PC zamrza

[KTomas]

Počítač několikrát deně ať na něm něco dělám nebo ne zamrzne. Myš, klávesnice: nefunkční, obraz zamrzne pomůže vždy jen tvrdý restart. nevím co stím. Díky.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Andílek at 2010-12-19 21:13:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 168 GB (55%) free of 305 GB
Total RAM: 3326 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:13:44, on 19.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\PROGRA~1\AVG\AVG10\avgchsvx.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
E:\Program Filesx\Sandboxie\SbieSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
E:\Program Filesx\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
D:\Program Files\AVG\AVG10\avgfws.exe
D:\Program Files\AVG\AVG10\avgwdsvc.exe
D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
E:\Program Filesx\SlySoft\Game Jackal v4\Server.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
D:\Program Files\AVG\AVG10\avgam.exe
D:\Program Files\AVG\AVG10\avgnsx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\AVG\AVG10\avgemcx.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\Program Files\AVG\AVG10\avgcsrvx.exe
D:\Program Files\WebMoney Agent\wmagent.exe
D:\Program Files\AVG\AVG10\avgtray.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\ctfmon.exe
E:\Program Filesx\Steam\steam.exe
D:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
D:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
E:\Program Filesx\Sandboxie\SbieCtrl.exe
D:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
E:\Program Filesx\DAEMON Tools Lite\DTLite.exe
D:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
D:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
D:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\Raptr\raptr.exe
D:\PROGRA~1\Raptr\raptr_im.exe
E:\Program Filesx\Mozilla Firefox\firefox.exe
E:\Program Filesx\Mozilla Firefox\plugin-container.exe
D:\PROGRA~1\AVG\AVG10\avgrsx.exe
D:\Program Files\AVG\AVG10\avgcsrvx.exe
D:\Documents and Settings\Andílek\Dokumenty\Stažené soubory\RSIT.exe
D:\Program Files\trend micro\Andílek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2304157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "D:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Filesx\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "D:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [wmagent.exe] "D:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [AVG_TRAY] D:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Ashampoo HDD-Control 2 Guard] "E:\Program Filesx\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Raptr] D:\PROGRA~1\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [Steam] "E:\Program Filesx\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Andílek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SandboxieControl] "E:\Program Filesx\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Filesx\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - E:\Program Filesx\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9655391562
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9655449718
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - D:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Ashampoo HDD Control 2 Service (AHDDC2) - Unknown owner - E:\Program Filesx\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - D:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - E:\Gamesx\Electronic Arts\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - E:\Program Filesx\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Game Jackal Server (GJService) - Unknown owner - E:\Program Filesx\SlySoft\Game Jackal v4\Server.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - E:\Program Filesx\Sandboxie\SbieSvc.exe

--
End of file - 11445 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2049760794-725345543-1003Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2049760794-725345543-1003UA.job
D:\WINDOWS\tasks\User_Feed_Synchronization-{C3D7BA2F-998A-4359-83D4-2A8B226A6873}.job
D:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
D:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG10\avgssie.dll [2010-11-22 2732896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - D:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-10-25 2475336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-13 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - D:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-10-25 2475336]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2010-10-16 110696]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2010-10-16 13851752]
"nwiz"=D:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-26 1753192]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2008-06-27 16875008]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"=D:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"GEST"== []
"Launch LgDeviceAgent"=D:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2010-08-03 358472]
"Launch LCDMon"=D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2010-08-03 1809992]
"Launch LGDCore"=D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2010-08-03 3649096]
"SunJavaUpdateSched"=D:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"CanonMyPrinter"=D:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
"ISUSPM Startup"=D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"Adobe Reader Speed Launcher"=E:\Program Filesx\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"DivXUpdate"=D:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"wmagent.exe"=D:\Program Files\WebMoney Agent\wmagent.exe [2009-10-19 210400]
"AVG_TRAY"=D:\Program Files\AVG\AVG10\avgtray.exe [2010-10-22 2745696]
"Ashampoo HDD-Control 2 Guard"=E:\Program Filesx\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe [2010-12-14 3729240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Raptr"=D:\PROGRA~1\Raptr\raptrstub.exe [2010-12-16 53160]
"Steam"=E:\Program Filesx\Steam\steam.exe [2010-11-17 1242448]
"Google Update"=D:\Documents and Settings\Andílek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-11-19 136176]
"SandboxieControl"=E:\Program Filesx\Sandboxie\SbieCtrl.exe [2010-10-17 404200]
"DAEMON Tools Lite"=E:\Program Filesx\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Program Filesx\Vuze\Azureus.exe"="E:\Program Filesx\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
"E:\Gamesx\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe"="E:\Gamesx\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X"
"E:\Gamesx\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe"="E:\Gamesx\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:*:Enabled:Tom Clancy's H.A.W.X"
"E:\Program Filesx\Steam\Steam.exe"="E:\Program Filesx\Steam\Steam.exe:*:Enabled:Steam"
"E:\Gamesx\Mass Effect 2\Binaries\MassEffect2.exe"="E:\Gamesx\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Hra"
"E:\Gamesx\Mass Effect 2\MassEffect2Launcher.exe"="E:\Gamesx\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Spustit"
"E:\Program Filesx\Steam\steamapps\common\alien swarm\swarm.exe"="E:\Program Filesx\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm"
"E:\Program Filesx\Steam\steamapps\common\the undergarden\TheUndergarden.exe"="E:\Program Filesx\Steam\steamapps\common\the undergarden\TheUndergarden.exe:*:Enabled:The UnderGarden Demo"
"E:\Gamesx\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="E:\Gamesx\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Gamesx\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Gamesx\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"D:\WINDOWS\system32\PnkBstrA.exe"="D:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"D:\WINDOWS\system32\PnkBstrB.exe"="D:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Program Filesx\Steam\steamapps\common\eufloria - demo\Eufloria.exe"="E:\Program Filesx\Steam\steamapps\common\eufloria - demo\Eufloria.exe:*:Enabled:Eufloria - Demo"
