tak vždy jsem měl vypnutý jak antivir, tak firewall. Pokud ale combofix maže soubory až poté, co provede restart počítače tak se samozřejmě anitvir i firewall obnoví jako startup aplikace. takže to by mohlo být ono??? Teď jsem před spuštěním comba zrušil eset i ze stratup aplikací, takže po restartu počítače neběžel.
tady je log...
ComboFix 11-03-07.07 - Herbalife 08.03.2011 16:45:22.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1479 [GMT 1:00]
Spuštěný z: c:\documents and settings\Herbalife\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Herbalife\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\documents and settings\Herbalife\Local Settings\Data aplikací\nsk.exe"
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-08 do 2011-03-08 )))))))))))))))))))))))))))))))
.
.
2011-03-06 19:16 . 2011-03-06 19:16 323584 --sha-w- c:\documents and settings\Herbalife\Local Settings\Data aplikací\nsk.exe
2011-03-03 22:03 . 2011-03-03 22:03 -------- d-----w- c:\program files\Common Files\Skype
2011-02-13 20:55 . 2011-02-13 20:55 -------- d-----w- C:\Temp
2011-02-13 11:05 . 2011-02-13 11:05 -------- d-----w- c:\documents and settings\Herbalife\Data aplikací\ESET
2011-02-09 23:31 . 2011-02-13 11:00 -------- d-----w- c:\documents and settings\Herbalife\Local Settings\Data aplikací\Samsung
2011-02-09 23:21 . 2011-01-29 16:00 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-02-09 23:21 . 2011-01-29 16:00 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-02-09 23:21 . 2010-10-27 10:36 383800 ----a-w- c:\windows\system32\KiesDeviceErrorRecv.exe
2011-02-09 23:21 . 2011-01-29 16:00 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-02-09 23:21 . 2011-01-29 16:00 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 18:40 . 2010-01-14 22:08 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2011-03-07 18:40 . 2010-01-14 22:08 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2011-03-07 18:40 . 2010-01-14 22:07 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-01-29 22:16 . 2011-01-29 22:16 30056 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-01-29 16:00 . 2011-01-29 16:00 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-01-29 16:00 . 2011-01-29 16:00 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-01-29 16:00 . 2011-01-29 16:00 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-01-29 16:00 . 2011-01-29 16:00 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-01-29 16:00 . 2011-01-29 16:00 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-01-29 16:00 . 2011-01-29 16:00 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-01-29 16:00 . 2011-01-29 16:00 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-01-29 16:00 . 2011-01-29 16:00 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-01-29 16:00 . 2011-01-29 16:00 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-01-29 16:00 . 2011-01-29 16:00 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-01-29 16:00 . 2011-01-29 16:00 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-01-29 16:00 . 2011-01-29 16:00 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-01-29 16:00 . 2011-01-29 16:00 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-01-29 16:00 . 2011-01-29 16:00 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-01-29 16:00 . 2011-01-29 16:00 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-01-29 16:00 . 2011-01-29 16:00 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-01-29 16:00 . 2011-01-29 16:00 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-01-29 16:00 . 2011-01-29 16:00 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-01-29 16:00 . 2011-01-29 16:00 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-01-29 16:00 . 2011-01-29 16:00 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-01-21 14:44 . 2008-04-03 10:11 440320 ------w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-03 10:11 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-03 10:11 1854976 ------w- c:\windows\system32\win32k.sys
2010-12-27 08:00 . 2011-01-05 21:24 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-22 12:34 . 2008-04-03 10:11 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-03 10:11 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-03 10:11 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-03 10:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2008-04-03 10:11 729088 ------w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-03 10:11 385024 ------w- c:\windows\system32\html.iec
2010-12-10 10:41 . 2011-01-06 19:14 4177648 ----a-w- c:\windows\ConferenceRS.exe
2010-12-09 15:15 . 2008-04-03 10:11 713216 ------w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 15:45 2029056 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-08-17 15:45 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2008-04-03 10:11 33280 ------w- c:\windows\system32\csrsrv.dll
2010-04-12 08:04 . 2010-04-08 08:16 120 ----a-w- c:\program files\O2 Mobilni internet.bat
2007-05-03 15:32 . 2007-05-03 15:32 385 ----a-w- c:\program files\setup_bs.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 09:40 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-03-07 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPSMain"="TPSMain.exe" [2008-02-06 271672]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"Macro Manager"="c:\program files\GrassSoft\Mouse Recorder\MacroManager.exe" [2010-10-12 2471936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Herbalife\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\Herbalife\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\Herbalife\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-11-26 293950]
.
c:\documents and settings\Herbalife\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-02-28 17:42 180224 ------w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TOSCDSPD"=c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
"Google Update"="c:\documents and settings\Herbalife\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"Evernote"="c:\program files\Evernote\Evernote3.5\evernote.exe" /minimized
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"ConferenceRS"=c:\windows\ConferenceRS.exe
"KiesHelper"=c:\program files\Samsung\Kies\KiesHelper.exe /s
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe"
"SmoothView"=c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
"NDSTray.exe"=NDSTray.exe
"DDWMon"=c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
"ThpSrv"=c:\windows\system32\thpsrv /logon
"Apoint"=c:\program files\Apoint2K\Apoint.exe
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
"CorelDRAW Graphics Suite 11b"=c:\program files\Corel\Corel Graphics 11\Register\registration.exe /title="CorelDRAW Graphics Suite 11" /date=101809 serial=DR11CRD-0012082-DGW
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe"
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" /lang CZ
"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"ITSecMng"=%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
"CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2.10.2009 14:29 42608]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31.7.2008 20:45 20616]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [11.1.2008 21:58 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [4.9.2007 9:14 6528]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.8.2010 14:16 810144]
R2 Macro Expert;Macro Expert;c:\program files\GrassSoft\Mouse Recorder\MacroService.exe [18.8.2009 4:47 207360]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.3.2007 11:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.2.2007 11:15 134016]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [1.2.2008 13:18 732160]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3.4.2008 11:07 48600]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29.5.2007 10:01 6912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 73728]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [6.9.2009 5:06 169312]
S3 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2.10.2009 14:29 49152]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [26.8.2010 21:04 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [26.8.2010 21:04 646400]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [26.8.2010 21:04 108771]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [10.2.2011 0:21 20032]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2.10.2009 14:29 106496]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [21.8.2010 9:06 36640]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.5.2010 19:00 136176]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27.8.2010 20:16 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27.8.2010 20:16 8320]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [3.4.2008 11:11 14336]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [21.8.2010 9:09 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [21.8.2010 9:09 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [21.8.2010 9:09 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [21.8.2010 9:09 100352]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3.4.2008 11:11 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Net Snippets - c:\progra~1\NETSNI~1\Res\Clipper.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: RoboForm TaskBar Icon - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Stáhnout pomocí NetXferu - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Stáhnout vše pomocí Net&Xferu - c:\program files\Xi\NetXfer\NXAddList.html
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: {{7130DF06-BBC1-4e16-83D4-1F875E65B695} - {F9C00EF7-B192-4609-B2B8-D705ACE341FF} - c:\progra~1\NETSNI~1\NetSnip.dll
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 17:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:a7,8c,ac,3e,a2,2d,7e,ed,67,ec,84,0d,6b,0a,00,5e,1d,89,09,02,2f,
34,bb,5b,d5,b8,32,a5,66,af,01,d6,fc,a5,fe,3f,d0,a5,62,8d,29,77,4f,cf,90,54,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1368)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\TrueSuite Access Manager\FpSuites.dll
c:\program files\TrueSuite Access Manager\SharedResources.dll
c:\program files\TrueSuite Access Manager\FPResource.dll
.
- - - - - - - > 'explorer.exe'(1036)
c:\program files\TrueSuite Access Manager\IconOvrly.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\astsrv.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1005MC.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\grasssoft\mouse recorder\MacroServiceWnd.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\TPSBattM.exe
.
**************************************************************************
.
Celkový čas: 2011-03-08 17:11:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-08 16:11
ComboFix2.txt 2011-03-08 10:00
ComboFix3.txt 2011-03-07 22:37
ComboFix4.txt 2011-03-07 17:13
.
Před spuštěním: 5 233 074 176
Po spuštění: 5 394 534 400
.
- - End Of File - - 23E49887A92E8029351C078935784E95
prosim kontrolu logu, problem s virem xp internet security Vyřešeno
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: prosim kontrolu logu, problem s virem xp internet securi
Nevíš něco o programu Ardamax Keylogger? V tomto umístění (c:\documents and settings\Herbalife\Local Settings\Data aplikací\nsk.exe)?
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: prosim kontrolu logu, problem s virem xp internet securi
tak o Ardamax Keylogger nevím nic víc, než to co jsem si teď vygooglil. Každopádně jsem nic takového neinstaloval. Díval jsem se na něj a datum souboru bylo 6.3., což se shoduje s datem nákazy virem xp internet security. Poté, co jsem se podíval na vlastnosti souboru, tak mi ho eset uložil do karantény, jako nakažený soubor. Takže tím je to asi vysvětleno.
Ostatní kroky dokončím později večer. Zatím děkuju za pomoc, potom vložím logy.
Ostatní kroky dokončím později večer. Zatím děkuju za pomoc, potom vložím logy.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim kontrolu logu, problem s virem xp internet securi
Jo , vlož , až bude čas , kouknu.
Ten keylogger se tam nedostal sám , má někdo jiný přístup k PC?
Ten keylogger se tam nedostal sám , má někdo jiný přístup k PC?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosim kontrolu logu, problem s virem xp internet securi
tak přístup nikdo jiný nemá. marně přemýšlím, napadá mě opravdu jen ta spojitost s virem xp internet security, kterého mohl být součástí. Poslední modifikace souboru byla 6.3. a v ten den začaly problémy. Byl jsem ostražitý, od toho momentu jsem se nikam nepřihlašoval přes loginy, žádná banka a další citlivé věci. Teď je pryč, tedy v karanténě v esetu. Takže by to mělo být OK ??
Také vůbec nechápu odkud se tam ten vir dostal.
