otl.txt
OTL logfile created on: 2011.08.15. 10:40:18 - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Buci\Asztal
Windows XP Home Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.
511,49 Mb Total Physical Memory | 224,91 Mb Available Physical Memory | 43,97% Memory free
1,97 Gb Paging File | 1,45 Gb Available in Paging File | 73,47% Paging File free
Paging file location(s): D:\pagefile.sys 1536 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 5,53 Gb Free Space | 37,79% Space Free | Partition Type: NTFS
Drive D: | 59,87 Gb Total Space | 56,98 Gb Free Space | 95,17% Space Free | Partition Type: NTFS
Computer Name: SZAMITOGEP | User Name: Buci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011.08.15 10:35:45 | 000,579,584 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\OTL.exe
PRC - [2011.07.08 07:55:36 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.16 18:22:36 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011.06.16 18:20:10 | 000,071,824 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011.05.30 13:39:02 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011.05.30 13:39:00 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.11.30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
========== Modules (No Company Name) ========== MOD - [2011.08.15 10:35:45 | 000,579,584 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\OTL.exe
========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.07.08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.16 18:22:36 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.05.30 13:39:02 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.04.14 20:41:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
========== Driver Services (SafeList) ========== DRV - [2011.08.15 10:28:14 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C86A340E-4B72-423C-AA5E-0FF24943D492}\MpKsl3ed45888.sys -- (MpKsl3ed45888)
DRV - [2011.07.08 07:55:36 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.16 18:20:10 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011.05.30 13:38:54 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2004.08.17 16:19:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.05.06 05:15:18 | 000,020,156 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2001.08.17 22:13:12 | 000,016,925 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w940nd.sys -- (w89c940)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.hu/IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010.11.06 18:27:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.08.10 10:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.28 14:04:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 19:16:09 | 000,000,000 | ---D | M]
[2009.09.24 11:34:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Extensions
[2009.07.05 15:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011.08.11 13:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions
[2011.08.11 13:34:36 | 000,000,000 | ---D | M] (ZoneAlarm Security Suite Community Toolbar) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}
[2011.08.07 09:19:25 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011.05.08 07:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions\nostmp
[2011.06.23 11:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.03.16 12:30:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.23 11:18:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.06.28 14:04:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.08 07:53:33 | 000,002,933 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bluu.xml
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011.05.01 06:33:28 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.05.08 07:53:33 | 000,000,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-hu.xml
[2011.05.01 06:33:28 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\polymeta.xml
[2011.05.08 07:53:33 | 000,001,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sztaki-en-hu.xml
[2011.05.08 07:53:33 | 000,000,974 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vatera.xml
[2011.05.08 07:53:33 | 000,001,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hu.xml
O1 HOSTS File: ([2011.08.14 10:50:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\ShellBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501}
http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565}
http://messenger.zone.msn.com/binary/So ... b56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24}
http://messenger.zone.msn.com/Messenger ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
https://download.macromedia.com/pub/sho ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}
http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.147.80.30 195.56.172.157
O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Lanka.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Lanka.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.14 19:24:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (
http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2011.08.14 18:44:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.08.14 17:26:02 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011.08.12 21:33:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Buci\Recent
[2011.08.12 21:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Application Data\Malwarebytes
[2011.08.12 21:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.12 21:17:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.08.12 21:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.08.12 21:16:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.08.12 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.12 21:08:13 | 009,545,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Buci\Asztal\mbam-setup.exe
[2011.08.12 16:25:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.08.12 16:20:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.08.12 16:20:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.08.12 16:20:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.08.12 16:20:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.08.12 16:19:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.08.12 16:19:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.12 14:54:04 | 004,171,976 | R--- | C] (Swearware) -- C:\Documents and Settings\Buci\Asztal\ComboFix.exe
[2011.08.12 11:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Asztal\rsit
[2011.08.12 11:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Downloads
[2011.08.10 10:54:16 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011.08.10 10:43:50 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011.08.09 23:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Dokumentumok\ForceField Shared Files
[2011.08.09 23:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Application Data\CheckPoint
[2011.08.09 23:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011.08.09 23:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Local Settings\Application Data\ZoneAlarm_Security_Suite
[2011.08.09 23:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Local Settings\Application Data\Conduit
[2011.08.09 23:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security_Suite
[2011.08.09 23:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2011.08.09 23:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011.08.09 23:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011.08.09 21:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.09 15:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011.08.09 15:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011.08.09 15:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011.08.09 15:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011.08.07 19:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Asztal\klánlogo
[2011.07.18 20:08:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011.07.18 17:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Asztal\vbs-bat progik
[2011.07.18 15:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Asztal\vbs-bat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011.08.15 11:09:03 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011.08.15 10:44:19 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.15 10:44:14 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.15 10:35:45 | 000,579,584 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\OTL.exe
[2011.08.15 10:33:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.08.15 10:27:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.14 13:32:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.08.14 10:50:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.08.14 10:28:37 | 004,171,976 | R--- | M] (Swearware) -- C:\Documents and Settings\Buci\Asztal\ComboFix.exe
[2011.08.14 10:21:07 | 000,555,008 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\RogueKiller.exe
[2011.08.12 21:17:23 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.08.12 21:17:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes' Anti-Malware.lnk
[2011.08.12 21:11:15 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Buci\Asztal\mbam-setup.exe
[2011.08.12 16:25:11 | 000,000,336 | RHS- | M] () -- C:\boot.ini
[2011.08.12 16:11:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.12 16:09:53 | 000,000,220 | ---- | M] () -- C:\Boot.bak
[2011.08.12 11:29:30 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\RSIT.exe
[2011.08.10 13:49:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.08.09 23:31:11 | 000,411,107 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011.08.09 23:15:42 | 000,000,139 | ---- | M] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2011.08.09 20:50:10 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011.08.09 15:34:45 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\CCleaner.lnk
[2011.07.27 17:36:11 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\Microsoft Office Word 2003.lnk
[2011.07.25 17:09:21 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011.07.19 13:55:50 | 000,008,937 | ---- | M] () -- C:\Documents and Settings\Buci\Dokumentumok\Kedvenc téma.Theme
[2011.07.19 09:36:26 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Buci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2011.08.15 10:35:19 | 000,579,584 | ---- | C] () -- C:\Documents and Settings\Buci\Asztal\OTL.exe
[2011.08.14 10:19:12 | 000,555,008 | ---- | C] () -- C:\Documents and Settings\Buci\Asztal\RogueKiller.exe
[2011.08.12 21:17:23 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Buci\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.08.12 21:17:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes' Anti-Malware.lnk
[2011.08.12 16:25:11 | 000,000,220 | ---- | C] () -- C:\Boot.bak
[2011.08.12 16:25:05 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2011.08.12 16:20:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.08.12 16:20:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.08.12 16:20:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.08.12 16:20:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.08.12 16:20:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.08.12 11:26:41 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Buci\Asztal\RSIT.exe
[2011.08.09 23:21:10 | 000,411,107 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011.08.09 15:42:23 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2011.08.09 15:34:45 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\CCleaner.lnk
[2011.08.09 15:33:04 | 000,001,012 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.09 15:33:03 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.19 13:55:49 | 000,008,937 | ---- | C] () -- C:\Documents and Settings\Buci\Dokumentumok\Kedvenc téma.Theme
[2011.06.28 09:46:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2011.06.22 15:26:00 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WA.INI
[2011.06.19 08:49:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.02.20 15:51:26 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2010.12.14 19:23:17 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TC.INI
[2010.12.14 19:19:58 | 000,246,784 | ---- | C] () -- C:\WINDOWS\UN160407.EXE
[2009.07.05 15:23:09 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.06.24 09:43:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.22 22:21:29 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Buci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.14 21:46:07 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.04.14 21:28:06 | 000,000,388 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.04.14 21:13:17 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.04.14 21:10:22 | 001,482,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.04.14 20:36:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2009.04.14 20:36:55 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009.04.14 20:36:54 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.14 20:36:54 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.14 20:36:49 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009.04.14 20:09:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.04.14 20:09:32 | 000,004,437 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2009.04.14 19:44:25 | 000,003,005 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.04.14 19:34:03 | 000,020,156 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2009.04.14 19:28:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.04.14 19:21:13 | 000,021,948 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.18 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.18 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 14:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.18 14:00:00 | 000,303,356 | ---- | C] () -- C:\WINDOWS\System32\perfh00E.dat
[2004.08.18 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 14:00:00 | 000,264,338 | ---- | C] () -- C:\WINDOWS\System32\perfi00E.dat
[2004.08.18 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 14:00:00 | 000,057,716 | ---- | C] () -- C:\WINDOWS\System32\perfc00E.dat
[2004.08.18 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 14:00:00 | 000,043,990 | ---- | C] () -- C:\WINDOWS\System32\perfd00E.dat
[2004.08.18 14:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.18 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.18 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.18 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ========== [2009.04.14 19:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011.08.09 23:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2009.04.14 19:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\ACD Systems
[2011.03.15 13:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Blender Foundation
[2011.08.09 23:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\CheckPoint
[2009.04.22 22:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\COWON
[2010.12.11 19:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\ImgBurn
[2011.02.24 18:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\iSpring Solutions
[2009.04.18 23:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\KompoZer
[2011.01.24 22:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\LimeWire
[2010.12.11 19:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\MusicIP
[2011.05.19 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\OpenCandy
[2011.01.24 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\pokerth
[2011.01.30 11:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\SendSpace
[2011.08.15 10:33:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011.08.15 11:09:03 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
========== Purity Check ========== ========== Custom Scans ========== < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 18:02:12 | 000,015,360 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =
< c:\windows\*.* /U >[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*. >[2009.04.14 19:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011.03.03 15:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.10.18 11:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2011.08.09 23:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011.08.12 21:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.30 08:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011.02.09 18:21:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009.04.14 20:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2011.02.11 18:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.03.16 12:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010.09.30 08:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
< %ALLUSERSPROFILE%\Application Data\*.exe /s >[2010.09.21 20:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\6128\AcrobatUpdater.exe
[2010.09.21 20:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\6128\AdobeARM.exe
[2010.09.21 20:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\6128\ReaderUpdater.exe
< %APPDATA%\*. >[2009.04.14 19:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\ACD Systems
[2011.02.20 09:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Adobe
[2011.03.15 13:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Blender Foundation
[2011.08.09 23:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\CheckPoint
[2009.04.22 22:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\COWON
[2010.12.06 22:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Help
[2009.04.14 19:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Identities
[2010.12.11 19:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\ImgBurn
[2011.02.24 18:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\iSpring Solutions
[2009.04.18 23:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\KompoZer
[2011.01.24 22:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\LimeWire
[2009.05.23 21:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Macromedia
[2011.08.12 21:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Malwarebytes
[2011.08.09 15:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Media Player Classic
[2011.04.22 16:28:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Buci\Application Data\Microsoft
[2011.01.15 20:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\mIRC
[2009.09.24 11:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Mozilla
[2010.12.11 19:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\MusicIP
[2009.04.17 07:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Nero
[2011.05.19 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\OpenCandy
[2011.01.24 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\pokerth
[2009.05.30 13:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Real
[2011.01.30 11:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\SendSpace
[2011.02.11 14:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\skypePM
[2009.07.05 15:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Sun
[2009.04.14 20:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Talkback
[2009.04.14 19:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Yahoo!
< %APPDATA%\*.exe /s >[2009.07.05 15:56:27 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
[2009.07.05 15:56:28 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\updater.exe
[2009.07.05 15:56:28 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
[2009.07.05 15:56:28 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
[2009.07.05 15:56:28 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpidl.exe
[2009.07.05 15:56:28 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
[2009.07.05 15:56:28 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
[2009.07.05 15:56:29 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009.07.05 15:56:30 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
[2010.09.01 15:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe
[2011.05.19 17:14:57 | 000,416,160 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\OpenCandy\OpenCandy_7B3A6BBE1A944741A1FD9613005D549E\LatestDLMgr.exe
[2011.01.30 11:56:29 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\SendSpace\GamesBar-Silent.rsendspace.asendspace.dl.exe
< MD5 for: AGP440.SYS >[2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\AGP440.SYS
< MD5 for: ATAPI.SYS >[2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: AUTOCHK.EXE >[2008.04.14 18:02:08 | 000,605,184 | ---- | M] (Microsoft Corporation) MD5=73D5C3AA8CD7A8FEDC05A6AD6BCFE684 -- C:\cmdcons\autochk.exe
[2008.04.14 18:02:08 | 000,605,184 | ---- | M] (Microsoft Corporation) MD5=73D5C3AA8CD7A8FEDC05A6AD6BCFE684 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 18:02:08 | 000,605,184 | ---- | M] (Microsoft Corporation) MD5=73D5C3AA8CD7A8FEDC05A6AD6BCFE684 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 14:00:00 | 000,605,184 | ---- | M] (Microsoft Corporation) MD5=9E8636075B6F0F16C8724E12EC084F2C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >[2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CHANGER.SYS >[2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: CRYPTSVC.DLL >[2008.04.14 18:01:48 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=13CB7FC794D005D60712FDD9F1362235 -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 18:01:48 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=13CB7FC794D005D60712FDD9F1362235 -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 18:01:48 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=13CB7FC794D005D60712FDD9F1362235 -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >[2008.04.14 18:01:50 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 18:01:50 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 18:01:50 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >[2004.08.18 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=5BF20DA8E16049C4BE8E15EEE1F427C1 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 18:02:16 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=AD3A8A9E8914439852A98CE48015E237 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 18:02:16 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=AD3A8A9E8914439852A98CE48015E237 -- C:\WINDOWS\explorer.exe
[2008.04.14 18:02:16 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=AD3A8A9E8914439852A98CE48015E237 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.29 17:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe
< MD5 for: HAL.DLL >[2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.18 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: ISAPNP.SYS >[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.14 17:40:20 | 000,037,504 | ---- | M] (Microsoft Corporation) MD5=3685529CAA2B14C9632E85E265BA293B -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 17:40:20 | 000,037,504 | ---- | M] (Microsoft Corporation) MD5=3685529CAA2B14C9632E85E265BA293B -- C:\WINDOWS\system32\drivers\isapnp.sys
[2004.08.18 14:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) MD5=AE9857353A6D45F101C4496789585C25 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
< MD5 for: LSASS.EXE >[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 18:02:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=21844F6DA13ECE4737D0B7524EDEB6EC -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 18:02:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=21844F6DA13ECE4737D0B7524EDEB6EC -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 18:02:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=21844F6DA13ECE4737D0B7524EDEB6EC -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 18:01:56 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 18:01:56 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 18:01:56 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\system32\netlogon.dll
[2009.02.06 20:47:21 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=EDA679C0437291C5E283466E91F86F8D -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:21 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=EDA679C0437291C5E283466E91F86F8D -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
< MD5 for: SCECLI.DLL >[2008.04.14 18:01:59 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 18:01:59 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 18:01:59 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\system32\scecli.dll
[2004.08.18 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: SMSS.EXE >[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=6B0B3C8487EA447BDD155FB52222A156 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 18:02:29 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=A03C3BF7E45ECC9775D3CE653086FAA1 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 18:02:29 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=A03C3BF7E45ECC9775D3CE653086FAA1 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE