Prosím o kontrolu logu po chybách v registru

[Pietro92]

Dobrý den chtěl bych poprosit o kontrolu logu. Notebook se jeví normálně ale měl jsem problém s registry po jedné instalaci tak pro jistotu... Předem děkuji

Výpis z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Eragon at 2014-03-09 14:24:34
Microsoft® Windows Vista™ Home Premium Service Pack 3
System drive C: has 47 GB (20%) free of 238 GB
Total RAM: 3070 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:25:06, on 9.3.2014
Platform: Windows Vista SP3 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Moje programy\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Windows\ehome\ehmsas.exe
C:\Moje programy\NetSoftware\NetSoftware.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Programy\SpeedFan\speedfan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eragon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Eragon\Desktop\RSIT (1).exe
C:\Program Files\trend micro\Eragon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: InternetPanelBHO - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Moje programy\NetSoftware\IEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
O4 - HKLM\..\Run: [NetSoftware] "C:\Moje programy\NetSoftware\Starter.exe" /path="C:\Moje programy\NetSoftware"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Eragon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Eragon\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Moje programy\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Eragon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: TrackMania Original Drivers Auto Removal (pr2ajcyb) (pr2ajcyb) - NADEO - C:\Windows\system32\pr2ajcyb.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 10925 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Eragon\AppData\Roaming\Mozilla\Firefox\Profiles\0z10jc6j.default

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
"Description"=Office Live Update v1.3
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00]
"Description"=Plug-in to check PlayStation(R)Network Downloader.
"Path"=C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0]
"Description"=
"Path"=C:\Program Files\Sony\Media Go\npmediago.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=D:\Programy\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=D:\Programy\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

D:\Programy\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

D:\Programy\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-12 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
Internet Panel - C:\Moje programy\NetSoftware\IEHelper.dll [2013-04-19 508912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-12 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-07-30 497024]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-10 7612960]
"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2009-04-09 237568]
"HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-07-07 8493624]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2009-08-20 170624]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2009-09-08 3054136]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2009-09-08 72248]
"ADSMTray"=C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]
"MDS_Menu"=C:\Program Files\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]
"NetSoftware"=C:\Moje programy\NetSoftware\Starter.exe [2014-02-10 217088]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-02 13789728]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Avira Systray"=C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [2014-02-24 172624]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2014-02-25 689744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Google Update"=C:\Users\Eragon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 116648]
"Facebook Update"=C:\Users\Eragon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-23 138096]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Zoner Photo Studio Autoupdate"=C:\Moje programy\Photo Studio 15\Program32\ZPSTRAY.EXE [2013-06-07 774680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe

C:\Users\Eragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"msacm.l3codecp"=l3codecp.acm
"VIDC.FMVC"=fmcodec.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-03-09 14:24:36 ----D---- C:\Program Files\trend micro
2014-03-08 22:31:15 ----D---- C:\Users\Eragon\AppData\Roaming\Avira
2014-03-08 22:25:04 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2014-03-08 22:25:03 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2014-03-08 22:25:03 ----A---- C:\Windows\system32\drivers\avipbb.sys
2014-03-08 22:25:03 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2014-03-08 22:22:24 ----D---- C:\Program Files\Avira
2014-03-08 22:16:53 ----D---- C:\ProgramData\Package Cache
2014-03-08 20:07:19 ----D---- C:\Windows\system32\MRT
2014-03-08 20:00:55 ----A---- C:\Windows\system32\winhttp.dll
2014-03-08 20:00:53 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2014-03-08 20:00:36 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2014-03-08 20:00:36 ----A---- C:\Windows\system32\Apphlpdm.dll
2014-03-08 20:00:22 ----A---- C:\Windows\system32\vbscript.dll
2014-03-08 20:00:22 ----A---- C:\Windows\system32\jscript.dll
2014-03-08 19:59:34 ----A---- C:\Windows\system32\iphlpsvc.dll
2014-03-08 19:59:34 ----A---- C:\Windows\system32\drivers\tunnel.sys
2014-03-08 19:01:49 ----SHD---- C:\ProgramData\SecuROM
2014-03-08 18:51:15 ----A---- C:\Windows\system32\D3DX9_42.dll
2014-03-08 18:51:15 ----A---- C:\Windows\system32\d3dx10_42.dll
2014-03-08 18:35:18 ----D---- C:\Program Files\NVIDIA Corporation
2014-03-08 17:33:08 ----A---- C:\Windows\system32\D3DX9_41.dll
2014-03-08 17:33:07 ----A---- C:\Windows\system32\XAudio2_4.dll
2014-03-08 17:33:07 ----A---- C:\Windows\system32\xactengine3_4.dll
2014-03-08 17:33:07 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2014-02-20 19:50:56 ----D---- C:\Users\Eragon\AppData\Roaming\Unity
2014-02-17 21:31:38 ----A---- C:\Windows\system32\XAudio2_2.dll
2014-02-17 21:31:38 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2014-02-17 21:31:38 ----A---- C:\Windows\system32\xactengine3_2.dll
2014-02-17 21:31:37 ----A---- C:\Windows\system32\d3dx10_39.dll
2014-02-17 21:31:37 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2014-02-17 21:31:36 ----A---- C:\Windows\system32\XAudio2_1.dll
2014-02-17 21:31:36 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2014-02-17 21:31:36 ----A---- C:\Windows\system32\xactengine3_1.dll
2014-02-17 21:31:36 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2014-02-17 21:31:36 ----A---- C:\Windows\system32\D3DX9_39.dll
2014-02-17 21:31:35 ----A---- C:\Windows\system32\d3dx10_38.dll
2014-02-17 21:31:35 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2014-02-17 21:31:34 ----A---- C:\Windows\system32\XAudio2_0.dll
2014-02-17 21:31:34 ----A---- C:\Windows\system32\xactengine3_0.dll
2014-02-17 21:31:34 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2014-02-17 21:31:34 ----A---- C:\Windows\system32\D3DX9_38.dll
2014-02-17 21:31:33 ----A---- C:\Windows\system32\D3DX9_37.dll
2014-02-17 21:31:33 ----A---- C:\Windows\system32\d3dx10_37.dll
2014-02-17 21:31:33 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2014-02-17 21:30:51 ----D---- C:\Users\Eragon\AppData\Roaming\InstallShield
2014-02-17 21:30:51 ----D---- C:\ProgramData\InstallShield
2014-02-17 21:30:42 ----D---- C:\ProgramData\Ubisoft

======List of files/folders modified in the last 1 month======

2014-03-09 14:24:45 ----D---- C:\Windows\Temp
2014-03-09 14:24:36 ----RD---- C:\Program Files
2014-03-09 14:07:38 ----D---- C:\ProgramData\NetSoftware
2014-03-09 11:52:01 ----D---- C:\Windows\Microsoft.NET
2014-03-09 11:51:50 ----RSD---- C:\Windows\assembly
2014-03-09 02:42:03 ----SHD---- C:\Windows\Installer
2014-03-09 02:42:03 ----HD---- C:\Config.Msi
2014-03-09 02:41:54 ----D---- C:\Windows\inf
2014-03-09 02:41:53 ----D---- C:\Windows\Logs
2014-03-09 02:35:55 ----D---- C:\Windows\System32
2014-03-09 02:35:42 ----D---- C:\Program Files\Common Files\microsoft shared
2014-03-09 01:38:14 ----D---- C:\Users\Eragon\AppData\Roaming\DAEMON Tools Lite
2014-03-09 01:38:13 ----AD---- C:\Windows
2014-03-09 00:47:41 ----HD---- C:\Program Files\InstallShield Installation Information
2014-03-08 22:29:35 ----D---- C:\Windows\rescache
2014-03-08 22:25:13 ----D---- C:\Windows\system32\catroot
2014-03-08 22:25:04 ----D---- C:\Windows\system32\drivers
2014-03-08 22:24:51 ----D---- C:\ProgramData\Avira
2014-03-08 22:22:02 ----D---- C:\Windows\system32\cs-CZ
2014-03-08 22:21:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-08 22:18:04 ----D---- C:\Windows\system32\en-US
2014-03-08 22:18:00 ----D---- C:\Program Files\Microsoft.NET
2014-03-08 22:16:53 ----HD---- C:\ProgramData
2014-03-08 22:10:07 ----D---- C:\Windows\system32\Tasks
2014-03-08 22:05:12 ----D---- C:\Windows\winsxs
2014-03-08 22:04:05 ----SD---- C:\ProgramData\Microsoft
2014-03-08 22:04:05 ----D---- C:\Program Files\Microsoft
2014-03-08 21:58:11 ----D---- C:\Program Files\Windows Live
2014-03-08 21:54:36 ----D---- C:\Windows\system32\catroot2
2014-03-08 21:50:12 ----D---- C:\Program Files\Windows Media Player
2014-03-08 21:50:12 ----D---- C:\Program Files\Windows Mail
2014-03-08 21:50:03 ----D---- C:\Program Files\Movie Maker
2014-03-08 21:50:01 ----D---- C:\Windows\system32\wbem
2014-03-08 21:49:59 ----D---- C:\Windows\AppPatch
2014-03-08 21:49:58 ----D---- C:\Windows\system32\drivers\cs-CZ
2014-03-08 21:48:36 ----D---- C:\Windows\Debug
2014-03-08 20:14:21 ----D---- C:\ProgramData\Microsoft Help
2014-03-08 20:05:36 ----RSD---- C:\Windows\Fonts
2014-03-08 20:05:09 ----D---- C:\Program Files\Microsoft Works
2014-03-08 20:03:24 ----A---- C:\Windows\win.ini
2014-03-08 20:03:23 ----D---- C:\Program Files\Common Files\System
2014-03-08 19:28:30 ----D---- C:\ProgramData\NVIDIA
2014-03-08 18:50:48 ----SD---- C:\Users\Eragon\AppData\Roaming\Microsoft
2014-03-08 18:05:34 ----D---- C:\Windows\Prefetch
2014-03-08 17:58:14 ----D---- C:\Users\Eragon\AppData\Roaming\uTorrent
2014-03-08 17:41:33 ----D---- C:\ProgramData\BioWare
2014-03-08 17:41:33 ----D---- C:\Program Files\Common Files
2014-03-08 17:40:55 ----D---- C:\ProgramData\Media Center Programs
2014-03-08 11:19:03 ----A---- C:\Windows\system32\CmdLineExt.dll
2014-03-07 22:58:00 ----D---- C:\Moje programy
2014-03-07 22:56:54 ----D---- C:\Users\Eragon\AppData\Roaming\IrfanView
2014-03-07 21:04:23 ----D---- C:\Windows\Tasks
2014-03-07 21:04:23 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-03-07 21:00:29 ----D---- C:\Windows\system32\LogFiles
2014-03-04 19:56:33 ----D---- C:\Users\Eragon\AppData\Roaming\vlc
2014-02-21 17:41:08 ----SHD---- C:\System Volume Information
2014-02-17 21:21:42 ----SD---- C:\Windows\Downloaded Program Files
2014-02-17 21:21:42 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2009-09-08 30264]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2009-06-18 15416]
R0 pe3ajcyb;TrackMania Original Environment Driver (pe3ajcyb); C:\Windows\system32\drivers\pe3ajcyb.sys [2007-02-06 65424]
R0 pf2ajcyb;TrackMania Original File System Driver (pf2ajcyb); C:\Windows\system32\drivers\pf2ajcyb.sys [2007-02-06 82832]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\Windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\Windows\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2012-12-29 24184]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2014-02-25 135648]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2014-02-25 37352]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-10-08 281760]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2014-02-25 90400]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-10-08 25888]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-27 218688]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-10 2660896]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-11-03 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-07-27 50688]
R3 mod7700;DiBcom DIB7700 based TV tuner device; C:\Windows\System32\Drivers\dvb7700all.sys [2008-12-09 448640]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2008-12-24 14392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2013-02-18 149352]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-02 9786752]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-08-11 1752704]
S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2014-02-25 28520]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-08 25600]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2011-05-18 23040]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-05-18 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-05-18 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-07-09 81960]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-05-13 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-05-13 17320]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2013-01-15 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2013-01-15 25200]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-04-17 149504]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-21 15872]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 131000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2014-02-25 440400]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2014-02-25 440400]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-02-24 117328]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-07-30 522792]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\system32\nlssrv32.exe [2012-10-26 66560]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-02 211488]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-03-25 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2012-03-25 103736]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-01-21 247152]
R3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 pr2ajcyb;TrackMania Original Drivers Auto Removal (pr2ajcyb); C:\Windows\system32\pr2ajcyb.exe [2007-02-06 407184]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-08 156656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-02-25 1017424]

-----------------EOF-----------------

[Rudy]

Zdravím!
Log vypadá OK. PC má nějaký problém?

[Pietro92]

Dobrý den!

Zdá se mi, že se pomaleji načítají stránky, když poprvé otevřu prohlížeč s více okny (používám chrom) než před problémem s registrem.

Jinak notebook běží myslím normálně akorát když jsem přepsal registr a tím jsem ze servis packu 1 udělal servis pack 3 tak mi centrum zabezpečení začalo hlásit, že Avira je vypnuta i když samotný Antivir běžel. Tak jsem Aviru odinstaloval, přes Ccleaner x po sobě opravil registry, použil jsem čistič, aktualizoval jsem software přes Windows update a Aviru znova po restartu notebooku nainstaloval. Od té doby mi to pro změnu hlásí, že Avira je zapnuta ale hlášení posílá ve formátu který již není podporován.

Doufám, že to má hlavu a patu...

[Rudy]

Zkuste ještě spustit tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[Pietro92]

# AdwCleaner v3.021 - Report created 10/03/2014 at 23:56:34
# Updated 10/03/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 3 (32 bits)
# Username : Eragon - ERAGON-PC
# Running from : C:\Users\Eragon\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\BrowseToSave

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19019


-\\ Mozilla Firefox v23.0.1 (cs)

[ File : C:\Users\Eragon\AppData\Roaming\Mozilla\Firefox\Profiles\0z10jc6j.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Eragon\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1538 octets] - [10/03/2014 23:54:30]
AdwCleaner[S0].txt - [1481 octets] - [10/03/2014 23:56:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1541 octets] ##########

[Rudy]

Změnilo se něco?

[Pietro92]

Dobrý den,

omlouvám se, že jsem tak dlouho nereagoval ale byl jsem pracovně pryč....

Nevím zda je to tím promazáním (adwcleaner) nebo ne ale prví zapnutí po tomto promazání se NTB zapínal abnormálně dlouho.

[Rudy]

Pokud se napodruhé již zapnul normálně, dalo by se to vysvětlit tím, že systém při startu odmazával v registry to, co ADW mazal.

[Pietro92]

Tak podruhé se opět zapl pomaleji, trvá déle než se načtou programy jako Avira, postraní panel atd...

[Rudy]

Dejte log ComoboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[Pietro92]

zde je požadovaný log.

PS: po restartu se mi spustil postranní panel tak snad to nevadí...

ComboFix 14-03-13.01 - Eragon 16.03.2014 20:05:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.3.1250.420.1029.18.3070.1802 [GMT 1:00]
Spuštěný z: c:\users\Eragon\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ASPG_icon.ico
c:\users\Eragon\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe
c:\windows\msvcr71.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\DEBUG.log
c:\windows\system32\drivers\etc\hosts.ics
C:\WindowsLive_K.TXT
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-16 do 2014-03-16 )))))))))))))))))))))))))))))))
.
.
2014-03-15 00:15 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAB49B80-C8D1-41E8-8820-F279A9A3BBED}\mpengine.dll
2014-03-10 22:54 . 2014-03-10 22:57 -------- d-----w- C:\AdwCleaner
2014-03-09 13:24 . 2014-03-09 13:25 -------- d-----w- c:\program files\trend micro
2014-03-09 00:24 . 2014-03-09 00:24 -------- d-----w- c:\users\Eragon\AppData\Local\Rockstar Games
2014-03-08 21:31 . 2014-03-08 21:31 -------- d-----w- c:\users\Eragon\AppData\Roaming\Avira
2014-03-08 21:25 . 2014-02-25 10:41 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-03-08 21:25 . 2014-02-25 10:41 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-03-08 21:25 . 2014-02-25 10:41 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-03-08 21:22 . 2014-03-13 20:17 -------- d-----w- c:\program files\Avira
2014-03-08 21:16 . 2014-03-13 20:17 -------- d-----w- c:\programdata\Package Cache
2014-03-08 19:07 . 2014-03-08 19:10 -------- d-----w- c:\windows\system32\MRT
2014-03-08 19:03 . 2014-03-08 19:03 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-03-08 19:00 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2014-03-08 19:00 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2014-03-08 19:00 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2014-03-08 19:00 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2014-03-08 19:00 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2014-03-08 18:59 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2014-03-08 18:59 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2014-03-08 18:01 . 2014-03-08 18:01 -------- d-sh--w- c:\programdata\SecuROM
2014-03-08 17:51 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2014-03-08 17:51 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2014-03-08 17:35 . 2014-03-08 17:35 -------- d-----w- c:\program files\NVIDIA Corporation
2014-03-08 16:33 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2014-03-08 16:33 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2014-03-08 16:33 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2014-03-08 16:33 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2014-02-20 18:50 . 2014-02-20 18:50 -------- d-----w- c:\users\Eragon\AppData\Roaming\Unity
2014-02-20 18:48 . 2014-03-08 21:06 -------- d-----w- c:\users\Eragon\AppData\Local\Unity
2014-02-17 20:36 . 2014-02-17 20:36 -------- d-----w- c:\users\Eragon\AppData\Local\Ubisoft
2014-02-17 20:30 . 2014-02-17 20:30 -------- d-----w- c:\users\Public\Ubisoft
2014-02-17 20:30 . 2014-02-17 20:30 -------- d-----w- c:\users\Eragon\AppData\Roaming\InstallShield
2014-02-17 20:30 . 2014-02-17 20:30 -------- d-----w- c:\programdata\InstallShield
2014-02-17 20:30 . 2014-02-17 20:30 -------- d-----w- c:\programdata\Ubisoft
2014-02-17 20:21 . 2007-04-27 09:12 394184 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2014-02-17 20:21 . 2007-04-27 09:12 29640 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_ispmres.dll
2014-02-17 20:21 . 2007-04-27 09:12 78784 ----a-w- c:\windows\system32\ISUSPM.cpl
2014-02-17 20:21 . 2006-09-10 20:56 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2014-02-17 20:21 . 2006-09-10 20:56 992176 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2014-02-17 20:21 . 2006-09-10 20:56 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2014-02-17 20:21 . 2006-09-10 20:56 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-08 10:19 . 2013-05-05 14:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2014-03-07 20:04 . 2013-03-03 22:17 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-07 20:04 . 2013-03-03 22:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-27 08:58 . 2011-10-25 19:01 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-10 02:18 . 2011-10-16 20:04 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Zoner Photo Studio Autoupdate"="c:\moje programy\Photo Studio 15\Program32\ZPSTRAY.EXE" [2013-06-07 774680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-04-09 237568]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-09-08 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-09-08 72248]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2009-06-24 272952]
"MDS_Menu"="c:\program files\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"NetSoftware"="c:\moje programy\NetSoftware\Starter.exe" [2014-02-10 217088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 13789728]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-03-07 172624]
.
c:\users\Eragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2009-9-8 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000Core.job
- c:\users\Eragon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-24 13:39]
.
2014-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000UA.job
- c:\users\Eragon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-24 13:39]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000Core.job
- c:\users\Eragon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 09:53]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000UA.job
- c:\users\Eragon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 09:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Eragon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.30.1 8.8.8.8
FF - ProfilePath - c:\users\Eragon\AppData\Roaming\Mozilla\Firefox\Profiles\0z10jc6j.default\
FF - prefs.js: browser.search.defaulturl -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - (no file)
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2648847288-1022183937-1090160603-1000\Software\SecuROM\License information*]
"datasecu"=hex:00,39,cf,d8,fb,f8,d6,bf,57,ec,56,ad,18,7e,dc,9b,43,7f,e4,f4,db,
a3,8b,b6,4e,09,c6,35,5e,85,24,9d,b7,6b,8c,0f,bf,44,ea,db,9a,84,e1,05,c8,9a,\
"rkeysecu"=hex:eb,65,d9,42,67,cd,4a,33,0b,c0,19,13,c6,bd,d4,06
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(612)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(4032)
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\nlssrv32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\system32\conime.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2014-03-16 20:19:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-16 19:19
.
Před spuštěním: Volných bajtů: 48 356 397 056
Po spuštění: Volných bajtů: 49 098 117 120
.
- - End Of File - - 7B1EED8064AAF705AD0DDA8100F727D3
64B1E91C5C6C2157642651010728F90F

[Rudy]

CF nastaví systém opět do defaultu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000UA.job

Regnull::
[HKEY_USERS\S-1-5-21-2648847288-1022183937-1090160603-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu Combofix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Pietro92]

Doufám, že jsem něco nepodělal ale NTB jsem po prvním vypsáni logu restartoval jelikož na liště nebyly všechny programy tak jako teď po tom druhém....

Tady je druhý výpis z logu

ComboFix 14-03-13.01 - Eragon 16.03.2014 21:59:42.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.3.1250.420.1029.18.3070.1650 [GMT 1:00]
Spuštěný z: c:\users\Eragon\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Eragon\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000UA.job"
.
ADS - Windows: deleted 256 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Eragon\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648847288-1022183937-1090160603-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-16 do 2014-03-16 )))))))))))))))))))))))))))))))
.
.
2014-03-16 21:08 . 2014-03-16 21:10 -------- d-----w- c:\users\Eragon\AppData\Local\temp
2014-03-16 21:08 . 2014-03-16 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-15 00:15 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAB49B80-C8D1-41E8-8820-F279A9A3BBED}\mpengine.dll
2014-03-10 22:54 . 2014-03-10 22:57 -------- d-----w- C:\AdwCleaner
2014-03-09 13:24 . 2014-03-09 13:25 -------- d-----w- c:\program files\trend micro
2014-03-09 00:24 . 2014-03-09 00:24 -------- d-----w- c:\users\Eragon\AppData\Local\Rockstar Games
2014-03-08 21:31 . 2014-03-08 21:31 -------- d-----w- c:\users\Eragon\AppData\Roaming\Avira
2014-03-08 21:25 . 2014-02-25 10:41 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-03-08 21:25 . 2014-02-25 10:41 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-03-08 21:25 . 2014-02-25 10:41 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-03-08 21:22 . 2014-03-13 20:17 -------- d-----w- c:\program files\Avira
2014-03-08 21:16 . 2014-03-13 20:17 -------- d-----w- c:\programdata\Package Cache
2014-03-08 19:07 . 2014-03-08 19:10 -------- d-----w- c:\windows\system32\MRT
2014-03-08 19:03 . 2014-03-08 19:03 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-03-08 19:00 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2014-03-08 19:00 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2014-03-08 19:00 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2014-03-08 19:00 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2014-03-08 19:00 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2014-03-08 18:59 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2014-03-08 18:59 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2014-03-08 18:01 . 2014-03-08 18:01 -------- d-sh--w- c:\programdata\SecuROM
2014-03-08 17:51 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2014-03-08 17:51 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2014-03-08 17:35 . 2014-03-08 17:35 -------- d-----w- c:\program files\NVIDIA Corporation
2014-03-08 16:33 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2014-03-08 16:33 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2014-03-08 16:33 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2014-03-08 16:33 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2014-02-20 18:50 . 2014-02-20 18:50 -------- d-----w- c:\users\Eragon\AppData\Roaming\Unity
2014-02-20 18:48 . 2014-03-08 21:06 -------- d-----w- c:\users\Eragon\AppData\Local\Unity
2014-02-17 20:36 . 2014-02-17 20:36 -------- d-----w- c:\users\Eragon\AppData\Local\Ubisoft
2014-02-17 20:30 . 2014-02-17 20:30 -------- d-----w- c:\users\Public\Ubisoft
2014-02-17 20:30 . 2014-02-17 20:30 -------- d-----w- c:\users\Eragon\AppData\Roaming\InstallShield
2014-02-17 20:30 . 2014-02-17 20:30 -------- d-----w- c:\programdata\InstallShield
2014-02-17 20:30 . 2014-02-17 20:30 -------- d-----w- c:\programdata\Ubisoft
2014-02-17 20:21 . 2007-04-27 09:12 394184 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2014-02-17 20:21 . 2007-04-27 09:12 29640 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_ispmres.dll
2014-02-17 20:21 . 2007-04-27 09:12 78784 ----a-w- c:\windows\system32\ISUSPM.cpl
2014-02-17 20:21 . 2006-09-10 20:56 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2014-02-17 20:21 . 2006-09-10 20:56 992176 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2014-02-17 20:21 . 2006-09-10 20:56 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2014-02-17 20:21 . 2006-09-10 20:56 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-08 10:19 . 2013-05-05 14:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2014-03-07 20:04 . 2013-03-03 22:17 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-07 20:04 . 2013-03-03 22:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-27 08:58 . 2011-10-25 19:01 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-10 02:18 . 2011-10-16 20:04 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Zoner Photo Studio Autoupdate"="c:\moje programy\Photo Studio 15\Program32\ZPSTRAY.EXE" [2013-06-07 774680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-04-09 237568]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-09-08 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-09-08 72248]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2009-06-24 272952]
"MDS_Menu"="c:\program files\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"NetSoftware"="c:\moje programy\NetSoftware\Starter.exe" [2014-02-10 217088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 13789728]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-03-07 172624]
.
c:\users\Eragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2009-9-8 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Eragon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.30.1 8.8.8.8
FF - ProfilePath - c:\users\Eragon\AppData\Roaming\Mozilla\Firefox\Profiles\0z10jc6j.default\
FF - prefs.js: browser.search.defaulturl -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-16 22:11
Windows 6.0.6001 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(612)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(3656)
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\nlssrv32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2014-03-16 22:14:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-16 21:14
ComboFix2.txt 2014-03-16 19:19
.
Před spuštěním: Volných bajtů: 49 133 248 512
Po spuštění: Volných bajtů: 49 098 682 368
.
- - End Of File - - 213DACECE0C57695BA77E834140A8528
64B1E91C5C6C2157642651010728F90F

[Rudy]

Log je již OK. Občas se stane, že po skenu CF jsou třeba 2 restarty. CF odinstalujte pomocí T-Clenaeru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe .

[Pietro92]

Díky moc za pomoc a ochotu