otl cast 1
OTL logfile created on: 25.4.2010 7:43:51 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Boris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 87,67 Gb Free Space | 37,65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PAZDEROVI-PC
Current User Name: Boris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.25 07:41:42 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe
PRC - [2010.04.21 13:44:02 | 007,393,944 | ---- | M] (Blizzard Entertainment) -- C:\games\World of Warcraft\Wow.exe
PRC - [2010.04.21 12:56:38 | 004,094,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgui.exe
PRC - [2010.04.21 12:56:31 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010.04.16 21:04:31 | 000,532,976 | ---- | M] (Google Inc.) -- C:\Users\Boris\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.04.02 09:49:40 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010.03.13 09:11:27 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010.03.13 09:11:19 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010.03.13 09:09:10 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010.03.11 02:03:17 | 007,359,640 | ---- | M] (Blizzard Entertainment) -- C:\games\World of Warcraft - Kopie\Wow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007.07.20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007.07.20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
========== Modules (SafeList) ==========
MOD - [2010.04.25 07:41:42 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2007.07.20 00:40:36 | 000,113,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.03.13 09:11:19 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.02.18 20:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.23 12:48:08 | 000,067,072 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\Windows\System32\ATKFUSService.exe -- (ATKFUSService)
SRV - [2007.07.20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.07.20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007.07.20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006.07.05 15:02:03 | 000,358,008 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\Windows\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1)
========== Driver Services (SafeList) ==========
DRV - [2010.04.21 12:56:31 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.03.13 09:11:25 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.03.13 09:09:11 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.01.07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.10.09 21:47:10 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.09.17 23:55:00 | 007,379,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.20 12:11:16 | 000,033,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008.02.20 12:02:22 | 000,029,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\easdrv.sys -- (easdrv)
DRV - [2008.02.20 12:01:30 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008.02.11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.02.11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007.07.23 13:01:42 | 000,030,848 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV - [2007.07.23 12:48:10 | 000,013,696 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007.07.23 12:48:08 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO)
DRV - [2007.07.20 18:08:54 | 000,009,856 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gMouUsb.sys -- (gMouUsb)
DRV - [2007.07.20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007.07.20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007.07.19 20:13:10 | 000,016,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gHidPnp.sys -- (gHidPnp)
DRV - [2007.07.19 02:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.07.18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007.07.14 21:24:09 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2007.07.14 21:24:07 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007.06.12 07:05:34 | 001,787,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.04.20 13:34:54 | 000,674,048 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.03.06 17:49:20 | 000,491,168 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2006.12.13 12:00:08 | 000,025,600 | ---- | M] (Attansic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L260x86.sys -- (Atc002)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.18 14:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2006.08.18 11:10:24 | 000,061,504 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\K320bus.sys -- (K320bus) Sony Ericsson K320 driver (WDM)
DRV - [2006.08.18 11:10:22 | 000,097,056 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\K320mdm.sys -- (K320mdm)
DRV - [2006.08.18 11:10:22 | 000,009,328 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\K320mdfl.sys -- (K320mdfl)
DRV - [2006.08.18 11:10:20 | 000,088,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\K320mgmt.sys -- (K320mgmt) Sony Ericsson K320 USB WMC Device Management Drivers (WDM)
DRV - [2006.08.18 11:10:18 | 000,086,368 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\K320obex.sys -- (K320obex)
DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.07.12 05:48:46 | 000,017,408 | ---- | M] ( Mouse Upfilter Driver ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gMouPS2.sys -- (gMouPS2)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.10.04 11:34:56 | 000,075,925 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wf2kvcap.sys -- (BT848)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.spojka.org/
IE - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.centrum.cz/skinit/icq/"
[2008.10.23 19:11:33 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mozilla\Extensions
[2008.10.23 19:11:33 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\srdwpqqv.default\extensions
O1 HOSTS File: ([2010.04.23 17:09:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: () - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\Program Files\Star Downloader\SDIEInt.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O4 - Startup: C:\Users\Hanulka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.06.18 20:05:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
AVG mi našlo několik viru
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: AVG mi našlo několik viru
OTL cast 2
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 30 Days ==========
[2010.04.25 07:41:39 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe
[2010.04.23 17:18:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.04.23 17:18:50 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\temp
[2010.04.23 17:09:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.04.22 22:43:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.04.22 22:43:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.04.22 22:42:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.04.22 22:42:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.04.22 22:41:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.04.21 21:44:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.14 13:45:04 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 13:44:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 13:44:57 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 13:44:45 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 13:44:45 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.05 22:57:36 | 000,093,056 | ---- | C] (GMER) -- C:\uflcyuog.sys
[2010.04.05 06:28:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.04.04 19:44:47 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Boris\Desktop\SPTDinst-v162-x86.exe
[2010.04.04 17:31:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.04.03 07:39:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.03.31 16:08:32 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 16:08:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.03.31 16:08:31 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 16:08:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 16:08:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 16:08:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.03.31 16:08:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 16:08:29 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.31 16:08:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.03.31 16:08:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.03.31 16:08:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.03.31 16:08:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.03.31 16:08:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.31 16:08:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 16:08:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
========== Files - Modified Within 30 Days ==========
[2010.04.25 07:50:22 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6C33CF46-6887-4FC2-A862-CE0598A2CBEF}.job
[2010.04.25 07:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1E0B1D22-D565-4A9E-9DC2-120B0F690ABE}.job
[2010.04.25 07:49:59 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1CB939E2-DFCB-4177-9C92-76757785239D}.job
[2010.04.25 07:49:51 | 004,194,304 | -HS- | M] () -- C:\Users\Boris\NTUSER.DAT
[2010.04.25 07:43:17 | 059,241,570 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.04.25 07:41:51 | 001,419,592 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.25 07:41:51 | 000,606,912 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.04.25 07:41:51 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.25 07:41:51 | 000,119,398 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.04.25 07:41:51 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.25 07:41:42 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe
[2010.04.25 07:36:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.25 07:36:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.25 07:36:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.25 07:36:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.25 07:35:57 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.24 23:40:21 | 000,524,288 | -HS- | M] () -- C:\Users\Boris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.24 23:40:21 | 000,065,536 | -HS- | M] () -- C:\Users\Boris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.24 23:39:25 | 004,510,644 | -H-- | M] () -- C:\Users\Boris\AppData\Local\IconCache.db
[2010.04.24 22:55:01 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3038224116-2228616904-308158760-1000UA.job
[2010.04.24 22:55:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3038224116-2228616904-308158760-1000Core.job
[2010.04.24 19:56:20 | 190,958,261 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.23 17:21:38 | 000,000,000 | ---- | M] () -- C:\Users\Boris\Desktop\ss.bmp
[2010.04.23 17:09:59 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.04.23 17:09:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.04.22 22:40:39 | 000,000,991 | ---- | M] () -- C:\Users\Boris\Desktop\ComboFix – zástupce.lnk
[2010.04.21 12:56:31 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.04.21 12:56:28 | 000,002,042 | ---- | M] () -- C:\Users\Boris\Desktop\Google Chrome.lnk
[2010.04.18 07:12:09 | 000,000,918 | ---- | M] () -- C:\Users\Boris\Desktop\realmlist – zástupce.lnk
[2010.04.14 22:45:59 | 000,027,988 | ---- | M] () -- C:\Users\Boris\Documents\STUDENA VALKA.odt
[2010.04.11 13:07:18 | 000,018,587 | ---- | M] () -- C:\Users\Boris\Desktop\kupní smlouva.odt
[2010.04.05 22:57:36 | 000,093,056 | ---- | M] (GMER) -- C:\uflcyuog.sys
[2010.04.05 12:25:10 | 000,090,907 | ---- | M] () -- C:\Users\Boris\Desktop\Bez názvu.jpg
[2010.04.05 11:45:18 | 000,077,312 | ---- | M] () -- C:\Users\Boris\Desktop\mbr.exe
[2010.04.05 11:39:39 | 000,000,000 | ---- | M] () -- C:\Users\Boris\defogger_reenable
[2010.04.04 19:44:51 | 000,880,624 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Boris\Desktop\SPTDinst-v162-x86.exe
[2010.04.04 17:27:26 | 000,000,186 | ---- | M] () -- C:\Users\Boris\Documents\smazani.reg
[2010.04.03 11:03:05 | 000,007,244 | ---- | M] () -- C:\Users\Boris\AppData\Local\d3d9caps.dat
[2010.04.02 22:27:12 | 000,002,051 | ---- | M] () -- C:\Users\Boris\Desktop\1-Click Cleaner.lnk
[2010.04.02 22:27:12 | 000,001,997 | ---- | M] () -- C:\Users\Boris\Desktop\Vista Manager.lnk
[2010.04.02 21:16:42 | 000,002,954 | ---- | M] () -- C:\Users\Boris\Documents\cc_20100402_211634.reg
========== Files Created - No Company Name ==========
[2010.04.24 19:56:20 | 190,958,261 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.04.23 17:21:38 | 000,000,000 | ---- | C] () -- C:\Users\Boris\Desktop\ss.bmp
[2010.04.22 22:43:05 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.04.22 22:43:02 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.04.22 22:43:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.04.22 22:43:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.04.22 22:43:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.04.22 22:40:39 | 000,000,991 | ---- | C] () -- C:\Users\Boris\Desktop\ComboFix – zástupce.lnk
