Zdravím, prosím o preventivní kontrolu, minulá kontrola byla provedena v roce 2012 a myslím si, že by už bylo na čase to trochu zkontrolovat, děkuji.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Tonda at 2013-05-03 15:57:39
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 3 GB (3%) free of 100 GB
Total RAM: 2046 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:58:12, on 3.5.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Users\Tonda\Downloads\RSIT.exe
C:\Program Files\trend micro\Tonda.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ��127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\VE9ED0~1\Programy\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\DISC\Visual 2012\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\VE9ED0~1\Programy\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BCSSync] "D:\VŠE\Programy\Microsoft Office 2010\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tonda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: DeskDrive.lnk = C:\Windows\Lion Skin Pack\DeskDrive\DeskDrive.exe
O4 - Global Startup: Finderbar.lnk = C:\Windows\Lion Skin Pack\Finderbar\Finderbar.exe
O4 - Global Startup: MacSearch.lnk = C:\Windows\Lion Skin Pack\MacSearch\MacSearch.exe
O4 - Global Startup: Refresh.lnk = ?
O4 - Global Startup: RocketDock.lnk = C:\Windows\Lion Skin Pack\RocketDock\RocketDock.exe
O4 - Global Startup: tClock.lnk = C:\Windows\Lion Skin Pack\tClock\Clock.exe
O4 - Global Startup: UberIcon.lnk = C:\Windows\Lion Skin Pack\UberIcon\UberIcon.exe
O4 - Global Startup: Winroll.lnk = C:\Windows\Lion Skin Pack\Winroll\winroll.exe
O4 - Global Startup: xwidget.lnk = C:\Windows\Lion Skin Pack\xwidget\xwidget.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\VŠE\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\VŠE\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\VŠE\Programy\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\VŠE\Programy\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... .110.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: CD Guard Drivers Auto Removal (v2) (psrem02) - Protection Technology - C:\Windows\system32\psrem02.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 8517 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4006872256-4244566213-3281827725-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4006872256-4244566213-3281827725-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Tonda\AppData\Roaming\Mozilla\Firefox\Profiles\lwcwyxgq.default
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=D:\DISC\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=D:\VE9ED0~1\Programy\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=D:\VE9ED0~1\Programy\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@raidcall.en/RCplugin]
"Description"=Raidcall plugin
"Path"=C:\Users\Tonda\AppData\Roaming\raidcall\plugins\nprcplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\VE9ED0~1\Programy\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-15 461216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}]
Microsoft Web Test Recorder 10.0 Helper - D:\DISC\Visual 2012\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26 74888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-03-07 1224568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\VE9ED0~1\Programy\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-15 170912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-03-07 1224568]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2013-03-07 4767304]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-01-28 59720]
"BCSSync"=D:\VŠE\Programy\Microsoft Office 2010\Office14\BCSSync.exe [2010-03-13 91520]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2012-06-11 10996368]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Tonda\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 136176]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-02-28 18642024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\DISC\iTunes\iTunesHelper.exe [2013-02-20 152392]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DeskDrive.lnk - C:\Windows\Lion Skin Pack\DeskDrive\DeskDrive.exe
Finderbar.lnk - C:\Windows\Lion Skin Pack\Finderbar\Finderbar.exe
MacSearch.lnk - C:\Windows\Lion Skin Pack\MacSearch\MacSearch.exe
Refresh.lnk - C:\Windows\Lion Skin Pack\Tools\Refresh.cmd
RocketDock.lnk - C:\Windows\Lion Skin Pack\RocketDock\RocketDock.exe
tClock.lnk - C:\Windows\Lion Skin Pack\tClock\Clock.exe
UberIcon.lnk - C:\Windows\Lion Skin Pack\UberIcon\UberIcon.exe
Winroll.lnk - C:\Windows\Lion Skin Pack\Winroll\winroll.exe
xwidget.lnk - C:\Windows\Lion Skin Pack\xwidget\xwidget.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2013-04-30 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\VE9ED0~1\Programy\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.FPS1"=frapsvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2013-05-01 15:55:54 ----D---- C:\Program Files\iPod
2013-05-01 15:55:52 ----D---- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-01 15:27:51 ----A---- C:\Windows\system32\roboot.exe
2013-05-01 15:27:40 ----D---- C:\Users\Tonda\AppData\Roaming\systweak
2013-05-01 15:27:34 ----D---- C:\Program Files\Appnimi
2013-04-30 15:22:21 ----A---- C:\Windows\system32\wininet.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\wextract.exe
2013-04-30 15:22:21 ----A---- C:\Windows\system32\vbscript.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\urlmon.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-04-30 15:22:21 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-04-30 15:22:21 ----A---- C:\Windows\system32\pngfilt.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\occache.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-04-30 15:22:21 ----A---- C:\Windows\system32\msrating.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\msls31.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\mshtmler.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\mshtmled.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\mshtml.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\mshta.exe
2013-04-30 15:22:21 ----A---- C:\Windows\system32\msfeedssync.exe
2013-04-30 15:22:21 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\msfeeds.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\jsproxy.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\jscript9.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\jscript.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\inseng.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\imgutil.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\iexpress.exe
2013-04-30 15:22:21 ----A---- C:\Windows\system32\ieUnatt.exe
2013-04-30 15:22:21 ----A---- C:\Windows\system32\iesysprep.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\iertutil.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\iepeers.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-04-30 15:22:21 ----A---- C:\Windows\system32\elshyph.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\webcheck.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\url.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\mshtmlmedia.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\licmgr10.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\ieui.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\iesetup.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\iernonce.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\ieframe.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\iedkcs32.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\ieapfltr.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\ieapfltr.dat
2013-04-30 15:22:20 ----A---- C:\Windows\system32\ie4uinit.exe
2013-04-30 15:22:20 ----A---- C:\Windows\system32\icardie.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\dxtrans.dll
2013-04-30 15:22:20 ----A---- C:\Windows\system32\dxtmsft.dll
2013-04-30 15:20:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 15:20:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 15:20:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 15:20:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 15:20:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 15:20:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 15:20:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 15:20:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 15:20:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\XpsPrint.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\WMPhoto.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\UIAnimation.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\FntCache.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\dxgi.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\DWrite.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\d3d11.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\d3d10warp.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\d3d10level9.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\d3d10core.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\d3d10_1core.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\d3d10_1.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\d3d10.dll
2013-04-30 15:20:54 ----A---- C:\Windows\system32\d2d1.dll
2013-04-24 16:55:36 ----D---- C:\ProgramData\TamoSoft
2013-04-24 10:38:14 ----A---- C:\Windows\system32\drivers\ntfs.sys
2013-04-13 17:45:37 ----D---- C:\Users\Tonda\AppData\Roaming\Unity
2013-04-13 13:29:39 ----D---- C:\Program Files\Mozilla Firefox
2013-04-10 18:45:29 ----A---- C:\Windows\system32\win32k.sys
2013-04-10 18:45:26 ----A---- C:\Windows\system32\drivers\fvevol.sys
2013-04-10 18:45:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-04-10 18:45:10 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-04-10 18:45:05 ----A---- C:\Windows\system32\smss.exe
2013-04-10 18:45:04 ----A---- C:\Windows\system32\csrsrv.dll
2013-04-10 18:44:42 ----A---- C:\Windows\system32\mstscax.dll
2013-04-10 18:44:38 ----A---- C:\Windows\system32\aaclient.dll
2013-04-10 18:44:37 ----A---- C:\Windows\system32\tsgqec.dll
2013-04-07 15:01:12 ----A---- C:\Windows\system32\pbsvc_bc2.exe
2013-04-07 13:53:22 ----D---- C:\Program Files\Common Files\Skype
======List of files/folders modified in the last 1 month======
2013-05-03 15:57:52 ----D---- C:\Windows\Temp
2013-05-03 15:57:42 ----D---- C:\Program Files\trend micro
2013-05-03 15:47:08 ----D---- C:\Users\Tonda\AppData\Roaming\Skype
2013-05-03 15:44:26 ----D---- C:\Program Files\Steam
2013-05-03 15:44:25 ----D---- C:\Users\Tonda\AppData\Roaming\TS3Client
2013-05-03 15:43:21 ----D---- C:\Windows\Panther
2013-05-03 15:43:21 ----D---- C:\Windows\inf
2013-05-03 15:43:16 ----D---- C:\Windows\SoftwareDistribution
2013-05-03 15:43:10 ----D---- C:\Windows\Logs
2013-05-03 15:43:10 ----D---- C:\Windows
2013-05-03 13:11:19 ----D---- C:\Windows\system32\config
2013-05-02 15:37:02 ----D---- C:\Windows\system32\Tasks
2013-05-02 15:36:59 ----D---- C:\Windows\Tasks
2013-05-02 15:36:58 ----RD---- C:\Program Files
2013-05-02 15:31:32 ----SHD---- C:\System Volume Information
2013-05-02 11:16:44 ----D---- C:\Config.Msi
2013-05-02 02:06:08 ----N---- C:\Windows\system32\MpSigStub.exe
2013-05-01 19:42:51 ----D---- C:\Windows\system32\catroot
2013-05-01 15:58:16 ----SHD---- C:\Windows\Installer
2013-05-01 15:57:07 ----AD---- C:\Windows\System32
2013-05-01 15:55:52 ----D---- C:\ProgramData
2013-05-01 15:55:52 ----D---- C:\Program Files\Common Files\Apple
2013-05-01 15:52:46 ----D---- C:\Windows\system32\DriverStore
2013-05-01 15:52:44 ----D---- C:\Windows\system32\catroot2
2013-04-30 15:31:04 ----D---- C:\Windows\winsxs
2013-04-30 15:28:58 ----D---- C:\Windows\system32\cs-CZ
2013-04-30 15:28:58 ----D---- C:\Program Files\Internet Explorer
2013-04-30 15:28:55 ----D---- C:\Windows\system32\migration
2013-04-30 15:28:55 ----D---- C:\Windows\PolicyDefinitions
2013-04-30 15:28:54 ----D---- C:\Windows\system32\en-US
2013-04-30 15:28:51 ----D---- C:\Windows\system32\zh-TW
2013-04-30 15:28:51 ----D---- C:\Windows\system32\zh-HK
2013-04-30 15:28:51 ----D---- C:\Windows\system32\zh-CN
2013-04-30 15:28:51 ----D---- C:\Windows\system32\tr-TR
2013-04-30 15:28:51 ----D---- C:\Windows\system32\sv-SE
2013-04-30 15:28:51 ----D---- C:\Windows\system32\ru-RU
2013-04-30 15:28:51 ----D---- C:\Windows\system32\pt-PT
2013-04-30 15:28:51 ----D---- C:\Windows\system32\pt-BR
2013-04-30 15:28:51 ----D---- C:\Windows\system32\pl-PL
2013-04-30 15:28:51 ----D---- C:\Windows\system32\nl-NL
2013-04-30 15:28:51 ----D---- C:\Windows\system32\ko-KR
2013-04-30 15:28:51 ----D---- C:\Windows\system32\ja-JP
2013-04-30 15:28:51 ----D---- C:\Windows\system32\it-IT
2013-04-30 15:28:51 ----D---- C:\Windows\system32\hu-HU
2013-04-30 15:28:51 ----D---- C:\Windows\system32\fr-FR
2013-04-30 15:28:51 ----D---- C:\Windows\system32\fi-FI
2013-04-30 15:28:51 ----D---- C:\Windows\system32\es-ES
2013-04-30 15:28:51 ----D---- C:\Windows\system32\el-GR
2013-04-30 15:28:51 ----D---- C:\Windows\system32\de-DE
2013-04-30 15:28:50 ----D---- C:\Windows\system32\nb-NO
2013-04-30 15:28:50 ----D---- C:\Windows\system32\da-DK
2013-04-28 13:30:18 ----D---- C:\Windows\Prefetch
2013-04-25 16:36:59 ----D---- C:\Program Files\Common Files\Steam
2013-04-24 14:17:44 ----D---- C:\Windows\system32\drivers
2013-04-20 13:18:00 ----D---- C:\Program Files\TeamSpeak 3 Client
2013-04-14 13:10:35 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-04-12 12:27:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-11 15:28:41 ----D---- C:\Users\Tonda\AppData\Roaming\uTorrent
2013-04-11 15:27:09 ----D---- C:\Windows\debug
2013-04-10 19:54:03 ----D---- C:\ProgramData\Microsoft Help
2013-04-10 19:48:45 ----A---- C:\Windows\system32\MRT.exe
2013-04-07 15:24:44 ----A---- C:\Windows\system32\PnkBstrB.exe
2013-04-07 15:00:46 ----RSD---- C:\Windows\assembly
2013-04-07 13:53:39 ----D---- C:\ProgramData\Skype
2013-04-07 13:53:22 ----RD---- C:\Program Files\Skype
2013-04-07 13:53:22 ----D---- C:\Program Files\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R0 pssync05;CD Guard Synchronization Driver (v5); C:\Windows\system32\drivers\pssync05.sys [2006-11-03 61312]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-27 691696]
R0 viamraid;viamraid; C:\Windows\system32\DRIVERS\viamraid.sys [2004-07-06 60672]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-03-07 60656]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-03-07 66336]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 4450816]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-14 211456]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2012-06-19 3240400]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2004-05-13 111808]
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2003-09-06 6944]
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-05-13 79488]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Tonda\AppData\Local\Temp\catchme.sys []
S3 CFcatchme;CFcatchme; \??\C:\Users\Tonda\AppData\Local\Temp\CFcatchme.sys []
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbus.sys []
S3 PBDOWNFORCE_SERVICE;PBDOWNFORCE_SERVICE; \??\C:\Users\Tonda\AppData\Local\Temp\PHQ8799.tmp []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SMARTMouseFilterx86;HID-compliant mouse; C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2011-01-25 11632]
S3 SMARTVHidMini2000x86;SMART HID Device; C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2011-01-25 14704]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC; C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2011-01-25 21872]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-09-28 44544]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 VSPerfDrv110;Performance Tools Driver 11.0; \??\D:\DISC\Visual 2012\Team Tools\Performance Tools\VSPerfDrv110.sys [2012-07-13 55416]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 733184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-03-07 45248]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-09-08 76888]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-02-11 105048]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-01 136176]