Log z Extras.txt
OTL Extras logfile created on: 8.3.2011 22:10:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Herbalife\Plocha\MISCS\faktury tisk
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47,33 Gb Total Space | 10,18 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
Drive E: | 185,55 Gb Total Space | 77,85 Gb Free Space | 41,96% Space Free | Partition Type: NTFS
Computer Name: FREEDOM | User Name: Herbalife | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Max2.Association.HTML] -- C:\Program Files\Maxthon2\Maxthon.exe (Maxthon International ltd.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Max3.Association.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Maxthon2\Maxthon.exe" "%1" (Maxthon International ltd.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiSpywareOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"5985:TCP" = 5985:TCP:*:Disabled:Vzdálená správa systému Windows
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EB4474-5FAC-4069-A167-352FE0D1D099}_is1" = Moyea FLV to Video Converter Pro 2 version: 2.0.2.0
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C0A2D69-7F51-4B77-B64E-AB405AC446BE}" = Toshiba Controls Utility
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = Návody TOSHIBA
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1.4
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater
"{539F9408-904B-4302-A975-F1C781D7D076}" = ESET Smart Security
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5691A25E-C05B-4E0F-87DA-E80869F756C2}" = Toshiba Hotkey Utility
"{576420A5-E1F0-4C09-A07C-F689082E666F}" = Toshiba Touchpad Utility
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{5F073685-ADDB-4D5A-98E9-0F795989A57F}" = PhotoFrame Pro 3.1
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Nástroj TOSHIBA Zooming Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}" = Řízení spotřeby TOSHIBA
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9356940C-B360-4EF4-BE6C-BD488350AB17}" = Scan To
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{970F407D-DDAD-4FB9-B4CA-AF15FC33240D}" = Replay Media Catcher 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Ztlumení jednotky CD/DVD
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}" =
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A800EE5E-D6BD-4326-BED1-F7ECBFBF91CE}" = O2Micro Flash Memory Card Reader Driver (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AC76BA86-1029-4770-7760-000000000004}{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AD501749-CD49-499A-AD54-51DC42A57434}" = PC Suite for Sony Ericsson
"{B01DD5B7-9862-43D7-BCA3-7882A17E4328}" = PhotoTools 2.0.1 Professional Edition
"{B293F0E6-10B7-45FD-BACF-18826515C246}_is1" = Conference Recording Service
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C852C0FF-CDF5-43F9-A75E-CB99410FF602}" = Toshiba Utility
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D615405D-7F11-42CC-B768-E196EFE0FFEB}" = The Bat! Professional v4.2.33
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Plus VX
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Balíček ovladače systému Windows - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"602XMLFiller_CAB" = 602XML Filler rozšíření pro Internet Explorer
"7-Zip" = 7-Zip 4.65
"AccessRunner ADSL" = Conexant AccessRunner USB ADSL WAN Adapter
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"A-PDF Password Security_is1" = A-PDF Password Security 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"CSCLIB" = Canon Camera Support Core Library
"Dfine 2.0" = Dfine 2.0
"EEEE705096F837B7907659F100C9FE6DA001970F" = Balíček ovladače systému Windows - Nokia Modem (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FitLinie_is1" = FitLinie FULL
"FotoFusionV4" = FotoFusionV4
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Deskjet 6500 Series_Driver" = HP Deskjet 6500 Series
"HP LaserJet M1005 MFP" = HP LaserJet M1005
"ie8" = Windows Internet Explorer 8
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = CorelDRAW Graphics Suite 11
"InstallShield_{0C0A2D69-7F51-4B77-B64E-AB405AC446BE}" = Toshiba Controls Utility
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = Nástroj pro diagnostiku počítače TOSHIBA
"InstallShield_{5691A25E-C05B-4E0F-87DA-E80869F756C2}" = Toshiba Hotkey Utility
"InstallShield_{576420A5-E1F0-4C09-A07C-F689082E666F}" = Toshiba Touchpad Utility
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C852C0FF-CDF5-43F9-A75E-CB99410FF602}" = Toshiba Utility
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.7.0
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Kubik SMS DreamCom_is1" = Kubik SMS DreamCom 5.89
"Macro" = Advanced Key and Mouse Recorder
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Maxthon2" = Maxthon2
"Maxthon3" = Maxthon 3
"MetaProducts Offline Explorer Enterprise" = MetaProducts Offline Explorer Enterprise
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"MiNODLogin" = ESET Antivirus License Finder (MiNODLogin)
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Monkey's Audio_is1" = Monkey's Audio
"Mp3tag" = Mp3tag v2.46a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mtt12" = Mp3 Tag Tools v1.2
"MyCamera" = Canon Utilities MyCamera
"MyFreeCodec" = MyFreeCodec
"Nero 9 Micro_is1" = Nero 9.0.9.4d Micro (sestavení 1)
"Net Snippets" = Net Snippets
"NetXfer (Multilingual)_is1" = NetXfer 2.89.502
"Nokia PC Suite" = Nokia PC Suite
"O2 Mobilni internet" = O2 Mobilni internet
"pdfFactory Pro" = pdfFactory Pro
"Pošta a kancelář 3_is1" = Pošta a kancelář 3.0
"PROHYBRIDR" = 2007 Microsoft Office system
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"SmartMovie Converter" = SmartMovie Converter
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Viveza" = Viveza
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = RoboForm 7-1-5
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7.1.2011 15:51:31 | Computer Name = FREEDOM | Source = .NET Runtime | ID = 1026
Description =
Error - 13.1.2011 15:00:30 | Computer Name = FREEDOM | Source = Application Error | ID = 1000
Description = Chybující aplikace dreamcom.exe, verze 0.0.0.0, chybující modul dreamcom.exe,
verze 0.0.0.0, adresa chyby 0x00001ff7.
Error - 14.1.2011 9:20:17 | Computer Name = FREEDOM | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 kies.exe, P2 1.5.3.10103, P3 4cc80037, P4 windowsbase,
P5 4.0.0.0, P6 4ba1f805, P7 1389, P8 17, P9 system.invalidoperationexception, P10
NIL.
Error - 14.1.2011 9:20:18 | Computer Name = FREEDOM | Source = .NET Runtime | ID = 1026
Description =
Error - 24.1.2011 6:05:38 | Computer Name = FREEDOM | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 kies.exe, P2 1.5.3.10103, P3 4cc80037, P4 windowsbase,
P5 4.0.0.0, P6 4ba1f805, P7 1389, P8 17, P9 system.invalidoperationexception, P10
NIL.
Error - 24.1.2011 6:05:40 | Computer Name = FREEDOM | Source = .NET Runtime | ID = 1026
Description =
Error - 25.1.2011 13:50:21 | Computer Name = FREEDOM | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 kies.exe, P2 1.5.3.10103, P3 4cc80037, P4 windowsbase,
P5 4.0.0.0, P6 4ba1f805, P7 1389, P8 17, P9 system.invalidoperationexception, P10
NIL.
Error - 25.1.2011 13:54:15 | Computer Name = FREEDOM | Source = .NET Runtime | ID = 1026
Description =
Error - 9.2.2011 19:15:13 | Computer Name = FREEDOM | Source = LoadPerf | ID = 3001
Description = Hodnota řetězce názvu čítače výkonu v registru je nesprávně naformátovaná.
Neplatný řetězec 11602, hodnota neplatného indexu je v prvním bajtu DWORD v datové
části. Poslední platná hodnota indexu je v druhém a třetím bajtu DWORD v datové
oblasti.
Error - 4.3.2011 8:47:26 | Computer Name = FREEDOM | Source = Application Error | ID = 1000
Description = Chybující aplikace evernote.exe, verze 4.2.1.3716, chybující modul
libpcre.dll, verze 8.11.0.0, adresa chyby 0x0000a102.
[ OSession Events ]
Error - 17.1.2010 16:48:35 | Computer Name = FREEDOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 689 seconds with 60 seconds of active time. This session ended with a crash.
Error - 26.2.2010 5:55:13 | Computer Name = FREEDOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29.4.2010 10:55:10 | Computer Name = FREEDOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 8.3.2011 11:45:16 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7031
Description = Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně
ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund:
Restartovat službu.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba ServiceLayer byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba Adaptér výkonu služby WMI byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba Ochrana HDD TOSHIBA byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba TOSHIBA Optical Disc Drive Service byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba TOSHIBA Bluetooth Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba Macro Expert byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba ConfigFree Service byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.
< End of report >
Také vůbec nechápu odkud se tam ten vir dostal.
Log z Extras.txt
OTL Extras logfile created on: 8.3.2011 22:10:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Herbalife\Plocha\MISCS\faktury tisk
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47,33 Gb Total Space | 10,18 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
Drive E: | 185,55 Gb Total Space | 77,85 Gb Free Space | 41,96% Space Free | Partition Type: NTFS
Computer Name: FREEDOM | User Name: Herbalife | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Max2.Association.HTML] -- C:\Program Files\Maxthon2\Maxthon.exe (Maxthon International ltd.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Max3.Association.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Maxthon2\Maxthon.exe" "%1" (Maxthon International ltd.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiSpywareOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"5985:TCP" = 5985:TCP:*:Disabled:Vzdálená správa systému Windows
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EB4474-5FAC-4069-A167-352FE0D1D099}_is1" = Moyea FLV to Video Converter Pro 2 version: 2.0.2.0
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C0A2D69-7F51-4B77-B64E-AB405AC446BE}" = Toshiba Controls Utility
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = Návody TOSHIBA
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1.4
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater
"{539F9408-904B-4302-A975-F1C781D7D076}" = ESET Smart Security
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5691A25E-C05B-4E0F-87DA-E80869F756C2}" = Toshiba Hotkey Utility
"{576420A5-E1F0-4C09-A07C-F689082E666F}" = Toshiba Touchpad Utility
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{5F073685-ADDB-4D5A-98E9-0F795989A57F}" = PhotoFrame Pro 3.1
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Nástroj TOSHIBA Zooming Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}" = Řízení spotřeby TOSHIBA
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9356940C-B360-4EF4-BE6C-BD488350AB17}" = Scan To
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{970F407D-DDAD-4FB9-B4CA-AF15FC33240D}" = Replay Media Catcher 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Ztlumení jednotky CD/DVD
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}" =
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A800EE5E-D6BD-4326-BED1-F7ECBFBF91CE}" = O2Micro Flash Memory Card Reader Driver (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AC76BA86-1029-4770-7760-000000000004}{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AD501749-CD49-499A-AD54-51DC42A57434}" = PC Suite for Sony Ericsson
"{B01DD5B7-9862-43D7-BCA3-7882A17E4328}" = PhotoTools 2.0.1 Professional Edition
"{B293F0E6-10B7-45FD-BACF-18826515C246}_is1" = Conference Recording Service
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C852C0FF-CDF5-43F9-A75E-CB99410FF602}" = Toshiba Utility
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D615405D-7F11-42CC-B768-E196EFE0FFEB}" = The Bat! Professional v4.2.33
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Plus VX
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Balíček ovladače systému Windows - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"602XMLFiller_CAB" = 602XML Filler rozšíření pro Internet Explorer
"7-Zip" = 7-Zip 4.65
"AccessRunner ADSL" = Conexant AccessRunner USB ADSL WAN Adapter
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"A-PDF Password Security_is1" = A-PDF Password Security 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"CSCLIB" = Canon Camera Support Core Library
"Dfine 2.0" = Dfine 2.0
"EEEE705096F837B7907659F100C9FE6DA001970F" = Balíček ovladače systému Windows - Nokia Modem (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FitLinie_is1" = FitLinie FULL
"FotoFusionV4" = FotoFusionV4
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Deskjet 6500 Series_Driver" = HP Deskjet 6500 Series
"HP LaserJet M1005 MFP" = HP LaserJet M1005
"ie8" = Windows Internet Explorer 8
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = CorelDRAW Graphics Suite 11
"InstallShield_{0C0A2D69-7F51-4B77-B64E-AB405AC446BE}" = Toshiba Controls Utility
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = Nástroj pro diagnostiku počítače TOSHIBA
"InstallShield_{5691A25E-C05B-4E0F-87DA-E80869F756C2}" = Toshiba Hotkey Utility
"InstallShield_{576420A5-E1F0-4C09-A07C-F689082E666F}" = Toshiba Touchpad Utility
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C852C0FF-CDF5-43F9-A75E-CB99410FF602}" = Toshiba Utility
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.7.0
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Kubik SMS DreamCom_is1" = Kubik SMS DreamCom 5.89
"Macro" = Advanced Key and Mouse Recorder
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Maxthon2" = Maxthon2
"Maxthon3" = Maxthon 3
"MetaProducts Offline Explorer Enterprise" = MetaProducts Offline Explorer Enterprise
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"MiNODLogin" = ESET Antivirus License Finder (MiNODLogin)
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Monkey's Audio_is1" = Monkey's Audio
"Mp3tag" = Mp3tag v2.46a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mtt12" = Mp3 Tag Tools v1.2
"MyCamera" = Canon Utilities MyCamera
"MyFreeCodec" = MyFreeCodec
"Nero 9 Micro_is1" = Nero 9.0.9.4d Micro (sestavení 1)
"Net Snippets" = Net Snippets
"NetXfer (Multilingual)_is1" = NetXfer 2.89.502
"Nokia PC Suite" = Nokia PC Suite
"O2 Mobilni internet" = O2 Mobilni internet
"pdfFactory Pro" = pdfFactory Pro
"Pošta a kancelář 3_is1" = Pošta a kancelář 3.0
"PROHYBRIDR" = 2007 Microsoft Office system
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"SmartMovie Converter" = SmartMovie Converter
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Viveza" = Viveza
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = RoboForm 7-1-5
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7.1.2011 15:51:31 | Computer Name = FREEDOM | Source = .NET Runtime | ID = 1026
Description =
Error - 13.1.2011 15:00:30 | Computer Name = FREEDOM | Source = Application Error | ID = 1000
Description = Chybující aplikace dreamcom.exe, verze 0.0.0.0, chybující modul dreamcom.exe,
verze 0.0.0.0, adresa chyby 0x00001ff7.
