prosim o preventivku dekuji.

Zpráva

Davidov · #1 Příspěvek od **Davidov** » 28 čer 2012 18:46

Logfile of random's system information tool 1.09 (written by random/random)
Run by 1 at 2012-06-28 19:46:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 42 GB (37%) free of 114 GB
Total RAM: 894 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:46:21, on 28.6.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\1\Plocha\RSIT.exe
C:\Program Files\trend micro\1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 6144 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\Vyčištění disku.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\1\Data aplikací\Mozilla\Firefox\Profiles\ob75507z.default

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1]
"Description"=Rhapsody Control
"Path"=C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-30 329504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-30 59168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-30 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
C:\WINDOWS\system32\AccelerometerSt.Exe [2008-06-18 82224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
C:\WINDOWS\system32\S3trayp.exe [2008-05-20 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snuvcdsm]
C:\WINDOWS\snuvcdsm.exe [2007-05-23 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2008-03-24 884736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1044480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
C:\WINDOWS\system32\VTTimer.exe [2008-05-16 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^1^Nabídka Start^Programy^Po spuštění^RocketDock.lnk]
C:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [2007-03-19 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^1^Nabídka Start^Programy^Po spuštění^TransBar.lnk]
C:\WINDOWS\BRICOP~1\VISTAI~1\TransBar\TransBar.exe [2005-06-01 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^1^Nabídka Start^Programy^Po spuštění^UberIcon.lnk]
C:\WINDOWS\BRICOP~1\VISTAI~1\UberIcon\UBERIC~1.EXE [2006-05-21 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^1^Nabídka Start^Programy^Po spuštění^Y'z Shadow.lnk]
C:\WINDOWS\BRICOP~1\VISTAI~1\YzShadow\YzShadow.exe [2006-05-21 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DVD Check.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^TMMonitor.lnk]
C:\PROGRA~1\ArcSoft\TOTALM~1.5\TMMONI~1.EXE [2008-09-16 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"usnjsvc"=3
"ServiceLayer"=3
"ose"=3
"odserv"=3
"Microsoft Office Groove Audit Service"=3
"IviRegMgr"=2
"ICQ Service"=2
"hpqwmiex"=3
"gupdatem"=3
"gupdate"=2
"Com4QLBEx"=3
"AdvancedSystemCareService"=2
"AcrSch2Svc"=2
"McComponentHostService"=3
"idsvc"=3
"IDriverT"=3
"MsMpSvc"=2
"AdvancedSystemCareService5"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-28 19:46:11 ----D---- C:\Program Files\trend micro
2012-06-28 19:46:10 ----D---- C:\rsit
2012-06-27 22:04:27 ----A---- C:\WINDOWS\system32\h323log.txt
2012-06-27 21:10:18 ----D---- C:\Documents and Settings\1\Data aplikací\Wise Registry Cleaner
2012-06-27 20:14:56 ----D---- C:\Documents and Settings\1\Data aplikací\Wise Disk Cleaner
2012-06-27 20:13:48 ----A---- C:\WINDOWS\system32\MyDefragScreenSaver_v4.3.1.scr
2012-06-27 20:13:48 ----A---- C:\WINDOWS\system32\MyDefragScreenSaver_v4.3.1.exe
2012-06-27 20:13:47 ----D---- C:\Program Files\MyDefrag v4.3.1
2012-06-17 00:18:50 ----SHD---- C:\Config.Msi
2012-06-16 20:16:24 ----A---- C:\WINDOWS\system32\ptpusb.dll
2012-06-16 20:16:17 ----A---- C:\WINDOWS\system32\ptpusd.dll
2012-06-16 20:16:10 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2012-06-16 19:35:12 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 month======

2012-06-28 19:46:11 ----D---- C:\Program Files
2012-06-28 19:07:45 ----D---- C:\WINDOWS\system32
2012-06-28 19:07:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-06-28 19:07:32 ----D---- C:\WINDOWS\Temp
2012-06-27 22:28:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-27 22:05:31 ----D---- C:\WINDOWS\Prefetch
2012-06-27 22:05:07 ----D---- C:\WINDOWS\SoftwareDistribution
2012-06-27 22:04:11 ----D---- C:\WINDOWS
2012-06-27 22:03:38 ----D---- C:\WINDOWS\system32\config
2012-06-27 22:03:37 ----D---- C:\WINDOWS\Debug
2012-06-27 20:17:37 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-27 20:17:35 ----D---- C:\WINDOWS\system32\MsDtc
2012-06-27 20:17:35 ----D---- C:\WINDOWS\repair
2012-06-27 20:17:35 ----D---- C:\WINDOWS\AppPatch
2012-06-27 20:17:35 ----AHD---- C:\System.sav
2012-06-27 20:17:34 ----D---- C:\WINDOWS\security
2012-06-27 20:17:34 ----D---- C:\Program Files\WinRAR
2012-06-27 20:17:33 ----D---- C:\Program Files\Mozilla Firefox
2012-06-27 20:17:33 ----D---- C:\Program Files\K-Lite Codec Pack
2012-06-27 20:17:33 ----D---- C:\Documents and Settings\1\Data aplikací\IObit
2012-06-27 20:17:16 ----SHD---- C:\WINDOWS\Installer
2012-06-27 20:11:15 ----SD---- C:\WINDOWS\Tasks
2012-06-27 12:36:17 ----RSHD---- C:\WINDOWS\system32\dllcache
2012-06-26 22:15:17 ----D---- C:\Documents and Settings\1\Data aplikací\ICQ
2012-06-26 21:11:42 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-06-26 20:31:32 ----HD---- C:\WINDOWS\inf
2012-06-26 20:31:32 ----D---- C:\WINDOWS\Help
2012-06-19 16:48:39 ----D---- C:\Documents and Settings\1\Data aplikací\vlc
2012-06-17 00:23:33 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-06-17 00:22:38 ----RASH---- C:\boot.ini
2012-06-17 00:22:38 ----A---- C:\WINDOWS\win.ini
2012-06-17 00:22:38 ----A---- C:\WINDOWS\system.ini
2012-06-17 00:19:39 ----D---- C:\WINDOWS\system32\drivers
2012-06-17 00:14:30 ----A---- C:\WINDOWS\system32\temp.txt
2012-06-16 21:56:37 ----D---- C:\WINDOWS\Microsoft.NET
2012-06-16 21:56:27 ----RSD---- C:\WINDOWS\assembly
2012-06-16 20:01:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-06-16 19:44:01 ----D---- C:\WINDOWS\WinSxS
2012-06-16 10:31:07 ----A---- C:\WINDOWS\system32\MRT.exe
2012-06-16 10:29:37 ----D---- C:\Program Files\Internet Explorer
2012-06-16 10:28:30 ----HD---- C:\WINDOWS\$hf_mig$
2012-06-14 14:27:16 ----SHD---- C:\System Volume Information
2012-06-14 14:27:16 ----D---- C:\WINDOWS\system32\Restore
2012-06-02 15:19:44 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2012-06-02 15:19:38 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-06-02 15:19:38 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\wups2.dll
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\wups.dll
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\cdm.dll
2012-06-02 15:19:24 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-06-02 15:19:18 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-06-02 15:19:02 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2012-06-02 15:18:58 ----A---- C:\WINDOWS\system32\muweb.dll
2012-06-02 15:18:58 ----A---- C:\WINDOWS\system32\mucltui.dll
2012-05-31 15:22:06 ----A---- C:\WINDOWS\system32\crypt32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2008-05-23 24624]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 SFAUDIO;Sonic Focus DSP Driver; C:\WINDOWS\system32\drivers\sfaudio.sys [2008-03-28 24064]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2010-11-26 14776]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-10-03 82380]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 Accelerometer;HP Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2008-05-23 28592]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-11 338944]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-11-29 163328]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-05-16 1294200]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-04-03 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-03 879624]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-04-03 37280]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-04-03 74688]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2008-07-16 526848]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-06-13 1804160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-01-18 220640]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S1 MpKsl54b8e848;MpKsl54b8e848; C:\WINDOWS\system32\drivers\MpKsl54b8e848.sys []
S1 MpKsl8fabeb19;MpKsl8fabeb19; C:\WINDOWS\system32\drivers\MpKsl8fabeb19.sys []
S3 AbilisT;Abilis Systems Single DVB-T Tuner; C:\WINDOWS\System32\Drivers\AbilisBdaTuner.sys [2009-07-02 115464]
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-03-10 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-03-10 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-03-10 21568]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-14 47360]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 u3kh;ASUS My Cinema U3000 Hybrid; C:\WINDOWS\system32\DRIVERS\u3kh.sys [2008-07-07 1725440]
S3 u3khrc;ASUS Infrared Receiver; C:\WINDOWS\system32\DRIVERS\u3khrc.sys [2008-03-26 13696]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 Usblink;Usblink Driver; C:\WINDOWS\System32\Drivers\ulink.sys [2003-08-08 40788]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2010-10-03 25600]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-03-31 264800]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-30 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 250056]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 29 čer 2012 13:24

Zdravim

Jsou tam nejake zbytecnosti, ale nevidim antivir. Proc? A je s pc nejaky problem?

Davidov · #3 Příspěvek od **Davidov** » 30 čer 2012 14:52

Neni akorad je tam via procak a strasne to spomaluje pc jak Avira tak i panda cloud.Tak to projizdim jednorazovim Av 1 tydne.Jake zbytecnosti odinstaluji dekuji.

#4 Příspěvek od **Márty84** » 30 čer 2012 16:55

Nezabezpeceny pc neni zrovna nejlepsi reseni

Najdete tento soubor C:\Program Files\trend micro\1.exe a spustte ho.
Kliknete na Main menu a na Do a system scan only
U techto radku dejte vlevo zatrzitko

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)

Kliknete na nápis Fix checked a potvrdte

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
JavaQuickStarterService
AdobeFlashPlayerUpdateSvc
MpKsl54b8e848
MpKsl8fabeb19

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DVD Check.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

Davidov · #5 Příspěvek od **Davidov** » 01 črc 2012 08:05

Zdravim zde je log.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: 1
->Temp folder emptied: 13476 bytes
->Temporary Internet Files folder emptied: 168710 bytes
->Java cache emptied: 1776929 bytes
->FireFox cache emptied: 133731651 bytes
->Flash cache emptied: 964 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 295392 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 242787436 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 361,00 mb

[EMPTYFLASH]

User: 1
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service MpKsl54b8e848 stopped successfully!
Service MpKsl54b8e848 deleted successfully!
Service MpKsl8fabeb19 stopped successfully!
Service MpKsl8fabeb19 deleted successfully!
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll moved successfully.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DVD Check.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk\ deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 07012012_090010

Davidov · #6 Příspěvek od **Davidov** » 01 črc 2012 08:06

Zdravim zde je log.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: 1
->Temp folder emptied: 13476 bytes
->Temporary Internet Files folder emptied: 168710 bytes
->Java cache emptied: 1776929 bytes
->FireFox cache emptied: 133731651 bytes
->Flash cache emptied: 964 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 295392 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 242787436 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 361,00 mb

[EMPTYFLASH]

User: 1
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service MpKsl54b8e848 stopped successfully!
Service MpKsl54b8e848 deleted successfully!
Service MpKsl8fabeb19 stopped successfully!
Service MpKsl8fabeb19 deleted successfully!
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll moved successfully.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DVD Check.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk\ deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 07012012_090010

Davidov · #7 Příspěvek od **Davidov** » 01 črc 2012 08:06

Zdravim zde je log.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: 1
->Temp folder emptied: 13476 bytes
->Temporary Internet Files folder emptied: 168710 bytes
->Java cache emptied: 1776929 bytes
->FireFox cache emptied: 133731651 bytes
->Flash cache emptied: 964 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 295392 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 242787436 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 361,00 mb

[EMPTYFLASH]

User: 1
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service MpKsl54b8e848 stopped successfully!
Service MpKsl54b8e848 deleted successfully!
Service MpKsl8fabeb19 stopped successfully!
Service MpKsl8fabeb19 deleted successfully!
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll moved successfully.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DVD Check.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk\ deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 07012012_090010

#8 Příspěvek od **Márty84** » 01 črc 2012 09:10

OTM provedlo co melo, takze jestli nejsou problemy, jen uklidime.

Doporucuji odinstalovat vse od IObit, pokud tam od nej jeste neco mate (v logu jsem zahledl nejaky zaznam)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar, jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete

Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk
Stahnete napriklad program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci

Davidov · #9 Příspěvek od **Davidov** » 01 črc 2012 09:32

Jestli mohu prosit jeste o jeden log malwarebytes my na druhem pc smazl neco v registru tak to snad bude vse v poradku dekuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Davidov at 2012-07-01 10:30:59
Microsoft Windows 7 Home Basic Service Pack 1
System drive C: has 9 GB (28%) free of 31 GB
Total RAM: 8189 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:05, on 1.7.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Davidov.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Davidov\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PhenomMsrTweaker service (PhenomMsrTweaker) - Unknown owner - C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6937 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r
"C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
KHALMNPR.EXE /API
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SILENT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/2/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="2896.1.2107717053\1445043517" /prefetch:3
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SILENT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/2/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="2896.2.967011249\1479478316" /prefetch:3
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SILENT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/2/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="2896.3.633762144\1411186656" /prefetch:3
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SILENT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/2/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="2896.4.999004261\1612515122" /prefetch:3
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Davidov\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll" --lang=cs --channel="2896.5.640207749\1817973816" /prefetch:4
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Davidov\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll" --lang=cs --channel="2896.6.2117678410\1088044761" /prefetch:4
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Davidov\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll" --lang=cs --channel="2896.7.1441927286\111748066" /prefetch:4
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe" -Embedding
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2896.8.354675842\935072906" /prefetch:12
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SILENT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/2/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="2896.10.1873859234\479599802" /prefetch:3
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
taskeng.exe {827C138C-1414-4235-8716-47F83E15EFD5}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Davidov\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\4ištení PC.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1470183385-1983330260-59864334-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1470183385-1983330260-59864334-1000UA.job
C:\Windows\tasks\ocista.job
C:\Windows\tasks\čistič PC.job
C:\Windows\tasks\čištění PC.job
C:\Windows\tasks\čištění PC1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll [2011-04-24 91536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll [2011-04-24 292752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24 86416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-06-14 453104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-14 157680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-10-29 1680976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Davidov\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
c:\program files (x86)\expertool\tbpanel.exe [2011-08-02 2273608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files (x86)\common files\java\java update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\System32\klogon.dll [2011-04-24 234896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-10-28 66640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"DisableStartupSound"=1
"DisableStatusMessages"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoThumbnailCache"=1
"DisableThumbnailsOnNetworkFolders"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoResolveTrack"=0
"NoViewContextMenu"=0
"NoFileAssociate"=0
"NoRun"=0
"NoClose"=0
"StartMenuLogoff"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-07-01 10:30:59 ----D---- C:\rsit
2012-07-01 10:30:59 ----D---- C:\Program Files\trend micro
2012-07-01 10:10:39 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-06-30 20:07:20 ----A---- C:\Windows\system32\drivers\revoflt.sys
2012-06-30 20:07:19 ----D---- C:\Program Files\VS Revo Group
2012-06-30 19:58:06 ----A---- C:\Windows\system32\DfSdkBt.exe
2012-06-30 19:58:02 ----D---- C:\Program Files (x86)\Ashampoo
2012-06-24 15:03:54 ----D---- C:\Program Files (x86)\MSECACHE
2012-06-21 11:58:13 ----A---- C:\Windows\system32\wups2.dll
2012-06-21 11:58:13 ----A---- C:\Windows\system32\wucltux.dll
2012-06-21 11:58:13 ----A---- C:\Windows\system32\wuauclt.exe
2012-06-21 11:58:12 ----A---- C:\Windows\system32\wuaueng.dll
2012-06-21 11:58:10 ----A---- C:\Windows\system32\wups.dll
2012-06-21 11:58:10 ----A---- C:\Windows\system32\wudriver.dll
2012-06-21 11:58:10 ----A---- C:\Windows\system32\wuapi.dll
2012-06-21 11:58:04 ----A---- C:\Windows\system32\wuwebv.dll
2012-06-21 11:58:04 ----A---- C:\Windows\system32\wuapp.exe
2012-06-20 14:54:03 ----D---- C:\Users\Davidov\AppData\Roaming\Wise Disk Cleaner
2012-06-19 19:41:46 ----D---- C:\Program Files (x86)\GamePark
2012-06-15 20:38:35 ----D---- C:\Users\Davidov\AppData\Roaming\Mozilla
2012-06-15 18:59:00 ----D---- C:\Program Files (x86)\Adobe
2012-06-15 18:58:51 ----D---- C:\ProgramData\Adobe
2012-06-15 18:53:09 ----D---- C:\Users\Davidov\AppData\Roaming\WinRAR
2012-06-15 18:06:38 ----D---- C:\Users\Davidov\AppData\Roaming\Macromedia
2012-06-15 18:06:38 ----D---- C:\Users\Davidov\AppData\Roaming\Adobe
2012-06-15 15:43:43 ----D---- C:\Users\Davidov\AppData\Roaming\Malwarebytes
2012-06-15 15:43:38 ----D---- C:\ProgramData\Malwarebytes
2012-06-15 15:43:36 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-15 15:43:36 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-06-15 15:28:20 ----A---- C:\Windows\system32\drivers\SIVX64.sys
2012-06-14 15:56:20 ----D---- C:\ProgramData\Sun
2012-06-14 15:55:43 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-06-14 15:55:36 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-06-14 15:55:36 ----A---- C:\Windows\SYSWOW64\java.exe
2012-06-14 15:55:23 ----D---- C:\Program Files (x86)\Java
2012-06-14 15:51:21 ----D---- C:\Users\Davidov\AppData\Roaming\vlc
2012-06-12 19:42:20 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-06-12 19:42:20 ----A---- C:\Windows\system32\rdpwsx.dll
2012-06-12 19:42:20 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-06-12 19:41:51 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-06-12 19:41:51 ----A---- C:\Windows\system32\qdvd.dll
2012-06-12 19:41:29 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-06-12 19:41:02 ----A---- C:\Windows\system32\win32k.sys
2012-06-12 19:37:08 ----A---- C:\Windows\system32\profsvc.dll
2012-06-12 19:36:50 ----A---- C:\Windows\SYSWOW64\msi.dll
2012-06-12 19:36:50 ----A---- C:\Windows\system32\msi.dll
2012-06-12 19:36:21 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-06-12 19:36:21 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-06-12 19:36:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-06-12 19:35:38 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-06-12 19:35:38 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-06-12 19:35:38 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-06-12 19:35:38 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-06-12 19:35:38 ----A---- C:\Windows\system32\mshtmled.dll
2012-06-12 19:35:38 ----A---- C:\Windows\system32\mshtml.dll
2012-06-12 19:35:38 ----A---- C:\Windows\system32\ieui.dll
2012-06-12 19:35:38 ----A---- C:\Windows\system32\ieframe.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\url.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\wininet.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\urlmon.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\url.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\jsproxy.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\jscript9.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\jscript.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\ieUnatt.exe
2012-06-12 19:35:37 ----A---- C:\Windows\system32\iertutil.dll
2012-06-12 19:34:40 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-06-12 19:34:40 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-06-12 19:34:40 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-06-12 19:34:40 ----A---- C:\Windows\system32\cryptsvc.dll
2012-06-12 19:34:40 ----A---- C:\Windows\system32\cryptnet.dll
2012-06-12 19:34:40 ----A---- C:\Windows\system32\crypt32.dll
2012-06-10 17:17:18 ----ASH---- C:\pagefile.sys
2012-06-06 19:38:57 ----A---- C:\Windows\gdrv.sys
2012-06-02 18:41:21 ----D---- C:\Users\Davidov\AppData\Roaming\NVIDIA
2012-06-02 14:42:51 ----D---- C:\ProgramData\Activision

======List of files/folders modified in the last 1 month======

2012-07-01 10:31:04 ----D---- C:\temp
2012-07-01 10:30:59 ----RD---- C:\Program Files
2012-07-01 10:27:39 ----D---- C:\ProgramData\Kaspersky Lab
2012-07-01 10:27:30 ----D---- C:\Windows
2012-07-01 10:13:43 ----D---- C:\Windows\system32\config
2012-07-01 10:10:42 ----D---- C:\Windows\debug
2012-07-01 10:10:39 ----D---- C:\Windows\System32
2012-07-01 10:10:10 ----D---- C:\Windows\SoftwareDistribution
2012-07-01 10:09:48 ----D---- C:\Windows\system32\LogFiles
2012-07-01 10:09:25 ----D---- C:\Users\Davidov\AppData\Roaming\TS3Client
2012-07-01 10:09:25 ----D---- C:\Users\Davidov\AppData\Roaming\DAEMON Tools Lite
2012-07-01 10:09:18 ----D---- C:\Windows\system32\catroot2
2012-07-01 10:07:44 ----D---- C:\Windows\system32\drivers
2012-07-01 09:37:40 ----D---- C:\Windows\inf
2012-07-01 09:37:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-07-01 08:40:57 ----D---- C:\Windows\system32\Tasks
2012-06-30 22:45:46 ----D---- C:\Windows\Tasks
2012-06-30 21:02:50 ----D---- C:\Users\Davidov\AppData\Roaming\HLSW
2012-06-30 20:56:21 ----SD---- C:\Users\Davidov\AppData\Roaming\Microsoft
2012-06-30 20:56:21 ----SD---- C:\ProgramData\Microsoft
2012-06-30 20:20:18 ----HD---- C:\ProgramData
2012-06-30 20:19:05 ----RD---- C:\Program Files (x86)
2012-06-30 19:00:20 ----D---- C:\Windows\SysWOW64
2012-06-30 19:00:18 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-06-24 15:08:46 ----SHD---- C:\Windows\Installer
2012-06-23 10:00:39 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-06-23 09:18:58 ----D---- C:\Program Files\SUPERAntiSpyware
2012-06-22 21:09:41 ----D---- C:\Windows\rescache
2012-06-21 16:58:16 ----D---- C:\Windows\winsxs
2012-06-21 16:58:12 ----D---- C:\Windows\system32\cs-CZ
2012-06-21 11:58:15 ----D---- C:\Windows\system32\catroot
2012-06-20 14:55:39 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2012-06-20 14:42:04 ----D---- C:\Windows\SYSWOW64\Macromed
2012-06-20 14:41:34 ----D---- C:\Windows\Temp
2012-06-20 14:41:33 ----RSD---- C:\Windows\assembly
2012-06-15 20:16:53 ----D---- C:\Windows\Logs
2012-06-15 20:04:24 ----D---- C:\Windows\Panther
2012-06-15 18:59:00 ----D---- C:\Program Files (x86)\Common Files
2012-06-14 15:08:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-06-14 14:54:56 ----D---- C:\Windows\pss
2012-06-14 14:52:46 ----D---- C:\Windows\SYSWOW64\LogFiles
2012-06-14 14:15:35 ----D---- C:\Windows\Microsoft.NET
2012-06-14 09:47:22 ----D---- C:\Program Files (x86)\FreeTime
2012-06-14 09:26:30 ----A---- C:\Windows\system32\npdeployJava1.dll
2012-06-14 09:26:30 ----A---- C:\Windows\system32\deployJava1.dll
2012-06-14 09:09:59 ----A---- C:\Windows\system32\MRT.exe
2012-06-12 23:19:46 ----D---- C:\Windows\SYSWOW64\migration
2012-06-12 23:19:46 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-06-12 23:19:46 ----D---- C:\Windows\system32\migration
2012-06-12 23:19:46 ----D---- C:\Program Files\Internet Explorer
2012-06-12 23:19:46 ----D---- C:\Program Files (x86)\Internet Explorer
2012-06-11 14:04:28 ----D---- C:\Windows\SYSWOW64\config
2012-06-04 20:28:46 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2011-03-04 460888]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-27 283200]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2012-04-03 615728]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-08-24 63568]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-08-24 57936]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2010-08-24 41040]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\PhenomMsrTweaker\WinRing0x64.sys [2010-06-03 14544]
S0 ijbsgx;ijbsgx; C:\Windows\system32\drivers\ijbsgx.sys []
S0 kebzlm;kebzlm; C:\Windows\system32\drivers\kebzlm.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-06-06 25640]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys []
S3 tizekdrv;tizekdrv; \??\C:\Users\Davidov\AppData\Roaming\TZAC\tizek64.sys [2012-04-03 241848]
S3 tizeqdrv;tizeqdrv; \??\C:\Users\Davidov\AppData\Roaming\TZAC2\tizeq64.sys [2012-05-20 153784]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-05-15 889664]
R2 PhenomMsrTweaker;PhenomMsrTweaker service; C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe [2010-06-03 188416]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-05-16 76888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 DfSdkS;Defragmentation-Service; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe [2009-08-24 544768]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-03 1255736]
S4 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-12 140672]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-04-03 79360]
S4 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2010-01-27 286720]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-10-28 357456]

-----------------EOF-----------------

#10 Příspěvek od **Márty84** » 01 črc 2012 09:47

Priste si ale zalozte na jiny pocitac nove tema, takhle je v tom potom gulas

Mate log z MBAM? Rad bych videl, co odstranoval. A pokud jste nedelal uplnou kontrolu, udelejte ji a log z ni bych chtel videt, driv nez neco smazete.

Davidov · #11 Příspěvek od **Davidov** » 01 črc 2012 11:17

Bohuzel uz jsem to smaznul i slogem pri cisteni sry:-(.A podle rsis se to neda poznat jestli je vse ok?

#12 Příspěvek od **Márty84** » 01 črc 2012 11:23

No bylo by lepsi, kdybych videl co daval pryc. Podle toho bych mel vetsi jistotu. RSIT taky neukaze vse.

Kazdopadne, udelejte toto

Pokud je tam nemate schvalne, najdete a smazte tyto soubory
C:\Windows\tasks\4ištení PC.job
C:\Windows\tasks\ocista.job
C:\Windows\tasks\čistič PC.job
C:\Windows\tasks\čištění PC.job
C:\Windows\tasks\čištění PC1.job

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
AdobeARMservice
ijbsgx
kebzlm

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1470183385-1983330260-59864334-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1470183385-1983330260-59864334-1000UA.job

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] /64

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

Davidov · #13 Příspěvek od **Davidov** » 01 črc 2012 11:35

Files moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Pak jsem restartoval a pracovalo to nejakou dobu nez to nabotovalo do win.

#14 Příspěvek od **Márty84** » 01 črc 2012 11:41

Dejte sem novy log z RSIT, abych videl, jestli se to smazalo

Davidov · #15 Příspěvek od **Davidov** » 01 črc 2012 11:49

Advanced system care uz by tam taky nemel byt odinstaloval jsem ho.Dekuji.Pak to chci zazalohovat aby byl klid.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Davidov at 2012-07-01 12:46:39
Microsoft Windows 7 Home Basic Service Pack 1
System drive C: has 9 GB (28%) free of 31 GB
Total RAM: 8189 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:43, on 1.7.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Davidov.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Davidov\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PhenomMsrTweaker service (PhenomMsrTweaker) - Unknown owner - C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 7040 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
KHALMNPR.EXE /API
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/INSTANT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/15/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_83/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="3468.1.1989675078\1330165913" /prefetch:3
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/INSTANT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/15/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_83/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="3468.2.2136047134\2049379832" /prefetch:3
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/INSTANT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/15/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_83/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="3468.3.509320278\600004842" /prefetch:3
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/INSTANT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/15/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_83/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="3468.4.1899542746\1265934818" /prefetch:3
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Davidov\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll" --lang=cs --channel="3468.5.1611094897\963232768" /prefetch:4
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Davidov\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll" --lang=cs --channel="3468.6.1542109819\2031485037" /prefetch:4
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe" -Embedding
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Davidov\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll" --lang=cs --channel="3468.7.1060232434\1220020862" /prefetch:4
C:\Windows\system32\rundll32.exe "C:\Users\Davidov\AppData\Local\Google\Chrome\APPLIC~1\200113~1.47\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Davidov\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll" --lang=cs --channel="3468.9.430646144\1973417841" --flash-broker=3104 /prefetch:4
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3468.10.1930883639\154335391" /prefetch:12
"C:\Users\Davidov\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/INSTANT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/15/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_83/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="3468.15.1245466528\801229487" /prefetch:3
"C:\Users\Davidov\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1470183385-1983330260-59864334-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1470183385-1983330260-59864334-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll [2011-04-24 91536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll [2011-04-24 292752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24 86416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-06-14 453104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-14 157680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-10-29 1680976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Davidov\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
c:\program files (x86)\expertool\tbpanel.exe [2011-08-02 2273608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files (x86)\common files\java\java update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\System32\klogon.dll [2011-04-24 234896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-10-28 66640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"DisableStartupSound"=1
"DisableStatusMessages"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoThumbnailCache"=1
"DisableThumbnailsOnNetworkFolders"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoResolveTrack"=0
"NoViewContextMenu"=0
"NoFileAssociate"=0
"NoRun"=0
"NoClose"=0
"StartMenuLogoff"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-07-01 12:46:39 ----D---- C:\rsit
2012-07-01 12:27:47 ----D---- C:\_OTM
2012-07-01 10:30:59 ----D---- C:\Program Files\trend micro
2012-07-01 10:10:39 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-06-30 20:07:20 ----A---- C:\Windows\system32\drivers\revoflt.sys
2012-06-30 20:07:19 ----D---- C:\Program Files\VS Revo Group
2012-06-30 19:58:06 ----A---- C:\Windows\system32\DfSdkBt.exe
2012-06-30 19:58:02 ----D---- C:\Program Files (x86)\Ashampoo
2012-06-24 15:03:54 ----D---- C:\Program Files (x86)\MSECACHE
2012-06-21 11:58:13 ----A---- C:\Windows\system32\wups2.dll
2012-06-21 11:58:13 ----A---- C:\Windows\system32\wucltux.dll
2012-06-21 11:58:13 ----A---- C:\Windows\system32\wuauclt.exe
2012-06-21 11:58:12 ----A---- C:\Windows\system32\wuaueng.dll
2012-06-21 11:58:10 ----A---- C:\Windows\system32\wups.dll
2012-06-21 11:58:10 ----A---- C:\Windows\system32\wudriver.dll
2012-06-21 11:58:10 ----A---- C:\Windows\system32\wuapi.dll
2012-06-21 11:58:04 ----A---- C:\Windows\system32\wuwebv.dll
2012-06-21 11:58:04 ----A---- C:\Windows\system32\wuapp.exe
2012-06-20 14:54:03 ----D---- C:\Users\Davidov\AppData\Roaming\Wise Disk Cleaner
2012-06-19 19:41:46 ----D---- C:\Program Files (x86)\GamePark
2012-06-15 20:38:35 ----D---- C:\Users\Davidov\AppData\Roaming\Mozilla
2012-06-15 18:59:00 ----D---- C:\Program Files (x86)\Adobe
2012-06-15 18:58:51 ----D---- C:\ProgramData\Adobe
2012-06-15 18:53:09 ----D---- C:\Users\Davidov\AppData\Roaming\WinRAR
2012-06-15 18:06:38 ----D---- C:\Users\Davidov\AppData\Roaming\Macromedia
2012-06-15 18:06:38 ----D---- C:\Users\Davidov\AppData\Roaming\Adobe
2012-06-15 15:43:43 ----D---- C:\Users\Davidov\AppData\Roaming\Malwarebytes
2012-06-15 15:43:38 ----D---- C:\ProgramData\Malwarebytes
2012-06-15 15:43:36 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-15 15:43:36 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-06-15 15:28:20 ----A---- C:\Windows\system32\drivers\SIVX64.sys
2012-06-14 15:56:20 ----D---- C:\ProgramData\Sun
2012-06-14 15:55:43 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-06-14 15:55:36 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-06-14 15:55:36 ----A---- C:\Windows\SYSWOW64\java.exe
2012-06-14 15:55:23 ----D---- C:\Program Files (x86)\Java
2012-06-14 15:51:21 ----D---- C:\Users\Davidov\AppData\Roaming\vlc
2012-06-12 19:42:20 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-06-12 19:42:20 ----A---- C:\Windows\system32\rdpwsx.dll
2012-06-12 19:42:20 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-06-12 19:41:51 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-06-12 19:41:51 ----A---- C:\Windows\system32\qdvd.dll
2012-06-12 19:41:29 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-06-12 19:41:02 ----A---- C:\Windows\system32\win32k.sys
2012-06-12 19:37:08 ----A---- C:\Windows\system32\profsvc.dll
2012-06-12 19:36:50 ----A---- C:\Windows\SYSWOW64\msi.dll
2012-06-12 19:36:50 ----A---- C:\Windows\system32\msi.dll
2012-06-12 19:36:21 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-06-12 19:36:21 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-06-12 19:36:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-06-12 19:35:38 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-06-12 19:35:38 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-06-12 19:35:38 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-06-12 19:35:38 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-06-12 19:35:38 ----A---- C:\Windows\system32\mshtmled.dll
2012-06-12 19:35:38 ----A---- C:\Windows\system32\mshtml.dll
2012-06-12 19:35:38 ----A---- C:\Windows\system32\ieui.dll
2012-06-12 19:35:38 ----A---- C:\Windows\system32\ieframe.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\url.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-06-12 19:35:37 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\wininet.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\urlmon.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\url.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\jsproxy.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\jscript9.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\jscript.dll
2012-06-12 19:35:37 ----A---- C:\Windows\system32\ieUnatt.exe
2012-06-12 19:35:37 ----A---- C:\Windows\system32\iertutil.dll
2012-06-12 19:34:40 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-06-12 19:34:40 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-06-12 19:34:40 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-06-12 19:34:40 ----A---- C:\Windows\system32\cryptsvc.dll
2012-06-12 19:34:40 ----A---- C:\Windows\system32\cryptnet.dll
2012-06-12 19:34:40 ----A---- C:\Windows\system32\crypt32.dll
2012-06-10 17:17:18 ----ASH---- C:\pagefile.sys
2012-06-06 19:38:57 ----A---- C:\Windows\gdrv.sys
2012-06-02 18:41:21 ----D---- C:\Users\Davidov\AppData\Roaming\NVIDIA
2012-06-02 14:42:51 ----D---- C:\ProgramData\Activision

======List of files/folders modified in the last 1 month======

2012-07-01 12:46:43 ----D---- C:\temp
2012-07-01 12:39:42 ----D---- C:\Windows\System32
2012-07-01 12:39:42 ----D---- C:\Windows\inf
2012-07-01 12:39:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-07-01 12:37:46 ----D---- C:\Users\Davidov\AppData\Roaming\HLSW
2012-07-01 12:36:39 ----D---- C:\Windows\system32\config
2012-07-01 12:34:28 ----D---- C:\ProgramData\Kaspersky Lab
2012-07-01 12:30:13 ----D---- C:\Windows
2012-07-01 12:25:53 ----D---- C:\Windows\Tasks
2012-07-01 12:10:56 ----D---- C:\Windows\SysWOW64
2012-07-01 12:10:52 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-07-01 11:16:29 ----D---- C:\Users\Davidov\AppData\Roaming\TS3Client
2012-07-01 10:30:59 ----RD---- C:\Program Files
2012-07-01 10:10:42 ----D---- C:\Windows\debug
2012-07-01 10:10:10 ----D---- C:\Windows\SoftwareDistribution
2012-07-01 10:09:48 ----D---- C:\Windows\system32\LogFiles
2012-07-01 10:09:25 ----D---- C:\Users\Davidov\AppData\Roaming\DAEMON Tools Lite
2012-07-01 10:09:18 ----D---- C:\Windows\system32\catroot2
2012-07-01 10:07:44 ----D---- C:\Windows\system32\drivers
2012-07-01 08:40:57 ----D---- C:\Windows\system32\Tasks
2012-06-30 20:56:21 ----SD---- C:\Users\Davidov\AppData\Roaming\Microsoft
2012-06-30 20:56:21 ----SD---- C:\ProgramData\Microsoft
2012-06-30 20:20:18 ----HD---- C:\ProgramData
2012-06-30 20:19:05 ----RD---- C:\Program Files (x86)
2012-06-24 15:08:46 ----SHD---- C:\Windows\Installer
2012-06-23 10:00:39 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-06-23 09:18:58 ----D---- C:\Program Files\SUPERAntiSpyware
2012-06-22 21:09:41 ----D---- C:\Windows\rescache
2012-06-21 16:58:16 ----D---- C:\Windows\winsxs
2012-06-21 16:58:12 ----D---- C:\Windows\system32\cs-CZ
2012-06-21 11:58:15 ----D---- C:\Windows\system32\catroot
2012-06-20 14:55:39 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2012-06-20 14:42:04 ----D---- C:\Windows\SYSWOW64\Macromed
2012-06-20 14:41:34 ----D---- C:\Windows\Temp
2012-06-20 14:41:33 ----RSD---- C:\Windows\assembly
2012-06-15 20:16:53 ----D---- C:\Windows\Logs
2012-06-15 20:04:24 ----D---- C:\Windows\Panther
2012-06-15 18:59:00 ----D---- C:\Program Files (x86)\Common Files
2012-06-14 15:08:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-06-14 14:54:56 ----D---- C:\Windows\pss
2012-06-14 14:52:46 ----D---- C:\Windows\SYSWOW64\LogFiles
2012-06-14 14:15:35 ----D---- C:\Windows\Microsoft.NET
2012-06-14 09:47:22 ----D---- C:\Program Files (x86)\FreeTime
2012-06-14 09:26:30 ----A---- C:\Windows\system32\npdeployJava1.dll
2012-06-14 09:26:30 ----A---- C:\Windows\system32\deployJava1.dll
2012-06-14 09:09:59 ----A---- C:\Windows\system32\MRT.exe
2012-06-12 23:19:46 ----D---- C:\Windows\SYSWOW64\migration
2012-06-12 23:19:46 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-06-12 23:19:46 ----D---- C:\Windows\system32\migration
2012-06-12 23:19:46 ----D---- C:\Program Files\Internet Explorer
2012-06-12 23:19:46 ----D---- C:\Program Files (x86)\Internet Explorer
2012-06-11 14:04:28 ----D---- C:\Windows\SYSWOW64\config
2012-06-04 20:28:46 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2011-03-04 460888]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-27 283200]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2012-04-03 615728]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-08-24 63568]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-08-24 57936]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2010-08-24 41040]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\PhenomMsrTweaker\WinRing0x64.sys [2010-06-03 14544]
S0 ijbsgx;ijbsgx; C:\Windows\system32\drivers\ijbsgx.sys []
S0 kebzlm;kebzlm; C:\Windows\system32\drivers\kebzlm.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-06-06 25640]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys []
S3 tizekdrv;tizekdrv; \??\C:\Users\Davidov\AppData\Roaming\TZAC\tizek64.sys [2012-04-03 241848]
S3 tizeqdrv;tizeqdrv; \??\C:\Users\Davidov\AppData\Roaming\TZAC2\tizeq64.sys [2012-05-20 153784]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-05-15 889664]
R2 PhenomMsrTweaker;PhenomMsrTweaker service; C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe [2010-06-03 188416]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-05-16 76888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 DfSdkS;Defragmentation-Service; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe [2009-08-24 544768]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-03 1255736]
S4 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-12 140672]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-04-03 79360]
S4 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2010-01-27 286720]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-10-28 357456]

-----------------EOF-----------------

VIRY.CZ

prosim o preventivku dekuji.

prosim o preventivku dekuji.

Re: Zadam o preventivku dekuji.

Re: prosim o preventivku dekuji.

Re: prosim o preventivku dekuji.

Re: prosim o preventivku dekuji.

Re: prosim o preventivku dekuji.

Re: prosim o preventivku dekuji.

Re: prosim o preventivku dekuji.

Re: prosim o preventivku dekuji.

Re: prosim o preventivku dekuji.

Re: prosim o preventivku dekuji.

Re: prosim o preventivku dekuji.

Re: prosim o preventivku dekuji.

Re: prosim o preventivku dekuji.

Re: prosim o preventivku dekuji.