Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

preventivka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: preventivka

#16 Příspěvek od motji »

Karanténa, soubor se nalézá v tempu, musel by jste si odkrýt skryté a systémopvé soubory a skutečně to bude vir.

:arrow: Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
teabe
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 06 říj 2010 16:12

Re: preventivka

#17 Příspěvek od teabe »

Automatická kontrola: dokončeno před 7 hod. (události: 60, objekty: 787822, čas: 03:13:27)
21.10.2010 22:17:14 Úloha byla spuštěna
21.10.2010 23:34:34 Zjištěno: Trojan.Win32.Agent2.cvzz C:\Program Files\VirtualDJ\virtualdj_trial.exe/#
21.10.2010 23:34:39 Zjištěno: HEUR:Trojan.Win32.Generic C:\Program Files\VirtualDJ\virtualdj_trial.exe
21.10.2010 23:34:39 Odstraněno: HEUR:Trojan.Win32.Generic C:\Program Files\VirtualDJ\virtualdj_trial.exe
21.10.2010 23:34:39 Odstraněno: HEUR:Trojan.Win32.Generic C:\Program Files\VirtualDJ\virtualdj_trial.exe
21.10.2010 23:39:23 Chyba zpracování C:\Documents and Settings\TBE\AppData\Local\Microsoft\Outlook\archive.pst Chyba čtení
22.10.2010 0:48:01 Zjištěno: Trojan-PSW.Win32.Agent.uaf D:\System Volume Information\_restore{CB6D94E6-8830-4C82-95ED-BF5D6ABDA458}\RP3\A0000084.DLL
22.10.2010 0:48:02 Odstraněno: Trojan-PSW.Win32.Agent.uaf D:\System Volume Information\_restore{CB6D94E6-8830-4C82-95ED-BF5D6ABDA458}\RP3\A0000084.DLL

22.10.2010 1:30:41 Úloha byla dokončena
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: preventivka

#18 Příspěvek od motji »

Fajn, jak to vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
teabe
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 06 říj 2010 16:12

Re: preventivka

#19 Příspěvek od teabe »

pořád to samé, beze změny
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: preventivka

#20 Příspěvek od motji »

:arrow: Smažte cache Opery/Firefoxu bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/

- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
- zatrhněte Select All a pak klikněte na Empty Selected

pozor - přijdete o všechna hesla uložená ve FF /Opere!

- Na záložce main zaškrtněte All users temp a potvrdte Empty selected

:arrow: Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-počítač se restartuje



:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.





:arrow: Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
teabe
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 06 říj 2010 16:12

Re: preventivka

#21 Příspěvek od teabe »

OTL logfile created on: 22.10.2010 20:46:17 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\TBE\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 179,09 Gb Free Space | 76,93% Space Free | Partition Type: NTFS
Drive D: | 298,07 Gb Total Space | 118,57 Gb Free Space | 39,78% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 43,60 Gb Free Space | 9,36% Space Free | Partition Type: NTFS

Computer Name: TBE-PC | User Name: TBE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.10.22 20:41:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\TBE\Desktop\OTL.exe
PRC - [2010.10.06 22:33:07 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010.10.06 22:33:06 | 002,183,680 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2010.09.14 21:28:56 | 000,923,096 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe
PRC - [2010.09.14 21:28:56 | 000,015,320 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
PRC - [2010.08.26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.08.12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010.08.12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010.04.29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.04.29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010.03.03 21:11:14 | 000,651,264 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2010.02.25 11:02:02 | 000,716,616 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.02.25 10:59:54 | 001,047,880 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.01.06 03:43:40 | 000,155,648 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2009.12.07 07:13:14 | 000,397,312 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.31 00:48:42 | 000,348,160 | ---- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008.09.01 00:50:20 | 000,062,848 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAB4RPK.EXE


========== Modules (SafeList) ==========

MOD - [2010.10.22 20:41:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\TBE\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.10.10 14:23:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.06 22:33:07 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.09.22 21:44:19 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.08.12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.08.12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.04.29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.25 10:59:54 | 001,047,880 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.25 10:56:02 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.07 07:13:14 | 000,397,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009.10.31 00:48:42 | 000,348,160 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) Protokol PNRP (Peer Name Resolution Protocol)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalační program ovládacích prvků ActiveX (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010.10.22 08:59:15 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\utg0nde3.sys -- (utg0nde3)
DRV - [2010.10.06 22:33:06 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.09.22 22:00:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.08.26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.08.26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.08.26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.29 13:31:26 | 000,136,632 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010.07.29 13:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010.07.29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.07.29 13:31:26 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2010.07.29 13:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.04.08 13:18:16 | 001,223,040 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerA706.sys -- (AVerA706)
DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.03.18 11:01:44 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010.03.18 11:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2010.02.25 10:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.12.01 11:11:28 | 001,872,192 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2009.08.23 05:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvuků USB (WDM)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1180685898-3153258582-3348036494-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1180685898-3153258582-3348036494-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1180685898-3153258582-3348036494-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-1180685898-3153258582-3348036494-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1180685898-3153258582-3348036494-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1180685898-3153258582-3348036494-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010.10.06 22:33:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010.10.06 21:44:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.09.22 22:02:11 | 000,000,000 | ---D | M]

[2010.10.06 21:39:29 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Mozilla\Extensions
[2010.10.06 21:39:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TBE\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.10.06 21:39:29 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Mozilla\Firefox\Profiles\pgpnyrnd.default\extensions
[2010.10.06 21:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.22 21:26:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010.09.22 21:26:27 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006.10.26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009.12.21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

