Kontrola

[vyosek]

Jeste mi neutikejte, uklidim po sobe (preci Vam tam nenecham ty smrdute mazadla) a udelame zaverecnou kontrolku

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Poprosim o novy log ze RSITu

[Zizou]

U CCleaneru (používám pravidelně) mi pořád nejde odstranit jeden problém v registrech (viz. příloha). Dám opravit a je tam stále.

Log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Honzik at 2010-07-24 14:28:30
Microsoft Windows 7 Ultimate
System drive C: has 233 GB (38%) free of 610 GB
Total RAM: 3062 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:28:31, on 24.7.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fraps\fraps.exe
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Gaming Mouse\Gaming 3.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Honzik\Desktop\RSIT.exe
C:\Program Files\trend micro\Honzik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Gaming 3] "C:\Gaming Mouse\Gaming 3.exe" /hide
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Honzik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Obsah aplikace OneNote.onetoc2
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - (no file)
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - (no file)
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0375510637
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9489266859
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9ba1b510f0c16) (gupdate1c9ba1b510f0c16) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 12634 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-350281380-233495102-1455855570-1004Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-350281380-233495102-1455855570-1004UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1532298954-1417001333-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-06-13 1438520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-06-13 1438520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2008-11-18 36864]
"LogonStudio"=C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [2002-09-03 987187]
"Six Engine"=C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe [2008-11-13 5974528]
"TurboV"=C:\Program Files\ASUS\TurboV\TurboV.exe [2008-10-21 4040192]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"VolPanel"=C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe [2008-08-27 233588]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"Gaming 3"=C:\Gaming Mouse\Gaming 3.exe [2009-11-09 1216512]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-12 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-12 92704]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-06-07 111928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2010-06-23 1699128]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-07-14 144384]
"FileHippo.com"=C:\Program Files\FileHippo.com\UpdateChecker.exe [2010-04-29 248832]
"Google Update"=C:\Users\Honzik\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-17 133104]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"fsm"= []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Steam"=c:\program files\steam\steam.exe [2010-07-05 1238352]
"AdobeBridge"= []
"ICQ"=~C:\Program Files\ICQ7.2\ICQ.exe silent loginmode=4 []

C:\Users\Honzik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
FastStone Capture.lnk - C:\Program Files\FastStone Capture\FSCapture.exe
Obsah aplikace OneNote.onetoc2
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticecaption"=
"legalnoticetext"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Honzik\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Users\Honzik\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Honzik\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Users\Honzik\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Activision\Prototype\prototypef.exe"="C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe"="C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM) "
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe"="C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM) "
"C:\Program Files\Codemasters\FUEL\FUEL.exe"="C:\Program Files\Codemasters\FUEL\FUEL.exe:*:Enabled:FUEL"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"
"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Prameny Hra"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Prameny Aktualizovat"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Prameny Spustit"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe"="C:\Program Files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\WINDOWS\system32\vomhlm.exe"="C:\WINDOWS\system32\vomhlm.exe:*:Enabled:ENABLE"
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-24 14:26:48 ----D---- C:\rsit
2010-07-23 23:47:58 ----D---- C:\ProgramData\SweetIM
2010-07-23 23:47:58 ----D---- C:\Program Files\SweetIM
2010-07-23 22:48:55 ----A---- C:\Windows\system32\nvcpluir.dll
2010-07-23 22:48:55 ----A---- C:\Windows\system32\nvcplui.exe
2010-07-23 22:48:32 ----A---- C:\Windows\system32\NVUNINST.EXE
2010-07-23 22:48:13 ----N---- C:\Windows\system32\drivers\NVXBAR.SYS
2010-07-23 22:47:54 ----N---- C:\Windows\system32\drivers\NVCAP.SYS
2010-07-23 22:46:24 ----D---- C:\ProgramData\NVIDIA
2010-07-23 21:52:14 ----D---- C:\Program Files\Driver Sweeper
2010-07-23 21:28:13 ----A---- C:\Windows\system32\OpenCL.dll
2010-07-23 21:28:12 ----A---- C:\Windows\system32\nvdecodemft.dll
2010-07-23 21:28:12 ----A---- C:\Windows\system32\nvcuvid.dll
2010-07-23 21:28:12 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-07-23 21:28:11 ----A---- C:\Windows\system32\nvcompiler.dll
2010-07-23 21:28:11 ----A---- C:\Windows\system32\nvcod1922.dll
2010-07-23 21:28:11 ----A---- C:\Windows\system32\nvapi.dll
2010-07-23 20:31:28 ----D---- C:\Program Files\RapidShareManager
2010-07-23 16:01:33 ----D---- C:\Users\Honzik\AppData\Roaming\Avira
2010-07-23 15:49:47 ----D---- C:\ProgramData\Avira
2010-07-23 15:49:47 ----D---- C:\Program Files\Avira
2010-07-23 15:49:47 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2010-07-23 15:49:47 ----A---- C:\Windows\system32\drivers\avipbb.sys
2010-07-23 15:49:47 ----A---- C:\Windows\system32\drivers\avgntmgr.sys
2010-07-23 15:49:47 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2010-07-23 15:49:47 ----A---- C:\Windows\system32\drivers\avgntdd.sys
2010-07-23 15:43:38 ----D---- C:\Windows\Internet Logs
2010-07-23 12:29:19 ----D---- C:\Users\Honzik\AppData\Roaming\Malwarebytes
2010-07-23 12:29:12 ----D---- C:\ProgramData\Malwarebytes
2010-07-23 12:29:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-23 02:05:55 ----D---- C:\Users\Honzik\AppData\Roaming\CheckPoint
2010-07-23 02:05:29 ----D---- C:\Program Files\CheckPoint
2010-07-23 02:05:12 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-07-23 02:05:12 ----A---- C:\Windows\system32\drivers\netio.sys
2010-07-23 02:04:23 ----D---- C:\ProgramData\CheckPoint
2010-07-23 02:03:39 ----D---- C:\ProgramData\Alwil Software
2010-07-23 02:03:39 ----D---- C:\Program Files\Alwil Software
2010-07-21 19:13:22 ----D---- C:\WindowsOffBackup
2010-07-21 19:04:21 ----D---- C:\Program Files\Microsoft Synchronization Services
2010-07-21 19:04:19 ----D---- C:\Program Files\Common Files\DESIGNER
2010-07-21 19:03:50 ----D---- C:\Windows\PCHEALTH
2010-07-21 19:03:50 ----D---- C:\Program Files\Microsoft Sync Framework
2010-07-21 19:03:50 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-07-21 19:03:03 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-07-21 19:01:39 ----D---- C:\Program Files\Microsoft Analysis Services
2010-07-21 19:00:14 ----RHD---- C:\MSOCache
2010-07-21 02:40:50 ----D---- C:\Program Files\WinSnap
2010-07-21 02:19:29 ----D---- C:\Program Files\MiniCLIP
2010-07-17 17:05:33 ----D---- C:\Users\Honzik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-07-17 17:05:33 ----D---- C:\Users\Honzik\AppData\Roaming\Adobe Mini Bridge CS5
2010-07-17 16:23:09 ----D---- C:\Users\Honzik\AppData\Roaming\RealWorld
2010-07-14 12:48:09 ----D---- C:\ProgramData\PrettyMay
2010-07-14 12:48:09 ----A---- C:\Windows\struct~.ini
2010-07-13 16:54:42 ----D---- C:\ProgramData\Sticky Notes TB Hider
2010-07-13 16:54:42 ----D---- C:\Program Files\StickyNotes
2010-07-13 16:31:45 ----D---- C:\ProgramData\SITEguard
2010-07-13 16:30:41 ----D---- C:\ProgramData\STOPzilla!
2010-07-13 16:30:41 ----D---- C:\Program Files\Common Files\iS3
2010-07-11 21:59:44 ----D---- C:\Program Files\Get Styles
2010-07-11 16:50:51 ----D---- C:\ProgramData\PC Drivers HeadQuarters Inc
2010-07-11 16:48:02 ----D---- C:\Users\Honzik\AppData\Roaming\GetRightToGo
2010-07-10 14:19:48 ----D---- C:\AdobeTemp
2010-07-10 14:18:58 ----D---- C:\Users\Honzik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-10 14:17:24 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2010-07-09 22:16:28 ----D---- C:\Program Files\Counter-Strike Source
2010-07-07 19:35:05 ----D---- C:\Users\Honzik\AppData\Roaming\KompoZer
2010-07-07 19:15:31 ----D---- C:\Program Files\Mozilla Thunderbird
2010-07-07 16:05:09 ----D---- C:\Users\Honzik\AppData\Roaming\Thunderbird
2010-07-07 13:26:31 ----D---- C:\Program Files\Nitro PDF
2010-07-07 13:26:31 ----D---- C:\Program Files\Common Files\Nitro PDF
2010-07-07 01:26:04 ----D---- C:\Program Files\Evernote
2010-07-07 01:16:22 ----D---- C:\Program Files\ATnotes
2010-07-07 01:00:30 ----D---- C:\Users\Honzik\AppData\Roaming\.simpleplainnote
2010-07-06 22:17:56 ----D---- C:\Program Files\ICQ6Toolbar
2010-07-06 22:02:58 ----D---- C:\Program Files\ICQ7.2
2010-07-04 15:17:17 ----D---- C:\Program Files\Rising Research
2010-07-02 22:51:03 ----D---- C:\Users\Honzik\AppData\Roaming\acccore
2010-07-02 22:50:57 ----D---- C:\Program Files\Common Files\Software Update Utility
2010-07-02 22:50:56 ----D---- C:\Program Files\Common Files\AOL
2010-07-02 15:55:03 ----D---- C:\Update
2010-07-02 15:24:26 ----D---- C:\Program Files\MSECACHE
2010-07-02 10:24:09 ----D---- C:\Gaming Mouse
2010-06-29 16:06:41 ----D---- C:\Program Files\FastStone Capture
2010-06-29 15:08:13 ----D---- C:\Program Files\Steam
2010-06-27 23:08:35 ----D---- C:\Windows\system32\Wat

======List of files/folders modified in the last 1 months======

2010-07-24 14:28:31 ----D---- C:\Program Files\trend micro
2010-07-24 14:28:30 ----D---- C:\Windows\Temp
2010-07-24 14:25:14 ----D---- C:\Windows\system32\config
2010-07-24 14:24:24 ----AD---- C:\Windows
2010-07-24 14:22:49 ----D---- C:\Users\Honzik\AppData\Roaming\Skype
2010-07-24 14:22:05 ----D---- C:\Users\Honzik\AppData\Roaming\ICQ
2010-07-24 14:21:23 ----A---- C:\Windows\LogonStudio.ini
2010-07-24 13:18:57 ----D---- C:\Users\Honzik\AppData\Roaming\skypePM
2010-07-24 02:30:46 ----D---- C:\Program Files\Defraggler
2010-07-24 02:11:42 ----D---- C:\Program Files\Mozilla Firefox
2010-07-24 02:11:08 ----SHD---- C:\Windows\Installer
2010-07-24 02:11:07 ----SHD---- C:\Config.Msi
2010-07-24 00:30:04 ----D---- C:\Windows\system32\appmgmt
2010-07-24 00:29:45 ----SHD---- C:\System Volume Information
2010-07-23 23:47:58 ----RD---- C:\Program Files
2010-07-23 23:47:58 ----HD---- C:\ProgramData
2010-07-23 22:53:33 ----D---- C:\Windows\Prefetch
2010-07-23 22:50:27 ----D---- C:\Windows\inf
2010-07-23 22:50:15 ----D---- C:\Windows\System32
2010-07-23 22:48:40 ----D---- C:\Windows\system32\drivers
2010-07-23 22:48:28 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-23 22:48:27 ----D---- C:\Windows\system32\DriverStore
2010-07-23 22:45:46 ----D---- C:\Program Files\NVIDIA Corporation
2010-07-23 21:55:02 ----D---- C:\Windows\Help
2010-07-23 21:54:35 ----D---- C:\Windows\system32\catroot
2010-07-23 21:39:01 ----D---- C:\Windows\system32\Tasks
2010-07-23 21:34:32 ----D---- C:\Windows\system32\catroot2
2010-07-23 21:29:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-23 21:28:43 ----D---- C:\ProgramData\NVIDIA Corporation
2010-07-23 13:42:07 ----D---- C:\Windows\DigitalLocker
2010-07-23 12:06:33 ----D---- C:\Windows\system32\drivers\etc
2010-07-23 12:06:27 ----SD---- C:\Windows\Tasks
2010-07-23 12:01:45 ----D---- C:\Windows\Minidump
2010-07-23 02:08:36 ----D---- C:\Windows\winsxs
2010-07-22 17:49:36 ----D---- C:\Users\Honzik\AppData\Roaming\Nitro PDF
2010-07-22 17:14:59 ----D---- C:\ProgramData\Microsoft Help
2010-07-21 21:06:26 ----SD---- C:\Users\Honzik\AppData\Roaming\Microsoft
2010-07-21 19:28:55 ----D---- C:\Windows\Microsoft.NET
2010-07-21 19:28:54 ----RSD---- C:\Windows\assembly
2010-07-21 19:05:05 ----RSD---- C:\Windows\Fonts
2010-07-21 19:04:55 ----D---- C:\Windows\ShellNew
2010-07-21 19:04:54 ----D---- C:\Program Files\Common Files\microsoft shared
2010-07-21 19:04:46 ----D---- C:\Program Files\MSBuild
2010-07-21 19:04:19 ----D---- C:\Program Files\Common Files
2010-07-21 19:03:51 ----RD---- C:\Program Files\Microsoft Office
2010-07-21 19:03:50 ----SD---- C:\ProgramData\Microsoft
2010-07-21 19:03:50 ----D---- C:\Program Files\Microsoft.NET
2010-07-21 19:02:38 ----A---- C:\Windows\win.ini
2010-07-21 19:02:37 ----D---- C:\Program Files\Common Files\System
2010-07-21 03:02:53 ----D---- C:\Program Files\Fraps
2010-07-18 17:19:42 ----RD---- C:\Program Files\Electronic Arts
2010-07-18 17:19:41 ----D---- C:\ProgramData\Electronic Arts
2010-07-18 17:18:11 ----D---- C:\Program Files\Horizons2
2010-07-18 17:13:39 ----RD---- C:\Program Files\Activision
2010-07-17 16:19:32 ----D---- C:\Users\Honzik\AppData\Roaming\XnView
2010-07-15 11:42:01 ----D---- C:\Windows\debug
2010-07-11 16:07:46 ----D---- C:\Users\Honzik\AppData\Roaming\FlashGetBHO
2010-07-11 16:07:39 ----RD---- C:\Program Files\FlashGet
2010-07-11 15:34:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-11 15:32:47 ----D---- C:\Windows\system32\en-US
2010-07-11 15:30:37 ----D---- C:\Windows\SoftwareDistribution
2010-07-11 14:19:18 ----D---- C:\Users\Honzik\AppData\Roaming\Adobe
2010-07-11 14:18:48 ----RD---- C:\Program Files\Adobe
2010-07-11 14:16:14 ----D---- C:\ProgramData\Adobe
2010-07-11 14:10:54 ----D---- C:\Users\Honzik\AppData\Roaming\BITS
2010-07-10 17:10:44 ----D---- C:\Program Files\Common Files\Adobe
2010-07-10 17:10:25 ----RD---- C:\Program Files\CCleaner
2010-07-10 14:25:16 ----RD---- C:\Program Files\Adobe Media Player
2010-07-10 14:20:14 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-07-08 15:19:14 ----D---- C:\Users\Honzik\AppData\Roaming\ESET
2010-07-08 15:12:26 ----D---- C:\Windows\system32\LogFiles
2010-07-07 15:58:30 ----D---- C:\Program Files\XnView
2010-07-07 15:55:26 ----D---- C:\Users\Honzik\AppData\Roaming\FastStone
2010-07-07 15:52:29 ----D---- C:\Program Files\IrfanView
2010-07-07 13:25:12 ----D---- C:\Users\Honzik\AppData\Roaming\Downloaded Installations
2010-07-06 22:17:48 ----D---- C:\ProgramData\ICQ
2010-07-06 21:58:38 ----D---- C:\Program Files\Miranda IM
2010-07-05 12:54:25 ----D---- C:\Program Files\Unlocker
2010-07-05 12:54:25 ----D---- C:\Program Files\DivX
2010-07-04 18:08:52 ----D---- C:\Program Files\The KMPlayer
2010-07-04 15:54:43 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-07-04 15:53:50 ----D---- C:\Users\Honzik\AppData\Roaming\BSplayer
2010-07-04 15:52:39 ----D---- C:\Program Files\All Ten Fingers
2010-07-04 15:52:24 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-07-04 15:52:15 ----D---- C:\Program Files\TeamViewer
2010-07-04 15:49:15 ----D---- C:\Program Files\LogMeIn Hamachi
2010-07-04 11:16:45 ----N---- C:\Windows\SchedLgU.Txt
2010-07-02 21:39:05 ----A---- C:\Windows\system32\MRT.exe
2010-06-29 15:08:13 ----D---- C:\Program Files\Common Files\Steam
2010-06-28 14:42:36 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2008-11-18 83296]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-05-01 43528]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-15 691696]
R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2009-10-28 368736]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-09-11 116008]
R2 ncryptpro;ncryptpro; \??\C:\WINDOWS\system32\Drivers\ncryptpro.sys [2009-08-11 186720]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver; C:\Windows\system32\DRIVERS\thdudf.sys [2006-11-11 66944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 P17;SB Live! 24-bit; C:\Windows\system32\drivers\P17.sys [2009-04-21 1147392]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
S3 au7ftiqd;au7ftiqd; C:\Windows\system32\drivers\au7ftiqd.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 cpuz132;cpuz132; \??\C:\Users\Honzik\AppData\Local\Temp\cpuz132\cpuz132_x32.sys []
S3 DSGACommsDriver;DSGACommsDriver; \??\C:\WINDOWS\system32\drivers\DSGACommsDriver.sys [2009-09-30 19168]
S3 DSGAFilterDriver;DSGAFilterDriver; \??\C:\WINDOWS\system32\drivers\DSGAFilterDriver.sys [2009-09-30 17632]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [2008-09-17 27672]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2006-08-28 13312]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-10-03 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [2008-08-14 17408]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2009-11-11 23600]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-08-15 86016]
R2 astcc;AST Service; C:\WINDOWS\system32\ASTSRV.EXE [2009-09-15 61760]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-11-18 307200]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-09 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [2010-06-24 196928]
R2 nlsX86cc;NLS Service; C:\Windows\system32\NLSSRV32.EXE [2010-06-24 65856]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-12 207392]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-20 66872]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9ba1b510f0c16;Služba Google Update (gupdate1c9ba1b510f0c16); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-10 133104]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-26 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-26 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-03-31 79360]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-18 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1343400]

-----------------EOF-----------------

[vyosek]

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :regfind
  80b8c23c-16e0-4cd8-bb3-cecec9a78b79

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

[Zizou]

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 16:59 on 24/07/2010 by Honzik (Administrator - Elevation successful)

========== regfind ==========

Searching for "80b8c23c-16e0-4cd8-bb3-cecec9a78b79"
No data found.

-=End Of File=-

[Zizou]

Asi vím v čem je problém. Nemá ten skript vypadat takto?

:regfind
80b8c23c-16e0-4cd8-bbc3-cecec9a78b79

[vyosek]

Jo ma Vznikla mi tam chyba v opisu Jste sikula Takze to tam placnete

[Zizou]

Nový log s použitím správného skriptu:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:15 on 24/07/2010 by Honzik (Administrator - Elevation successful)

========== regfind ==========

Searching for "80b8c23c-16e0-4cd8-bbc3-cecec9a78b79"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}]

-=End Of File=-

[Zizou]

Jinak ten nový log z RSIT už je v pořádku?

[vyosek]

Stahnete Avenger (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
• Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
• Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

• Kód: Vybrat vše

  Registry values to delete:
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes | {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

• Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
• Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
• Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
• Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

[Zizou]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Classes|{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}"
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Classes|{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[vyosek]

Takze si dame opacko ale s timto skriptem:

Kód: Vybrat vše

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

[Zizou]

To už zabralo. Mě se zdálo divné proč do skriptu píšete "|" místo "\".

Log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[vyosek]

Skript byl OK, ta | se pouziva bezne, jen jsem dal mazat hodnotu (to za |) a ne cely klic...

Jsou jeste nejake problemy

[Zizou]

Pokud je ten log z RSIT v pořádku, tak ne .

[vyosek]

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Spustte HJT a provedeme fixnuti polozek

• HJT najdete zde C:\Program Files\trend micro\Honzik.exe
• Otevre se Vam okno, kliknete na Do a system scan only
• V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
• R3 - URLSearchHook: (no name) - - (no file)
  O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
  O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
  O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
  O4 - HKCU\..\Run: [Google Update] "C:\Users\Honzik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
  O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
  O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - (no file)
  O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - (no file)
  O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
  O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
  O15 - Trusted Zone: http://software.kuaiche.com
• Kliknete na Fix checked (vlevo dole)
• HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

Otevrete si poznamkovy blok

• Start->spustit->notepad
• Vlozte text nize

• Kód: Vybrat vše

  Windows Registry Editor Version 5.00
  
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "fsm"=-
  "AdobeBridge"=-
  "ICQ"=-

• Soubor ulozte jako oprava.reg :idea:Pri ukladani dejte ulozit jako typ Vsechny soubory
• Zavrit notepad a spustit oprava.reg
• Pripadny dotaz na zmenu registru potvrdte
• Okno jen problikne a opravi regsitry - soubor muzete smazat