"E:\Program Filesx\Steam\steamapps\common\amnesia the dark descent demo\Launcher.exe"="E:\Program Filesx\Steam\steamapps\common\amnesia the dark descent demo\Launcher.exe:*:Enabled:Amnesia: The Dark Descent Demo "
"E:\Program Filesx\Steam\steamapps\common\risen - demo\bin\Risen.exe"="E:\Program Filesx\Steam\steamapps\common\risen - demo\bin\Risen.exe:*:Enabled:Risen - Demo"
"E:\Gamesx\Codemasters\Overlord II\Overlord2.exe"="E:\Gamesx\Codemasters\Overlord II\Overlord2.exe:*:Enabled:Overlord II"
"E:\Program Filesx\uTorrent\uTorrent.exe"="E:\Program Filesx\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Gamesx\Unreal Tournament 3\Binaries\UT3.exe"="E:\Gamesx\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"E:\Gamesx\Electronic Arts\Dragon Age\bin_ship\daorigins.exe"="E:\Gamesx\Electronic Arts\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Prameny Hra"
"E:\Gamesx\Electronic Arts\Dragon Age\DAOriginsLauncher.exe"="E:\Gamesx\Electronic Arts\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Prameny Spustit"
"E:\Gamesx\Electronic Arts\Dragon Age\bin_ship\daupdatersvc.service.exe"="E:\Gamesx\Electronic Arts\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Aktualizovat"
"E:\Program Filesx\TeamViewer\Version6\TeamViewer.exe"="E:\Program Filesx\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"E:\Program Filesx\TeamViewer\Version6\TeamViewer_Service.exe"="E:\Program Filesx\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"E:\Program Filesx\Skype\Phone\Skype.exe"="E:\Program Filesx\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Program Filesx\Skype\Plugin Manager\skypePM.exe"="E:\Program Filesx\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Gamesx\Electronic Arts\Dragon Age\tools\DragonAgeToolset.exe"="E:\Gamesx\Electronic Arts\Dragon Age\tools\DragonAgeToolset.exe:*:Enabled:Dragon Age Toolset"
"E:\Gamesx\Electronic Arts\Dragon Age\tools\RPU.exe"="E:\Gamesx\Electronic Arts\Dragon Age\tools\RPU.exe:*:Enabled:Dragon Age Toolset RPU"
"E:\Gamesx\Electronic Arts\Dragon Age\tools\lightmapper\eclipseRay.exe"="E:\Gamesx\Electronic Arts\Dragon Age\tools\lightmapper\eclipseRay.exe:*:Enabled:Dragon Age Toolset Lightmapper"
"E:\Gamesx\Electronic Arts\Dragon Age\tools\GffEditor.exe"="E:\Gamesx\Electronic Arts\Dragon Age\tools\GffEditor.exe:*:Enabled:Dragon Age Toolset GFF editor"
"E:\Gamesx\Electronic Arts\Dragon Age\tools\ErfEditor.exe"="E:\Gamesx\Electronic Arts\Dragon Age\tools\ErfEditor.exe:*:Enabled:Dragon Age Toolset ERF editor"
"D:\Program Files\AVG\AVG10\avgmfapx.exe"="D:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"E:\Program Filesx\Steam\steamapps\common\rush-demo\rush.exe"="E:\Program Filesx\Steam\steamapps\common\rush-demo\rush.exe:*:Enabled:RUSH Demo"
"E:\Gamesx\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe"="E:\Gamesx\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server"
"E:\Gamesx\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe"="E:\Gamesx\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2"
"D:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="D:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"D:\Program Files\Raptr\raptr.exe"="D:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client"
"D:\Program Files\Raptr\raptr_im.exe"="D:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM"
"D:\Program Files\AVG\AVG10\avgdiagex.exe"="D:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"D:\Program Files\AVG\AVG10\avgnsx.exe"="D:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"D:\Program Files\AVG\AVG10\avgam.exe"="D:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:Správce událostí AVG"
"D:\Program Files\AVG\AVG10\avgemcx.exe"="D:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"E:\Program Filesx\Steam\steamapps\common\clones demo\Bin\ClonesGame.exe"="E:\Program Filesx\Steam\steamapps\common\clones demo\Bin\ClonesGame.exe:*:Enabled:Clones Demo"