Error - 14.1.2011 9:20:17 | Computer Name = FREEDOM | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 kies.exe, P2 1.5.3.10103, P3 4cc80037, P4 windowsbase,
P5 4.0.0.0, P6 4ba1f805, P7 1389, P8 17, P9 system.invalidoperationexception, P10
NIL.
Error - 14.1.2011 9:20:18 | Computer Name = FREEDOM | Source = .NET Runtime | ID = 1026
Description =
Error - 24.1.2011 6:05:38 | Computer Name = FREEDOM | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 kies.exe, P2 1.5.3.10103, P3 4cc80037, P4 windowsbase,
P5 4.0.0.0, P6 4ba1f805, P7 1389, P8 17, P9 system.invalidoperationexception, P10
NIL.
Error - 24.1.2011 6:05:40 | Computer Name = FREEDOM | Source = .NET Runtime | ID = 1026
Description =
Error - 25.1.2011 13:50:21 | Computer Name = FREEDOM | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 kies.exe, P2 1.5.3.10103, P3 4cc80037, P4 windowsbase,
P5 4.0.0.0, P6 4ba1f805, P7 1389, P8 17, P9 system.invalidoperationexception, P10
NIL.
Error - 25.1.2011 13:54:15 | Computer Name = FREEDOM | Source = .NET Runtime | ID = 1026
Description =
Error - 9.2.2011 19:15:13 | Computer Name = FREEDOM | Source = LoadPerf | ID = 3001
Description = Hodnota řetězce názvu čítače výkonu v registru je nesprávně naformátovaná.
Neplatný řetězec 11602, hodnota neplatného indexu je v prvním bajtu DWORD v datové
části. Poslední platná hodnota indexu je v druhém a třetím bajtu DWORD v datové
oblasti.
Error - 4.3.2011 8:47:26 | Computer Name = FREEDOM | Source = Application Error | ID = 1000
Description = Chybující aplikace evernote.exe, verze 4.2.1.3716, chybující modul
libpcre.dll, verze 8.11.0.0, adresa chyby 0x0000a102.
[ OSession Events ]
Error - 17.1.2010 16:48:35 | Computer Name = FREEDOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 689 seconds with 60 seconds of active time. This session ended with a crash.
Error - 26.2.2010 5:55:13 | Computer Name = FREEDOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29.4.2010 10:55:10 | Computer Name = FREEDOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 8.3.2011 11:45:16 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7031
Description = Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně
ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund:
Restartovat službu.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba ServiceLayer byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba Adaptér výkonu služby WMI byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba Ochrana HDD TOSHIBA byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba TOSHIBA Optical Disc Drive Service byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba TOSHIBA Bluetooth Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba Macro Expert byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba ConfigFree Service byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 8.3.2011 11:45:19 | Computer Name = FREEDOM | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.
< End of report >
Re: prosim kontrolu logu, problem s virem xp internet securi
Log z OTL.Txt
OTL logfile created on: 8.3.2011 22:10:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Herbalife\Plocha\MISCS\faktury tisk
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47,33 Gb Total Space | 10,18 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
Drive E: | 185,55 Gb Total Space | 77,85 Gb Free Space | 41,96% Space Free | Partition Type: NTFS
Computer Name: FREEDOM | User Name: Herbalife | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Herbalife\Plocha\MISCS\faktury tisk\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - c:\Program Files\GrassSoft\Mouse Recorder\MacroService.exe (Grass Software)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - c:\Program Files\GrassSoft\Mouse Recorder\MacroServiceWnd.exe (Grass Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
PRC - c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1005MC.EXE (Software 2000 Limited)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Herbalife\Plocha\MISCS\faktury tisk\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (602XML Updater) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Macro Expert) -- c:\Program Files\GrassSoft\Mouse Recorder\MacroService.exe (Grass Software)
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (Thpsrv) -- C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)
SRV - (Authentec memory manager) -- C:\WINDOWS\system32\TAMSvr.exe (AuthenTec Inc.)
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (o2flash) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
========== Driver Services (SafeList) ==========
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\WINDOWS\system32\drivers\ssceserd.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (btnetBUs) -- C:\WINDOWS\system32\drivers\btnetBus.sys ()
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (BtHidBus) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (AlfaFF) -- C:\WINDOWS\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (CnxtHdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (zebrsce) -- C:\WINDOWS\system32\drivers\zebrsce.sys (MCCI)
DRV - (zebrmdmc) Sony Ericsson mRouter Port (WDM) -- C:\WINDOWS\system32\drivers\zebrmdmc.sys (MCCI)
DRV - (zebrmdm) Sony Ericsson Port (WDM) -- C:\WINDOWS\system32\drivers\zebrmdm.sys (MCCI)
DRV - (zebrmdfl) -- C:\WINDOWS\system32\drivers\zebrmdfl.sys (MCCI Corporation)
DRV - (zebrbus) -- C:\WINDOWS\system32\drivers\zebrbus.sys (MCCI)
DRV - (zebrceb) Sony Ericsson Cable Emulation Bus (WDM) -- C:\WINDOWS\system32\drivers\zebrceb.sys (MCCI)
DRV - (Thpdrv) -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (UVCFTR) -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (NETw4x32) Ovladač adaptéru Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (Thpevm) -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
DRV - (QIOMem) -- C:\WINDOWS\system32\drivers\QIOMem.sys (TOSHIBA)
DRV - (tdudf) -- C:\WINDOWS\system32\drivers\tdudf.sys (TOSHIBA Corporation)
DRV - (trudf) -- C:\WINDOWS\system32\drivers\trudf.sys (TOSHIBA Corporation)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (qkbfiltr) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys (Quanta Computer, Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (BoiHwsetup) -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys (Quanta Computer Corp)
DRV - (qmofiltr) -- C:\WINDOWS\system32\drivers\qmofiltr.sys (Quanta Computer, Inc.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (CnxTgN) -- C:\WINDOWS\system32\drivers\CnxTgN.sys (Conexant Systems Inc.)
DRV - (CnxEtU) -- C:\WINDOWS\system32\drivers\CnxEtU.sys (Conexant)
DRV - (CnxEtP) -- C:\WINDOWS\system32\drivers\CnxEtP.sys (Conexant)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.10.03 21:04:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.10.11 22:57:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.02.13 12:04:14 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011.03.08 17:05:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Net Snippets) - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Macro Manager] C:\Program Files\GrassSoft\Mouse Recorder\MacroManager.exe (GrassSoftware)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Evernote Clipper.lnk = C:\WINDOWS\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico ()
O4 - Startup: C:\Documents and Settings\Herbalife\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm ()
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Net Snippets - C:\Program Files\NetSnippets\Res\clipper.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Stáhnout pomocí NetXferu - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Stáhnout vše pomocí Net&Xferu - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra Button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0015362187 (WUWebControl Class)
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0 (Active602XMLFiller Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.170.96.24 217.170.96.2
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.03.08 21:44:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Herbalife\Recent
[2011.03.08 21:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2011.03.08 21:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.03.08 20:17:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.03.08 20:14:59 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Herbalife\Plocha\ccsetup304.exe
[2011.03.08 16:51:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.03.07 17:56:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.03.07 16:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Herbalife\Nabídka Start\Programy\RoboForm
[2011.03.06 22:24:35 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011.03.03 23:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.02.13 21:55:49 | 000,000,000 | ---D | C] -- C:\Temp
[2011.02.13 12:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Herbalife\Data aplikací\ESET
[2011.02.13 12:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
[2011.02.10 00:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\Samsung
[2011.02.10 00:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Samsung
[2011.02.10 00:21:44 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2011.02.10 00:21:03 | 000,383,800 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\KiesDeviceErrorRecv.exe
[2011.02.10 00:21:03 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2011.02.10 00:21:02 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2011.02.10 00:21:02 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2011.02.09 23:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Herbalife\Nabídka Start\Programy\Adobe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.03.08 22:00:19 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Evernote Clipper.lnk
[2011.03.08 21:59:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.03.08 21:59:28 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.08 21:42:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.03.08 20:28:54 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2011.03.08 20:28:53 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2011.03.08 20:28:42 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[2011.03.08 20:14:59 | 003,033,192 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Herbalife\Plocha\ccsetup304.exe
[2011.03.08 17:05:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.03.08 09:39:01 | 000,149,075 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\efaktura.pdf
[2011.03.07 20:08:21 | 000,895,779 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\straznicka - WT oceneni.JPG
[2011.03.07 18:07:06 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AccessRunner DSL.lnk
[2011.03.07 17:56:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.03.07 17:31:12 | 000,013,816 | -HS- | M] () -- C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\62175231
[2011.03.07 17:31:12 | 000,013,816 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\62175231
[2011.03.07 08:47:22 | 000,002,411 | ---- | M] () -- C:\WINDOWS\panose.bin
[2011.03.01 11:56:07 | 000,130,409 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\Benesova - vyzva k platbe.pdf
[2011.02.28 23:35:24 | 018,535,059 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\Techniky získávání klientů Petra Martinů.mp3
[2011.02.24 23:45:11 | 000,165,099 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\Patakyova VIP karta.pdf
[2011.02.24 23:30:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.18 19:04:38 | 008,625,584 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\Today149_usen.pdf
[2011.02.13 20:48:30 | 002,396,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.10 00:38:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\WirelessFTP.INI
[2011.02.10 00:17:02 | 000,505,438 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.02.10 00:17:01 | 000,500,726 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.02.10 00:17:01 | 000,104,178 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.02.10 00:17:01 | 000,089,092 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.02.08 22:10:16 | 006,359,174 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\6240-UK-44_Hi-Res.pdf
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.03.08 21:42:41 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.03.08 09:39:01 | 000,149,075 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\efaktura.pdf
[2011.03.07 20:08:21 | 000,895,779 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\straznicka - WT oceneni.JPG
[2011.03.07 17:56:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.03.07 17:56:17 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.03.07 17:30:58 | 2137,444,352 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.06 20:17:29 | 000,013,816 | -HS- | C] () -- C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\62175231
[2011.03.06 20:17:29 | 000,013,816 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\62175231
[2011.03.01 11:56:23 | 000,130,409 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\Benesova - vyzva k platbe.pdf
[2011.02.28 23:34:44 | 018,535,059 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\Techniky získávání klientů Petra Martinů.mp3
[2011.02.24 23:45:10 | 000,165,099 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\Patakyova VIP karta.pdf
[2011.02.18 19:02:18 | 008,625,584 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\Today149_usen.pdf
[2011.02.08 22:10:12 | 006,359,174 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\6240-UK-44_Hi-Res.pdf
[2011.01.29 17:00:24 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011.01.06 20:14:20 | 004,177,648 | ---- | C] () -- C:\WINDOWS\ConferenceRS.exe
