLE : YES
PARTITION_TYPE : 0x07 ( NTFS / HPFS)
PARTITION_SIZE : 74.52 Go
STARTING_SECTOR : 63
ENDING_SECTOR : 156280320
TOTAL_SECTORS : 156280257
MBRCheck zde:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 86):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7BE5000 \WINDOWS\system32\KDCOM.DLL
0xF7AF5000 \WINDOWS\system32\BOOTVID.dll
0xF7696000 ACPI.sys
0xF7BE7000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7685000 pci.sys
0xF76E5000 isapnp.sys
0xF76F5000 ohci1394.sys
0xF7705000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7AF9000 compbatt.sys
0xF7AFD000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7CAD000 pciide.sys
0xF7965000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7715000 MountMgr.sys
0xF7666000 ftdisk.sys
0xF796D000 PartMgr.sys
0xF7725000 VolSnap.sys
0xF764E000 atapi.sys
0xF7735000 disk.sys
0xF7745000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF762E000 fltmgr.sys
0xF761C000 sr.sys
0xF7605000 KSecDD.sys
0xF7578000 Ntfs.sys
0xF754B000 NDIS.sys
0xF7531000 Mup.sys
0xF7995000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF74DC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF799D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7765000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7775000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7785000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF74B9000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7491000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7795000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF79B5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF744E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF79BD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF73F3000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF79C5000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF77A5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B85000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF73DC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77B5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77C5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79E5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF73CB000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77D5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79F5000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A05000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77E5000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BED000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF736D000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B99000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77F5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BF1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7805000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7BF9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D83000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BFD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A45000 \SystemRoot\System32\drivers\vga.sys
0xF7331000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF7C01000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A55000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A65000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7BCD000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF72FE000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF72A5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF727D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF725B000 \SystemRoot\System32\drivers\afd.sys
0xF7815000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7230000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF71C0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7835000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF70E0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C07000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7B81000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7A9D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CB6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF70000 \SystemRoot\System32\framebuf.dll
0xF6E80000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6BE0000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 15):
0 System Idle Process
4 System
528 C:\WINDOWS\system32\smss.exe
584 csrss.exe
608 C:\WINDOWS\system32\winlogon.exe
652 C:\WINDOWS\system32\services.exe
664 C:\WINDOWS\system32\lsass.exe
812 C:\WINDOWS\system32\svchost.exe
884 svchost.exe
1020 C:\WINDOWS\system32\svchost.exe
1092 svchost.exe
1200 svchost.exe
548 C:\WINDOWS\explorer.exe
1328 C:\Program Files\Mozilla Firefox\firefox.exe
1396 C:\Documents and Settings\Administrator\Plocha\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST9808210A, Rev: 3.05
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 41CDAF6C1E640C22E5FA4D3CF4848309BA7CA593
Done!
Zde je MbrScan:
MBR Analyzer v1.0
File : C:\Documents and Settings\Administrator\Plocha\test0.dat
--------------------------------------------------------------
--OFFSET-- 0-1-2-3-4-5-6-7-8-9-A-B-C-D-E-F- 0123456789ABCDEF
0x00000000 33C08ED0BC007CFB5007501FFCBE1B7C 3À.м.|ûP.P.ü¾.|
0x00000010 BF1B065057B9E501F3A4CBBDBE07B104 ¿..PW¹å.ó¤Ë½¾.±.
0x00000020 386E007C09751383C510E2F4CD188BF5 8n.|.u..Å.âôÍ..õ
0x00000030 83C610497419382C74F6A0B507B4078B .Æ.It.8,tö.µ.´..
0x00000040 F0AC3C0074FCBB0700B40ECD10EBF288 ð¬<.tü»..´.Í.ëò.
0x00000050 4E10E84600732AFE4610807E040B740B N.èF.s*þF..~..t.
0x00000060 807E040C7405A0B60775D28046020683 .~..t..¶.uÒ.F...
0x00000070 46080683560A00E821007305A0B607EB F...V..è!.s..¶.ë
0x00000080 BC813EFE7D55AA740B807E100074C8A0 ¼.>þ}Uªt..~..tÈ.
0x00000090 B707EBA98BFC1E578BF5CBBF05008A56 ·.ë©.ü.W.õË¿...V
0x000000A0 00B408CD1372238AC1243F988ADE8AFC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43F7E38BD186D6B106D2EE42F7E23956 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A77237205394608731CB80102BB007C .w#r.9F.s.¸..».|
0x000000D0 8B4E028B5600CD1373514F744E32E48A .N..V.Í.sQOtN2ä.
0x000000E0 5600CD13EBE48A560060BBAA55B441CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13723681FB55AA7530F6C101742B6160 .r6.ûUªu0öÁ.t+a`
0x00000100 6A006A00FF760AFF76086A0068007C6A j.j..v..v.j.h.|j
0x00000110 016A10B4428BF4CD136161730E4F740B .j.´B.ôÍ.aas.Ot.
0x00000120 32E48A5600CD13EBD661F9C34E65706C 2ä.V.Í.ëÖaùÃNepl
0x00000130 61746EA020746162756C6B61206F6464 atn. tabulka odd
0x00000140 A16C850043687962612070FD69206E61 ¡l..Chyba pýi na
0x00000150 9FA174A06EA1206F706572619F6EA168 .¡t.n¡ opera.n¡h
0x00000160 6F2073797374826D75004F706572619F o syst.mu.Opera.
0x00000170 6EA12073797374826D206E656E616C65 n¡ syst.m nenale
0x00000180 7A656E00000000000000000000000000 zen.............
0x00000190 00000000000000000000000000000000 ................
0x000001A0 00000000000000000000000000000000 ................
0x000001B0 00000000002C446A306038BF00008001 .....,Dj0`8¿....
0x000001C0 010007FEFFFF3F000000C1A550090000 ...þ..?...Á¥P...
0x000001D0 00000000000000000000000000000000 ................
0x000001E0 00000000000000000000000000000000 ................
0x000001F0 000000000000000000000000000055AA ..............Uª
---------------------------[ MBR ]----------------------------
MBR_CODE : XP MBR Code
MD5 : 40D8E866A4E90FD559C263F95860BBD7
PARTITIONS : 1
DISK_SIGNATURE : 306038BF
SIGNATURE_ID : AA55h
-----------------------[ PARTITION 1 ]------------------------
BOOTABLE : YES
PARTITION_TYPE : 0x07 ( NTFS / HPFS)
PARTITION_SIZE : 74.52 Go
STARTING_SECTOR : 63
ENDING_SECTOR : 156280320
TOTAL_SECTORS : 156280257
Re: Virus - XP security 2012 - nelze smazat
Nechci to zakřiknout,ale vypadá to, že je vyhráno (internet už konečně jede i v norm. režimu) 
log Combofix:
ComboFix 11-12-19.01 - Administrator 19.12.2011 19:09:52.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.894.646 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\system32\WinIo.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINIO
-------\Service_WINIO
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-19 do 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 17:42 . 2011-12-19 17:42 512 ----a-w- C:\PhysicalMBR.bin
2011-12-19 17:24 . 2011-12-19 17:24 -------- d-----w- c:\program files\trend micro
2011-12-19 17:24 . 2011-12-19 17:24 -------- d-----w- C:\rsit
2011-12-19 16:06 . 2011-12-19 16:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-19 15:38 . 2011-12-19 15:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-12-19 15:38 . 2011-12-19 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-19 15:38 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-19 15:36 . 2011-12-19 15:36 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-19 15:28 . 2011-12-19 15:29 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 18:15 . 2009-10-27 07:40 1409 ----a-w- c:\windows\QTFont.for
2011-10-10 14:22 . 2009-10-23 12:37 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-18 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2011-09-26 09:41 613376 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-18 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2009-10-23 36972]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"SMSERIAL"="sm56hlpr.exe" [2005-07-06 544768]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"UMonit"="c:\windows\system32\UMonit.exe" [2005-08-25 237568]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2005-09-16 31744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-27 77824]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-28 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-04-15 22:08 172032 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [23.10.2009 14:37 9216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WINIO
*NewlyCreated* - WUAUSERV
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fedb0ee5-bfd2-11de-b81f-0040cad92a1b}]
\Shell\AutoRun\command - Start.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Truneček\Data aplikací\Mozilla\Firefox\Profiles\skzxhmxh.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Easy-WebPrint - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 19:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\UMonit.exe?Vid_1????Pid_1f00????????2&PID437????B\?O???????????? Q???????Q?????w????????DP??X?)????????|p??|????m??|d??w???????????????w???????????????? Q??????????x???0Q??????\Q?????w????????P?)?X?)??????R??A7)?P?)?X?)??!*??????R??????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2500)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\sm56hlpr.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\SoftwareDistribution\Download\c711c815cf1bdadfc21ddf9592125f04\update\update.exe
.
**************************************************************************
.
Celkový čas: 2011-12-19 19:18:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-19 18:18
.
Před spuštěním: Volných bajtů: 67 540 635 648
Po spuštění: Volných bajtů: 68 143 603 712
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 69A0666E771F44F2EE9362DDDC9B0E92
log Combofix:
ComboFix 11-12-19.01 - Administrator 19.12.2011 19:09:52.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.894.646 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\system32\WinIo.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINIO
-------\Service_WINIO
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-19 do 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 17:42 . 2011-12-19 17:42 512 ----a-w- C:\PhysicalMBR.bin
2011-12-19 17:24 . 2011-12-19 17:24 -------- d-----w- c:\program files\trend micro
2011-12-19 17:24 . 2011-12-19 17:24 -------- d-----w- C:\rsit
2011-12-19 16:06 . 2011-12-19 16:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-19 15:38 . 2011-12-19 15:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-12-19 15:38 . 2011-12-19 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-19 15:38 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-19 15:36 . 2011-12-19 15:36 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-19 15:28 . 2011-12-19 15:29 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 18:15 . 2009-10-27 07:40 1409 ----a-w- c:\windows\QTFont.for
2011-10-10 14:22 . 2009-10-23 12:37 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-18 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2011-09-26 09:41 613376 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-18 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2009-10-23 36972]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"SMSERIAL"="sm56hlpr.exe" [2005-07-06 544768]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"UMonit"="c:\windows\system32\UMonit.exe" [2005-08-25 237568]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2005-09-16 31744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-27 77824]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-28 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-04-15 22:08 172032 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [23.10.2009 14:37 9216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WINIO
*NewlyCreated* - WUAUSERV
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fedb0ee5-bfd2-11de-b81f-0040cad92a1b}]
\Shell\AutoRun\command - Start.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Truneček\Data aplikací\Mozilla\Firefox\Profiles\skzxhmxh.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Easy-WebPrint - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 19:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\UMonit.exe?Vid_1????Pid_1f00????????2&PID437????B\?O???????????? Q???????Q?????w????????DP??X?)????????|p??|????m??|d??w???????????????w???????????????? Q??????????x???0Q??????\Q?????w????????P?)?X?)??????R??A7)?P?)?X?)??!*??????R??????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2500)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\sm56hlpr.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\SoftwareDistribution\Download\c711c815cf1bdadfc21ddf9592125f04\update\update.exe
.
**************************************************************************
.
Celkový čas: 2011-12-19 19:18:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-19 18:18
.
Před spuštěním: Volných bajtů: 67 540 635 648
Po spuštění: Volných bajtů: 68 143 603 712
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 69A0666E771F44F2EE9362DDDC9B0E92
Přispějete na provoz fóra?