"E:\Program Filesx\Steam\steamapps\common\system protocol one demo\SP1Demo.exe"="E:\Program Filesx\Steam\steamapps\common\system protocol one demo\SP1Demo.exe:*:Enabled:System Protocol One Demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-19 21:13:39 ----D---- D:\rsit
2010-12-19 20:10:55 ----D---- D:\Documents and Settings\Andílek\Data aplikací\wargaming.net
2010-12-19 17:24:51 ----D---- D:\Program Files\trend micro
2010-12-18 11:49:38 ----D---- D:\Program Files\Microsoft Chart Controls
2010-12-18 10:00:11 ----A---- D:\WINDOWS\system32\DfSdkBt.exe
2010-12-16 17:48:02 ----A---- D:\WINDOWS\system32\drivers\PnkBstrK.sys
2010-12-16 17:47:44 ----A---- D:\WINDOWS\system32\PnkBstrB.exe
2010-12-15 20:52:25 ----HDC---- D:\WINDOWS\$NtUninstallKB2296199$
2010-12-15 20:52:21 ----HDC---- D:\WINDOWS\$NtUninstallKB2443105$
2010-12-15 20:51:57 ----HDC---- D:\WINDOWS\$NtUninstallKB2440591$
2010-12-15 20:51:53 ----HDC---- D:\WINDOWS\$NtUninstallKB2443685$
2010-12-15 20:51:51 ----HDC---- D:\WINDOWS\$NtUninstallKB2436673$
2010-12-15 20:51:47 ----HDC---- D:\WINDOWS\$NtUninstallKB2467659$
2010-12-15 20:49:43 ----HDC---- D:\WINDOWS\$NtUninstallKB2423089$
2010-12-14 20:59:32 ----HDC---- D:\WINDOWS\$NtUninstallKB973687$
2010-12-14 19:52:29 ----D---- D:\Documents and Settings\Andílek\Data aplikací\MinerWars
2010-12-14 19:50:29 ----D---- D:\Program Files\Microsoft XNA
2010-12-14 19:17:08 ----D---- D:\Download
2010-12-14 19:16:49 ----D---- D:\Nexon
2010-12-14 19:16:45 ----A---- D:\WINDOWS\NEXON_EU_DownloaderUpdater.exe
2010-12-13 19:25:14 ----D---- D:\Documents and Settings\Andílek\Data aplikací\Lamantine
2010-12-12 19:34:15 ----D---- D:\Program Files\DAEMON Tools Toolbar
2010-12-12 18:42:53 ----A---- D:\WINDOWS\system32\drivers\atksgt.sys
2010-12-12 18:42:52 ----A---- D:\WINDOWS\system32\drivers\lirsgt.sys
2010-12-11 22:14:41 ----HDC---- D:\WINDOWS\$NtUninstallKB941569$
2010-12-11 22:14:28 ----HDC---- D:\WINDOWS\$NtUninstallKB929399$
2010-12-11 22:14:16 ----HDC---- D:\WINDOWS\$NtUninstallKB939683$
2010-12-11 22:13:50 ----HDC---- D:\WINDOWS\$NtUninstallKB954154_WM11$
2010-12-11 18:55:15 ----A---- D:\WINDOWS\system32\drivers\vdrive.sys
2010-12-11 16:29:18 ----D---- D:\Documents and Settings\Andílek\Data aplikací\dvdcss
2010-12-11 16:23:57 ----D---- D:\WINDOWS\506DDFBE983F4BC384B865F423B2D798.TMP
2010-12-11 15:55:49 ----A---- D:\WINDOWS\War3Unin.pif
2010-12-11 15:55:49 ----A---- D:\WINDOWS\War3Unin.exe
2010-12-09 20:04:58 ----RHD---- D:\Documents and Settings\Andílek\Data aplikací\SecuROM
2010-12-09 19:41:10 ----D---- D:\WINDOWS\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2010-12-09 19:32:39 ----D---- D:\Documents and Settings\Andílek\Data aplikací\Ashampoo
2010-12-09 19:32:32 ----D---- D:\Documents and Settings\All Users\Data aplikací\ashampoo
2010-12-08 20:34:19 ----D---- D:\Documents and Settings\Andílek\Data aplikací\AVG10
2010-12-08 20:33:21 ----HD---- D:\Documents and Settings\All Users\Data aplikací\Common Files
2010-12-08 20:33:16 ----D---- D:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2010-12-08 20:31:53 ----D---- D:\WINDOWS\system32\drivers\AVG
2010-12-08 20:31:53 ----D---- D:\Documents and Settings\All Users\Data aplikací\AVG10
2010-12-08 20:22:14 ----D---- D:\Documents and Settings\All Users\Data aplikací\MFAData
2010-12-08 20:08:08 ----N---- D:\WINDOWS\system32\spmsg.dll
2010-12-08 20:08:07 ----HDC---- D:\WINDOWS\$NtUninstallMSCompPackV1$
2010-12-08 20:07:57 ----A---- D:\WINDOWS\system32\wmpns.dll
2010-12-08 20:07:49 ----D---- D:\Program Files\Windows Media Connect 2
2010-12-08 20:07:23 ----HDC---- D:\WINDOWS\$NtUninstallwmp11$
2010-12-08 20:06:46 ----N---- D:\WINDOWS\system32\audiodev.dll
2010-12-08 20:06:45 ----HDC---- D:\WINDOWS\$NtUninstallWMFDist11$
2010-12-08 20:06:25 ----D---- D:\WINDOWS\system32\drivers\UMDF
2010-12-08 20:06:21 ----HDC---- D:\WINDOWS\$NtUninstallWudf01000$
2010-12-08 18:16:27 ----D---- D:\Documents and Settings\Andílek\Data aplikací\Google
2010-12-08 18:15:38 ----D---- D:\Program Files\Google
2010-12-04 21:03:03 ----A---- D:\WINDOWS\system32\drivers\sptd.sys
2010-12-04 21:02:28 ----D---- D:\Documents and Settings\Andílek\Data aplikací\DAEMON Tools Lite
2010-12-04 21:02:25 ----D---- D:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-12-04 14:40:02 ----D---- D:\WINDOWS\system32\NtmsData
2010-12-04 13:41:44 ----D---- D:\Documents and Settings\Andílek\Data aplikací\mediAvatar
2010-12-04 13:41:12 ----D---- D:\Program Files\MSECache
2010-12-03 15:46:51 ----D---- D:\Documents and Settings\Andílek\Data aplikací\CyberPower Audio Editing Lab
2010-12-03 15:46:34 ----A---- D:\WINDOWS\system32\NCTWMAFile2.dll
2010-12-03 15:46:34 ----A---- D:\WINDOWS\system32\NCTTextToAudio2.dll
2010-12-03 15:46:34 ----A---- D:\WINDOWS\system32\NCTAudioVisualization2.dll
2010-12-03 15:46:34 ----A---- D:\WINDOWS\system32\NCTAudioTransform2.dll
2010-12-03 15:46:34 ----A---- D:\WINDOWS\system32\NCTAudioRecord2.dll
2010-12-03 15:46:34 ----A---- D:\WINDOWS\system32\NCTAudioPlayer2.dll
2010-12-03 15:46:34 ----A---- D:\WINDOWS\system32\NCTAudioInformation2.dll
2010-12-03 15:46:33 ----A---- D:\WINDOWS\system32\NCTAudioFile2.dll
2010-12-03 15:46:33 ----A---- D:\WINDOWS\system32\NCTAudioEditor2.dll
2010-12-03 15:46:33 ----A---- D:\WINDOWS\system32\NCTAudioDesign2.dll
2010-12-03 15:46:33 ----A---- D:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2010-12-03 15:46:33 ----A---- D:\WINDOWS\system32\msvcr70.dll
2010-12-02 19:57:33 ----D---- D:\Program Files\DAODB
2010-12-01 18:38:17 ----D---- D:\Documents and Settings\Andílek\Data aplikací\skypePM
2010-12-01 18:37:38 ----D---- D:\Program Files\Common Files\Skype
2010-12-01 18:37:37 ----D---- D:\Documents and Settings\Andílek\Data aplikací\Skype
2010-12-01 18:37:34 ----D---- D:\Documents and Settings\All Users\Data aplikací\Skype
2010-12-01 14:50:15 ----D---- D:\Documents and Settings\Andílek\Data aplikací\TeamViewer
2010-12-01 14:50:06 ----A---- D:\WINDOWS\system32\drivers\teamviewervpn.sys
2010-12-01 13:49:25 ----RD---- D:\Sandbox
2010-12-01 13:48:44 ----A---- D:\WINDOWS\Sandboxie.ini
2010-12-01 13:26:15 ----D---- D:\Documents and Settings\Andílek\Data aplikací\Aston2
2010-11-29 17:12:17 ----D---- D:\Documents and Settings\Andílek\Data aplikací\Broken Sword 2.5
2010-11-29 15:38:19 ----A---- D:\WINDOWS\Entropia Universe Uninstall Log.txt
2010-11-28 17:12:10 ----A---- D:\WINDOWS\Entropia Universe Setup Log.txt
2010-11-28 16:39:58 ----D---- D:\Documents and Settings\Andílek\Data aplikací\Nero
2010-11-28 16:36:29 ----D---- D:\Documents and Settings\All Users\Data aplikací\Nero
2010-11-28 12:51:08 ----D---- D:\Documents and Settings\Andílek\Data aplikací\WebMoney
2010-11-28 12:50:06 ----D---- D:\Program Files\WebMoney Agent
2010-11-27 11:47:02 ----D---- D:\Documents and Settings\All Users\Data aplikací\BioWare
2010-11-27 11:35:17 ----D---- D:\WINDOWS\1C4551A64743409391E41477CD655043.TMP
2010-11-23 21:14:54 ----D---- D:\Documents and Settings\Andílek\Data aplikací\InstallShield Installation Information
2010-11-23 20:56:12 ----D---- D:\Documents and Settings\All Users\Data aplikací\YoYoGames
2010-11-23 18:41:23 ----D---- D:\Documents and Settings\Andílek\Data aplikací\uTorrent
2010-11-21 20:27:00 ----D---- D:\Program Files\Common Files\DirectX
2010-11-21 20:22:11 ----D---- D:\WINDOWS\USB Vibration
2010-11-21 20:21:57 ----D---- D:\Program Files\USB Vibration
2010-11-21 18:14:53 ----D---- D:\Program Files\Microsoft Silverlight
2010-11-21 15:08:58 ----HDC---- D:\WINDOWS\$NtUninstallKB961118$
2010-11-21 12:26:36 ----HD---- D:\$AVG
2010-11-20 19:50:31 ----D---- D:\Documents and Settings\Andílek\Data aplikací\ScummVM
2010-11-20 19:47:28 ----D---- D:\Documents and Settings\Andílek\Data aplikací\DivX
2010-11-20 19:24:56 ----D---- D:\Documents and Settings\Andílek\Data aplikací\ClonesDemo
2010-11-20 17:03:20 ----D---- D:\Program Files\Common Files\DivX Shared
2010-11-20 17:02:45 ----D---- D:\Program Files\DivX
2010-11-20 17:02:01 ----D---- D:\Documents and Settings\All Users\Data aplikací\DivX
2010-11-20 15:53:30 ----D---- D:\Documents and Settings\All Users\Data aplikací\Barbie Fashion Show
2010-11-20 15:23:24 ----D---- D:\Documents and Settings\All Users\Data aplikací\Rapidshare Search Tool
2010-11-20 12:42:49 ----A---- D:\WINDOWS\KA.ini

======List of files/folders modified in the last 1 months======

2010-12-19 21:00:44 ----D---- D:\WINDOWS\Prefetch
2010-12-19 21:00:40 ----D---- D:\WINDOWS\Temp
2010-12-19 21:00:29 ----D---- D:\Documents and Settings\Andílek\Data aplikací\Raptr
2010-12-19 21:00:19 ----D---- D:\WINDOWS\system32\CatRoot2
2010-12-19 21:00:00 ----D---- D:\WINDOWS\system32
2010-12-19 19:12:00 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-12-19 19:00:16 ----D---- D:\WINDOWS
2010-12-19 17:24:51 ----RD---- D:\Program Files
2010-12-19 16:39:59 ----SHD---- D:\WINDOWS\Installer
2010-12-19 16:39:57 ----D---- D:\WINDOWS\WinSxS
2010-12-19 16:39:53 ----D---- D:\WINDOWS\system32\DirectX
2010-12-19 16:39:47 ----HD---- D:\WINDOWS\inf
2010-12-19 16:39:26 ----RSD---- D:\WINDOWS\assembly
2010-12-18 17:07:47 ----SHD---- D:\System Volume Information
2010-12-18 17:07:47 ----D---- D:\WINDOWS\system32\Restore
2010-12-17 17:49:50 ----A---- D:\WINDOWS\win.ini
2010-12-17 17:48:47 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-12-17 17:48:03 ----D---- D:\WINDOWS\system32\drivers
2010-12-17 17:39:06 ----D---- D:\Program Files\Raptr
2010-12-16 17:47:43 ----A---- D:\WINDOWS\system32\PnkBstrA.exe
2010-12-15 20:52:23 ----A---- D:\WINDOWS\imsins.BAK
2010-12-15 20:52:16 ----D---- D:\Program Files\Internet Explorer
2010-12-15 20:52:04 ----D---- D:\WINDOWS\ie8updates
2010-12-15 20:52:01 ----HD---- D:\WINDOWS\$hf_mig$
2010-12-15 20:51:45 ----D---- D:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-12-15 20:49:50 ----A---- D:\WINDOWS\system32\MRT.exe
2010-12-15 20:49:45 ----D---- D:\Program Files\Outlook Express
2010-12-14 19:50:29 ----D---- D:\Program Files\Common Files\Microsoft Shared
2010-12-14 17:27:48 ----SD---- D:\WINDOWS\Tasks
2010-12-12 19:33:27 ----D---- D:\Program Files\Common Files
2010-12-12 18:55:35 ----HD---- D:\Program Files\InstallShield Installation Information
2010-12-12 14:23:30 ----D---- D:\Program Files\Electronic Arts
2010-12-11 19:03:29 ----SD---- D:\Documents and Settings\Andílek\Data aplikací\Microsoft
2010-12-11 16:58:04 ----AD---- D:\Documents and Settings\All Users\Data aplikací\TEMP
2010-12-11 16:28:26 ----D---- D:\Documents and Settings\Andílek\Data aplikací\AnvSoft
2010-12-11 16:23:54 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2010-12-08 20:56:42 ----D---- D:\WINDOWS\system32\CatRoot
2010-12-08 20:26:50 ----D---- D:\Program Files\AVG
2010-12-08 20:26:37 ----D---- D:\Documents and Settings\All Users\Data aplikací\avg9
2010-12-08 20:07:48 ----D---- D:\Program Files\Windows Media Player
2010-12-08 20:07:39 ----D---- D:\WINDOWS\Help
2010-12-08 20:06:25 ----D---- D:\WINDOWS\system32\LogFiles
2010-12-04 13:49:08 ----D---- D:\Documents and Settings\Andílek\Data aplikací\U3
2010-12-04 10:49:06 ----A---- D:\WINDOWS\system32\CmdLineExt.dll
2010-12-02 19:58:51 ----D---- D:\WINDOWS\system32\config
2010-12-02 19:57:34 ----D---- D:\Program Files\Common Files\BioWare
2010-12-02 18:23:16 ----D---- D:\Documents and Settings\Andílek\Data aplikací\Adobe
2010-12-02 17:27:25 ----D---- D:\Documents and Settings\Andílek\Data aplikací\vlc
2010-12-01 17:26:35 ----D---- D:\Documents and Settings\Andílek\Data aplikací\Azureus
2010-11-23 21:18:49 ----D---- D:\WINDOWS\security
2010-11-23 18:44:21 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2010-11-21 15:11:37 ----D---- D:\WINDOWS\Microsoft.NET
2010-11-20 22:01:52 ----D---- D:\WINDOWS\system32\XPSViewer
2010-11-20 22:01:50 ----D---- D:\WINDOWS\system32\en-us
2010-11-20 22:01:48 ----RSD---- D:\WINDOWS\Fonts
2010-11-20 19:24:48 ----D---- D:\Program Files\OpenAL
2010-11-20 17:03:39 ----SD---- D:\WINDOWS\Downloaded Program Files
2010-11-20 12:52:41 ----SD---- D:\Documents and Settings\All Users\Data aplikací\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; D:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; D:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2010-12-04 691696]