[2011.01.05 22:24:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.01.05 22:24:05 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.01.05 22:24:05 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.01.05 22:24:05 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.11.20 10:02:34 | 001,863,451 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-2842661250-1223660677-1300317580-1005-0.dat
[2010.11.20 10:02:33 | 000,493,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
[2010.08.26 11:47:50 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010.08.21 09:06:15 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.08.21 09:06:15 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.08.21 09:04:46 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Herbalife\Data aplikací\$_hpcst$.hpc
[2010.07.26 16:49:11 | 002,881,928 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.07.14 16:34:27 | 000,000,167 | ---- | C] () -- C:\WINDOWS\posta2.ini
[2010.07.13 22:21:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.06.08 17:04:44 | 000,008,024 | ---- | C] () -- C:\WINDOWS\System32\mcimsfle.dll
[2010.04.12 11:32:38 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.04.08 09:16:30 | 000,000,120 | ---- | C] () -- C:\Program Files\O2 Mobilni internet.bat
[2010.01.14 23:08:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010.01.09 21:46:35 | 000,265,216 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2009.12.17 00:12:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009.12.03 21:15:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.12.01 09:52:44 | 000,000,184 | ---- | C] () -- C:\WINDOWS\BsMobileModel.ini
[2009.11.30 23:12:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009.11.09 22:01:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
[2009.11.09 22:01:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009.10.22 11:49:23 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.06 20:39:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cid_store.dat
[2009.10.05 20:59:18 | 000,002,411 | ---- | C] () -- C:\WINDOWS\panose.bin
[2009.10.04 17:51:46 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Herbalife\Data aplikací\setup_ldm.iss
[2009.10.04 15:29:37 | 000,005,099 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\pyknfeyt.slj
[2009.10.04 15:23:39 | 000,273,186 | ---- | C] () -- C:\WINDOWS\FotoFusionV4 Uninstaller.exe
[2009.10.03 22:47:11 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.10.03 22:08:44 | 000,002,686 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2009.10.03 20:42:05 | 000,104,960 | R--- | C] () -- C:\WINDOWS\hporclnr.exe
[2009.10.03 20:39:56 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2009.10.03 20:39:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\HPMLVS.dll
[2009.10.03 17:42:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2009.10.03 14:34:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009.10.02 14:30:20 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\fusioncache.dat
[2009.10.02 14:28:18 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2009.10.02 14:28:17 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2009.10.02 14:28:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009.10.02 14:28:16 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008.12.07 12:44:54 | 000,030,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2008.04.03 12:16:17 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.04.03 12:15:45 | 002,396,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.04.03 11:57:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.04.03 11:52:30 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2008.04.03 11:18:34 | 000,012,582 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2008.04.03 11:18:34 | 000,001,878 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2008.04.03 11:11:33 | 000,500,726 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.03 11:11:33 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.03 11:11:33 | 000,104,178 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.03 11:11:33 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.03 11:11:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.03 11:11:30 | 000,505,438 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.03 11:11:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.03 11:11:30 | 000,089,092 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.03 11:11:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.03 11:11:30 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.03 11:11:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.03 11:11:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.04.03 11:11:29 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.03 11:11:29 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.03 11:11:23 | 000,601,088 | ---- | C] () -- C:\WINDOWS\System32\autochk.exe
[2008.04.03 11:11:23 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.03 11:11:23 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008.04.03 11:09:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2008.04.03 11:07:45 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008.04.03 11:07:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008.04.03 11:07:45 | 000,009,463 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008.04.03 11:07:45 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008.04.03 10:35:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2008.04.03 10:35:02 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2008.04.03 10:35:02 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.04.03 10:21:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.04.03 10:18:19 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.12.21 15:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2007.12.18 13:47:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2007.12.14 16:01:30 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2007.05.03 16:32:29 | 000,000,385 | ---- | C] () -- C:\Program Files\setup_bs.exe
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
========== LOP Check ==========
[2010.08.26 11:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ConMet
[2011.02.13 12:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.01.27 22:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\espionServerData
[2010.04.02 11:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Grasssoft
[2010.08.31 22:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2009.10.03 22:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2010.08.28 09:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2009.10.16 21:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\onOne Software
[2010.08.31 22:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.10.08 22:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2010.10.08 22:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Plus
[2009.11.09 21:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate
[2010.10.08 22:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate Collection
[2010.10.25 22:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pixela
[2009.10.04 00:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RoboForm
[2011.02.10 00:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Samsung
[2010.10.08 22:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Studio 14
[2010.01.02 15:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2011.03.08 21:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.10.03 17:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2009.10.16 21:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip
[2009.10.02 22:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009.10.03 17:36:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.10.24 20:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\602XML
[2010.08.26 11:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\ConMet
[2011.02.18 23:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\COWON
[2011.02.13 12:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\ESET
[2010.01.14 22:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\FLV Extract
[2009.10.03 21:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\GHISLER
[2010.04.02 11:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Grasssoft
[2010.01.02 18:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\LangSoft
[2010.10.08 12:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\LumaPix
[2009.12.15 16:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Mask Pro 4.0
[2011.02.22 09:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Maxthon3
[2010.01.16 21:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Moyea
[2010.01.15 22:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\MoyeaFLV2Video
[2010.11.26 22:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Mp3tag
[2010.08.16 21:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\MxBoost
[2009.10.18 21:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Nik Software
[2010.08.31 22:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Nokia
[2011.03.07 17:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Offline Explorer
[2009.10.18 21:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\onOne Software
[2010.08.31 22:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\PC Suite
[2010.09.03 10:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Posta
[2010.09.20 22:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\proDAD
[2010.11.16 11:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\ROUTE 66 Sync
[2010.08.21 09:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Samsung
[2010.01.02 15:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Teleca
[2011.03.08 17:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\The Bat!
[2009.10.02 22:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\TMP
[2009.10.02 15:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\toshiba
[2009.10.03 17:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\TuneUp Software
[2011.03.08 21:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\uTorrent
[2010.10.26 10:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Windows Search
[2009.12.15 00:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Zoner
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 260 bytes -> C:\Program Files\GrassSoft\Mouse Recorder\MacroManager.exe:MGAR
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8CE646EE
< End of report >
OTL logfile created on: 8.3.2011 22:10:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Herbalife\Plocha\MISCS\faktury tisk
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47,33 Gb Total Space | 10,18 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
Drive E: | 185,55 Gb Total Space | 77,85 Gb Free Space | 41,96% Space Free | Partition Type: NTFS
Computer Name: FREEDOM | User Name: Herbalife | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Herbalife\Plocha\MISCS\faktury tisk\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - c:\Program Files\GrassSoft\Mouse Recorder\MacroService.exe (Grass Software)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - c:\Program Files\GrassSoft\Mouse Recorder\MacroServiceWnd.exe (Grass Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
PRC - c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1005MC.EXE (Software 2000 Limited)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Herbalife\Plocha\MISCS\faktury tisk\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (602XML Updater) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Macro Expert) -- c:\Program Files\GrassSoft\Mouse Recorder\MacroService.exe (Grass Software)
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (Thpsrv) -- C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)
SRV - (Authentec memory manager) -- C:\WINDOWS\system32\TAMSvr.exe (AuthenTec Inc.)
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (o2flash) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
========== Driver Services (SafeList) ==========
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\WINDOWS\system32\drivers\ssceserd.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (btnetBUs) -- C:\WINDOWS\system32\drivers\btnetBus.sys ()
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (BtHidBus) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (AlfaFF) -- C:\WINDOWS\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (CnxtHdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (zebrsce) -- C:\WINDOWS\system32\drivers\zebrsce.sys (MCCI)
DRV - (zebrmdmc) Sony Ericsson mRouter Port (WDM) -- C:\WINDOWS\system32\drivers\zebrmdmc.sys (MCCI)
DRV - (zebrmdm) Sony Ericsson Port (WDM) -- C:\WINDOWS\system32\drivers\zebrmdm.sys (MCCI)
DRV - (zebrmdfl) -- C:\WINDOWS\system32\drivers\zebrmdfl.sys (MCCI Corporation)
DRV - (zebrbus) -- C:\WINDOWS\system32\drivers\zebrbus.sys (MCCI)
DRV - (zebrceb) Sony Ericsson Cable Emulation Bus (WDM) -- C:\WINDOWS\system32\drivers\zebrceb.sys (MCCI)
DRV - (Thpdrv) -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (UVCFTR) -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (NETw4x32) Ovladač adaptéru Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (Thpevm) -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
DRV - (QIOMem) -- C:\WINDOWS\system32\drivers\QIOMem.sys (TOSHIBA)
DRV - (tdudf) -- C:\WINDOWS\system32\drivers\tdudf.sys (TOSHIBA Corporation)
DRV - (trudf) -- C:\WINDOWS\system32\drivers\trudf.sys (TOSHIBA Corporation)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (qkbfiltr) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys (Quanta Computer, Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (BoiHwsetup) -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys (Quanta Computer Corp)
DRV - (qmofiltr) -- C:\WINDOWS\system32\drivers\qmofiltr.sys (Quanta Computer, Inc.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (CnxTgN) -- C:\WINDOWS\system32\drivers\CnxTgN.sys (Conexant Systems Inc.)