O1 HOSTS File: ([2010.10.21 21:17:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-1180685898-3153258582-3348036494-1001\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1180685898-3153258582-3348036494-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1180685898-3153258582-3348036494-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1180685898-3153258582-3348036494-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1180685898-3153258582-3348036494-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-1180685898-3153258582-3348036494-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.21 00:44:02 | 000,000,000 | R--D | M] - D:\Automobily -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.10.22 20:41:40 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\TBE\Desktop\OTL.exe
[2010.10.21 22:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.10.21 22:15:08 | 000,000,000 | ---D | C] -- C:\Users\TBE\Desktop\Virus Removal Tool
[2010.10.21 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\TBE\Desktop\viry.cz
[2010.10.21 21:32:14 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Local\ElevatedDiagnostics
[2010.10.21 17:31:20 | 000,000,000 | ---D | C] -- C:\Users\TBE\Desktop\Nová složka (2)
[2010.10.21 13:44:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.10.21 13:44:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.10.21 13:34:27 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Local\temp
[2010.10.21 13:24:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.10.21 13:19:00 | 001,749,065 | -H-- | C] () -- C:\Users\TBE\AppData\Local\IconCache.db
[2010.10.21 10:36:42 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2010.10.19 11:23:18 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\teamspeak2
[2010.10.19 11:23:13 | 000,034,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm
[2010.10.19 11:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak2_RC2
[2010.10.19 11:19:08 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\TS3Client
[2010.10.18 21:14:51 | 000,000,000 | ---D | C] -- C:\Users\TBE\Desktop\Nová složka
[2010.10.18 12:18:42 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2010.10.18 12:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\NCsoft
[2010.10.15 18:39:55 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.15 18:39:55 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.15 18:39:46 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.15 18:39:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.15 18:39:37 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010.10.15 18:39:24 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.15 18:39:23 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.12 13:13:06 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.10.12 13:13:06 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.10.12 13:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010.10.12 13:12:05 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Winamp
[2010.10.12 13:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010.10.12 10:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010.10.11 23:23:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.10.11 15:48:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.11 15:48:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.11 15:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.10.11 11:53:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010.10.10 21:54:36 | 000,000,000 | ---D | C] -- C:\Users\TBE\Desktop\fotoo
[2010.10.10 14:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.10.10 14:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.10.09 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\skypePM
[2010.10.09 22:15:06 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Skype
[2010.10.09 22:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.10.09 20:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.10.09 20:41:00 | 000,000,000 | ---D | C] -- C:\Users\TBE\Documents\Adobe
[2010.10.09 20:24:43 | 000,000,000 | ---D | C] -- C:\Adobe Premiere Pro CS3
[2010.10.08 19:15:39 | 000,000,000 | ---D | C] -- C:\Users\TBE\Desktop\Ambiente
[2010.10.06 22:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010.10.06 22:33:06 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Spyware Terminator
[2010.10.06 22:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.10.06 22:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.10.06 21:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 6
[2010.10.06 20:37:30 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Jpeg Resampler
[2010.10.06 20:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.10.06 18:54:08 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Malwarebytes
[2010.10.06 18:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.06 17:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.10.06 16:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010.10.06 16:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.10.05 23:32:02 | 000,005,632 | ---- | C] () -- C:\Users\TBE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 23:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.10.04 17:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010.10.04 17:37:09 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Comdlg32.ocx
[2010.10.04 17:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVN Products
[2010.10.04 17:33:18 | 000,000,000 | ---D | C] -- C:\Users\TBE\Documents\My muvees
[2010.10.04 17:32:28 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxsfs.dll
[2010.10.04 17:32:28 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\px.dll
[2010.10.04 17:32:28 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxdrv.dll
[2010.10.04 17:32:28 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxwave.dll
[2010.10.04 17:32:28 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxmas.dll
[2010.10.04 17:32:28 | 000,158,456 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxwma.dll
[2010.10.04 17:32:28 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\vxblock.dll
[2010.10.04 17:32:28 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxhpinst.exe
[2010.10.04 17:32:28 | 000,002,560 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys
Naposledy upravil(a) teabe dne 22 říj 2010 20:13, celkem upraveno 2 x.
Nahoru
teabe
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 06 říj 2010 16:12

Re: preventivka

#22 Příspěvek od teabe »