R1 Avgldx86;AVG AVI Loader Driver; D:\WINDOWS\system32\DRIVERS\avgldx86.sys [2010-12-08 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; D:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; D:\WINDOWS\system32\DRIVERS\avgtdix.sys [2010-11-12 299984]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; D:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 atksgt;atksgt; D:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-12-12 281504]
R2 lirsgt;lirsgt; D:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-12-12 25888]
R3 Avgfwdx;Avgfwdx; D:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
R3 AVGIDSDriver;AVGIDSDriver; D:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; D:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; D:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 26192]
R3 gdrv;gdrv; \??\D:\WINDOWS\gdrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidBatt;Ovladač baterie zdroje UPS standardu HID; D:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-27 4742656]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; D:\WINDOWS\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; D:\WINDOWS\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 Maplom;Maplom; D:\WINDOWS\system32\drivers\Maplom.sys [2010-11-16 30144]
R3 MaplomL;MaplomL; D:\WINDOWS\system32\drivers\MaplomL.sys [2010-11-16 46528]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-22 9623680]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-16 109184]
R3 SbieDrv;SbieDrv; \??\E:\Program Filesx\Sandboxie\SbieDrv.sys []
R3 teamviewervpn;TeamViewer VPN Adapter; D:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2010-11-30 25088]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; D:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbaudio;Ovladač zvukové karty USB (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); D:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 vdrive;vdrive; D:\WINDOWS\system32\DRIVERS\vdrive.sys [2010-06-25 34560]
S3 addnyr1f;addnyr1f; D:\WINDOWS\system32\drivers\addnyr1f.sys []
S3 Avgfwfd;AVG network filter service; D:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
S3 CCDECODE;Dekodér Closed Caption; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; D:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NPF;NetGroup Packet Filter Driver; D:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AHDDC2;Ashampoo HDD Control 2 Service; E:\Program Filesx\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2010-12-14 1515352]
R2 avgfws;AVG Firewall; D:\Program Files\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent; D:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog; D:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 GEST Service;GEST Service for program management.; D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392]
R2 GJService;Game Jackal Server; E:\Program Filesx\SlySoft\Game Jackal v4\Server.exe [2010-11-16 3032000]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-11-13 153376]
R2 nvsvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2010-10-16 156776]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2010-12-16 75136]
R2 PnkBstrB;PnkBstrB; D:\WINDOWS\system32\PnkBstrB.exe [2010-12-16 189248]
R2 SbieSvc;Sandboxie Service; E:\Program Filesx\Sandboxie\SbieSvc.exe [2010-10-17 75496]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-08 136176]
S2 SSHNAS;SSHNAS; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; D:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-25 517448]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; E:\Gamesx\Electronic Arts\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 DfSdkS;Defragmentation-Service; E:\Program Filesx\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe [2009-08-24 406016]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); D:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[KTomas]

Právě probíhá kontrola a MBAN už našel 4 infekce a rezidentní štít avg našel 2 které zdřejmně našel právě MBAN viz níže (jsou ve virovém trezoru) tyto soubory jsou v názvu podobné Cqg.exe, Cqf.exe, a avg mi našel ale to už je delší dobu i CQH.exe vše také v Documents and Settings\Andílek\Local Settings\Temp
Až bude kompletní sken dokončen tak pošlu.

Nálezy Rezidentního štítu AVG
Infekce;"Objekt";"Výsledek";"Čas nálezu";"Typ objektu";"Proces"
Trojský kůň Downloader.Generic10.BAMS;"d:\Documents and Settings\Andílek\Local Settings\Temp\Cqg.exe";"Přesunuto do trezoru";"20.12.2010, 18:59:20";"Soubor";"E:\Program Filesx\Malwarebytes' Anti-Malware\mbam.exe"
Trojský kůň Downloader.Generic10.BAKB;"d:\Documents and Settings\Andílek\Local Settings\Temp\Cqf.exe";"Přesunuto do trezoru";"20.12.2010, 18:59:19";"Soubor";"E:\Program Filesx\Malwarebytes' Anti-Malware\mbam.exe"

[Rudy]

Jj, to jsou infekce. Nechte sken MBAM doběhnout a pak dejte log.

[KTomas]

Sken dokončen, nic kromě těch dvou jsem nemazal:
Malwarebytes' Anti-Malware 1.50
http://www.malwarebytes.org

Verze databáze: 5361

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.12.2010 19:53:55
mbam-log-2010-12-20 (19-53-51).txt

Typ kontroly: Úplný test (D:\|E:\|)
Testované objekty: 335807
Uplynulý čas: 1 hodin, 6 minut, 12 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 6

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\HJRUDZ5DT2 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Z30KYPG3WS (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
d:\documents and settings\Andílek\dokumenty\stažené soubory\assciikcarc\assciikcarc\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
d:\documents and settings\Andílek\local settings\Temp\Cqf.exe (Trojan.FraudPack.Gen) -> No action taken.
d:\documents and settings\Andílek\local settings\Temp\Cqg.exe (Trojan.FraudPack.Gen) -> No action taken.
d:\Sandbox\Andílek\defaultbox\drive\D\program files\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
d:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
d:\WINDOWS\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> No action taken.

[Rudy]

Vše, co MBAM nalezl, smažte.

[KTomas]

Smazáno. Tak snad to už bude dobré. Dnes ještě nezamrzl tedy tyto 3 hodiny. A díky.

[Rudy]

Nemáte zač!

[KTomas]

Tak teť zamrzl zase.

[Rudy]

Co jste instaloval těsně před tím, než se problém objevil?

[KTomas]

Naposledy jsem aktualizoval Stickypassword ale to bylo asi před 15 min.
Před nedávnem jsem měl problém že když jsem dělal něco s průzkumníkem Windows (explorer.exe) tak po nějaké době se mi ukazovala tabulka omezení spouštění dat u explorer.exe pak se mi ukázalo že program přestal pracovat, a pak se retartoval proces retartoval (všechno zmizlo a znova naskočilo) tak jsem tabulku podle tohoto návodu vypnul: http://www.pc-help.cz/viewtopic.php?t=16436 . A stejně se to ještě někdy stane jako například před chvílí jen stím rozdílem že se objeví jen tabulka program přestal pracovat. A to jsem před nedávnem kompletně přeinstaloval počítač (asi 2 měsíce) nemůže to mít nějakou souvislost?

[Rudy]

A to jsem před nedávnem kompletně přeinstaloval počítač.....

Nainstaloval jste všechny ovladače hardwaru?

[KTomas]

Mám. Před chvílí se sekl znova.

[Rudy]

Ještě poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware