Program pruzkumnik Winows prestalpracovat.

[kuba.m]

Dobry den,

potreboval bych pradit ohledne zavirovaneho pocitace, zde je pribeh:

Vcera vecer jsem stahnul nejaky .exe soubor(muzu poslat pokud bude nutne), po otevreni mi to napsao nejakou hlasu a pocitac se vypnul. Rano kdyz jsem pocitac zapl a prihlasil se, hned na zacatku mi to hodilo nekolik chyb ze Program puzkunik windows prestal pracovat. Po neuspesnem reseni problmu, jsem chybu vypl a zjistil ze pri kazdem pokusu spustit jakykoliv program, vcetne her,internetu, aplikaci atd. mi nabehne ta stejna chyba. Kdyz jsem klikl na ctrl alt delet a chtel zapnout spravce uloh, napsalo mi to ze spravce tohoto systemu zakazal spravce uloh, takze pocitac se stal uplne nefunkcni. jedine co mohu otvirat jsou slozky. do windowsu pres start se take dokazu dostat. Pratele mi radili nainstalovat anti vir(dosud zadny bohuzel nemam) ale pri pkusu otevrit .exe soubor mi naskocila stejna chyba.

Byl bych vdecny za kazde tipy nebo rady. Pokud by k tomu bylo potreba vice casu nebo hovor zde je skype: badik7726

Dekuju moc.

[kuba.m]

Zdravim, podle tve rady jsem chtel stahnout Silent Runners ale pri spusteni to napise podobnou chybu:
Program Microsoft (R) Windows Based Script Host prestal pracovat.

zde je odkaz na vir: http://hotfile.com/dl/119166605/86c2d8f ... r.exe.html

Bohuzel nevim co jsou to com soubory a kde je mohu najit.
Nouzový rezim tez nevim jak se spousti.

Jedna dodavka: kazdy .exe soubor ma ikonku hudebniho WMA souboru, nevim proc

Dekuji moc.

[kuba.m]

C:/users/kenny/downloads/oprava.reg nelze importovat. Do registru se nepodarilo uspesne zadat vsechna data. Nektere klice jsou otevreny systemem nebo jinymi procesy.

Vir jsem se ti pokusil nahrat zde http://leteckaposta.cz/230863689

[kuba.m]

Takze vysledky: Oprava bylo uspesna!! Dekuju moc za podpru a skvely vysledek , jen bych se rad zeptal jestli nemas tip na nejaky bezplatny kvalitni anti vir abych dalsim podobnym problemum predesel.

Jeste jednou dekuju moc.

[kuba.m]

Jeste jeden dodatek, po restartu se mi zde objevilo ze program Startman prestal fungovat a byl ukoncem( odhaduji ze to je ten vir), mam se o to jeste nejak starat(najit a vymazat) nebo je to bezpecne?

[kuba.m]

zde je log ze Rndom ....:


Logfile of random's system information tool 1.09 (written by random/random)
Run by kenny at 2012-03-04 13:54:03
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 31 GB (22%) free of 144 GB
Total RAM: 2046 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:56:29, on 4.3.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\USB Disk Win98 Driver\Res.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Users\kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\WScript.exe
C:\Users\kenny\Downloads\RSIT.exe
C:\Program Files\trend micro\kenny.exe
C:\Program Files\Microsoft Security Client\msseces.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://beemp3.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F1 - win.ini: load=C:\Windows\system32\TM bot license forever.bat
F1 - win.ini: run=C:\Windows\system32\TM bot license forever.bat
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-603799388-732372047-3861594350-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8037 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

=========Mozilla firefox=========

ProfilePath - C:\Users\kenny\AppData\Roaming\Mozilla\Firefox\Profiles\r4uzxdu8.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7, {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10, {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.4.0.4340, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.7&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{2224E955-00E9-4613-A844-CE69FCCAAE91}"=C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF
"{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}"=C:\Program Files\Media Access Startup\1.5.0.850\FF
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsIBitCometAgent.xpt
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npBitCometAgent.dll
npdeploytk.dll
npnul32.dll
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\kenny\AppData\Roaming\Mozilla\Firefox\Profiles\r4uzxdu8.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

C:\Users\kenny\AppData\Roaming\Mozilla\Firefox\Profiles\r4uzxdu8.default\searchplugins\
daemon-search.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"USB Storage Toolbox"=C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]
"HTC Sync Loader"=C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2010-09-08 249856]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-02-07 1987976]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"SSDMonitor"=C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2012-01-04 103896]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Microsoft Security Client"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2011-10-15 6350144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2011-10-15 203072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reset]
regedit /s reset.reg []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"msacm.lhacm"=lhacm.acm
"VIDC.FPS1"=frapsvid.dll
"VIDC.IV41"=ir41_32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.CFHD"=cfhd.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2012-03-04 13:54:03 ----DC---- C:\rsit
2012-03-04 13:54:03 ----D---- C:\Program Files\trend micro
2012-03-04 13:52:38 ----D---- C:\Program Files\Microsoft Security Client
2012-03-04 01:56:24 ----AHC---- C:\msg.vbs
2012-03-04 01:56:22 ----AC---- C:\9618.txt
2012-03-04 01:56:22 ----AC---- C:\8877.txt
2012-03-04 01:56:22 ----AC---- C:\7225.txt
2012-03-04 01:56:22 ----AC---- C:\6203.txt
2012-03-04 01:56:22 ----AC---- C:\6137.txt
2012-03-04 01:56:22 ----AC---- C:\5659.txt
2012-03-04 01:56:22 ----AC---- C:\5020.txt
2012-03-04 01:56:22 ----AC---- C:\4577.txt
2012-03-04 01:56:22 ----AC---- C:\29946.txt
2012-03-04 01:56:22 ----AC---- C:\29619.txt
2012-03-04 01:56:22 ----AC---- C:\28794.txt
2012-03-04 01:56:22 ----AC---- C:\2862.txt
2012-03-04 01:56:22 ----AC---- C:\28568.txt
2012-03-04 01:56:22 ----AC---- C:\26085.txt
2012-03-04 01:56:22 ----AC---- C:\2439.txt
2012-03-04 01:56:22 ----AC---- C:\23931.txt
2012-03-04 01:56:22 ----AC---- C:\23632.txt
2012-03-04 01:56:22 ----AC---- C:\23485.txt
2012-03-04 01:56:22 ----AC---- C:\23188.txt
2012-03-04 01:56:22 ----AC---- C:\20573.txt
2012-03-04 01:56:22 ----AC---- C:\20537.txt
2012-03-04 01:56:22 ----AC---- C:\20145.txt
2012-03-04 01:56:22 ----AC---- C:\19928.txt
2012-03-04 01:56:22 ----AC---- C:\19821.txt
2012-03-04 01:56:22 ----AC---- C:\19538.txt
2012-03-04 01:56:22 ----AC---- C:\1941.txt
2012-03-04 01:56:22 ----AC---- C:\18543.txt
2012-03-04 01:56:22 ----AC---- C:\16834.txt
2012-03-04 01:56:22 ----AC---- C:\16387.txt
2012-03-04 01:56:22 ----AC---- C:\1610.txt
2012-03-04 01:56:22 ----AC---- C:\15452.txt
2012-03-04 01:56:22 ----AC---- C:\14990.txt
2012-03-04 01:56:22 ----AC---- C:\14426.txt
2012-03-04 01:56:22 ----AC---- C:\11993.txt
2012-03-04 01:56:22 ----AC---- C:\10381.txt
2012-03-04 01:56:21 ----AC---- C:\9873.txt
2012-03-04 01:56:21 ----AC---- C:\9817.txt
2012-03-04 01:56:21 ----AC---- C:\8000.txt
2012-03-04 01:56:21 ----AC---- C:\5385.txt
2012-03-04 01:56:21 ----AC---- C:\32075.txt
2012-03-04 01:56:21 ----AC---- C:\30364.txt
2012-03-04 01:56:21 ----AC---- C:\27308.txt
2012-03-04 01:56:21 ----AC---- C:\26126.txt
2012-03-04 01:56:21 ----AC---- C:\24283.txt
2012-03-04 01:56:21 ----AC---- C:\17388.txt
2012-03-04 01:56:21 ----AC---- C:\16461.txt
2012-03-04 01:56:21 ----AC---- C:\1472.txt
2012-03-04 01:56:21 ----AC---- C:\14369.txt
2012-03-04 01:56:21 ----AC---- C:\13894.txt
2012-03-04 01:56:21 ----AC---- C:\10639.txt
2012-02-25 23:21:44 ----D---- C:\Users\kenny\AppData\Roaming\vlc
2012-02-25 23:21:00 ----D---- C:\Program Files\VideoLAN
2012-02-18 18:58:39 ----D---- C:\Program Files\Codec Pack - All In 1
2012-02-18 18:58:00 ----A---- C:\Windows\Codec Pack - All In 1 Setup Log.txt
2012-02-16 12:54:17 ----A---- C:\Windows\system32\msxml.dll
2012-02-16 12:54:17 ----A---- C:\Windows\system32\CleanMFT32.exe
2012-02-16 12:54:14 ----D---- C:\Program Files\Common Files\PC Tools
2012-02-16 12:54:13 ----D---- C:\Program Files\PC Tools Registry Mechanic
2012-02-15 14:12:22 ----D---- C:\Program Files\LogMeIn Hamachi
2012-02-15 07:31:53 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-15 07:31:52 ----A---- C:\Windows\system32\jscript.dll
2012-02-15 07:31:52 ----A---- C:\Windows\system32\iertutil.dll
2012-02-15 07:31:51 ----A---- C:\Windows\system32\wininet.dll
2012-02-15 07:31:51 ----A---- C:\Windows\system32\url.dll
2012-02-15 07:31:51 ----A---- C:\Windows\system32\jscript9.dll
2012-02-15 07:31:51 ----A---- C:\Windows\system32\ieui.dll
2012-02-15 07:31:50 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-15 07:31:49 ----A---- C:\Windows\system32\mshtml.dll
2012-02-15 07:31:47 ----A---- C:\Windows\system32\urlmon.dll
2012-02-15 07:31:47 ----A---- C:\Windows\system32\ieframe.dll
2012-02-15 06:47:01 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-15 06:46:58 ----A---- C:\Windows\system32\win32k.sys
2012-02-12 15:47:34 ----D---- C:\Program Files\WoTlk
2012-02-10 13:02:02 ----D---- C:\Program Files\LeagueOfLegends
2012-02-07 19:27:01 ----AH---- C:\Windows\system32\hamachi.sys

======List of files/folders modified in the last 1 month======

2012-03-04 13:55:50 ----D---- C:\Windows\Temp
2012-03-04 13:55:03 ----D---- C:\Windows
2012-03-04 13:54:35 ----SHD---- C:\Windows\Installer
2012-03-04 13:54:03 ----RD---- C:\Program Files
2012-03-04 13:53:51 ----RASHD---- C:\Windows\System32
2012-03-04 13:53:51 ----D---- C:\Windows\inf
2012-03-04 13:53:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-04 13:53:48 ----D---- C:\Windows\system32\drivers
2012-03-04 13:53:47 ----D---- C:\Windows\system32\catroot
2012-03-04 13:53:33 ----SD---- C:\ProgramData\Microsoft
2012-03-04 13:52:14 ----D---- C:\Windows\winsxs
2012-03-04 13:51:26 ----SHD---- C:\System Volume Information
2012-03-04 13:50:26 ----D---- C:\Users\kenny\AppData\Roaming\Skype
2012-03-04 13:36:58 ----D---- C:\Users\kenny\AppData\Roaming\skypePM
2012-03-04 12:05:53 ----RD---- C:\Users
2012-03-04 12:01:07 ----D---- C:\Windows\Prefetch
2012-03-04 01:56:21 ----A---- C:\Windows\win.ini
2012-03-04 01:44:41 ----D---- C:\Program Files\TMbot
2012-03-03 23:54:04 ----AD---- C:\ProgramData\TEMP
2012-03-03 23:38:15 ----D---- C:\ProgramData\PMB Files
2012-02-26 17:08:24 ----D---- C:\Program Files\Microsoft Games
2012-02-19 10:28:37 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-18 18:57:59 ----A---- C:\Windows\iun6002.exe
2012-02-16 12:54:46 ----D---- C:\Windows\Tasks
2012-02-16 12:54:42 ----D---- C:\Windows\system32\Tasks
2012-02-16 12:54:14 ----D---- C:\Program Files\Common Files
2012-02-16 10:01:56 ----SHDC---- C:\$Recycle.bin
2012-02-16 10:00:43 ----D---- C:\ProgramData\Norton
2012-02-16 09:54:41 ----D---- C:\ProgramData\DivX
2012-02-16 09:54:38 ----D---- C:\Program Files\DivX
2012-02-16 09:54:33 ----D---- C:\Program Files\Common Files\DivX Shared
2012-02-15 16:44:15 ----D---- C:\Windows\Microsoft.NET
2012-02-15 16:44:11 ----RSD---- C:\Windows\assembly
2012-02-15 14:15:09 ----D---- C:\Program Files\Common Files\Steam
2012-02-15 14:08:08 ----D---- C:\Windows\system32\migration
2012-02-15 14:08:08 ----D---- C:\Program Files\Internet Explorer
2012-02-15 07:36:24 ----D---- C:\Windows\system32\catroot2
2012-02-15 07:33:20 ----A---- C:\Windows\system32\mrt.exe
2012-02-15 07:31:34 ----D---- C:\Program Files\Windows Mail
2012-02-11 14:10:51 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-02-10 13:44:06 ----D---- C:\Windows\Logs
2012-02-10 13:27:01 ----D---- C:\Riot Games
2012-02-10 13:26:48 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-09 16:44:42 ----DC---- C:\Downloads

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-12-21 428088]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-12-06 761856]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 80424]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 16168]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-07 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-10-15 10327360]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
S3 aawr7424;aawr7424; C:\Windows\system32\drivers\aawr7424.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-09-09 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 1373576]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1136448]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-07 79872]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-03-04 75064]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-01-04 793048]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-10-11 3369044]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[kuba.m]

Silent....:


"Silent Runners.vbs", revision 63, http://www.silentrunners.org/
Operating System: Windows Vista SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun" ["DT Soft Ltd"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"USB Storage Toolbox" = "C:\Program Files\USB Disk Win98 Driver\Res.EXE" ["ali"]
"HTC Sync Loader" = ""C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup" [null data]
"LogMeIn Hamachi Ui" = ""C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start" ["LogMeIn Inc."]
"DivXUpdate" = ""C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW" [null data]
"SSDMonitor" = "C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" ["PC Tools"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{326E768D-4182-46FD-9C16-1449A49795F4}\(Default) = "Increase performance and video formats for your HTML5 <video>"
-> {HKLM...CLSID} = "DivX Plus Web Player HTML5 <video>"
\InProcServer32\(Default) = "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll" ["DivX, LLC"]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}" = "IGD Property Sheet Handler"
-> {HKLM...CLSID} = "IGD Property Page"
\InProcServer32\(Default) = "C:\Windows\System32\icsigd.dll" ["Společnost Microsoft"]

"{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]

"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
-> {HKLM...CLSID} = "ShellViewRTF"
\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\Display\nvui.dll" ["NVIDIA Corporation"]

"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]

"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}" = "NVIDIA Play On My TV Context Menu Extension"
-> {HKLM...CLSID} = "NVIDIA CPL Context Menu Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvshext.dll" ["NVIDIA Corporation"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "SetupExecute" = "C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe /display_progress \SystemRoot\WinSxS\pending.xml"

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}"
-> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS]

<<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}"
-> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS]

<<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}"
-> {HKLM...CLSID} = "IEProtocolHandler Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

EPP\(Default) = "{09A47860-11B0-4DA5-AFA5-26D86198A780}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "c:\PROGRA~1\MI239C~1\shellext.dll" [MS]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

EPP\(Default) = "{09A47860-11B0-4DA5-AFA5-26D86198A780}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "c:\PROGRA~1\MI239C~1\shellext.dll" [MS]

UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Monitor\(Default) = "{7842554E-6BED-11D2-8CDB-B05550C10000}"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

NvCplDesktopContext\(Default) = "{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}"
-> {HKLM...CLSID} = "NVIDIA CPL Context Menu Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvshext.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Default executables:
--------------------

<<!>> HKCU\Software\Classes\.exe\(Default) = "exefile"

<<!>> HKLM\SOFTWARE\Classes\.exe\(Default) = "WMAFile"
<<!>> HKLM\SOFTWARE\Classes\WMAFile\shell\(Default) = "Play"
<<!>> HKLM\SOFTWARE\Classes\WMAFile\shell\Play\command\(Default) = ""C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:5 /Play "%L"" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableTaskMgr" = (REG_SZ) 1
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\kenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

LightScribeOnArrivalAP\
"Provider" = "LightScribe Direct Disc Labeling"
"InvokeProgID" = "LightScribe.AutoPlayHandler"
"InvokeVerb" = "LabelLightScribeDisc"
HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"]

P2GCDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe"" ["CyberLink Corp."]

PDirDVArrival\
"Provider" = "PowerDirector"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\CyberLink\PowerDirector\PDR.exe" /DV"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

Power2GoPlayCDAudioOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPower2Go"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L"" ["CyberLink Corp."]

PStarterBlankCDArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

PStarterDVDBurningOnArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "BlankDVD"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

PStarterMixedCDArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "MixedContent"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

PStarterMusicFilesArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "MusicFiles"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

PStarterPicturesArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "BlankCD"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

PStarterPlayCDAudioOnArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerStarter"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]

PStarterPlayDVDMovieOnArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerStarter"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]

PStarterVideoFilesArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "VideoFiles"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

QuickPlayDCameraArrival\
"Provider" = "HP QuickPlay"
"InvokeProgID" = "Picture"
"InvokeVerb" = "PlayWithQuickPlay"
HKLM\SOFTWARE\Classes\Picture\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY DSC "%L"" ["CyberLink Corp."]

QuickPlayDVArrival\
"Provider" = "HP QuickPlay"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\HP\QuickPlay\QP.exe" DV "%L""
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

QuickPlayMusicFilesArrival\
"Provider" = "HP QuickPlay"
"InvokeProgID" = "MusicFiles"
"InvokeVerb" = "PlayWithQuickPlay"
HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY MUSIC "%L"" ["CyberLink Corp."]

QuickPlayPlayCDAudioOnArrival\
"Provider" = "HP QuickPlay"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithQuickPlay"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY CD "%L"" ["CyberLink Corp."]

QuickPlayPlayDVDMovieOnArrival\
"Provider" = "HP QuickPlay"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithQuickPlay"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

QuickPlayPlayVideoCDMovieOnArrival\
"Provider" = "HP QuickPlay"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithQuickPlay"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

SonyDVConnectvegas7\
"Provider" = "Sony Vegas 7.0"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Sony\Vegas 7.0\vegas70.exe""
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1" ["VideoLAN"]

VLCPlayDVDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.OPENFolder"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" %1" ["VideoLAN"]

VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1" ["VideoLAN"]

VLCPlayMusicFilesOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.OPENFolder"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" %1" ["VideoLAN"]

VLCPlaySVCDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.SVCDMovie"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1" ["VideoLAN"]

VLCPlayVCDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.VCDMovie"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1" ["VideoLAN"]

VLCPlayVideoFilesOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.OPENFolder"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" %1" ["VideoLAN"]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

[kuba.m]

tim FF je mysleno co?

Report:




========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\\"load"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\\"run"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reset\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\TM bot license forever.bat not found.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components folder moved successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content folder moved successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome folder moved successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF folder moved successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data folder moved successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 folder moved successfully.
C:\Program Files\Internet Saving Optimizer folder moved successfully.
File/Folder C:\Program Files\Media Access Startup not found.
C:\Program Files\Mozilla Firefox\plugins\WMP Firefox Plugin License.rtf moved successfully.
File/Folder C:\Program Files\Mozilla Firefox\plugins\WMP Firefox Plugin not found.
C:\msg.vbs moved successfully.
C:\10381.txt moved successfully.
C:\10639.txt moved successfully.
C:\11993.txt moved successfully.
C:\13894.txt moved successfully.
C:\14369.txt moved successfully.
C:\14426.txt moved successfully.
C:\1472.txt moved successfully.
C:\14990.txt moved successfully.
C:\15452.txt moved successfully.
C:\1610.txt moved successfully.
C:\16387.txt moved successfully.
C:\16461.txt moved successfully.
C:\16834.txt moved successfully.
C:\17388.txt moved successfully.
C:\18543.txt moved successfully.
C:\1941.txt moved successfully.
C:\19538.txt moved successfully.
C:\19821.txt moved successfully.
C:\19928.txt moved successfully.
C:\20145.txt moved successfully.
C:\20537.txt moved successfully.
C:\20573.txt moved successfully.
C:\23188.txt moved successfully.
C:\23485.txt moved successfully.
C:\23632.txt moved successfully.
C:\23931.txt moved successfully.
C:\24283.txt moved successfully.
C:\2439.txt moved successfully.
C:\26085.txt moved successfully.
C:\26126.txt moved successfully.
C:\27308.txt moved successfully.
C:\28568.txt moved successfully.
C:\2862.txt moved successfully.
C:\28794.txt moved successfully.
C:\29619.txt moved successfully.
C:\29946.txt moved successfully.
C:\30364.txt moved successfully.
C:\32075.txt moved successfully.
C:\4577.txt moved successfully.
C:\5020.txt moved successfully.
C:\5385.txt moved successfully.
C:\5659.txt moved successfully.
C:\6137.txt moved successfully.
C:\6203.txt moved successfully.
C:\7225.txt moved successfully.
C:\8000.txt moved successfully.
C:\8877.txt moved successfully.
C:\9618.txt moved successfully.
C:\9817.txt moved successfully.
C:\9873.txt moved successfully.

OTM by OldTimer - Version 3.1.19.0 log created on 03042012_204121

[kuba.m]

Jinak tedy uz nevidim na na pocitaci zadne znamky poskozeni, takze myslis ze uz by to melo byt OK?....antivir urco nainstaluju

[kuba.m]

zde je jeste z Malwarebytes....



Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.03.04.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
kenny :: HPPAVILIONDV [administrátor]

Ochrana: Povolena

4.3.2012 20:57:06
mbam-log-2012-03-04 (20-57-06).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 223207
Uplynulý čas: 20 minut, 46 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 4
HKCR\Typelib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA} (Adware.DoubleD) -> Umístnění do karantény a smazání se zdařilo.
HKCR\Interface\{6160F76A-1992-4B17-A32D-0C706D159105} (Adware.DoubleD) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 (Adware.DoubleD) -> Umístnění do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Data: -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Data: ©ěVŤH˘K…b—ą«xŇ -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91} (Adware.DoubleD) -> Data: -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{2224E955-00E9-4613-A844-CE69FCCAAE91} (Adware.DoubleD) -> Data: C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} (Adware.DoubleD) -> Data: -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} (Adware.DoubleD) -> Data: C:\Program Files\Media Access Startup\1.5.0.850\FF -> Umístnění do karantény a smazání se zdařilo.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Program Files\DoubleD (Adware.DoubleD) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Umístnění do karantény a smazání se zdařilo.

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)