[2010.04.18 07:12:09 | 000,000,918 | ---- | C] () -- C:\Users\Boris\Desktop\realmlist – zástupce.lnk
[2010.04.14 21:34:26 | 000,027,988 | ---- | C] () -- C:\Users\Boris\Documents\STUDENA VALKA.odt
[2010.04.11 13:07:17 | 000,018,587 | ---- | C] () -- C:\Users\Boris\Desktop\kupní smlouva.odt
[2010.04.05 23:01:54 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.05 12:25:09 | 000,090,907 | ---- | C] () -- C:\Users\Boris\Desktop\Bez názvu.jpg
[2010.04.05 12:17:41 | 000,293,376 | ---- | C] () -- C:\Users\Boris\Desktop\neco.com.exe
[2010.04.05 11:45:17 | 000,077,312 | ---- | C] () -- C:\Users\Boris\Desktop\mbr.exe
[2010.04.05 11:39:39 | 000,000,000 | ---- | C] () -- C:\Users\Boris\defogger_reenable
[2010.04.04 17:27:26 | 000,000,186 | ---- | C] () -- C:\Users\Boris\Documents\smazani.reg
[2010.04.02 22:27:12 | 000,002,051 | ---- | C] () -- C:\Users\Boris\Desktop\1-Click Cleaner.lnk
[2010.04.02 22:27:12 | 000,001,997 | ---- | C] () -- C:\Users\Boris\Desktop\Vista Manager.lnk
[2010.04.02 21:16:36 | 000,002,954 | ---- | C] () -- C:\Users\Boris\Documents\cc_20100402_211634.reg
[2009.07.23 08:44:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.12.10 20:45:41 | 000,167,936 | ---- | C] () -- C:\Windows\System32\hpsfs.dll
[2008.10.08 17:16:24 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.10.08 17:15:41 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2008.07.23 16:05:00 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.07.23 16:05:00 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.02.20 12:11:16 | 000,033,800 | ---- | C] () -- C:\Windows\System32\drivers\epfwtdir.sys
[2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.01.02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007.12.14 13:51:58 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007.09.03 13:29:41 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.09.03 13:29:36 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.09.03 13:29:36 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.07.18 17:42:42 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007.07.14 21:24:09 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007.07.14 21:24:07 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007.07.13 20:34:14 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI
[2007.06.28 17:11:55 | 000,051,370 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007.06.28 16:37:54 | 000,001,324 | ---- | C] () -- C:\Windows\TVP3XDrv.ini
[2007.06.28 16:37:28 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.06.28 16:32:05 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2007.04.13 11:32:50 | 000,000,000 | ---- | C] () -- C:\Windows\sporic_new.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002.01.13 07:27:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\drivers\gHidPnp.sys
[2002.01.13 07:27:52 | 000,009,856 | ---- | C] () -- C:\Windows\System32\drivers\gMouUsb.sys
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
========== LOP Check ==========
[2008.10.22 21:08:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\aAvgApi
[2009.10.10 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Azureus
[2008.08.28 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Canneverbe_Limited
[2007.07.18 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GHISLER
[2010.04.13 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ
[2007.09.06 21:21:36 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ Toolbar
[2010.02.16 22:40:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\jabbim
[2008.01.16 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MegauploadToolbar
[2008.11.08 14:42:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MobMapUpdater
[2007.07.18 12:29:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Opera
[2007.11.03 20:33:52 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\PeerNetworking
[2002.03.31 19:33:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\QIP
[2009.06.08 16:54:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TeamViewer
[2007.07.29 20:51:51 | 000,000,000 | ---D | M] -- C:\Users\Hanulka\AppData\Roaming\Azureus
[2007.11.10 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\Hanulka\AppData\Roaming\ICQ
[2007.08.22 18:17:45 | 000,000,000 | ---D | M] -- C:\Users\Hanulka\AppData\Roaming\ICQ Toolbar
[2007.10.27 13:08:57 | 000,000,000 | ---D | M] -- C:\Users\Hanulka\AppData\Roaming\Opera
[2010.01.17 00:23:59 | 000,000,000 | ---D | M] -- C:\Users\Hanulka\AppData\Roaming\uTorrent
[2007.09.09 21:22:49 | 000,000,000 | ---D | M] -- C:\Users\Rodiče\AppData\Roaming\ICQ
[2009.07.14 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Rodiče\AppData\Roaming\Opera
[2010.04.24 23:40:01 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.04.25 07:49:59 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1CB939E2-DFCB-4177-9C92-76757785239D}.job
[2010.04.25 07:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1E0B1D22-D565-4A9E-9DC2-120B0F690ABE}.job
[2010.04.25 07:50:22 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6C33CF46-6887-4FC2-A862-CE0598A2CBEF}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2008.10.22 21:08:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\aAvgApi
[2008.06.17 14:57:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Adobe
[2009.10.10 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Azureus
[2008.08.28 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Canneverbe_Limited
[2007.12.03 21:41:53 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DivX
[2007.07.18 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GHISLER
[2008.03.11 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Google
[2009.10.17 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Hamachi
[2008.12.10 20:41:05 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\HP
[2010.04.13 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ
[2007.09.06 21:21:36 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ Toolbar
[2007.07.13 13:52:31 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Identities
[2007.08.22 08:16:00 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\InstallShield
[2010.02.16 22:40:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\jabbim
[2007.07.18 11:27:19 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Macromedia
[2010.01.15 22:25:05 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Media Center Programs
[2008.01.20 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Media Player Classic
[2008.01.16 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MegauploadToolbar
[2010.01.05 23:08:16 | 000,000,000 | --SD | M] -- C:\Users\Boris\AppData\Roaming\Microsoft
[2008.11.08 14:42:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MobMapUpdater
[2008.10.23 19:11:33 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mozilla
[2007.12.11 20:04:14 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Nero
[2010.04.22 14:11:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OpenOffice.org2
[2007.07.18 12:29:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Opera
[2007.11.03 20:33:52 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\PeerNetworking
[2002.03.31 19:33:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\QIP
[2010.01.15 21:36:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Real
[2010.04.23 19:52:28 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Skype
[2010.04.23 18:53:26 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\skypePM
[2008.12.13 14:25:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\teamspeak2
[2009.06.08 16:54:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TeamViewer
[2007.11.15 23:17:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ventrilo
[2008.03.10 12:44:50 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Winamp
[2007.07.14 21:57:27 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\WinRAR
[2008.07.22 13:00:21 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Yahoo!
< %APPDATA%\*.exe /s >
[2006.11.03 18:56:58 | 000,837,576 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\MegauploadToolbar\megauper.exe
[2007.10.26 18:21:52 | 000,010,134 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
[2002.02.15 22:33:03 | 000,005,120 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\ClickCleaner.exe
[2010.04.02 22:27:15 | 000,017,542 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\ContextMenuManager.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\DiskAnalyzer.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\DuplicateFilesFinder.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\FileSecurity.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\FileSplitter.exe
[2010.04.02 22:27:15 | 000,017,542 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\FreeMemory.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\IconManager.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\IEManager.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\JunkFileCleaner.exe
[2010.04.02 22:27:15 | 000,005,430 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\LiveUpdate.exe
[2010.04.02 22:27:15 | 000,013,262 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\OptimizationWizard.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\PrivacyProtector.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\ProcessManager.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\RegistryCleaner.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\RegistryDefrag.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\RepairCenter.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\RunShortcutCreator.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\ServiceManager.exe
[2010.04.02 22:27:15 | 000,017,542 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\SmartUninstaller.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\StartupManager.exe
[2010.04.02 22:27:15 | 000,014,534 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\SystemFolder_msiexec.exe
[2010.04.02 22:27:15 | 000,007,886 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\SystemInfo.exe
[2010.04.02 22:27:15 | 000,017,542 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\TaskSchedulerManager.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\VistaManager.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\WallpaperChanger.exe
[2010.04.02 22:27:15 | 000,013,262 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\WinUtilities.exe
[2008.05.26 19:41:51 | 000,000,766 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{8C85AA4E-D246-4900-B6CF-D8EAF2C142F1}\_26e91eb.exe
[2008.05.26 19:41:51 | 000,000,766 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{8C85AA4E-D246-4900-B6CF-D8EAF2C142F1}\_5af141bb.exe
< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 00:02:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 00:02:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 00:02:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.19 09:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\System32\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.14 23:48:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.14 23:48:16 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: HAL.DLL >
[2009.04.11 08:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll
< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\drivers\isapnp.sys
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.06.15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\ERDNT\cache\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009.06.15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009.02.13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
< MD5 for: NDIS.SYS >
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\ERDNT\cache\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVRAID.SYS >
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: SMSS.EXE >
[2008.01.19 09:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe
< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2008.01.16 14:57:21 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=028061C7F6D2D03068C72E2A27E4228A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
[2009.04.11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009.12.08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2008.01.16 14:57:20 | 000,804,352 | ---- | M] (Microsoft Corporation) MD5=43EAE40B50FE3E60D194DD9C97EBB1FD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
[2009.12.08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\ERDNT\cache\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\System32\drivers\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2008.02.14 00:02:26 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2009.12.08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2008.02.14 00:02:26 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2008.04.26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.12.08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2009.12.08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2006.11.02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.12.08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008.01.19 09:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\ERDNT\cache\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.04.25 07:36:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.25 07:36:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.25 07:41:51 | 000,119,398 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.04.25 07:41:51 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.25 07:41:51 | 000,606,912 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.04.25 07:41:51 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.25 07:41:51 | 001,419,592 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 30 Days ==========
[2010.04.25 07:41:39 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe
[2010.04.23 17:18:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.04.23 17:18:50 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\temp
[2010.04.23 17:09:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.04.22 22:43:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.04.22 22:43:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.04.22 22:42:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.04.22 22:42:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.04.22 22:41:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.04.21 21:44:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.14 13:45:04 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 13:44:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 13:44:57 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 13:44:45 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 13:44:45 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.05 22:57:36 | 000,093,056 | ---- | C] (GMER) -- C:\uflcyuog.sys
[2010.04.05 06:28:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.04.04 19:44:47 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Boris\Desktop\SPTDinst-v162-x86.exe
[2010.04.04 17:31:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.04.03 07:39:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.03.31 16:08:32 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 16:08:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.03.31 16:08:31 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 16:08:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 16:08:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 16:08:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.03.31 16:08:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 16:08:29 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.31 16:08:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.03.31 16:08:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.03.31 16:08:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.03.31 16:08:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.03.31 16:08:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.31 16:08:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 16:08:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
========== Files - Modified Within 30 Days ==========
[2010.04.25 07:50:22 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6C33CF46-6887-4FC2-A862-CE0598A2CBEF}.job
[2010.04.25 07:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1E0B1D22-D565-4A9E-9DC2-120B0F690ABE}.job
[2010.04.25 07:49:59 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1CB939E2-DFCB-4177-9C92-76757785239D}.job
[2010.04.25 07:49:51 | 004,194,304 | -HS- | M] () -- C:\Users\Boris\NTUSER.DAT
[2010.04.25 07:43:17 | 059,241,570 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.04.25 07:41:51 | 001,419,592 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.25 07:41:51 | 000,606,912 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.04.25 07:41:51 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.25 07:41:51 | 000,119,398 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.04.25 07:41:51 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.25 07:41:42 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe
[2010.04.25 07:36:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.25 07:36:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.25 07:36:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.25 07:36:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.25 07:35:57 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.24 23:40:21 | 000,524,288 | -HS- | M] () -- C:\Users\Boris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.24 23:40:21 | 000,065,536 | -HS- | M] () -- C:\Users\Boris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.24 23:39:25 | 004,510,644 | -H-- | M] () -- C:\Users\Boris\AppData\Local\IconCache.db
[2010.04.24 22:55:01 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3038224116-2228616904-308158760-1000UA.job
[2010.04.24 22:55:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3038224116-2228616904-308158760-1000Core.job
[2010.04.24 19:56:20 | 190,958,261 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.23 17:21:38 | 000,000,000 | ---- | M] () -- C:\Users\Boris\Desktop\ss.bmp
[2010.04.23 17:09:59 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.04.23 17:09:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.04.22 22:40:39 | 000,000,991 | ---- | M] () -- C:\Users\Boris\Desktop\ComboFix – zástupce.lnk
[2010.04.21 12:56:31 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.04.21 12:56:28 | 000,002,042 | ---- | M] () -- C:\Users\Boris\Desktop\Google Chrome.lnk
[2010.04.18 07:12:09 | 000,000,918 | ---- | M] () -- C:\Users\Boris\Desktop\realmlist – zástupce.lnk
[2010.04.14 22:45:59 | 000,027,988 | ---- | M] () -- C:\Users\Boris\Documents\STUDENA VALKA.odt
[2010.04.11 13:07:18 | 000,018,587 | ---- | M] () -- C:\Users\Boris\Desktop\kupní smlouva.odt
[2010.04.05 22:57:36 | 000,093,056 | ---- | M] (GMER) -- C:\uflcyuog.sys
[2010.04.05 12:25:10 | 000,090,907 | ---- | M] () -- C:\Users\Boris\Desktop\Bez názvu.jpg
[2010.04.05 11:45:18 | 000,077,312 | ---- | M] () -- C:\Users\Boris\Desktop\mbr.exe
[2010.04.05 11:39:39 | 000,000,000 | ---- | M] () -- C:\Users\Boris\defogger_reenable
[2010.04.04 19:44:51 | 000,880,624 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Boris\Desktop\SPTDinst-v162-x86.exe
[2010.04.04 17:27:26 | 000,000,186 | ---- | M] () -- C:\Users\Boris\Documents\smazani.reg
[2010.04.03 11:03:05 | 000,007,244 | ---- | M] () -- C:\Users\Boris\AppData\Local\d3d9caps.dat
[2010.04.02 22:27:12 | 000,002,051 | ---- | M] () -- C:\Users\Boris\Desktop\1-Click Cleaner.lnk
[2010.04.02 22:27:12 | 000,001,997 | ---- | M] () -- C:\Users\Boris\Desktop\Vista Manager.lnk
[2010.04.02 21:16:42 | 000,002,954 | ---- | M] () -- C:\Users\Boris\Documents\cc_20100402_211634.reg
========== Files Created - No Company Name ==========
[2010.04.24 19:56:20 | 190,958,261 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.04.23 17:21:38 | 000,000,000 | ---- | C] () -- C:\Users\Boris\Desktop\ss.bmp
[2010.04.22 22:43:05 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.04.22 22:43:02 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.04.22 22:43:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.04.22 22:43:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.04.22 22:43:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.04.22 22:40:39 | 000,000,991 | ---- | C] () -- C:\Users\Boris\Desktop\ComboFix – zástupce.lnk
[2010.04.18 07:12:09 | 000,000,918 | ---- | C] () -- C:\Users\Boris\Desktop\realmlist – zástupce.lnk
[2010.04.14 21:34:26 | 000,027,988 | ---- | C] () -- C:\Users\Boris\Documents\STUDENA VALKA.odt
[2010.04.11 13:07:17 | 000,018,587 | ---- | C] () -- C:\Users\Boris\Desktop\kupní smlouva.odt
[2010.04.05 23:01:54 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.05 12:25:09 | 000,090,907 | ---- | C] () -- C:\Users\Boris\Desktop\Bez názvu.jpg
[2010.04.05 12:17:41 | 000,293,376 | ---- | C] () -- C:\Users\Boris\Desktop\neco.com.exe
[2010.04.05 11:45:17 | 000,077,312 | ---- | C] () -- C:\Users\Boris\Desktop\mbr.exe
[2010.04.05 11:39:39 | 000,000,000 | ---- | C] () -- C:\Users\Boris\defogger_reenable
[2010.04.04 17:27:26 | 000,000,186 | ---- | C] () -- C:\Users\Boris\Documents\smazani.reg
[2010.04.02 22:27:12 | 000,002,051 | ---- | C] () -- C:\Users\Boris\Desktop\1-Click Cleaner.lnk
[2010.04.02 22:27:12 | 000,001,997 | ---- | C] () -- C:\Users\Boris\Desktop\Vista Manager.lnk
[2010.04.02 21:16:36 | 000,002,954 | ---- | C] () -- C:\Users\Boris\Documents\cc_20100402_211634.reg
[2009.07.23 08:44:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.12.10 20:45:41 | 000,167,936 | ---- | C] () -- C:\Windows\System32\hpsfs.dll
[2008.10.08 17:16:24 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.10.08 17:15:41 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2008.07.23 16:05:00 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.07.23 16:05:00 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.02.20 12:11:16 | 000,033,800 | ---- | C] () -- C:\Windows\System32\drivers\epfwtdir.sys
[2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.01.02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007.12.14 13:51:58 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007.09.03 13:29:41 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.09.03 13:29:36 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.09.03 13:29:36 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.07.18 17:42:42 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007.07.14 21:24:09 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007.07.14 21:24:07 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007.07.13 20:34:14 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI
[2007.06.28 17:11:55 | 000,051,370 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007.06.28 16:37:54 | 000,001,324 | ---- | C] () -- C:\Windows\TVP3XDrv.ini
[2007.06.28 16:37:28 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.06.28 16:32:05 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2007.04.13 11:32:50 | 000,000,000 | ---- | C] () -- C:\Windows\sporic_new.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002.01.13 07:27:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\drivers\gHidPnp.sys
[2002.01.13 07:27:52 | 000,009,856 | ---- | C] () -- C:\Windows\System32\drivers\gMouUsb.sys
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
========== LOP Check ==========
[2008.10.22 21:08:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\aAvgApi
[2009.10.10 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Azureus
[2008.08.28 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Canneverbe_Limited
[2007.07.18 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GHISLER
[2010.04.13 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ
[2007.09.06 21:21:36 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ Toolbar
[2010.02.16 22:40:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\jabbim
[2008.01.16 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MegauploadToolbar
[2008.11.08 14:42:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MobMapUpdater
[2007.07.18 12:29:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Opera
[2007.11.03 20:33:52 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\PeerNetworking
[2002.03.31 19:33:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\QIP
[2009.06.08 16:54:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TeamViewer
[2007.07.29 20:51:51 | 000,000,000 | ---D | M] -- C:\Users\Hanulka\AppData\Roaming\Azureus
[2007.11.10 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\Hanulka\AppData\Roaming\ICQ
[2007.08.22 18:17:45 | 000,000,000 | ---D | M] -- C:\Users\Hanulka\AppData\Roaming\ICQ Toolbar
[2007.10.27 13:08:57 | 000,000,000 | ---D | M] -- C:\Users\Hanulka\AppData\Roaming\Opera
[2010.01.17 00:23:59 | 000,000,000 | ---D | M] -- C:\Users\Hanulka\AppData\Roaming\uTorrent
[2007.09.09 21:22:49 | 000,000,000 | ---D | M] -- C:\Users\Rodiče\AppData\Roaming\ICQ
[2009.07.14 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Rodiče\AppData\Roaming\Opera
[2010.04.24 23:40:01 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.04.25 07:49:59 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1CB939E2-DFCB-4177-9C92-76757785239D}.job
[2010.04.25 07:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1E0B1D22-D565-4A9E-9DC2-120B0F690ABE}.job
[2010.04.25 07:50:22 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6C33CF46-6887-4FC2-A862-CE0598A2CBEF}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2008.10.22 21:08:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\aAvgApi
[2008.06.17 14:57:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Adobe
[2009.10.10 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Azureus
[2008.08.28 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Canneverbe_Limited
[2007.12.03 21:41:53 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DivX
[2007.07.18 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GHISLER
[2008.03.11 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Google
[2009.10.17 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Hamachi
[2008.12.10 20:41:05 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\HP
[2010.04.13 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ
[2007.09.06 21:21:36 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ Toolbar
[2007.07.13 13:52:31 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Identities
[2007.08.22 08:16:00 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\InstallShield
[2010.02.16 22:40:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\jabbim
[2007.07.18 11:27:19 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Macromedia
[2010.01.15 22:25:05 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Media Center Programs
[2008.01.20 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Media Player Classic
[2008.01.16 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MegauploadToolbar
[2010.01.05 23:08:16 | 000,000,000 | --SD | M] -- C:\Users\Boris\AppData\Roaming\Microsoft
[2008.11.08 14:42:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MobMapUpdater
[2008.10.23 19:11:33 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mozilla
[2007.12.11 20:04:14 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Nero
[2010.04.22 14:11:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OpenOffice.org2
[2007.07.18 12:29:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Opera
[2007.11.03 20:33:52 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\PeerNetworking
[2002.03.31 19:33:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\QIP
[2010.01.15 21:36:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Real
[2010.04.23 19:52:28 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Skype
[2010.04.23 18:53:26 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\skypePM
[2008.12.13 14:25:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\teamspeak2
[2009.06.08 16:54:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TeamViewer
[2007.11.15 23:17:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ventrilo
[2008.03.10 12:44:50 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Winamp
[2007.07.14 21:57:27 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\WinRAR
[2008.07.22 13:00:21 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Yahoo!
< %APPDATA%\*.exe /s >
[2006.11.03 18:56:58 | 000,837,576 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\MegauploadToolbar\megauper.exe
[2007.10.26 18:21:52 | 000,010,134 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
[2002.02.15 22:33:03 | 000,005,120 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\ClickCleaner.exe
[2010.04.02 22:27:15 | 000,017,542 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\ContextMenuManager.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\DiskAnalyzer.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\DuplicateFilesFinder.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\FileSecurity.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\FileSplitter.exe
[2010.04.02 22:27:15 | 000,017,542 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\FreeMemory.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\IconManager.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\IEManager.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\JunkFileCleaner.exe
[2010.04.02 22:27:15 | 000,005,430 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\LiveUpdate.exe
[2010.04.02 22:27:15 | 000,013,262 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\OptimizationWizard.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\PrivacyProtector.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\ProcessManager.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\RegistryCleaner.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\RegistryDefrag.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\RepairCenter.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\RunShortcutCreator.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\ServiceManager.exe
[2010.04.02 22:27:15 | 000,017,542 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\SmartUninstaller.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\StartupManager.exe
[2010.04.02 22:27:15 | 000,014,534 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\SystemFolder_msiexec.exe
[2010.04.02 22:27:15 | 000,007,886 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\SystemInfo.exe
[2010.04.02 22:27:15 | 000,017,542 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\TaskSchedulerManager.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\VistaManager.exe
[2010.04.02 22:27:15 | 000,015,086 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\WallpaperChanger.exe
[2010.04.02 22:27:15 | 000,013,262 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{83B0CE83-BE3C-464B-851B-19555F6A8633}\WinUtilities.exe
[2008.05.26 19:41:51 | 000,000,766 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{8C85AA4E-D246-4900-B6CF-D8EAF2C142F1}\_26e91eb.exe
[2008.05.26 19:41:51 | 000,000,766 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{8C85AA4E-D246-4900-B6CF-D8EAF2C142F1}\_5af141bb.exe
< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 00:02:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 00:02:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 00:02:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.19 09:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\System32\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.14 23:48:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.14 23:48:16 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: HAL.DLL >
[2009.04.11 08:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll
< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\drivers\isapnp.sys
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.06.15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\ERDNT\cache\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009.06.15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009.02.13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
< MD5 for: NDIS.SYS >
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\ERDNT\cache\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVRAID.SYS >
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: SMSS.EXE >
[2008.01.19 09:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe
< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2008.01.16 14:57:21 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=028061C7F6D2D03068C72E2A27E4228A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
[2009.04.11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009.12.08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2008.01.16 14:57:20 | 000,804,352 | ---- | M] (Microsoft Corporation) MD5=43EAE40B50FE3E60D194DD9C97EBB1FD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
[2009.12.08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\ERDNT\cache\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\System32\drivers\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2008.02.14 00:02:26 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2009.12.08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2008.02.14 00:02:26 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2008.04.26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.12.08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2009.12.08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2006.11.02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.12.08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008.01.19 09:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\ERDNT\cache\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.04.25 07:36:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.25 07:36:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.25 07:41:51 | 000,119,398 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.04.25 07:41:51 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.25 07:41:51 | 000,606,912 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.04.25 07:41:51 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.25 07:41:51 | 001,419,592 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: AVG mi našlo několik viru
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:OTL
IE - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-3038224116-2228616904-308158760-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2008.05.26 19:41:51 | 000,000,766 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{8C85AA4E-D246-4900-B6CF-D8EAF2C142F1}\_26e91eb.exe
[2008.05.26 19:41:51 | 000,000,766 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{8C85AA4E-D246-4900-B6CF-D8EAF2C142F1}\_5af141bb.exe
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]
Re: AVG mi našlo několik viru
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3038224116-2228616904-308158760-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-3038224116-2228616904-308158760-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{8C85AA4E-D246-4900-B6CF-D8EAF2C142F1}\_26e91eb.exe moved successfully.
C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{8C85AA4E-D246-4900-B6CF-D8EAF2C142F1}\_5af141bb.exe moved successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Boris
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 303868937 bytes
->Java cache emptied: 64553939 bytes
->FireFox cache emptied: 32415354 bytes
->Google Chrome cache emptied: 75248596 bytes
->Opera cache emptied: 334055 bytes
->Flash cache emptied: 2047 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Hanulka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 85799625 bytes
->Java cache emptied: 14515715 bytes
->Flash cache emptied: 7963 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Rodiče
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10048604 bytes
->Java cache emptied: 37481 bytes
->Opera cache emptied: 3194376 bytes
->Flash cache emptied: 2501 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1684 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2936317 bytes
RecycleBin emptied: 3158795 bytes
Total Files Cleaned = 569,00 mb
[EMPTYFLASH]
User: All Users
User: Boris
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Guest
User: Hanulka
->Flash cache emptied: 0 bytes
User: Public
User: Rodiče
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL cannot clear restorepoints on Vista OSs!
OTL cannot create restorepoints on Vista OSs!
OTL by OldTimer - Version 3.2.2.0 log created on 04252010_112621
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3038224116-2228616904-308158760-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3038224116-2228616904-308158760-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-3038224116-2228616904-308158760-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{8C85AA4E-D246-4900-B6CF-D8EAF2C142F1}\_26e91eb.exe moved successfully.
C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{8C85AA4E-D246-4900-B6CF-D8EAF2C142F1}\_5af141bb.exe moved successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Boris
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 303868937 bytes
->Java cache emptied: 64553939 bytes
->FireFox cache emptied: 32415354 bytes
->Google Chrome cache emptied: 75248596 bytes
->Opera cache emptied: 334055 bytes
->Flash cache emptied: 2047 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Hanulka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 85799625 bytes
->Java cache emptied: 14515715 bytes
->Flash cache emptied: 7963 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Rodiče
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10048604 bytes
->Java cache emptied: 37481 bytes
->Opera cache emptied: 3194376 bytes
->Flash cache emptied: 2501 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1684 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2936317 bytes
RecycleBin emptied: 3158795 bytes
Total Files Cleaned = 569,00 mb
[EMPTYFLASH]
User: All Users
User: Boris
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Guest
User: Hanulka
->Flash cache emptied: 0 bytes
User: Public
User: Rodiče
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL cannot clear restorepoints on Vista OSs!
OTL cannot create restorepoints on Vista OSs!
OTL by OldTimer - Version 3.2.2.0 log created on 04252010_112621
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: AVG mi našlo několik viru
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-24 19:52:35
Windows 6.0.6002 Service Pack 2
Running: neco.com.exe; Driver: C:\Users\Boris\AppData\Local\Temp\uflcyuog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
Rootkit quick scan 2010-04-24 19:52:35
Windows 6.0.6002 Service Pack 2
Running: neco.com.exe; Driver: C:\Users\Boris\AppData\Local\Temp\uflcyuog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Přispějete na provoz fóra?