S2 psrem02;CD Guard Drivers Auto Removal (v2); C:\Windows\system32\psrem02.exe [2006-05-11 358008]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-07-09 46528]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 133632]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-01 136176]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-02-20 553288]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; D:\VŠE\Programy\Microsoft Office 2010\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-13 115608]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2011-02-27 4010312]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2013-04-19 543656]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Te.Service;Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 94208]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-28 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Kontrola
Zdravím, tohle fixni v HJT :
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [BCSSync] "D:\VŠE\Programy\Microsoft Office 2010\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tonda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HJT najdeš zde :
C:\Program Files\trend micro\Tonda.exe
Fix znamená že spustíš HJT
jako admin
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
NMIndexingService
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,
pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [BCSSync] "D:\VŠE\Programy\Microsoft Office 2010\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tonda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HJT najdeš zde :
C:\Program Files\trend micro\Tonda.exe
Fix znamená že spustíš HJT
jako adminv okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
NMIndexingService
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Program Files\Pando Networks
C:\Users\Tonda\AppData\Local\Temp\catchme.sys
C:\Users\Tonda\AppData\Local\Temp\CFcatchme.sys
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Path"=-
:services
catchme
CFcatchme
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Re: Kontrola
Tak, tady to je :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Program Files\Pando Networks not found.
File/Folder C:\Users\Tonda\AppData\Local\Temp\catchme.sys not found.
File/Folder C:\Users\Tonda\AppData\Local\Temp\CFcatchme.sys not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\\Description deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\\Path deleted successfully.
========== SERVICES/DRIVERS ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
Service CFcatchme stopped successfully!
Service CFcatchme deleted successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57616 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: hedev
->Temp folder emptied: 43164427 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Tonda
->Temp folder emptied: 1815603 bytes
->Temporary Internet Files folder emptied: 170 bytes
->Java cache emptied: 3025010 bytes
->FireFox cache emptied: 8867043 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 58144 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53577870 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 21060144 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 126,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 05042013_135021
Files moved on Reboot...
C:\Users\Tonda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Jinak bych se chtěl zeptat, jak často by se měla tato "preventivka" dělat ?
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Program Files\Pando Networks not found.
File/Folder C:\Users\Tonda\AppData\Local\Temp\catchme.sys not found.
File/Folder C:\Users\Tonda\AppData\Local\Temp\CFcatchme.sys not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\\Description deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\\Path deleted successfully.
========== SERVICES/DRIVERS ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
Service CFcatchme stopped successfully!
Service CFcatchme deleted successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57616 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: hedev
->Temp folder emptied: 43164427 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Tonda
->Temp folder emptied: 1815603 bytes
->Temporary Internet Files folder emptied: 170 bytes
->Java cache emptied: 3025010 bytes
->FireFox cache emptied: 8867043 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 58144 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53577870 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 21060144 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 126,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 05042013_135021
Files moved on Reboot...
C:\Users\Tonda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Jinak bych se chtěl zeptat, jak často by se měla tato "preventivka" dělat ?
Re: Kontrola
Rozhodně častěji než jednou za rokScorpy píše:Jinak bych se chtěl zeptat, jak často by se měla tato "preventivka" dělat ?
Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!
tímto po sobě uklidí.
No a pokud s PC není žádný problém je to z mé strany vše.
Přispějete na provoz fóra?