DRV - (CnxEtU) -- C:\WINDOWS\system32\drivers\CnxEtU.sys (Conexant)
DRV - (CnxEtP) -- C:\WINDOWS\system32\drivers\CnxEtP.sys (Conexant)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.10.03 21:04:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.10.11 22:57:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.02.13 12:04:14 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011.03.08 17:05:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Net Snippets) - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Macro Manager] C:\Program Files\GrassSoft\Mouse Recorder\MacroManager.exe (GrassSoftware)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Evernote Clipper.lnk = C:\WINDOWS\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico ()
O4 - Startup: C:\Documents and Settings\Herbalife\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm ()
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Net Snippets - C:\Program Files\NetSnippets\Res\clipper.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Stáhnout pomocí NetXferu - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Stáhnout vše pomocí Net&Xferu - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra Button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0015362187 (WUWebControl Class)
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0 (Active602XMLFiller Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.170.96.24 217.170.96.2
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.03.08 21:44:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Herbalife\Recent
[2011.03.08 21:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2011.03.08 21:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.03.08 20:17:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.03.08 20:14:59 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Herbalife\Plocha\ccsetup304.exe
[2011.03.08 16:51:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.03.07 17:56:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.03.07 16:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Herbalife\Nabídka Start\Programy\RoboForm
[2011.03.06 22:24:35 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011.03.03 23:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.02.13 21:55:49 | 000,000,000 | ---D | C] -- C:\Temp
[2011.02.13 12:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Herbalife\Data aplikací\ESET
[2011.02.13 12:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
[2011.02.10 00:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\Samsung
[2011.02.10 00:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Samsung
[2011.02.10 00:21:44 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2011.02.10 00:21:03 | 000,383,800 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\KiesDeviceErrorRecv.exe
[2011.02.10 00:21:03 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2011.02.10 00:21:02 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2011.02.10 00:21:02 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2011.02.09 23:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Herbalife\Nabídka Start\Programy\Adobe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.03.08 22:00:19 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Evernote Clipper.lnk
[2011.03.08 21:59:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.03.08 21:59:28 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.08 21:42:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.03.08 20:28:54 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2011.03.08 20:28:53 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2011.03.08 20:28:42 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[2011.03.08 20:14:59 | 003,033,192 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Herbalife\Plocha\ccsetup304.exe
[2011.03.08 17:05:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.03.08 09:39:01 | 000,149,075 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\efaktura.pdf
[2011.03.07 20:08:21 | 000,895,779 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\straznicka - WT oceneni.JPG
[2011.03.07 18:07:06 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AccessRunner DSL.lnk
[2011.03.07 17:56:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.03.07 17:31:12 | 000,013,816 | -HS- | M] () -- C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\62175231
[2011.03.07 17:31:12 | 000,013,816 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\62175231
[2011.03.07 08:47:22 | 000,002,411 | ---- | M] () -- C:\WINDOWS\panose.bin
[2011.03.01 11:56:07 | 000,130,409 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\Benesova - vyzva k platbe.pdf
[2011.02.28 23:35:24 | 018,535,059 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\Techniky získávání klientů Petra Martinů.mp3
[2011.02.24 23:45:11 | 000,165,099 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\Patakyova VIP karta.pdf
[2011.02.24 23:30:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.18 19:04:38 | 008,625,584 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\Today149_usen.pdf
[2011.02.13 20:48:30 | 002,396,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.10 00:38:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\WirelessFTP.INI
[2011.02.10 00:17:02 | 000,505,438 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.02.10 00:17:01 | 000,500,726 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.02.10 00:17:01 | 000,104,178 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.02.10 00:17:01 | 000,089,092 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.02.08 22:10:16 | 006,359,174 | ---- | M] () -- C:\Documents and Settings\Herbalife\Plocha\6240-UK-44_Hi-Res.pdf
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.03.08 21:42:41 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.03.08 09:39:01 | 000,149,075 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\efaktura.pdf
[2011.03.07 20:08:21 | 000,895,779 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\straznicka - WT oceneni.JPG
[2011.03.07 17:56:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.03.07 17:56:17 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.03.07 17:30:58 | 2137,444,352 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.06 20:17:29 | 000,013,816 | -HS- | C] () -- C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\62175231
[2011.03.06 20:17:29 | 000,013,816 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\62175231
[2011.03.01 11:56:23 | 000,130,409 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\Benesova - vyzva k platbe.pdf
[2011.02.28 23:34:44 | 018,535,059 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\Techniky získávání klientů Petra Martinů.mp3
[2011.02.24 23:45:10 | 000,165,099 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\Patakyova VIP karta.pdf
[2011.02.18 19:02:18 | 008,625,584 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\Today149_usen.pdf
[2011.02.08 22:10:12 | 006,359,174 | ---- | C] () -- C:\Documents and Settings\Herbalife\Plocha\6240-UK-44_Hi-Res.pdf
[2011.01.29 17:00:24 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011.01.06 20:14:20 | 004,177,648 | ---- | C] () -- C:\WINDOWS\ConferenceRS.exe
[2011.01.05 22:24:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.01.05 22:24:05 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.01.05 22:24:05 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.01.05 22:24:05 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.11.20 10:02:34 | 001,863,451 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-2842661250-1223660677-1300317580-1005-0.dat
[2010.11.20 10:02:33 | 000,493,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
[2010.08.26 11:47:50 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010.08.21 09:06:15 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.08.21 09:06:15 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.08.21 09:04:46 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Herbalife\Data aplikací\$_hpcst$.hpc
[2010.07.26 16:49:11 | 002,881,928 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.07.14 16:34:27 | 000,000,167 | ---- | C] () -- C:\WINDOWS\posta2.ini
[2010.07.13 22:21:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.06.08 17:04:44 | 000,008,024 | ---- | C] () -- C:\WINDOWS\System32\mcimsfle.dll
[2010.04.12 11:32:38 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.04.08 09:16:30 | 000,000,120 | ---- | C] () -- C:\Program Files\O2 Mobilni internet.bat
[2010.01.14 23:08:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010.01.09 21:46:35 | 000,265,216 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2009.12.17 00:12:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009.12.03 21:15:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.12.01 09:52:44 | 000,000,184 | ---- | C] () -- C:\WINDOWS\BsMobileModel.ini
[2009.11.30 23:12:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009.11.09 22:01:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
[2009.11.09 22:01:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009.10.22 11:49:23 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.06 20:39:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cid_store.dat
[2009.10.05 20:59:18 | 000,002,411 | ---- | C] () -- C:\WINDOWS\panose.bin
[2009.10.04 17:51:46 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Herbalife\Data aplikací\setup_ldm.iss
[2009.10.04 15:29:37 | 000,005,099 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\pyknfeyt.slj
[2009.10.04 15:23:39 | 000,273,186 | ---- | C] () -- C:\WINDOWS\FotoFusionV4 Uninstaller.exe
[2009.10.03 22:47:11 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.10.03 22:08:44 | 000,002,686 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2009.10.03 20:42:05 | 000,104,960 | R--- | C] () -- C:\WINDOWS\hporclnr.exe
[2009.10.03 20:39:56 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2009.10.03 20:39:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\HPMLVS.dll
[2009.10.03 17:42:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2009.10.03 14:34:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009.10.02 14:30:20 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\fusioncache.dat
[2009.10.02 14:28:18 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2009.10.02 14:28:17 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2009.10.02 14:28:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009.10.02 14:28:16 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008.12.07 12:44:54 | 000,030,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2008.04.03 12:16:17 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.04.03 12:15:45 | 002,396,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.04.03 11:57:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.04.03 11:52:30 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2008.04.03 11:18:34 | 000,012,582 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2008.04.03 11:18:34 | 000,001,878 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2008.04.03 11:11:33 | 000,500,726 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.03 11:11:33 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.03 11:11:33 | 000,104,178 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.03 11:11:33 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.03 11:11:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.03 11:11:30 | 000,505,438 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.03 11:11:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.03 11:11:30 | 000,089,092 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.03 11:11:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.03 11:11:30 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.03 11:11:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.03 11:11:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.04.03 11:11:29 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.03 11:11:29 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.03 11:11:23 | 000,601,088 | ---- | C] () -- C:\WINDOWS\System32\autochk.exe
[2008.04.03 11:11:23 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.03 11:11:23 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008.04.03 11:09:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2008.04.03 11:07:45 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008.04.03 11:07:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008.04.03 11:07:45 | 000,009,463 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008.04.03 11:07:45 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008.04.03 10:35:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2008.04.03 10:35:02 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2008.04.03 10:35:02 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.04.03 10:21:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.04.03 10:18:19 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.12.21 15:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2007.12.18 13:47:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2007.12.14 16:01:30 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2007.05.03 16:32:29 | 000,000,385 | ---- | C] () -- C:\Program Files\setup_bs.exe
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
========== LOP Check ==========
[2010.08.26 11:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ConMet
[2011.02.13 12:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.01.27 22:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\espionServerData
[2010.04.02 11:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Grasssoft
[2010.08.31 22:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2009.10.03 22:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2010.08.28 09:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2009.10.16 21:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\onOne Software
[2010.08.31 22:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.10.08 22:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2010.10.08 22:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Plus
[2009.11.09 21:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate
[2010.10.08 22:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate Collection
[2010.10.25 22:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pixela
[2009.10.04 00:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RoboForm
[2011.02.10 00:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Samsung
[2010.10.08 22:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Studio 14
[2010.01.02 15:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2011.03.08 21:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.10.03 17:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2009.10.16 21:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip
[2009.10.02 22:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009.10.03 17:36:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.10.24 20:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\602XML
[2010.08.26 11:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\ConMet
[2011.02.18 23:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\COWON
[2011.02.13 12:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\ESET
[2010.01.14 22:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\FLV Extract
[2009.10.03 21:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\GHISLER
[2010.04.02 11:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Grasssoft
[2010.01.02 18:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\LangSoft
[2010.10.08 12:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\LumaPix
[2009.12.15 16:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Mask Pro 4.0
[2011.02.22 09:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Maxthon3
[2010.01.16 21:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Moyea
[2010.01.15 22:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\MoyeaFLV2Video
[2010.11.26 22:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Mp3tag
[2010.08.16 21:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\MxBoost
[2009.10.18 21:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Nik Software
[2010.08.31 22:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Nokia
[2011.03.07 17:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Offline Explorer
[2009.10.18 21:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\onOne Software
[2010.08.31 22:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\PC Suite
[2010.09.03 10:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Posta
[2010.09.20 22:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\proDAD
[2010.11.16 11:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\ROUTE 66 Sync
[2010.08.21 09:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Samsung
[2010.01.02 15:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Teleca
[2011.03.08 17:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\The Bat!
[2009.10.02 22:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\TMP
[2009.10.02 15:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\toshiba
[2009.10.03 17:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\TuneUp Software
[2011.03.08 21:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\uTorrent
[2010.10.26 10:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Windows Search
[2009.12.15 00:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herbalife\Data aplikací\Zoner
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 260 bytes -> C:\Program Files\GrassSoft\Mouse Recorder\MacroManager.exe:MGAR
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8CE646EE
< End of report >
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim kontrolu logu, problem s virem xp internet securi
Odinstaluj cracklý ESET a nainstaluj si free Avast6 nebo Aviru10...
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Aktualizuj javu:
Java SE Runtime Environment 6u24
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u24-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
C:\Documents and Settings\All Users\Data aplikací\62175231----------------
C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\62175231-----------říká Ti něco tento program?
koukni do těch složek , co tam je.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\WINDOWS\panose.bin
C:\WINDOWS\MusiccityDownload.exe
C:\WINDOWS\ConferenceRS.exe
C:\WINDOWS\System32\mcimsfle.dll
C:\Documents and Settings\Herbalife\Data aplikací\setup_ldm.iss
C:\WINDOWS\MakeMrk.exe
C:\Program Files\setup_bs.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
[2011.02.10 00:17:02 | 000,505,438 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.02.10 00:17:01 | 000,500,726 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.02.10 00:17:01 | 000,104,178 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.02.10 00:17:01 | 000,089,092 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.03 11:11:33 | 000,500,726 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.03 11:11:33 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.03 11:11:33 | 000,104,178 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.03 11:11:33 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.03 11:11:30 | 000,505,438 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.03 11:11:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.03 11:11:30 | 000,089,092 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.03 11:11:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8CE646EE
:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\WINDOWS\System32\cis-2.4.dll
C:\WINDOWS\System32\issacapi_bs-2.3.dll
C:\WINDOWS\System32\issacapi_pe-2.3.dll
C:\WINDOWS\System32\issacapi_se-2.3.dll
C:\WINDOWS\System32\d3d9caps.dat
C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\WINDOWS\System32\ezsidmv.dat
C:\Documents and Settings\All Users\Data aplikací\pyknfeyt.slj
C:\WINDOWS\hporclnr.exe
C:\WINDOWS\HWSetupStr.ini
C:\WINDOWS\SVPW32Str.ini
c:\documents and settings\Herbalife\Local Settings\Data aplikací\nsk.exe
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" =-
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Aktualizuj javu:
Java SE Runtime Environment 6u24
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u24-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
C:\Documents and Settings\All Users\Data aplikací\62175231----------------
C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\62175231-----------říká Ti něco tento program?
koukni do těch složek , co tam je.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\WINDOWS\panose.bin
C:\WINDOWS\MusiccityDownload.exe
C:\WINDOWS\ConferenceRS.exe
C:\WINDOWS\System32\mcimsfle.dll
C:\Documents and Settings\Herbalife\Data aplikací\setup_ldm.iss
C:\WINDOWS\MakeMrk.exe
C:\Program Files\setup_bs.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosim kontrolu logu, problem s virem xp internet securi
ještě než se do toho pustím....
avira nepřipadá do úvahy, neb používám emailového klienta a avira nemá filtraci příchozích zpráva avast free je bez firewallu. je tedy nějaká free varianta i pro firewall (tedy vím že je, např PC Tools™ Firewall Plus 7), ale je to dostačující?
nebo je lepší koupit nějaké kompletní řešení? pokud ano, tak jaké je Vaše doporučení? preferoval bych free variantu, ale ani placená není problém.
p.s. teď jsem na viry.cz četl doporučení na kaspersky inet security 2011. Asi bych do toho šel, ani cena není nijak závratná... Co vy na to?
avira nepřipadá do úvahy, neb používám emailového klienta a avira nemá filtraci příchozích zpráva avast free je bez firewallu. je tedy nějaká free varianta i pro firewall (tedy vím že je, např PC Tools™ Firewall Plus 7), ale je to dostačující?
nebo je lepší koupit nějaké kompletní řešení? pokud ano, tak jaké je Vaše doporučení? preferoval bych free variantu, ale ani placená není problém.
p.s. teď jsem na viry.cz četl doporučení na kaspersky inet security 2011. Asi bych do toho šel, ani cena není nijak závratná... Co vy na to?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim kontrolu logu, problem s virem xp internet securi
Pokud máš peníze asi by vyhovoval Kaspersky Internet Security 2011.
jINAK K AVASTU JSOU FREE FIREWALLY.
Comodo , Zone Alarm , Outpost , Kerio---podle toho , co Ti bude vyhovovat.
Kvůli bezpečnosti bych ale přešel z XP na win7 , je daleko bezpečnější , a jeho firewall obvykle stačí.
jINAK K AVASTU JSOU FREE FIREWALLY.
Comodo , Zone Alarm , Outpost , Kerio---podle toho , co Ti bude vyhovovat.
Kvůli bezpečnosti bych ale přešel z XP na win7 , je daleko bezpečnější , a jeho firewall obvykle stačí.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosim kontrolu logu, problem s virem xp internet securi
Antivir jsem dal nakonec ten kaspersky, jakmile skonci zkušební verze, zaplatím si licenci. to není problém.
Java aktualizována, zbytek odstraněn
Virustotal vše OK (nedávám tedy odkazy), jen soubor C:\Program Files\setup_bs.exe měl 1 hlášení:
http://www.virustotal.com/file-scan/rep ... 1299675347
Dále:
C:\Documents and Settings\All Users\Data aplikací\62175231----------------
C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\62175231-----------říká Ti něco tento program?
koukni do těch složek , co tam je.
Nejsou to složky, jsou to soubory bez přípony, oba naprosto identické s velikostí 13816 a s datumem 7.3., atributy mají skrytý a -ahs-
Log z OTL:
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {233C1507-6A77-46A4-9443-F871F945D258}
C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
C:\WINDOWS\system32\perfh009.dat moved successfully.
C:\WINDOWS\system32\perfh005.dat moved successfully.
C:\WINDOWS\system32\perfc005.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
File C:\WINDOWS\System32\perfh005.dat not found.
C:\WINDOWS\system32\perfi005.dat moved successfully.
File C:\WINDOWS\System32\perfc005.dat not found.
C:\WINDOWS\system32\perfd005.dat moved successfully.
File C:\WINDOWS\System32\perfh009.dat not found.
C:\WINDOWS\system32\perfi009.dat moved successfully.
File C:\WINDOWS\System32\perfc009.dat not found.
C:\WINDOWS\system32\perfd009.dat moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:8CE646EE deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET2C3.tmp moved successfully.
C:\WINDOWS\System32\SET2C8.tmp moved successfully.
C:\WINDOWS\System32\SETF6C.tmp moved successfully.
C:\WINDOWS\System32\SETF6F.tmp moved successfully.
C:\WINDOWS\System32\SETF7B.tmp moved successfully.
C:\WINDOWS\System32\SETF7D.tmp moved successfully.
C:\WINDOWS\System32\SETF88.tmp moved successfully.
C:\WINDOWS\002726_.tmp moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
C:\WINDOWS\System32\cis-2.4.dll moved successfully.
C:\WINDOWS\System32\issacapi_bs-2.3.dll moved successfully.
C:\WINDOWS\System32\issacapi_pe-2.3.dll moved successfully.
C:\WINDOWS\System32\issacapi_se-2.3.dll moved successfully.
C:\WINDOWS\System32\d3d9caps.dat moved successfully.
C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\WINDOWS\System32\ezsidmv.dat moved successfully.
C:\Documents and Settings\All Users\Data aplikací\pyknfeyt.slj moved successfully.
C:\WINDOWS\hporclnr.exe moved successfully.
C:\WINDOWS\HWSetupStr.ini moved successfully.
C:\WINDOWS\SVPW32Str.ini moved successfully.
File\Folder c:\documents and settings\Herbalife\Local Settings\Data aplikací\nsk.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\\DisableSR deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Herbalife
->Temp folder emptied: 129584100 bytes
->Temporary Internet Files folder emptied: 36564663 bytes
->Java cache emptied: 5855597 bytes
->Google Chrome cache emptied: 6295297 bytes
->Flash cache emptied: 21092259 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 190,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: Herbalife
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 03092011_121621
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Log z TDSS
2011/03/09 13:58:53.0468 3292 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/09 13:58:53.0812 3292 ================================================================================
2011/03/09 13:58:53.0812 3292 SystemInfo:
2011/03/09 13:58:53.0812 3292
2011/03/09 13:58:53.0812 3292 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/09 13:58:53.0812 3292 Product type: Workstation
2011/03/09 13:58:53.0812 3292 ComputerName: FREEDOM
2011/03/09 13:58:53.0812 3292 UserName: Herbalife
2011/03/09 13:58:53.0812 3292 Windows directory: C:\WINDOWS
2011/03/09 13:58:53.0812 3292 System windows directory: C:\WINDOWS
2011/03/09 13:58:53.0812 3292 Processor architecture: Intel x86
2011/03/09 13:58:53.0812 3292 Number of processors: 2
2011/03/09 13:58:53.0812 3292 Page size: 0x1000
2011/03/09 13:58:53.0812 3292 Boot type: Normal boot
2011/03/09 13:58:53.0812 3292 ================================================================================
2011/03/09 13:58:54.0187 3292 Initialize success
2011/03/09 13:59:03.0625 0172 ================================================================================
2011/03/09 13:59:03.0625 0172 Scan started
2011/03/09 13:59:03.0625 0172 Mode: Manual;
2011/03/09 13:59:03.0625 0172 ================================================================================
2011/03/09 13:59:04.0187 0172 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/09 13:59:04.0203 0172 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/09 13:59:04.0375 0172 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/03/09 13:59:04.0468 0172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/09 13:59:04.0656 0172 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/09 13:59:04.0781 0172 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\WINDOWS\system32\Drivers\AlfaFF.sys
2011/03/09 13:59:04.0968 0172 ApfiltrService (0e7efa7c472e4643bbf48375a9c94f9b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/03/09 13:59:05.0046 0172 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/09 13:59:05.0281 0172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/09 13:59:05.0328 0172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/09 13:59:05.0468 0172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/09 13:59:05.0531 0172 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
2011/03/09 13:59:05.0671 0172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/09 13:59:05.0734 0172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/09 13:59:05.0765 0172 BoiHwsetup (141befbd4f2a84a66e2f54b9e32e40d1) C:\WINDOWS\system32\drivers\BoiHwSetup.sys
2011/03/09 13:59:05.0953 0172 BtHidBus (69511655f2563b3719e0290065369f08) C:\WINDOWS\system32\Drivers\BtHidBus.sys
2011/03/09 13:59:05.0984 0172 btnetBUs (d3c277a51ef9e2ec972d6221f99c0b6d) C:\WINDOWS\system32\Drivers\btnetBus.sys
2011/03/09 13:59:06.0125 0172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/09 13:59:06.0171 0172 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/09 13:59:06.0234 0172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/09 13:59:06.0281 0172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/09 13:59:06.0421 0172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/09 13:59:06.0515 0172 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/09 13:59:06.0671 0172 CnxEtP (f586fb3a2128a0f3932d504b8946bab4) C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
2011/03/09 13:59:06.0734 0172 CnxEtU (fa60c26336a08139f93705dd5cbd2853) C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
2011/03/09 13:59:06.0906 0172 CnxTgN (b6cabee38cbb29ca66335b13aed8a052) C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
2011/03/09 13:59:06.0984 0172 CnxtHdAudAddService (2d783d33cd64ddbb2171ecfa56249c50) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/03/09 13:59:07.0171 0172 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/09 13:59:07.0281 0172 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
2011/03/09 13:59:07.0312 0172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/09 13:59:07.0359 0172 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/09 13:59:07.0531 0172 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/09 13:59:07.0562 0172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/09 13:59:07.0593 0172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/09 13:59:07.0781 0172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/09 13:59:07.0843 0172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/09 13:59:08.0000 0172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/09 13:59:08.0046 0172 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/09 13:59:08.0093 0172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/09 13:59:08.0234 0172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/09 13:59:08.0296 0172 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/03/09 13:59:08.0421 0172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/09 13:59:08.0468 0172 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/09 13:59:08.0515 0172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/09 13:59:08.0656 0172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/09 13:59:08.0718 0172 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/09 13:59:08.0875 0172 HSFHWAZL (0aaef566e6782957252fa79f566fbc0b) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/03/09 13:59:08.0968 0172 HSF_DPV (e472e0cb4e716cc34c0e045f2c196221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/03/09 13:59:09.0171 0172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/09 13:59:09.0234 0172 hwdatacard (008ada74e3028fced5145f4f74230d4b) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/03/09 13:59:09.0671 0172 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/09 13:59:09.0859 0172 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/09 13:59:10.0218 0172 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
2011/03/09 13:59:10.0281 0172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/09 13:59:10.0468 0172 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/09 13:59:10.0500 0172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/09 13:59:10.0562 0172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/09 13:59:10.0718 0172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/09 13:59:10.0750 0172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/09 13:59:10.0890 0172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/09 13:59:10.0937 0172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/09 13:59:11.0000 0172 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/09 13:59:11.0140 0172 IvtBtBUs (71e1fc547cc488d5cd7bf0860c96f5af) C:\WINDOWS\system32\Drivers\IvtBtBus.sys
2011/03/09 13:59:11.0203 0172 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/09 13:59:11.0250 0172 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/09 13:59:11.0421 0172 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2011/03/09 13:59:11.0468 0172 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2011/03/09 13:59:11.0625 0172 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/03/09 13:59:11.0765 0172 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/03/09 13:59:11.0828 0172 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/03/09 13:59:11.0968 0172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/09 13:59:12.0015 0172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/09 13:59:12.0093 0172 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/03/09 13:59:12.0234 0172 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2011/03/09 13:59:12.0281 0172 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/09 13:59:12.0328 0172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/09 13:59:12.0484 0172 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/09 13:59:12.0515 0172 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/09 13:59:12.0562 0172 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/09 13:59:12.0718 0172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/09 13:59:12.0765 0172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/09 13:59:12.0921 0172 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/09 13:59:13.0093 0172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/09 13:59:13.0125 0172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/09 13:59:13.0156 0172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/09 13:59:13.0203 0172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/09 13:59:13.0250 0172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/09 13:59:13.0390 0172 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/09 13:59:13.0421 0172 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/09 13:59:13.0453 0172 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/09 13:59:13.0625 0172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/09 13:59:13.0656 0172 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/09 13:59:13.0687 0172 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/09 13:59:13.0843 0172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/09 13:59:13.0890 0172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/09 13:59:13.0968 0172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/09 13:59:14.0125 0172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/09 13:59:14.0171 0172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/09 13:59:14.0250 0172 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/03/09 13:59:14.0468 0172 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/03/09 13:59:14.0796 0172 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/03/09 13:59:15.0031 0172 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/09 13:59:15.0078 0172 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/03/09 13:59:15.0140 0172 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/03/09 13:59:15.0296 0172 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2011/03/09 13:59:15.0453 0172 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2011/03/09 13:59:15.0500 0172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/09 13:59:15.0640 0172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/09 13:59:15.0687 0172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/09 13:59:15.0796 0172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/09 13:59:15.0843 0172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/09 13:59:15.0890 0172 O2MDRDR (3141d533be9f3386c8295e8375ecdb98) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/03/09 13:59:16.0031 0172 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/09 13:59:16.0062 0172 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/09 13:59:16.0125 0172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/09 13:59:16.0265 0172 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/09 13:59:16.0312 0172 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/03/09 13:59:16.0468 0172 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/09 13:59:16.0515 0172 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/09 13:59:16.0656 0172 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/09 13:59:16.0812 0172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/09 13:59:16.0875 0172 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2011/03/09 13:59:17.0062 0172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/09 13:59:17.0109 0172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/09 13:59:17.0171 0172 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/09 13:59:17.0218 0172 QIOMem (3267952ec32cce7867dc6ee533f33391) C:\WINDOWS\system32\DRIVERS\QIOMem.sys
2011/03/09 13:59:17.0343 0172 qkbfiltr (7dc7aca4e775e9d823f5773a2f47a2ac) C:\WINDOWS\system32\drivers\qkbfiltr.sys
2011/03/09 13:59:17.0500 0172 qmofiltr (8652b9e134c3478be948bf089df8ed5e) C:\WINDOWS\system32\drivers\qmofiltr.sys
2011/03/09 13:59:17.0531 0172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/09 13:59:17.0640 0172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/09 13:59:17.0703 0172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/09 13:59:17.0750 0172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/09 13:59:17.0875 0172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/09 13:59:17.0937 0172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/09 13:59:18.0078 0172 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/09 13:59:18.0250 0172 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/09 13:59:18.0296 0172 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/09 13:59:18.0421 0172 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/09 13:59:18.0500 0172 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/09 13:59:18.0640 0172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/09 13:59:18.0703 0172 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/09 13:59:18.0765 0172 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/03/09 13:59:18.0906 0172 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/03/09 13:59:18.0968 0172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/09 13:59:19.0125 0172 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/09 13:59:19.0203 0172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/09 13:59:19.0250 0172 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/09 13:59:19.0406 0172 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/09 13:59:19.0468 0172 sscebus (b2063ce662af3ab20045121a5b716df6) C:\WINDOWS\system32\DRIVERS\sscebus.sys
2011/03/09 13:59:19.0578 0172 sscemdfl (66799dc0afe3dcaf8368cae17394a762) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
2011/03/09 13:59:19.0625 0172 sscemdm (cbf03ffc08f8db547bab2f79aa663d16) C:\WINDOWS\system32\DRIVERS\sscemdm.sys
2011/03/09 13:59:19.0703 0172 ssceserd (60cd4ad33aa52e58faac3abad18cf8ef) C:\WINDOWS\system32\DRIVERS\ssceserd.sys
2011/03/09 13:59:19.0843 0172 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/09 13:59:19.0890 0172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/09 13:59:20.0015 0172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/09 13:59:20.0140 0172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/09 13:59:20.0234 0172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/09 13:59:20.0343 0172 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
2011/03/09 13:59:20.0421 0172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/09 13:59:20.0546 0172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/09 13:59:20.0625 0172 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
2011/03/09 13:59:20.0734 0172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/09 13:59:20.0812 0172 Thpdrv (f4846d3a19da42efd57efc816f1b2a62) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
2011/03/09 13:59:20.0906 0172 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
2011/03/09 13:59:21.0000 0172 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/03/09 13:59:21.0078 0172 tosrfbd (ae43138b0dea239b3621b0faf1bb1fe7) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
2011/03/09 13:59:21.0203 0172 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/03/09 13:59:21.0265 0172 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/03/09 13:59:21.0375 0172 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2011/03/09 13:59:21.0437 0172 Tosrfhid (87700714f25131ed21901d617b8b321f) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/03/09 13:59:21.0484 0172 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/03/09 13:59:21.0640 0172 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
2011/03/09 13:59:21.0687 0172 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
2011/03/09 13:59:21.0812 0172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/09 13:59:21.0859 0172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/09 13:59:21.0937 0172 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/03/09 13:59:22.0140 0172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/09 13:59:22.0203 0172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/09 13:59:22.0328 0172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/09 13:59:22.0390 0172 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/09 13:59:22.0468 0172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/09 13:59:22.0593 0172 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/03/09 13:59:22.0656 0172 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/03/09 13:59:22.0718 0172 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/09 13:59:22.0843 0172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/09 13:59:22.0921 0172 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/03/09 13:59:23.0140 0172 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS
2011/03/09 13:59:23.0312 0172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/09 13:59:23.0656 0172 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/09 13:59:23.0781 0172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/09 13:59:23.0875 0172 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/03/09 13:59:24.0125 0172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/09 13:59:24.0234 0172 winachsf (0e666ac2766f2fd860cc03f405a2ace1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/09 13:59:24.0359 0172 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/09 13:59:24.0421 0172 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/09 13:59:24.0578 0172 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/09 13:59:24.0656 0172 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/09 13:59:24.0796 0172 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/09 13:59:24.0890 0172 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/03/09 13:59:25.0000 0172 zebrbus (812a1e9b0dd3bf23606c32ce696d042b) C:\WINDOWS\system32\DRIVERS\zebrbus.sys
2011/03/09 13:59:25.0078 0172 zebrceb (6e49cf9c48c551264c4af6de19447515) C:\WINDOWS\system32\DRIVERS\zebrceb.sys
2011/03/09 13:59:25.0171 0172 zebrmdfl (9a42f9ccc5cb1ed3db2fe0e007eed8a5) C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys
2011/03/09 13:59:25.0265 0172 zebrmdm (5198070a595009871108091bc4b0e000) C:\WINDOWS\system32\DRIVERS\zebrmdm.sys
2011/03/09 13:59:25.0328 0172 zebrmdmc (29df5831f0d1ce863f23c53585736f32) C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys
2011/03/09 13:59:25.0468 0172 zebrsce (fc749b387f322d3a5635d801c642cfa2) C:\WINDOWS\system32\DRIVERS\zebrsce.sys
2011/03/09 13:59:25.0656 0172 ================================================================================
2011/03/09 13:59:25.0656 0172 Scan finished
2011/03/09 13:59:25.0656 0172 ================================================================================
Java aktualizována, zbytek odstraněn
Virustotal vše OK (nedávám tedy odkazy), jen soubor C:\Program Files\setup_bs.exe měl 1 hlášení:
http://www.virustotal.com/file-scan/rep ... 1299675347
Dále:
C:\Documents and Settings\All Users\Data aplikací\62175231----------------
C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\62175231-----------říká Ti něco tento program?
koukni do těch složek , co tam je.
Nejsou to složky, jsou to soubory bez přípony, oba naprosto identické s velikostí 13816 a s datumem 7.3., atributy mají skrytý a -ahs-
Log z OTL:
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {233C1507-6A77-46A4-9443-F871F945D258}
C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
C:\WINDOWS\system32\perfh009.dat moved successfully.
C:\WINDOWS\system32\perfh005.dat moved successfully.
C:\WINDOWS\system32\perfc005.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
File C:\WINDOWS\System32\perfh005.dat not found.
C:\WINDOWS\system32\perfi005.dat moved successfully.
File C:\WINDOWS\System32\perfc005.dat not found.
C:\WINDOWS\system32\perfd005.dat moved successfully.
File C:\WINDOWS\System32\perfh009.dat not found.
C:\WINDOWS\system32\perfi009.dat moved successfully.
File C:\WINDOWS\System32\perfc009.dat not found.
C:\WINDOWS\system32\perfd009.dat moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:8CE646EE deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET2C3.tmp moved successfully.
C:\WINDOWS\System32\SET2C8.tmp moved successfully.
C:\WINDOWS\System32\SETF6C.tmp moved successfully.
C:\WINDOWS\System32\SETF6F.tmp moved successfully.
C:\WINDOWS\System32\SETF7B.tmp moved successfully.
C:\WINDOWS\System32\SETF7D.tmp moved successfully.
C:\WINDOWS\System32\SETF88.tmp moved successfully.
C:\WINDOWS\002726_.tmp moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
C:\WINDOWS\System32\cis-2.4.dll moved successfully.
C:\WINDOWS\System32\issacapi_bs-2.3.dll moved successfully.
C:\WINDOWS\System32\issacapi_pe-2.3.dll moved successfully.
C:\WINDOWS\System32\issacapi_se-2.3.dll moved successfully.
C:\WINDOWS\System32\d3d9caps.dat moved successfully.
C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\WINDOWS\System32\ezsidmv.dat moved successfully.
C:\Documents and Settings\All Users\Data aplikací\pyknfeyt.slj moved successfully.
C:\WINDOWS\hporclnr.exe moved successfully.
C:\WINDOWS\HWSetupStr.ini moved successfully.
C:\WINDOWS\SVPW32Str.ini moved successfully.
File\Folder c:\documents and settings\Herbalife\Local Settings\Data aplikací\nsk.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\\DisableSR deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Herbalife
->Temp folder emptied: 129584100 bytes
->Temporary Internet Files folder emptied: 36564663 bytes
->Java cache emptied: 5855597 bytes
->Google Chrome cache emptied: 6295297 bytes
->Flash cache emptied: 21092259 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 190,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: Herbalife
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 03092011_121621
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Log z TDSS
2011/03/09 13:58:53.0468 3292 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/09 13:58:53.0812 3292 ================================================================================
2011/03/09 13:58:53.0812 3292 SystemInfo:
2011/03/09 13:58:53.0812 3292
2011/03/09 13:58:53.0812 3292 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/09 13:58:53.0812 3292 Product type: Workstation
2011/03/09 13:58:53.0812 3292 ComputerName: FREEDOM
2011/03/09 13:58:53.0812 3292 UserName: Herbalife
2011/03/09 13:58:53.0812 3292 Windows directory: C:\WINDOWS
2011/03/09 13:58:53.0812 3292 System windows directory: C:\WINDOWS
2011/03/09 13:58:53.0812 3292 Processor architecture: Intel x86
2011/03/09 13:58:53.0812 3292 Number of processors: 2
2011/03/09 13:58:53.0812 3292 Page size: 0x1000
2011/03/09 13:58:53.0812 3292 Boot type: Normal boot
2011/03/09 13:58:53.0812 3292 ================================================================================
2011/03/09 13:58:54.0187 3292 Initialize success
2011/03/09 13:59:03.0625 0172 ================================================================================
2011/03/09 13:59:03.0625 0172 Scan started
2011/03/09 13:59:03.0625 0172 Mode: Manual;
2011/03/09 13:59:03.0625 0172 ================================================================================
2011/03/09 13:59:04.0187 0172 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/09 13:59:04.0203 0172 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/09 13:59:04.0375 0172 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/03/09 13:59:04.0468 0172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/09 13:59:04.0656 0172 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/09 13:59:04.0781 0172 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\WINDOWS\system32\Drivers\AlfaFF.sys
2011/03/09 13:59:04.0968 0172 ApfiltrService (0e7efa7c472e4643bbf48375a9c94f9b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/03/09 13:59:05.0046 0172 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/09 13:59:05.0281 0172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/09 13:59:05.0328 0172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/09 13:59:05.0468 0172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/09 13:59:05.0531 0172 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
2011/03/09 13:59:05.0671 0172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/09 13:59:05.0734 0172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/09 13:59:05.0765 0172 BoiHwsetup (141befbd4f2a84a66e2f54b9e32e40d1) C:\WINDOWS\system32\drivers\BoiHwSetup.sys
2011/03/09 13:59:05.0953 0172 BtHidBus (69511655f2563b3719e0290065369f08) C:\WINDOWS\system32\Drivers\BtHidBus.sys
2011/03/09 13:59:05.0984 0172 btnetBUs (d3c277a51ef9e2ec972d6221f99c0b6d) C:\WINDOWS\system32\Drivers\btnetBus.sys
2011/03/09 13:59:06.0125 0172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/09 13:59:06.0171 0172 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/09 13:59:06.0234 0172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/09 13:59:06.0281 0172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/09 13:59:06.0421 0172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/09 13:59:06.0515 0172 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/09 13:59:06.0671 0172 CnxEtP (f586fb3a2128a0f3932d504b8946bab4) C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
2011/03/09 13:59:06.0734 0172 CnxEtU (fa60c26336a08139f93705dd5cbd2853) C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
2011/03/09 13:59:06.0906 0172 CnxTgN (b6cabee38cbb29ca66335b13aed8a052) C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
2011/03/09 13:59:06.0984 0172 CnxtHdAudAddService (2d783d33cd64ddbb2171ecfa56249c50) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/03/09 13:59:07.0171 0172 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/09 13:59:07.0281 0172 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
2011/03/09 13:59:07.0312 0172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/09 13:59:07.0359 0172 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/09 13:59:07.0531 0172 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/09 13:59:07.0562 0172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/09 13:59:07.0593 0172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/09 13:59:07.0781 0172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/09 13:59:07.0843 0172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/09 13:59:08.0000 0172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/09 13:59:08.0046 0172 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/09 13:59:08.0093 0172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/09 13:59:08.0234 0172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/09 13:59:08.0296 0172 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/03/09 13:59:08.0421 0172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/09 13:59:08.0468 0172 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/09 13:59:08.0515 0172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/09 13:59:08.0656 0172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/09 13:59:08.0718 0172 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/09 13:59:08.0875 0172 HSFHWAZL (0aaef566e6782957252fa79f566fbc0b) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/03/09 13:59:08.0968 0172 HSF_DPV (e472e0cb4e716cc34c0e045f2c196221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/03/09 13:59:09.0171 0172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/09 13:59:09.0234 0172 hwdatacard (008ada74e3028fced5145f4f74230d4b) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/03/09 13:59:09.0671 0172 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/09 13:59:09.0859 0172 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/09 13:59:10.0218 0172 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
2011/03/09 13:59:10.0281 0172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/09 13:59:10.0468 0172 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/09 13:59:10.0500 0172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/09 13:59:10.0562 0172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/09 13:59:10.0718 0172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/09 13:59:10.0750 0172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/09 13:59:10.0890 0172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/09 13:59:10.0937 0172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/09 13:59:11.0000 0172 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/09 13:59:11.0140 0172 IvtBtBUs (71e1fc547cc488d5cd7bf0860c96f5af) C:\WINDOWS\system32\Drivers\IvtBtBus.sys
2011/03/09 13:59:11.0203 0172 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/09 13:59:11.0250 0172 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/09 13:59:11.0421 0172 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2011/03/09 13:59:11.0468 0172 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2011/03/09 13:59:11.0625 0172 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/03/09 13:59:11.0765 0172 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/03/09 13:59:11.0828 0172 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/03/09 13:59:11.0968 0172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/09 13:59:12.0015 0172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/09 13:59:12.0093 0172 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/03/09 13:59:12.0234 0172 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2011/03/09 13:59:12.0281 0172 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/09 13:59:12.0328 0172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/09 13:59:12.0484 0172 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/09 13:59:12.0515 0172 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/09 13:59:12.0562 0172 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/09 13:59:12.0718 0172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/09 13:59:12.0765 0172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/09 13:59:12.0921 0172 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/09 13:59:13.0093 0172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/09 13:59:13.0125 0172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/09 13:59:13.0156 0172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/09 13:59:13.0203 0172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/09 13:59:13.0250 0172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/09 13:59:13.0390 0172 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/09 13:59:13.0421 0172 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/09 13:59:13.0453 0172 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/09 13:59:13.0625 0172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/09 13:59:13.0656 0172 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/09 13:59:13.0687 0172 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/09 13:59:13.0843 0172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/09 13:59:13.0890 0172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/09 13:59:13.0968 0172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/09 13:59:14.0125 0172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/09 13:59:14.0171 0172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/09 13:59:14.0250 0172 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/03/09 13:59:14.0468 0172 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/03/09 13:59:14.0796 0172 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/03/09 13:59:15.0031 0172 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/09 13:59:15.0078 0172 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/03/09 13:59:15.0140 0172 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/03/09 13:59:15.0296 0172 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2011/03/09 13:59:15.0453 0172 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2011/03/09 13:59:15.0500 0172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/09 13:59:15.0640 0172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/09 13:59:15.0687 0172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/09 13:59:15.0796 0172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/09 13:59:15.0843 0172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/09 13:59:15.0890 0172 O2MDRDR (3141d533be9f3386c8295e8375ecdb98) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/03/09 13:59:16.0031 0172 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/09 13:59:16.0062 0172 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/09 13:59:16.0125 0172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/09 13:59:16.0265 0172 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/09 13:59:16.0312 0172 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/03/09 13:59:16.0468 0172 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/09 13:59:16.0515 0172 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/09 13:59:16.0656 0172 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/09 13:59:16.0812 0172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/09 13:59:16.0875 0172 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2011/03/09 13:59:17.0062 0172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/09 13:59:17.0109 0172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/09 13:59:17.0171 0172 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/09 13:59:17.0218 0172 QIOMem (3267952ec32cce7867dc6ee533f33391) C:\WINDOWS\system32\DRIVERS\QIOMem.sys
2011/03/09 13:59:17.0343 0172 qkbfiltr (7dc7aca4e775e9d823f5773a2f47a2ac) C:\WINDOWS\system32\drivers\qkbfiltr.sys
2011/03/09 13:59:17.0500 0172 qmofiltr (8652b9e134c3478be948bf089df8ed5e) C:\WINDOWS\system32\drivers\qmofiltr.sys
2011/03/09 13:59:17.0531 0172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/09 13:59:17.0640 0172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/09 13:59:17.0703 0172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/09 13:59:17.0750 0172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/09 13:59:17.0875 0172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/09 13:59:17.0937 0172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/09 13:59:18.0078 0172 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/09 13:59:18.0250 0172 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/09 13:59:18.0296 0172 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/09 13:59:18.0421 0172 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/09 13:59:18.0500 0172 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/09 13:59:18.0640 0172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/09 13:59:18.0703 0172 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/09 13:59:18.0765 0172 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/03/09 13:59:18.0906 0172 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/03/09 13:59:18.0968 0172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/09 13:59:19.0125 0172 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/09 13:59:19.0203 0172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/09 13:59:19.0250 0172 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/09 13:59:19.0406 0172 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/09 13:59:19.0468 0172 sscebus (b2063ce662af3ab20045121a5b716df6) C:\WINDOWS\system32\DRIVERS\sscebus.sys
2011/03/09 13:59:19.0578 0172 sscemdfl (66799dc0afe3dcaf8368cae17394a762) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
2011/03/09 13:59:19.0625 0172 sscemdm (cbf03ffc08f8db547bab2f79aa663d16) C:\WINDOWS\system32\DRIVERS\sscemdm.sys
2011/03/09 13:59:19.0703 0172 ssceserd (60cd4ad33aa52e58faac3abad18cf8ef) C:\WINDOWS\system32\DRIVERS\ssceserd.sys
2011/03/09 13:59:19.0843 0172 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/09 13:59:19.0890 0172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/09 13:59:20.0015 0172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/09 13:59:20.0140 0172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/09 13:59:20.0234 0172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/09 13:59:20.0343 0172 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
2011/03/09 13:59:20.0421 0172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/09 13:59:20.0546 0172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/09 13:59:20.0625 0172 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
2011/03/09 13:59:20.0734 0172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/09 13:59:20.0812 0172 Thpdrv (f4846d3a19da42efd57efc816f1b2a62) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
2011/03/09 13:59:20.0906 0172 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
2011/03/09 13:59:21.0000 0172 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/03/09 13:59:21.0078 0172 tosrfbd (ae43138b0dea239b3621b0faf1bb1fe7) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
2011/03/09 13:59:21.0203 0172 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/03/09 13:59:21.0265 0172 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/03/09 13:59:21.0375 0172 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2011/03/09 13:59:21.0437 0172 Tosrfhid (87700714f25131ed21901d617b8b321f) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/03/09 13:59:21.0484 0172 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/03/09 13:59:21.0640 0172 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
2011/03/09 13:59:21.0687 0172 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
2011/03/09 13:59:21.0812 0172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/09 13:59:21.0859 0172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/09 13:59:21.0937 0172 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/03/09 13:59:22.0140 0172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/09 13:59:22.0203 0172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/09 13:59:22.0328 0172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/09 13:59:22.0390 0172 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/09 13:59:22.0468 0172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/09 13:59:22.0593 0172 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/03/09 13:59:22.0656 0172 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/03/09 13:59:22.0718 0172 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/09 13:59:22.0843 0172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/09 13:59:22.0921 0172 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/03/09 13:59:23.0140 0172 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS
2011/03/09 13:59:23.0312 0172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/09 13:59:23.0656 0172 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/09 13:59:23.0781 0172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/09 13:59:23.0875 0172 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/03/09 13:59:24.0125 0172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/09 13:59:24.0234 0172 winachsf (0e666ac2766f2fd860cc03f405a2ace1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/09 13:59:24.0359 0172 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/09 13:59:24.0421 0172 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/09 13:59:24.0578 0172 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/09 13:59:24.0656 0172 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/09 13:59:24.0796 0172 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/09 13:59:24.0890 0172 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/03/09 13:59:25.0000 0172 zebrbus (812a1e9b0dd3bf23606c32ce696d042b) C:\WINDOWS\system32\DRIVERS\zebrbus.sys
2011/03/09 13:59:25.0078 0172 zebrceb (6e49cf9c48c551264c4af6de19447515) C:\WINDOWS\system32\DRIVERS\zebrceb.sys
2011/03/09 13:59:25.0171 0172 zebrmdfl (9a42f9ccc5cb1ed3db2fe0e007eed8a5) C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys
2011/03/09 13:59:25.0265 0172 zebrmdm (5198070a595009871108091bc4b0e000) C:\WINDOWS\system32\DRIVERS\zebrmdm.sys
2011/03/09 13:59:25.0328 0172 zebrmdmc (29df5831f0d1ce863f23c53585736f32) C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys
2011/03/09 13:59:25.0468 0172 zebrsce (fc749b387f322d3a5635d801c642cfa2) C:\WINDOWS\system32\DRIVERS\zebrsce.sys
2011/03/09 13:59:25.0656 0172 ================================================================================
2011/03/09 13:59:25.0656 0172 Scan finished
2011/03/09 13:59:25.0656 0172 ================================================================================
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim kontrolu logu, problem s virem xp internet securi
dej na VirusTotal:
C:\Documents and Settings\All Users\Data aplikací\62175231
C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\62175231
Koukni se jestli tam je ten soubor:
c:\documents and settings\Herbalife\Local Settings\Data aplikací\nsk.exe
C:\Documents and Settings\All Users\Data aplikací\62175231
C:\Documents and Settings\Herbalife\Local Settings\Data aplikací\62175231
Koukni se jestli tam je ten soubor:
c:\documents and settings\Herbalife\Local Settings\Data aplikací\nsk.exe
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosim kontrolu logu, problem s virem xp internet securi
virustotal - vse OK
soubor není tam ani nikde jinde, eset ho smazal.
no snad to bude vse....
soubor není tam ani nikde jinde, eset ho smazal.
no snad to bude vse....
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti