log OTL - 1 cast
OTL logfile created on: 2.8.2010 20:04:23 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\vacekp.CHATHB\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 73,00% Memory free
12,00 Gb Paging File | 11,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 574,70 Gb Free Space | 61,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3,73 Gb Total Space | 0,45 Gb Free Space | 12,03% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VACEKP
Current User Name: vacekp
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.08.02 17:59:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\vacekp.CHATHB\Desktop\OTL.exe
PRC - [2009.12.15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\vacekp.CHATHB\Desktop\gmer.exe
PRC - [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ6.5\ICQ.exe
PRC - [2009.09.11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.08.06 16:00:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.08.06 16:00:48 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.03.20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2001.07.27 13:05:08 | 000,045,056 | ---- | M] (TreeINFO s.r.o.) -- C:\Program Files (x86)\TreeINFO\Titimer.exe
========== Modules (SafeList) ==========
MOD - [2010.08.02 17:59:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\vacekp.CHATHB\Desktop\OTL.exe
MOD - [2008.01.21 04:48:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV:
64bit: - [2009.09.11 07:33:20 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:
64bit: - [2009.09.11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:
64bit: - [2009.04.11 09:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:
64bit: - [2009.04.11 09:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:
64bit: - [2008.12.11 07:08:52 | 004,297,728 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:
64bit: - [2008.01.21 04:49:41 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:
64bit: - [2008.01.21 04:45:48 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.04.28 10:57:52 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.08.06 16:00:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
========== Driver Services (SafeList) ==========
DRV:
64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:
64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:
64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:
64bit: - [2009.09.11 07:27:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:
64bit: - [2009.09.11 07:23:52 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:
64bit: - [2009.09.11 07:17:20 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:
64bit: - [2009.04.11 06:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:
64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:
64bit: - [2008.07.20 17:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:
64bit: - [2008.06.13 10:41:54 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:
64bit: - [2008.05.23 16:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:
64bit: - [2007.03.27 19:28:38 | 000,040,960 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hpnuhub.sys -- (HPNUHUB)
DRV:
64bit: - [2007.03.27 19:14:12 | 000,016,384 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hpnuhst.sys -- (hpnuhst)
DRV:
64bit: - [2006.11.28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:
64bit: - [2006.11.28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:
64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2007.03.27 19:28:38 | 000,040,960 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\hpnuhub.sys -- (HPNUHUB)
DRV - [2007.03.27 19:14:12 | 000,016,384 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\hpnuhst.sys -- (hpnuhst)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2382166588-2017641859-2650136724-1152\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.seznam.cz/
IE - HKU\S-1-5-21-2382166588-2017641859-2650136724-1152\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 1C AC 8A 7A DF CA 01 [binary data]
IE - HKU\S-1-5-21-2382166588-2017641859-2650136724-1152\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2382166588-2017641859-2650136724-1152\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2382166588-2017641859-2650136724-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\
bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.05 10:13:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\
eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.10.01 13:03:30 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:
64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:
64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:
64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:
64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:
64bit: - HKLM..\Run: [pdfFactory Dispatcher v3] C:\Windows\SysNative\spool\DRIVERS\x64\3\fppdis3a.exe (FinePrint Software, LLC)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:
64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2382166588-2017641859-2650136724-1152..\Run: [ICQ] C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3}
http://www.ostrava.unas.cz/kamery/AxisCamControl.cab (CamImage Class)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044}
http://webcam01.khnet.info/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}
http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 213.226.248.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chathb.local
O18:
64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\vacekp.CHATHB\Desktop\Janí a Paví.JPG
O24 - Desktop BackupWallPaper: C:\Users\vacekp.CHATHB\Desktop\Janí a Paví.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.28 23:49:26 | 000,000,144 | -HS- | M] () - E:\autorun.ini -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:
64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:
64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:
64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010.08.02 18:05:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\vacekp.CHATHB\Desktop\OTL.exe
[2010.08.02 15:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.08.02 15:55:43 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.02 15:41:05 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
========== Files - Modified Within 30 Days ==========
[2010.08.02 20:03:27 | 003,407,872 | -HS- | M] () -- C:\Users\vacekp.CHATHB\NTUSER.DAT
[2010.08.02 19:55:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 19:55:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 18:35:42 | 000,524,288 | -HS- | M] () -- C:\Users\vacekp.CHATHB\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TMContainer00000000000000000001.regtrans-ms
[2010.08.02 18:35:42 | 000,065,536 | -HS- | M] () -- C:\Users\vacekp.CHATHB\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TM.blf
[2010.08.02 18:35:37 | 003,115,582 | -H-- | M] () -- C:\Users\vacekp.CHATHB\AppData\Local\IconCache.db
[2010.08.02 18:07:15 | 001,402,426 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.02 18:07:15 | 000,601,848 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.08.02 18:07:15 | 000,589,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.02 18:07:15 | 000,115,976 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.08.02 18:07:15 | 000,101,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.02 17:59:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\vacekp.CHATHB\Desktop\OTL.exe
[2010.08.02 17:58:42 | 000,077,312 | ---- | M] () -- C:\Users\vacekp.CHATHB\Desktop\mbr.exe
[2010.08.02 17:54:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.02 17:54:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.02 15:49:24 | 000,077,312 | ---- | M] () -- C:\Windows\mbr.exe
[2010.07.31 18:13:41 | 000,002,958 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.07.22 19:22:03 | 000,016,384 | ---- | M] () -- C:\Users\vacekp.CHATHB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.16 12:05:25 | 000,167,085 | ---- | M] () -- C:\Users\vacekp.CHATHB\Desktop\valník.jpg
[2010.07.14 12:51:24 | 137,216,992 | ---- | M] () -- C:\Users\vacekp.CHATHB\Desktop\Powertool_1986_by_RapidRise.org.part2.rar
[2010.07.14 12:10:00 | 137,221,500 | ---- | M] () -- C:\Users\vacekp.CHATHB\Desktop\Powertool_1986_by_RapidRise.org.part1.rar
[2010.07.14 09:27:44 | 114,577,674 | ---- | M] () -- C:\Users\vacekp.CHATHB\Desktop\Comics_Pack_01.zip
[2010.07.08 07:37:07 | 000,002,489 | ---- | M] () -- C:\Users\vacekp.CHATHB\Desktop\AutoCAD 2010.lnk
[2010.07.08 07:36:06 | 000,735,950 | ---- | M] () -- C:\Users\vacekp.CHATHB\Desktop\Chotěboř D8-7-2010.dwg
[2010.07.05 16:07:25 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010.07.05 15:41:49 | 1918,789,432 | ---- | M] () -- C:\Users\vacekp.CHATHB\Desktop\Prison.avi
========== Files Created - No Company Name ==========
[2010.08.02 18:05:38 | 000,293,376 | ---- | C] () -- C:\Users\vacekp.CHATHB\Desktop\gmer.exe
[2010.08.02 18:05:31 | 000,077,312 | ---- | C] () -- C:\Users\vacekp.CHATHB\Desktop\mbr.exe
[2010.08.02 15:51:06 | 000,077,312 | ---- | C] () -- C:\Windows\mbr.exe
[2010.07.16 12:05:35 | 000,167,085 | ---- | C] () -- C:\Users\vacekp.CHATHB\Desktop\valník.jpg
[2010.07.14 12:51:22 | 137,216,992 | ---- | C] () -- C:\Users\vacekp.CHATHB\Desktop\Powertool_1986_by_RapidRise.org.part2.rar
[2010.07.14 12:09:58 | 137,221,500 | ---- | C] () -- C:\Users\vacekp.CHATHB\Desktop\Powertool_1986_by_RapidRise.org.part1.rar
[2010.07.14 09:27:40 | 114,577,674 | ---- | C] () -- C:\Users\vacekp.CHATHB\Desktop\Comics_Pack_01.zip
[2010.07.08 07:36:06 | 000,735,950 | ---- | C] () -- C:\Users\vacekp.CHATHB\Desktop\Chotěboř D8-7-2010.dwg
[2010.07.05 15:40:41 | 1918,789,432 | ---- | C] () -- C:\Users\vacekp.CHATHB\Desktop\Prison.avi
[2010.02.01 14:43:56 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\vchelpex.sys
[2009.11.09 14:27:01 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.10.05 15:07:50 | 001,420,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.10.05 09:47:11 | 000,000,119 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.09.29 16:51:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.29 16:51:02 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.09.29 09:57:14 | 001,507,328 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2009.09.29 09:57:14 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2008.01.21 04:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2000.03.29 22:00:00 | 000,125,440 | ---- | C] () -- C:\Windows\SysWow64\UNZDLL.DLL
[1999.10.23 18:29:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\UNRAR.DLL
[1999.08.11 15:28:02 | 000,101,888 | ---- | C] () -- C:\Windows\SysWow64\LIBBZ2.DLL
[1999.05.21 21:10:00 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\ZIPDLL.DLL
[1998.01.28 00:06:04 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\UNACE.DLL
========== LOP Check ==========
[2010.04.28 10:36:46 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Autodesk
[2009.10.05 09:58:57 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\IrfanView
[2009.10.05 10:18:06 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Nokia
[2009.10.05 10:18:05 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\PC Suite
[2009.10.08 14:18:11 | 000,000,000 | ---D | M] -- C:\Users\vacekp\AppData\Roaming\Autodesk
[2010.04.16 14:46:44 | 000,000,000 | ---D | M] -- C:\Users\vacekp\AppData\Roaming\ICQ
[2009.10.05 13:44:31 | 000,000,000 | ---D | M] -- C:\Users\vacekp\AppData\Roaming\PC Suite
[2010.05.03 06:25:56 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\Autodesk
[2010.07.16 15:19:18 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\ICQ
[2010.04.28 12:32:17 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\PC Suite
[2010.08.02 16:53:49 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.04.11 09:10:53 | 001,555,968 | ---- | M] (Microsoft Corporation)
"ICQ" = "C:\PROGRA~2\ICQ6.5\ICQ.exe" silent -- [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.04.19 08:58:48 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\Adobe
[2010.05.03 06:25:56 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\Autodesk
[2010.07.16 15:19:18 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\ICQ
[2010.04.18 17:22:15 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\Identities
[2010.04.19 10:04:32 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\InstallShield
[2010.04.19 06:41:35 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\Macromedia
[2010.08.02 18:26:11 | 000,000,000 | --SD | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\Microsoft
[2010.04.19 07:55:06 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\Mozilla
[2010.04.19 07:52:09 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\Nero
[2010.04.28 12:32:17 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\PC Suite
[2010.07.14 12:14:45 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\vlc
[2010.06.23 10:05:30 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\Winamp
[2010.04.19 07:51:11 | 000,000,000 | ---D | M] -- C:\Users\vacekp.CHATHB\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2010.04.28 11:04:47 | 000,010,134 | R--- | M] () -- C:\Users\vacekp.CHATHB\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
< MD5 for: AGP440.SYS >
[2001.08.17 20:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\dllcache\agp440.sys
[2001.08.17 20:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\drivers\AGP440.SYS
[2001.08.17 22:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS
[2001.08.17 22:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\system32\drivers\AGP440.SYS
[2008.01.21 04:45:05 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:45:05 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
< MD5 for: ATAPI.SYS >
[2002.09.20 17:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\Driver Cache\i386\sp1.cab:atapi.sys
[2002.09.20 17:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\ServicePackFiles\i386\sp1.cab:atapi.sys
[2003.01.12 22:08:22 | 012,110,692 | ---- | M] () .cab file -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\Driver Cache\i386\sp1.cab:atapi.sys
[2003.01.12 22:08:22 | 012,110,692 | ---- | M] () .cab file -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\ServicePackFiles\i386\sp1.cab:atapi.sys
[2008.01.21 04:45:04 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2002.08.29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\ServicePackFiles\i386\atapi.sys
[2002.08.29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\drivers\atapi.sys
[2002.08.29 09:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\ServicePackFiles\i386\atapi.sys
[2002.08.29 09:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\system32\drivers\atapi.sys
[2001.08.17 20:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\$NtServicePackUninstall$\atapi.sys
[2001.08.17 20:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2001.10.25 13:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\$NtServicePackUninstall$\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
< MD5 for: CDROM.SYS >
[2002.09.20 17:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\Driver Cache\i386\sp1.cab:cdrom.sys
[2002.09.20 17:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\ServicePackFiles\i386\sp1.cab:cdrom.sys
[2003.01.12 22:08:22 | 012,110,692 | ---- | M] () .cab file -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\Driver Cache\i386\sp1.cab:cdrom.sys
[2003.01.12 22:08:22 | 012,110,692 | ---- | M] () .cab file -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\ServicePackFiles\i386\sp1.cab:cdrom.sys
[2008.01.21 04:45:08 | 000,079,872 | ---- | M] (Microsoft Corporation) MD5=3B2FB35363423ED60C8FBF15FC8680BD -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_bbc7f7665c24db80\cdrom.sys
[2002.08.29 00:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\ServicePackFiles\i386\cdrom.sys
[2002.08.29 00:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\drivers\cdrom.sys
[2002.08.29 09:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\ServicePackFiles\i386\cdrom.sys
[2002.08.29 09:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\system32\drivers\cdrom.sys
[2009.04.11 07:34:39 | 000,079,872 | ---- | M] (Microsoft Corporation) MD5=C025AA69BE3D0D25C7A2E746EF6F94FC -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_bdb370725946a6cc\cdrom.sys
[2002.05.30 13:00:00 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=CB762E814F602229A574F4D78D3D6A30 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\$NtServicePackUninstall$\cdrom.sys
[2001.10.25 13:00:00 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=CB762E814F602229A574F4D78D3D6A30 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2002.09.20 17:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\ServicePackFiles\i386\cryptsvc.dll
[2002.09.20 17:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\cryptsvc.dll
[2002.09.21 02:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\ServicePackFiles\i386\cryptsvc.dll
[2002.09.21 02:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\system32\cryptsvc.dll
[2009.04.11 09:11:14 | 000,166,912 | ---- | M] (Microsoft Corporation) MD5=18918613E63F387CDE4D95CA7D49DCF7 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_d409adf4504e8a6b\cryptsvc.dll
[2008.01.21 04:47:27 | 000,165,376 | ---- | M] (Microsoft Corporation) MD5=4374F784121D8B3BB466B03F5E5EBD33 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_d21e34e8532cbf1f\cryptsvc.dll
[2008.01.21 04:48:14 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2002.05.30 13:00:00 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=849D84F975D682B333AF158B8ABFD221 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\$NtServicePackUninstall$\cryptsvc.dll
[2001.10.25 13:00:00 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=849D84F975D682B333AF158B8ABFD221 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\$NtServicePackUninstall$\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2002.05.30 13:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=8DAEFE31BA545A98E07A976F7435CC5B -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\$NtServicePackUninstall$\eventlog.dll
[2001.10.25 13:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=8DAEFE31BA545A98E07A976F7435CC5B -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\$NtServicePackUninstall$\eventlog.dll
[2002.09.20 17:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\ServicePackFiles\i386\eventlog.dll
[2002.09.20 17:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\eventlog.dll
[2002.09.21 02:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\ServicePackFiles\i386\eventlog.dll
[2002.09.21 02:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2002.05.30 13:00:00 | 001,001,472 | ---- | M] (Microsoft Corporation) MD5=0348A56A9E9A658AE3AD15B42026498E -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\$NtServicePackUninstall$\explorer.exe
[2001.10.25 13:00:00 | 001,001,472 | ---- | M] (Microsoft Corporation) MD5=0348A56A9E9A658AE3AD15B42026498E -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\$NtServicePackUninstall$\explorer.exe
[2002.09.20 17:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\explorer.exe
[2002.09.20 17:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\ServicePackFiles\i386\explorer.exe
[2002.09.21 02:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\explorer.exe
[2002.09.21 02:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\ServicePackFiles\i386\explorer.exe
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:47:02 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:47:42 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: HAL.DLL >
[2002.09.20 17:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\Driver Cache\i386\sp1.cab:hal.dll
[2002.09.20 17:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\ServicePackFiles\i386\sp1.cab:hal.dll
[2003.01.12 22:08:22 | 012,110,692 | ---- | M] () .cab file -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\Driver Cache\i386\sp1.cab:hal.dll
[2003.01.12 22:08:22 | 012,110,692 | ---- | M] () .cab file -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\ServicePackFiles\i386\sp1.cab:hal.dll
[2002.08.29 00:05:06 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=14899FB16E1263BDC6E17AEC0A69BB97 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\ServicePackFiles\i386\hal.dll
[2002.08.29 09:05:06 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=14899FB16E1263BDC6E17AEC0A69BB97 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\ServicePackFiles\i386\hal.dll
[2009.04.11 09:15:31 | 000,233,448 | ---- | M] (Microsoft Corporation) MD5=822EA80D8E91D1BD5F31954348842AAA -- C:\Windows\winsxs\amd64_hal.inf_31bf3856ad364e35_6.0.6002.18005_none_612624babd6ea012\hal.dll
[2002.05.30 13:00:00 | 000,128,768 | ---- | M] (Microsoft Corporation) MD5=AF609C7C513B3857107FF875B26A57F2 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\$NtServicePackUninstall$\hal.dll
[2001.10.25 13:00:00 | 000,128,768 | ---- | M] (Microsoft Corporation) MD5=AF609C7C513B3857107FF875B26A57F2 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\$NtServicePackUninstall$\hal.dll
[2008.01.21 04:45:05 | 000,233,528 | ---- | M] (Microsoft Corporation) MD5=D63C785A6EF1A3DE684781698A0CC9AF -- C:\Windows\winsxs\amd64_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_5f3aabaec04cd4c6\hal.dll
[2002.08.29 00:05:04 | 000,127,872 | ---- | M] (Microsoft Corporation) MD5=E8D2B5D5186A9B93D7019D7A74D77A1E -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\HAL.DLL
[2002.08.29 09:05:04 | 000,127,872 | ---- | M] (Microsoft Corporation) MD5=E8D2B5D5186A9B93D7019D7A74D77A1E -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\system32\HAL.DLL
< MD5 for: IASTOR.SYS >
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.07.20 17:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
< MD5 for: IASTORV.SYS >
[2008.01.21 04:45:13 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
< MD5 for: IDECHNDR.SYS >
[2002.03.25 23:00:00 | 000,093,242 | ---- | M] (Intel Corporation) MD5=83C96EA7322B109A225D0A6C611D8881 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\drivers\IdeChnDr.sys
[2002.03.25 23:00:00 | 000,093,242 | ---- | M] (Intel Corporation) MD5=83C96EA7322B109A225D0A6C611D8881 -- C:\Pavel Vacek data\zaloha\Program Files\Intel\Intel Application Accelerator\Driver\idechndr.sys
< MD5 for: ISAPNP.SYS >
[2008.01.21 04:45:05 | 000,023,608 | ---- | M] (Microsoft Corporation) MD5=0672BFCEDC6FC468A2B0500D81437F4F -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\isapnp.sys
[2008.01.21 04:45:05 | 000,023,608 | ---- | M] (Microsoft Corporation) MD5=0672BFCEDC6FC468A2B0500D81437F4F -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\isapnp.sys
[2001.10.24 10:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\dllcache\isapnp.sys
[2001.10.24 10:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\drivers\isapnp.sys
[2002.05.30 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS.OLD\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
[2001.10.25 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\Pavel Vacek data\zaloha\Plocha\Zaloha\WINDOWS0.OLD\system32\drivers\isapnp.sys