[2010.10.04 17:32:28 | 000,002,560 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys
[2010.10.04 17:32:28 | 000,002,432 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys
[2010.10.04 17:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\muvee Technologies
[2010.10.04 17:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010.10.04 17:31:23 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\InstallShield
[2010.10.04 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\TBE\Desktop\100OLYMP
[2010.10.01 00:20:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.09.30 17:22:26 | 000,135,168 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNAB4EMU.DLL
[2010.09.30 17:22:26 | 000,069,632 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNAB4SMK.DLL
[2010.09.30 17:22:26 | 000,062,848 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNAB4RPK.EXE
[2010.09.30 17:22:26 | 000,028,672 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNAB4PTU.DLL
[2010.09.30 15:14:35 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010.09.30 15:14:26 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.09.30 15:14:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.09.30 15:14:25 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.09.30 15:14:25 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.09.30 15:14:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.09.30 15:14:25 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.09.30 15:14:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.09.30 15:14:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.09.30 15:04:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.29 12:15:01 | 000,000,000 | ---D | C] -- C:\Users\TBE\Documents\VirtualDJ
[2010.09.28 23:16:01 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Local\Speedchecker
[2010.09.28 21:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.09.28 15:20:07 | 000,000,000 | ---D | C] -- C:\Users\TBE\Documents\MAGIX downloads
[2010.09.28 15:20:04 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\MAGIX
[2010.09.28 15:18:39 | 000,917,504 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe
[2010.09.28 15:18:39 | 000,724,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLAV32.dll
[2010.09.28 15:18:39 | 000,278,528 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRES32.dll
[2010.09.28 15:18:39 | 000,221,184 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDRV32.dll
[2010.09.28 15:18:39 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDEV32.dll
[2010.09.28 15:18:39 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCPY32.dll
[2010.09.28 15:18:39 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDA32.dll
[2010.09.28 15:18:39 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIO32.dll
[2010.09.28 15:18:39 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRF32.dll
[2010.09.28 15:18:39 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPNT32.dll
[2010.09.28 15:18:39 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\STRING32.dll
[2010.09.28 15:18:39 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPTL32.dll
[2010.09.28 15:18:39 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDF32.dll
[2010.09.28 15:18:39 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLTPO32.dll
[2010.09.28 15:18:39 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRJ32.dll
[2010.09.28 15:18:39 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIMG32.dll
[2010.09.28 15:18:39 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRD32.dll
[2010.09.28 15:18:39 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLMSC32.dll
[2010.09.28 15:18:39 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLISO32.dll
[2010.09.28 15:18:39 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDIR32.dll
[2010.09.28 15:18:39 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTIC32.dll
[2010.09.28 15:18:39 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTI32.dll
[2010.09.28 15:18:39 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIX.dll
[2010.09.28 15:18:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2010.09.28 15:18:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2010.09.28 15:18:24 | 000,000,000 | ---D | C] -- C:\Users\TBE\Documents\MAGIX_MusicMaker16Premium_Download_Version
[2010.09.28 15:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2010.09.28 15:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2010.09.27 12:12:34 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\Windows\System32\WNASPINT.DLL
[2010.09.26 22:18:37 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\muvee Technologies
[2010.09.26 22:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\muvee Technologies
[2010.09.26 21:52:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.09.26 10:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.09.26 10:42:24 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\DivX
[2010.09.26 10:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.09.26 10:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010.09.26 10:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010.09.26 10:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.09.24 13:11:25 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll
[2010.09.24 13:11:25 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\REX Shared Library.dll
[2010.09.24 13:08:17 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Propellerhead Software
[2010.09.24 13:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software
[2010.09.24 13:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Propellerhead
[2010.09.23 19:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\QIP
[2010.09.23 19:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.09.23 07:08:56 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.09.23 07:08:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2010.09.23 05:18:08 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.09.23 05:18:08 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.09.23 05:18:08 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.09.23 05:13:37 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.09.23 05:13:37 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.09.23 05:13:36 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.09.23 05:13:15 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.09.23 05:13:15 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.09.23 05:13:10 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.09.23 05:13:10 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.09.23 05:13:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.09.23 05:13:09 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.09.23 05:13:09 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.09.23 05:13:08 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.09.23 05:13:06 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.09.23 05:13:06 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.09.23 05:13:06 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.09.23 05:13:06 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.09.23 05:13:06 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.09.23 05:13:06 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.09.23 05:13:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.09.23 05:13:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.09.23 05:13:03 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.09.23 05:13:03 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.09.23 05:12:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.09.23 05:12:57 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.09.23 05:12:57 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.09.23 05:12:57 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.09.23 05:12:09 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.09.23 05:12:09 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.09.23 05:11:58 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.09.23 05:11:57 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.09.23 05:11:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.09.23 05:11:50 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.09.23 05:11:50 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.09.23 05:11:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.09.23 00:25:11 | 001,872,192 | ---- | C] (C-Media Inc) -- C:\Windows\System32\drivers\cmudax3.sys
[2010.09.23 00:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.09.23 00:16:04 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Leadertech
[2010.09.23 00:15:39 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.09.23 00:15:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.09.23 00:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010.09.23 00:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010.09.23 00:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010.09.23 00:14:43 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Logitech
[2010.09.23 00:14:43 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Logishrd
[2010.09.22 23:58:16 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\ATI
[2010.09.22 23:58:16 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Local\ATI
[2010.09.22 23:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.09.22 23:52:32 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Media Player Classic
[2010.09.22 23:17:35 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\mp3fhg.acm
[2010.09.22 23:17:35 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010.09.22 23:17:35 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2010.09.22 23:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010.09.22 22:51:32 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.09.22 22:51:32 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Adobe Mini Bridge CS5
[2010.09.22 22:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.09.22 22:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010.09.22 22:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010.09.22 22:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010.09.22 22:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.09.22 22:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.09.22 22:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.09.22 22:33:27 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Local\Adobe
[2010.09.22 22:19:50 | 000,129,576 | ---- | C] () -- C:\Users\TBE\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.22 22:13:10 | 008,151,040 | ---- | C] (C-Media Corporation) -- C:\Windows\System\CMICNFG3.cpl
[2010.09.22 22:12:51 | 000,319,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2010.09.22 22:12:50 | 000,036,864 | ---- | C] (C-Media Electronics Ins.) -- C:\Windows\System32\cmudax3.DLL
[2010.09.22 22:02:48 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\ESET
[2010.09.22 22:02:48 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Local\ESET
[2010.09.22 22:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010.09.22 22:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.09.22 22:00:05 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010.09.22 21:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.09.22 21:59:41 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\DAEMON Tools Lite
[2010.09.22 21:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.09.22 21:59:36 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Local\Ahead
[2010.09.22 21:59:04 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Ahead
[2010.09.22 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010.09.22 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010.09.22 21:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\JPEG Resampler
[2010.09.22 21:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010.09.22 21:49:26 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\uTorrent
[2010.09.22 21:49:06 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\WinRAR
[2010.09.22 21:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.09.22 21:46:20 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010.09.22 21:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.09.22 21:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.09.22 21:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.09.22 21:45:14 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.09.22 21:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.09.22 21:44:24 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.09.22 21:44:21 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.09.22 21:44:21 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.09.22 21:44:14 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\TuneUp Software
[2010.09.22 21:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010.09.22 21:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010.09.22 21:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.09.22 21:43:25 | 000,000,000 | ---D | C] -- C:\Users\TBE\Documents\AVerTV
[2010.09.22 21:43:18 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.09.22 21:43:18 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010.09.22 21:43:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.09.22 21:42:54 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Local\Microsoft Help
[2010.09.22 21:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.09.22 21:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.09.22 21:42:35 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010.09.22 21:41:17 | 000,028,672 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNAB4LMK.DLL
[2010.09.22 21:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010.09.22 21:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.09.22 21:40:47 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.09.22 21:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVerTV
[2010.09.22 21:40:40 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Local\AVerMedia
[2010.09.22 21:40:28 | 000,102,400 | ---- | C] (AVerMedia Technologies, Inc.) -- C:\Windows\System32\CardID.dll
[2010.09.22 21:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVerMedia
[2010.09.22 21:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVerMedia
[2010.09.22 21:39:45 | 001,223,040 | ---- | C] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Windows\System32\drivers\AVerA706.sys
[2010.09.22 21:39:45 | 000,163,768 | ---- | C] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Windows\System32\MVDetection.ax
[2010.09.22 21:39:45 | 000,081,920 | ---- | C] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Windows\System32\TVRate.dll
[2010.09.22 21:39:45 | 000,000,000 | ---D | C] -- C:\Windows\Driver Cache
[2010.09.22 21:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVerMedia
[2010.09.22 21:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010.09.22 21:37:36 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010.09.22 21:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010.09.22 21:37:29 | 000,000,000 | ---D | C] -- C:\Intel
[2010.09.22 21:36:50 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.09.22 21:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010.09.22 21:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010.09.22 21:30:40 | 000,000,000 | ---D | C] -- C:\ATI
[2010.09.22 21:26:53 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Macromedia
[2010.09.22 21:26:53 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Adobe
[2010.09.22 21:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.09.22 21:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.09.22 21:26:30 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.09.22 21:26:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.22 21:26:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.22 21:26:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.22 21:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.09.22 21:26:13 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.09.22 21:25:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.09.22 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Mozilla
[2010.09.22 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Local\Mozilla
[2010.09.22 21:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.09.22 21:18:55 | 000,000,000 | R--D | C] -- C:\Users\TBE\Searches
[2010.09.22 21:18:48 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Identities
[2010.09.22 21:18:47 | 000,000,000 | R--D | C] -- C:\Users\TBE\Contacts
[2010.09.22 21:18:40 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Local\VirtualStore
[2010.09.22 21:18:39 | 002,621,440 | -HS- | C] () -- C:\Users\TBE\NTUSER.DAT
[2010.09.22 21:18:39 | 000,524,288 | -HS- | C] () -- C:\Users\TBE\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.09.22 21:18:39 | 000,524,288 | -HS- | C] () -- C:\Users\TBE\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.09.22 21:18:39 | 000,262,144 | -HS- | C] () -- C:\Users\TBE\ntuser.dat.LOG1
[2010.09.22 21:18:39 | 000,065,536 | -HS- | C] () -- C:\Users\TBE\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.09.22 21:18:39 | 000,000,020 | -HS- | C] () -- C:\Users\TBE\ntuser.ini
[2010.09.22 21:18:39 | 000,000,000 | --SD | C] -- C:\Users\TBE\AppData\Roaming\Microsoft
[2010.09.22 21:18:39 | 000,000,000 | R--D | C] -- C:\Users\TBE\Videos
[2010.09.22 21:18:39 | 000,000,000 | R--D | C] -- C:\Users\TBE\Saved Games
[2010.09.22 21:18:39 | 000,000,000 | R--D | C] -- C:\Users\TBE\Pictures
[2010.09.22 21:18:39 | 000,000,000 | R--D | C] -- C:\Users\TBE\Music
[2010.09.22 21:18:39 | 000,000,000 | R--D | C] -- C:\Users\TBE\Links
[2010.09.22 21:18:39 | 000,000,000 | R--D | C] -- C:\Users\TBE\Favorites
[2010.09.22 21:18:39 | 000,000,000 | R--D | C] -- C:\Users\TBE\Downloads
[2010.09.22 21:18:39 | 000,000,000 | R--D | C] -- C:\Users\TBE\Dokumenty
[2010.09.22 21:18:39 | 000,000,000 | R--D | C] -- C:\Users\TBE\Desktop
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\AppData\Local\Temporary Internet Files
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\Šablony
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\Soubory cookie
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\SendTo
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\Poslední
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\Okolní tiskárny
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\Okolní síť
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\Documents\Obrázky
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\Nabídka Start
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\Local Settings
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\Documents\Hudba
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\AppData\Local\History
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\Documents\Filmy
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\Dokumenty
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\Data aplikací
[2010.09.22 21:18:39 | 000,000,000 | -HSD | C] -- C:\Users\TBE\AppData\Local\Data aplikací
[2010.09.22 21:18:39 | 000,000,000 | -HS- | C] () -- C:\Users\TBE\ntuser.dat.LOG2
[2010.09.22 21:18:39 | 000,000,000 | -H-D | C] -- C:\Users\TBE\AppData
[2010.09.22 21:18:39 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Local\Microsoft
[2010.09.22 21:18:39 | 000,000,000 | ---D | C] -- C:\Users\TBE\AppData\Roaming\Media Center Programs
[2010.09.22 21:16:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Šablony
[2010.09.22 21:16:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Plocha
[2010.09.22 21:16:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Obrázky
[2010.09.22 21:16:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Oblíbené položky
[2010.09.22 21:16:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Nabídka Start
[2010.09.22 21:16:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Hudba
[2010.09.22 21:16:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Filmy
[2010.09.22 21:16:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2010.09.22 21:16:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Data aplikací
[2010.09.22 21:16:46 | 000,000,000 | ---D | C] -- C:\Recovery
[2010.09.22 21:12:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.09.22 21:09:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.09.22 21:09:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2009.07.14 06:41:57 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini

========== Files - Modified Within 30 Days ==========

[2010.10.22 20:45:21 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.22 20:45:21 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.22 20:45:19 | 000,634,308 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.10.22 20:45:19 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.22 20:45:19 | 000,122,898 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.10.22 20:45:19 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.22 20:41:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\TBE\Desktop\OTL.exe
[2010.10.22 20:40:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.22 20:40:06 | 2616,545,280 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.22 08:59:15 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\utg0nde3.sys
[2010.10.22 00:59:18 | 000,000,478 | -HS- | M] () -- C:\Windows\setup_9.0.0.722_21.10.2010_21-19drv.spi
[2010.10.21 21:17:10 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.10.21 10:37:52 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2010.10.20 23:21:08 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.10.19 15:39:48 | 000,134,032 | ---- | M] () -- C:\Users\TBE\Desktop\sdsd.jpg
[2010.10.19 15:35:34 | 000,133,273 | ---- | M] () -- C:\Users\TBE\Desktop\8.1.jpg
[2010.10.19 11:23:13 | 000,034,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm
[2010.10.19 11:23:09 | 000,000,952 | ---- | M] () -- C:\Users\TBE\Desktop\Teamspeak 2 RC2.lnk
[2010.10.18 12:26:59 | 000,001,085 | ---- | M] () -- C:\Users\TBE\Desktop\L2 – zástupce.lnk
[2010.10.18 12:18:44 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Lineage II.lnk
[2010.10.15 19:59:02 | 003,999,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.12 13:13:07 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010.10.12 10:53:16 | 000,001,096 | ---- | M] () -- C:\Users\TBE\Desktop\EVEREST Ultimate Edition.lnk
[2010.10.12 10:48:11 | 1545,095,325 | ---- | M] () -- C:\Users\TBE\Desktop\Lineage_II_Freya.zip
[2010.10.12 10:44:00 | 000,000,969 | ---- | M] () -- C:\Users\TBE\Desktop\CCleaner.lnk
[2010.10.11 15:48:19 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.11 11:40:57 | 000,103,840 | ---- | M] () -- C:\Users\TBE\Desktop\monsterenergy.ai
[2010.10.10 22:52:06 | 011,360,360 | ---- | M] () -- C:\Users\TBE\Documents\1010225134DVB-TNOVA.mpg
[2010.10.10 14:34:26 | 000,001,161 | ---- | M] () -- C:\Users\TBE\Desktop\Adobe Premiere Pro CS3.lnk
[2010.10.09 22:15:56 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010.10.08 19:58:33 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.06 22:34:09 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.10.06 22:33:06 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.10.06 21:44:49 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 6.lnk
[2010.10.05 23:59:30 | 024,046,588 | ---- | M] () -- C:\Users\TBE\Desktop\new muvee 002.wmv
[2010.10.05 23:41:56 | 000,005,632 | ---- | M] () -- C:\Users\TBE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 23:10:46 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\Create instant home movies.lnk
[2010.10.04 17:32:36 | 000,001,406 | ---- | M] () -- C:\Users\Public\Desktop\Home movies made easy!.lnk
[2010.10.04 17:17:42 | 001,856,503 | ---- | M] () -- C:\Users\TBE\Desktop\P9300001.jpg
[2010.10.04 17:00:09 | 000,196,275 | ---- | M] () -- C:\Users\TBE\Desktop\Bez názvu-1.jpg
[2010.10.04 16:09:34 | 094,617,600 | ---- | M] () -- C:\Users\TBE\Desktop\PA040036.MP4
[2010.10.04 16:00:50 | 060,243,968 | ---- | M] () -- C:\Users\TBE\Desktop\PA040035.MP4
[2010.10.01 00:30:36 | 000,000,979 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.imi
[2010.09.30 17:22:49 | 000,001,158 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk
[2010.09.30 16:05:31 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.09.29 12:14:56 | 000,060,416 | RHS- | M] () -- C:\Windows\System32\KBDBLR1.dll
[2010.09.26 10:42:38 | 000,001,585 | ---- | M] () -- C:\Users\TBE\Desktop\DivX Movies.lnk
[2010.09.26 10:42:21 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.09.24 13:11:25 | 000,368,640 | ---- | M] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll
[2010.09.24 13:11:25 | 000,233,472 | ---- | M] (Propellerhead Software AB) -- C:\Windows\System32\REX Shared Library.dll
[2010.09.24 13:07:07 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Reason.lnk
[2010.09.24 10:14:41 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Aktualizovat ESET licenci.lnk
[2010.09.23 19:50:55 | 000,000,903 | ---- | M] () -- C:\Users\TBE\Desktop\QIP 2005.lnk
[2010.09.23 10:53:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.09.23 10:53:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.09.23 09:36:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.09.23 01:11:54 | 000,000,410 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.cfl
[2010.09.23 01:11:54 | 000,000,136 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2010.09.23 01:11:49 | 000,000,121 | ---- | M] () -- C:\Windows\System\Cmicnfg3.ini
[2010.09.23 01:07:54 | 000,000,025 | ---- | M] () -- C:\Windows\mixerdef.ini
[2010.09.22 22:00:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010.09.22 22:00:05 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.09.22 21:59:33 | 000,002,700 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.09.22 21:51:52 | 000,000,972 | ---- | M] () -- C:\Users\TBE\Desktop\JPEG Resampler.lnk
[2010.09.22 21:49:51 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010.09.22 21:46:56 | 000,034,308 | ---- | M] () -- C:\Windows\System32\BASSMOD.dll
[2010.09.22 21:46:36 | 000,002,693 | ---- | M] () -- C:\Users\TBE\Desktop\Microsoft Office Outlook 2007.lnk
[2010.09.22 21:44:18 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.09.22 21:40:36 | 000,002,254 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
[2010.09.22 21:40:36 | 000,002,212 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
[2010.09.22 21:40:36 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\AVerTV 6.lnk
[2010.09.22 21:39:22 | 000,000,020 | ---- | M] () -- C:\Windows\8ö«
[2010.09.22 21:37:20 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010.09.22 21:26:27 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.09.22 21:26:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.22 21:26:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.22 21:26:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.22 21:18:57 | 000,001,417 | ---- | M] () -- C:\Users\TBE\Desktop\Internet Explorer.lnk
[2010.09.22 21:14:19 | 000,068,220 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.09.22 21:12:35 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

========== Files Created - No Company Name ==========

[2010.10.22 08:59:14 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utg0nde3.sys
[2010.10.21 23:34:38 | 000,000,478 | -HS- | C] () -- C:\Windows\setup_9.0.0.722_21.10.2010_21-19drv.spi
[2010.10.19 15:39:47 | 000,134,032 | ---- | C] () -- C:\Users\TBE\Desktop\sdsd.jpg
[2010.10.19 15:35:33 | 000,133,273 | ---- | C] () -- C:\Users\TBE\Desktop\8.1.jpg
[2010.10.19 11:23:09 | 000,000,952 | ---- | C] () -- C:\Users\TBE\Desktop\Teamspeak 2 RC2.lnk
[2010.10.18 12:26:59 | 000,001,085 | ---- | C] () -- C:\Users\TBE\Desktop\L2 – zástupce.lnk
[2010.10.18 12:18:44 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\Lineage II.lnk
[2010.10.18 12:18:42 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2010.10.12 13:13:07 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010.10.12 10:53:16 | 000,001,096 | ---- | C] () -- C:\Users\TBE\Desktop\EVEREST Ultimate Edition.lnk
[2010.10.12 10:44:00 | 000,000,969 | ---- | C] () -- C:\Users\TBE\Desktop\CCleaner.lnk
[2010.10.12 08:48:33 | 1545,095,325 | ---- | C] () -- C:\Users\TBE\Desktop\Lineage_II_Freya.zip
[2010.10.11 15:48:19 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.11 11:40:57 | 000,103,840 | ---- | C] () -- C:\Users\TBE\Desktop\monsterenergy.ai
[2010.10.10 22:51:34 | 011,360,360 | ---- | C] () -- C:\Users\TBE\Documents\1010225134DVB-TNOVA.mpg
[2010.10.10 14:34:26 | 000,001,161 | ---- | C] () -- C:\Users\TBE\Desktop\Adobe Premiere Pro CS3.lnk
[2010.10.09 22:15:56 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.10.08 19:58:33 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.06 22:34:09 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.10.06 22:33:06 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.10.04 17:17:40 | 001,856,503 | ---- | C] () -- C:\Users\TBE\Desktop\P9300001.jpg
[2010.10.04 16:56:43 | 094,617,600 | ---- | C] () -- C:\Users\TBE\Desktop\PA040036.MP4
[2010.10.04 16:56:31 | 060,243,968 | ---- | C] () -- C:\Users\TBE\Desktop\PA040035.MP4
[2010.10.04 13:31:05 | 000,196,275 | ---- | C] () -- C:\Users\TBE\Desktop\Bez názvu-1.jpg
[2010.09.30 17:22:49 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk
[2010.09.30 16:05:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.29 12:14:56 | 000,060,416 | RHS- | C] () -- C:\Windows\System32\KBDBLR1.dll
[2010.09.28 15:18:39 | 000,038,492 | ---- | C] () -- C:\Windows\System32\DLLAV32.lib
[2010.09.28 15:17:51 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.09.23 10:53:18 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.09.23 10:53:18 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.09.23 09:36:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.09.23 01:07:54 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini
[2010.09.22 23:17:37 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.09.22 23:17:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.09.22 23:17:35 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.09.22 23:17:35 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.09.22 23:17:35 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.09.22 22:13:10 | 000,557,056 | ---- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2010.09.22 22:13:10 | 000,143,360 | ---- | C] () -- C:\Windows\System\VmixP6.dll
[2010.09.22 22:13:10 | 000,010,134 | ---- | C] () -- C:\Windows\cmeauPCI.ico
[2010.09.22 22:13:10 | 000,000,410 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2010.09.22 22:13:10 | 000,000,136 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2010.09.22 22:12:51 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010.09.22 22:12:51 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010.09.22 22:12:51 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2010.09.22 22:12:51 | 000,000,979 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2010.09.22 22:12:51 | 000,000,121 | ---- | C] () -- C:\Windows\System\Cmicnfg3.ini
[2010.09.22 21:51:52 | 000,000,972 | ---- | C] () -- C:\Users\TBE\Desktop\JPEG Resampler.lnk
[2010.09.22 21:49:51 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010.09.22 21:46:56 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010.09.22 21:46:36 | 000,002,693 | ---- | C] () -- C:\Users\TBE\Desktop\Microsoft Office Outlook 2007.lnk
[2010.09.22 21:44:18 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.09.22 21:40:36 | 000,002,254 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
[2010.09.22 21:40:36 | 000,002,212 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
[2010.09.22 21:40:36 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\AVerTV 6.lnk
[2010.09.22 21:40:28 | 000,606,208 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2010.09.22 21:40:28 | 000,311,296 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2010.09.22 21:40:28 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2010.09.22 21:40:28 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2010.09.22 21:40:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2010.09.22 21:40:28 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2010.09.22 21:40:28 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2010.09.22 21:40:28 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2010.09.22 21:40:28 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2010.09.22 21:39:45 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2010.09.22 21:39:22 | 000,000,020 | ---- | C] () -- C:\Windows\8ö«
[2010.09.22 21:18:57 | 000,001,417 | ---- | C] () -- C:\Users\TBE\Desktop\Internet Explorer.lnk
[2010.09.22 21:12:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.22 21:09:46 | 2616,545,280 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========


[2010.09.23 00:16:04 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Leadertech
[2010.09.28 15:20:04 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\MAGIX
[2010.10.05 23:11:04 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\muvee Technologies
[2010.09.24 13:11:54 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Propellerhead Software
[2010.10.22 06:24:58 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Spyware Terminator
[2010.09.22 22:51:32 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2009.07.14 06:53:46 | 000,012,358 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.10.14 22:08:59 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Adobe
[2010.09.22 22:51:32 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Adobe Mini Bridge CS5
[2010.10.17 20:01:20 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Ahead
[2010.09.22 23:58:16 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\ATI
[2010.09.24 13:06:43 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\DAEMON Tools Lite
[2010.09.26 23:09:08 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\DivX
[2010.09.22 22:02:48 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\ESET
[2010.09.22 21:18:48 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Identities
[2010.10.04 17:31:23 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\InstallShield
[2010.10.06 20:37:40 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Jpeg Resampler
[2010.09.23 00:16:04 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Leadertech
[2010.09.23 00:14:57 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Logishrd
[2010.09.23 00:16:10 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Logitech
[2010.09.22 21:26:53 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Macromedia
[2010.09.28 15:20:04 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\MAGIX
[2010.10.06 18:54:08 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Malwarebytes
[2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Media Center Programs
[2010.10.22 20:42:29 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Media Player Classic
[2010.09.28 23:20:05 | 000,000,000 | --SD | M] -- C:\Users\TBE\AppData\Roaming\Microsoft
[2010.09.30 16:20:30 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Mozilla
[2010.10.05 23:11:04 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\muvee Technologies
[2010.09.24 13:11:54 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Propellerhead Software
[2010.10.09 22:54:51 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Skype
[2010.10.09 22:15:56 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\skypePM
[2010.10.22 06:24:58 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Spyware Terminator
[2010.09.22 22:51:32 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.10.19 11:23:19 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\teamspeak2
[2010.10.19 11:20:08 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\TS3Client
[2010.09.22 21:44:14 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\TuneUp Software
[2010.10.22 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\uTorrent
[2010.10.21 22:11:37 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\Winamp
[2010.09.22 21:49:06 | 000,000,000 | ---D | M] -- C:\Users\TBE\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2010.09.23 00:16:04 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\TBE\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe


< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010.09.29 12:14:56 | 000,060,416 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\KBDBLR1.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2010.09.29 12:14:56 | 000,060,416 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\KBDBLR1.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.10.20 23:21:08 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.10.22 08:59:15 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\utg0nde3.sys

< %systemroot%\system32\*.* /3 >
[2010.10.22 20:45:21 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.22 20:45:21 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.21 10:37:52 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2010.10.22 20:45:19 | 000,122,898 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.10.22 20:45:19 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.22 20:45:19 | 000,634,308 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.10.22 20:45:19 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.22 20:45:19 | 001,478,586 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:7F4E393D

< End of report >
Naposledy upravil(a) teabe dne 22 říj 2010 20:14, celkem upraveno 1 x.
Nahoru
teabe
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 06 říj 2010 16:12

Re: preventivka

#23 Příspěvek od teabe »

OTL Extras logfile created on: 22.10.2010 20:46:17 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\TBE\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 179,09 Gb Free Space | 76,93% Space Free | Partition Type: NTFS
Drive D: | 298,07 Gb Total Space | 118,57 Gb Free Space | 39,78% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 43,60 Gb Free Space | 9,36% Space Free | Partition Type: NTFS

Computer Name: TBE-PC | User Name: TBE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1180685898-3153258582-3348036494-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "C:\Program Files\JPEG Resampler\JpegResampler.exe" "%1" (David Macek)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06092909-8851-C581-F990-7195076FDAEF}" = CCC Help Czech
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1ED3EBF6-A130-4B3B-B01A-C29B067798B3}" = CCC Help Finnish
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage® II: The Chaotic Throne - Freya
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{33B670D7-8A06-DA5B-0341-5630D1E12007}" = ccc-core-static
"{3B4325A0-43CD-10D1-64F6-BD2F90DCB756}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB8CE13-3DDF-4FC0-93C1-C70B69388B34}" = muvee HD Addon
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F8B39A4-B7CE-B036-941C-A8DB57676B04}" = CCC Help Norwegian
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF9BBA-E137-7309-7BF9-567ADAB6B4E6}" = CCC Help Turkish
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51AD839D-CE11-B9E3-227D-03BC89F227C8}" = CCC Help Danish
"{539F9408-904B-4302-A975-F1C781D7D076}" = ESET Smart Security
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55043DDE-D718-C7F7-9B4C-2B3D818D8A1F}" = Catalyst Control Center InstallProxy
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5D8A076D-F75E-A149-10D8-87338721AA3A}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62161867-51F1-9FB8-0E6E-FE49D89CBB71}" = CCC Help Dutch
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6494E146-418F-85E1-142E-D2F122C75274}" = ccc-utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A7E9B60-4698-F505-CAD3-05F8AB22FB61}" = CCC Help Russian
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75794DD1-5D69-4E33-A141-C3D4B0724C71}" = Catalyst Control Center Graphics Previews Common
"{7B312BFD-6C04-4409-AB6F-DD41CCD67463}" = muvee autoProducer 6.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9ED77550-AF66-2B7E-97E1-34B3BFDEAC6D}" = CCC Help Swedish
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.0 - Czech
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B46E38DB-F929-4EA6-BBB1-BE9873A0F1F4}" = muvee Reveal
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8454B5F-4122-864C-002D-31F878D2CBF4}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11029}" = Nero 7 Premium
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FE4466A3-76B3-A9F4-9B22-150D6F8B4647}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"AVerMedia M135-Series PCI TV Tuner" = AVerMedia M135-Series PCI TV Tuner 3.6.0.15
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 2.0.8.0
"AviSynth" = AviSynth 2.5
"Canon LBP2900" = Canon LBP2900
"CCleaner" = CCleaner
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"InstallShield_{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"JPEG Resampler_is1" = JPEG Resampler Vs 4.7
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"MiNODLogin" = ESET Antivirus License Finder (MiNODLogin)
"Mozilla Firefox 4.0b6 (x86 cs)" = Mozilla Firefox 4.0b6 (x86 cs)
"Reason4_is1" = Reason 4.0
"SP6" = Logitech SetPoint 6.15
"Spyware Terminator_is1" = Spyware Terminator
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TuneUp Utilities" = TuneUp Utilities
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1180685898-3153258582-3348036494-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.10.2010 18:31:26 | Computer Name = TBE-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 18.10.2010 7:09:47 | Computer Name = TBE-PC | Source = VSS | ID = 8194
Description =

Error - 18.10.2010 18:31:46 | Computer Name = TBE-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 19.10.2010 4:44:08 | Computer Name = TBE-PC | Source = VSS | ID = 8194
Description =

Error - 19.10.2010 18:31:58 | Computer Name = TBE-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 20.10.2010 16:53:53 | Computer Name = TBE-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: L2.exe, verze: 0.0.0.0, časové razítko:
0x4c736b12 Název chybujícího modulu: NWindow.DLL, verze: 0.0.0.0, časové razítko:
0x4c736b0b Kód výjimky: 0xc0000005 Posun chyby: 0x00283ba2 ID chybujícího procesu:
0x1618 Čas spuštění chybující aplikace: 0x01cb70394fc36128 Cesta k chybující aplikaci:
C:\Program Files\NCsoft\Lineage II\system\L2.exe Cesta k chybujícímu modulu: C:\Program
Files\NCsoft\Lineage II\system\NWindow.DLL ID zprávy: 2519d17f-dc8c-11df-86a4-00221595a34e

Error - 20.10.2010 18:46:39 | Computer Name = TBE-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 21.10.2010 7:23:17 | Computer Name = TBE-PC | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 2.0.0.3909 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
15e4 Čas spuštění: 01cb71124e67f744 Čas ukončení: 17 Cesta k aplikaci: C:\Program
Files\Mozilla Firefox 4.0 Beta 6\firefox.exe ID hlášení: 97ae2a89-dd05-11df-89ab-00221595a34e


Error - 22.10.2010 0:11:57 | Computer Name = TBE-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 22.10.2010 6:54:38 | Computer Name = TBE-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: L2.exe, verze: 0.0.0.0, časové razítko:
0x4c736b12 Název chybujícího modulu: NWindow.DLL, verze: 0.0.0.0, časové razítko:
0x4c736b0b Kód výjimky: 0xc0000005 Posun chyby: 0x00283ba2 ID chybujícího procesu:
0x11bc Čas spuštění chybující aplikace: 0x01cb71cb4ceb0a12 Cesta k chybující aplikaci:
C:\Program Files\NCsoft\Lineage II\system\L2.exe Cesta k chybujícímu modulu: C:\Program
Files\NCsoft\Lineage II\system\NWindow.DLL ID zprávy: c32c1e8a-ddca-11df-b8a5-00221595a34e

[ System Events ]
Error - 21.10.2010 22:11:51 | Computer Name = TBE-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error - 21.10.2010 22:11:53 | Computer Name = TBE-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error - 21.10.2010 22:11:55 | Computer Name = TBE-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error - 21.10.2010 22:11:57 | Computer Name = TBE-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error - 21.10.2010 22:11:59 | Computer Name = TBE-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error - 21.10.2010 22:12:01 | Computer Name = TBE-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error - 21.10.2010 22:12:04 | Computer Name = TBE-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error - 21.10.2010 22:12:06 | Computer Name = TBE-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error - 21.10.2010 22:12:08 | Computer Name = TBE-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error - 21.10.2010 22:12:10 | Computer Name = TBE-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.


< End of report >
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: preventivka

#24 Příspěvek od motji »

Než napíšu skript na smazání, co máte jako disk 0? Tento systémový?
Error - 21.10.2010 22:12:10 | Computer Name = TBE-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Vypadá to, že by mohl být poškozený :o
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
teabe
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 06 říj 2010 16:12

Re: preventivka

#25 Příspěvek od teabe »

vůbec netuším, dá se to nějak zjistit?
Nahoru
teabe
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 06 říj 2010 16:12

Re: preventivka

#26 Příspěvek od teabe »

disk 0 není systémový, jen data
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: preventivka

#27 Příspěvek od motji »

:arrow: Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:7F4E393D

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\users\TBE\AppData\Local\Temp\svchost.exe
C:\users\TBE\AppData\Local\Temp\*.* /s

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde :)






:arrow: Dejte soubor otestovat na http://www.virustotal.com

C:\Windows\System32\KBDBLR1.dll
C:\Windows\System32\LocationApi.dll


-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače




:arrow: Tuto složku znáte?
C:\Windows\8ö«


Dá se to zjistit ve správci disků, což už jste asi učinil :) .
Takže si stahnete HD tune a uděláte Error scan - zvolte ten datový disk, pokud tam budou nějaká červená políčka, dejte sem screen.
Vypadá to, že je disk poškozený, pokud na něm máte nějaká důležitá data, co nejdříve je zálohujte jinam, ať o ně nepřijdete :!: . Disk může fungovat dál nějakou dobu,ale taky Vám může ze dne na den odejít a už z něj data nedostanete.


:arrow: Stahněte HD tune http://www.slunecnice.cz/sw/hd-tune/
-zvolete poslední záložku Error scan
-dejte skenovat, trvá to kolem hodiny.
-pak napište jestli jste měl nějaká políčka červená
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
teabe
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 06 říj 2010 16:12

Re: preventivka

#28 Příspěvek od teabe »

Kód: Vybrat vše

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\ProgramData\TEMP:7F4E393D deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\users\TBE\AppData\Local\Temp\svchost.exe not found.
C:\users\TBE\AppData\Local\Temp\AdobeARM.log moved successfully.
C:\users\TBE\AppData\Local\Temp\averp.xml moved successfully.
C:\users\TBE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\users\TBE\AppData\Local\Temp\LuUpdater.log moved successfully.
C:\users\TBE\AppData\Local\Temp\PDApp.log moved successfully.
C:\users\TBE\AppData\Local\Temp\Word8.0\MSForms.exd moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: TBE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 76495905 bytes
->Flash cache emptied: 1012 bytes
 
User: user
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1356 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 73,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TBE
->Flash cache emptied: 0 bytes
 
User: user
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.16.0 log created on 10222010_213749

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
C:\Windows\System32\KBDBLR1.dll - nemám oprávnění k otevření
C:\Windows\System32\LocationApi.dll - 0 nalezených

C:\Windows\8ö« - neznám
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: preventivka

#29 Příspěvek od motji »

Než ještě smažeme ten jeden soubor, můžete se mrknout, co je v té složce?
C:\Windows\8ö«
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
teabe
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 06 říj 2010 16:12

Re: preventivka

#30 Příspěvek od teabe »

nejspíš nějaký bubák :turned: je to soubor o velikosti 1kb
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“