Po fixie komputer uruchomił się normalnie. Następnie bez podłączania internetu przeskanowałem dysk Malwarebytes-em, po czym użyłem AdwCleaner-a. Po wymaganym przez program restarcie systemu problem zablokowanego komputera powrócił niestety na nowo. Po zabootowaniu płytki LiveCD i skorzystaniu z opcji fix na tym samym pliku fixlist system wystartował jednak na nowo. W załączniku fixlog, logi z Malwarebytes oraz log z FRST (nie wygenerowało dwóch) Pozdrawiam
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by Plonki (administrator) on SKRECALN-L0FRND on 25-10-2013 21:20:59
Running from C:\Documents and Settings\Plonki\Pulpit
Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polish
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\WINDOWS\System32\IoctlSvc.exe
(C-Media Electronic Inc. (www.cmedia.com.tw)) C:\WINDOWS\Mixer.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [C-Media Mixer] - Mixer.exe /startup
HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2004-08-03] (ATI Technologies, Inc.)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [570664 2008-04-28] (Nero AG)
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-02] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976 2009-01-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2009-01-09] (Brother Industries, Ltd.)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll ()
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2008-02-28] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2008-02-28] (Nero AG)
Startup: C:\Documents and Settings\Plonki\Menu Start\Programy\Autostart\488zwla8.lnk
ShortcutTarget: 488zwla8.lnk - & gt; C:\DOCUME~1\ALLUSE~1\DANEAP~1\8alwz884.dss ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wyborcza.pl/0,0.html?p=139
SearchScopes: HKLM - DefaultScope value is missing.
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\programy\Reader\ActiveX\AcroIEHelper.ocx ()
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - & Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - & Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.172.224.160 89.231.1.206
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Plonki\Dane aplikacji\Mozilla\Firefox\Profiles\n07l64td.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2321 - E:\PROGRAMY\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1483 - E:\PROGRAMY\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - E:\PROGRAMY\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Documents and Settings\Plonki\Dane aplikacji\Mozilla\Firefox\Profiles\n07l64td.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml
FF Extension: McAfee SiteAdvisor - C:\Documents and Settings\Plonki\Dane aplikacji\Mozilla\Firefox\Profiles\n07l64td.default\Extensions\{1650a312-02bc-40ee-977e-83f158701739}
FF Extension: No Name - C:\Documents and Settings\Plonki\Dane aplikacji\Mozilla\Firefox\Profiles\n07l64td.default\Extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}.xpi
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
========================== Services (Whitelisted) =================
S3 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [389120 2004-08-03] ()
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-08-03] ()
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 winmgmt; C:\DOCUME~1\ALLUSE~1\DANEAP~1\8alwz884.dss [131072 2013-10-22] ()
R2 JavaQuickStarterService; " C:\Program Files\Java\jre6\bin\jqs.exe " -service -config " C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf "
==================== Drivers (Whitelisted) ====================
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 cmpci; C:\Windows\System32\drivers\cmaudio.sys [280782 2001-10-30] (C-Media Inc)
R3 dtscsi; C:\Windows\System32\Drivers\dtscsi.sys [223128 2008-12-21] ()
R3 FETNDISB; C:\Windows\System32\DRIVERS\fetnd5b.sys [41984 2003-04-24] (VIA Technologies, Inc. )
R2 MSF32; E:\PROGRAMY\MySecretFolder\MSF32.SYS [32128 2006-04-22] (WinAbility® Software Corporation)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-01] (MCCI Corporation)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2002-09-29] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [642560 2008-12-21] ()
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-26 01:15 - 2013-10-26 01:15 - 00000000 ____D C:\FRST
2013-10-25 23:11 - 2013-10-25 23:11 - 00061248 _____ C:\OTL.Txt
2013-10-25 23:11 - 2013-10-25 23:11 - 00000000 ___SD C:\Documents and Settings\Administrator\IETldCache
2013-10-25 19:50 - 2013-10-25 19:52 - 00000000 ____D C:\AdwCleaner
2013-10-25 19:49 - 2013-10-25 17:44 - 01060070 _____ C:\Documents and Settings\Plonki\Pulpit\AdwCleaner.exe
2013-10-25 19:48 - 2013-10-25 16:48 - 01088113 _____ (Farbar) C:\Documents and Settings\Plonki\Pulpit\FRST.exe
2013-10-24 21:21 - 2013-10-25 12:14 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-22 20:57 - 2013-10-25 23:11 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-22 20:57 - 2013-10-24 22:21 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-22 20:57 - 2013-10-22 20:57 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji
2013-10-22 20:57 - 2008-12-06 17:35 - 00001599 _____ C:\Documents and Settings\Administrator\Menu Start\Programy\Pomoc zdalna.lnk
2013-10-22 20:57 - 2008-12-06 17:35 - 00000792 _____ C:\Documents and Settings\Administrator\Menu Start\Programy\Windows Media Player.lnk
2013-10-22 20:57 - 2008-12-06 17:35 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start\Programy\Akcesoria
2013-10-22 20:57 - 2008-12-06 17:35 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start\Programy
2013-10-22 20:57 - 2008-12-06 17:34 - 00000000 ___SD C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia
2013-10-22 20:57 - 2008-12-06 17:32 - 00000000 ___HD C:\Documents and Settings\Administrator\Szablony
2013-10-22 20:57 - 2008-12-06 17:25 - 00000000 __RHD C:\Documents and Settings\Administrator\Dane aplikacji
2013-10-22 20:57 - 2008-12-06 17:25 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart
2013-10-22 20:57 - 2008-12-06 17:25 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start
2013-10-22 20:57 - 2008-12-06 17:25 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne
2013-10-22 20:57 - 2008-12-06 17:25 - 00000000 ____D C:\Documents and Settings\Administrator\Ulubione
2013-10-22 20:57 - 2008-12-06 17:25 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit
2013-10-22 20:57 - 2008-12-06 17:25 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty
2013-10-22 07:45 - 2013-10-25 21:17 - 95025368 ____T C:\Documents and Settings\All Users\Dane aplikacji\488zwla8.bxx
2013-10-22 07:45 - 2013-10-25 21:17 - 00000000 _____ C:\Documents and Settings\All Users\Dane aplikacji\488zwla8.fvv
2013-10-22 07:45 - 2013-10-22 07:45 - 00131072 _____ C:\Documents and Settings\All Users\Dane aplikacji\8alwz884.dss
2013-10-17 20:23 - 2013-10-17 20:23 - 00000000 ____D C:\Documents and Settings\Plonki\Pulpit\Nowy folder (2)
2013-10-10 20:26 - 2013-10-10 20:40 - 00000000 ____D C:\Documents and Settings\Plonki\Pulpit\fiza
==================== One Month Modified Files and Folders =======
2013-10-26 01:15 - 2013-10-26 01:15 - 00000000 ____D C:\FRST
2013-10-25 23:11 - 2013-10-25 23:11 - 00061248 _____ C:\OTL.Txt
2013-10-25 23:11 - 2013-10-25 23:11 - 00000000 ___SD C:\Documents and Settings\Administrator\IETldCache
2013-10-25 23:11 - 2013-10-22 20:57 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-25 21:20 - 2008-12-06 17:40 - 00000000 ____D C:\Documents and Settings\Plonki\Pulpit
2013-10-25 21:17 - 2013-10-22 07:45 - 95025368 ____T C:\Documents and Settings\All Users\Dane aplikacji\488zwla8.bxx
2013-10-25 21:17 - 2013-10-22 07:45 - 00000000 _____ C:\Documents and Settings\All Users\Dane aplikacji\488zwla8.fvv
2013-10-25 21:17 - 2012-10-07 09:59 - 00329761 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-25 21:17 - 2012-10-07 09:17 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-25 21:17 - 2008-12-06 17:39 - 00032474 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-25 21:17 - 2008-12-06 17:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-25 21:17 - 2008-12-06 17:28 - 00000259 _____ C:\WINDOWS\wiadebug.log
2013-10-25 21:17 - 2008-12-06 17:28 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-25 21:17 - 2008-12-06 17:25 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji
2013-10-25 19:53 - 2008-12-06 17:40 - 00000188 ___SH C:\Documents and Settings\Plonki\ntuser.ini
2013-10-25 19:52 - 2013-10-25 19:50 - 00000000 ____D C:\AdwCleaner
2013-10-25 19:52 - 2008-12-06 17:40 - 00000000 __RHD C:\Documents and Settings\Plonki\Dane aplikacji
2013-10-25 19:52 - 2008-12-06 17:40 - 00000000 ___HD C:\Documents and Settings\Plonki\Ustawienia lokalne\Dane aplikacji
2013-10-25 19:44 - 2012-10-07 09:17 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-25 19:39 - 2008-12-06 17:40 - 00000000 ____D C:\Documents and Settings\Plonki
2013-10-25 17:44 - 2013-10-25 19:49 - 01060070 _____ C:\Documents and Settings\Plonki\Pulpit\AdwCleaner.exe
2013-10-25 16:48 - 2013-10-25 19:48 - 01088113 _____ (Farbar) C:\Documents and Settings\Plonki\Pulpit\FRST.exe
2013-10-25 15:31 - 2013-08-22 19:36 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji\tor
2013-10-25 12:14 - 2013-10-24 21:21 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-24 22:21 - 2013-10-22 20:57 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-22 21:04 - 2013-08-22 19:39 - 00000294 _____ C:\WINDOWS\Tasks\CPU Grid Computing.job
2013-10-22 20:57 - 2013-10-22 20:57 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji
2013-10-22 20:32 - 2012-10-14 11:44 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-22 07:45 - 2013-10-22 07:45 - 00131072 _____ C:\Documents and Settings\All Users\Dane aplikacji\8alwz884.dss
2013-10-22 07:45 - 2008-12-06 17:40 - 00000000 ___RD C:\Documents and Settings\Plonki\Menu Start\Programy\Autostart
2013-10-20 13:00 - 2002-09-29 00:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-18 18:10 - 2013-03-08 15:59 - 00000000 ____D C:\Documents and Settings\Plonki\Dane aplikacji\vlc
2013-10-17 20:23 - 2013-10-17 20:23 - 00000000 ____D C:\Documents and Settings\Plonki\Pulpit\Nowy folder (2)
2013-10-14 13:04 - 2013-08-17 19:47 - 00003682 _____ C:\Documents and Settings\Plonki\Moje dokumenty\PrawkoB2013P.tmp
2013-10-10 20:41 - 2012-10-07 09:18 - 00000000 ____D C:\Program Files\Opera
2013-10-10 20:40 - 2013-10-10 20:26 - 00000000 ____D C:\Documents and Settings\Plonki\Pulpit\fiza
2013-10-05 19:37 - 2012-12-09 11:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
Some content of TEMP:
====================
C:\Documents and Settings\Plonki\Ustawienia lokalne\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2002-09-29 00:00] - [2004-08-04 00:44] - 1033728 ____A (Microsoft Corporation) 379098a96e6c165b659de7e4328010ea
C:\Windows\System32\winlogon.exe
[2002-09-29 00:00] - [2004-08-04 00:44] - 0504832 ____A (Microsoft Corporation) 0344407089b08548d4feba62bb0f32d0
C:\Windows\System32\svchost.exe
[2002-09-29 00:00] - [2004-08-04 00:44] - 0014336 ____A (Microsoft Corporation) ba98327e90022dbd6ee76490e0622e2e
C:\Windows\System32\services.exe
[2002-09-29 00:00] - [2004-08-04 00:44] - 0108544 ____A (Microsoft Corporation) 3da8d964d2cc12ef8e8c342471a37917
C:\Windows\System32\User32.dll
[2002-09-29 00:00] - [2004-08-04 00:44] - 0578560 ____A (Microsoft Corporation) 0c81764f50f32d376e6e4b9e9f4b01a0
C:\Windows\System32\userinit.exe
[2002-09-29 00:00] - [2004-08-04 00:44] - 0025088 ____A (Microsoft Corporation) bd768099b4c44aa631728cb74eb54396
C:\Windows\System32\Drivers\volsnap.sys
[2002-09-29 00:00] - [2004-08-04 00:36] - 0052864 ____A (Microsoft Corporation) ecd173739b8ec10a814cc18653df5a36
==================== End Of Log ============================