Prosím kontrolu logu - svchost 100% vytížení Vyřešeno

[Seky97]

Svazek v jednotce C je SYSTEM.
S‚riov‚ źˇslo svazku je 443F-193E.

[Reklama]

[jaro3]

Fajn, proveď ten F-Secure Scanner.

[Seky97]

Teď ho spouštím.

[jaro3]

Fajn, až budu mít čas , tak se kouknu.

[Seky97]

Hlášení kontroly
Úterý, Duben 20, 2010 14:59:14 - 15:46:10

Název počítače: MASINKA
Typ kontroly: Kontrolovat systém na přítomnost malwaru, spywaru a programů rootkit
Cíl: C:\ G:\ K:\
Nebyl nalezen žádný malware.
Statistika
Kontrolováno:

* Soubory: 48477
* Systém: 4142
* Nekontrolováno: 11

Akce:

* Vyléčeno: 0
* Přejmenováno: 0
* Odstraněno: 0
* Nevyčištěno: 0
* Odesláno: 0

Nekontrolované soubory:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\JOSEF\DOKUMENTY\HONZA\DOKUMENTY\1\BLBOSTIČKY\NIC.DOC
* C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\DOKUMENTY\HONZA\DOKUMENTY\BLBOSTIČKY\NIC.DOC
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\C3C6C2CD\3E688669\STBIE.DLL
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\C3C6C2CD\3E688669\STBIE.DLL
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0037FBF7C62D77E048C4FFBA100DC6DD_33D9AD2F-8F34-4A2B-BA7D-8967180C493C

Možnosti
Moduly kontroly:

Možnosti kontroly:

* Kontrolovat určené soubory: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Používat pokročilou heuristiku

Copyright © 1998–2009 Podpora produktu | Odeslat vzorek viru společnosti F-Secure
Společnost F-Secure nepřejímá jakoukoli odpovědnost za materiály vytvořené nebo publikované třetími stranami, na které odkazují webové stránky společnosti F-Secure. Pokud odešlete na kterýkoli z našich serverů jakýkoli materiál (například pomocí e-mailu nebo prostřednictvím e-mailu F-Secure CGI), souhlasíte, že všechny vámi zpřístupněné materiály mohou být publikovány na webových stránkách společnosti F-Secure nebo tiskově publikovány, s výjimkou případu, kdy jednoznačně oznámíte svůj nesouhlas. Veřejné webové stránky společnosti F-Secure navštívíte klepnutím na následující odkazy. Současně bude váš přístup zaznamenán do našich osobních statistik přístupu pro název vaší domény. Tato informace nebude předávána třetím stranám. Tímto vyjadřujete svůj souhlas s tím, že ohledně odesílaných materiálů nepodniknete vůči nám jakékoli právní kroky. Odesláním materiálu opravňujete společnost F-Secure k tomu, že může začlenit jakékoli koncepty popsané v těchto materiálech bez dalších závazků, pokud výslovně neuvedete jinak.

[Seky97]

Svchost pořád 100 %

[jaro3]

Stáhni si Silent Runners

klikni pravým tlačítkem myši zde
a dej Uložit odkaz jako... a ulož si ho na plochu.
- spusť ho a budeš dotázán na Do you want to skip supplementary searches? tak zvol Ne
- pak budeš dotázán Are you Sure? tak zvol Ano
- program se spustí, během jeho chodu nic nedělej, zhruba tak za pár minut budeš informován o ukončení programu (pokud nebudeš u Pc během testu tak se může stát že oznámení o ukončení běhu programu neuvidíš, protože zůstane zobrazeno jen chvíli).
Vlož sem pak log (uložený na ploše), který se vytvoří.

Stáhni si na svojí plochu StartupLite .exe by MalwareBytes

Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\System32\svchost.exe
Pokud už byl soubor testován-klikni na otestovat znovu.

Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.

[Seky97]

"Silent Runners.vbs", revision 61, http://www.silentrunners.org/
Operating System: Windows XP SP3
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer-Networking Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "c:\program files\real\realplayer\rpbrowserrecordplugin.dll" ["RealPlayer"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozšíření ikony programu HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Panel nástrojů Microsoft pro síť Internet"
-> {HKLM...CLSID} = "Panel nástrojů Microsoft pro síť Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Stav stahování"
-> {HKLM...CLSID} = "Stav stahování"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Rozšířená složka prostředí"
-> {HKLM...CLSID} = "Rozšířená složka prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2"
-> {HKLM...CLSID} = "Augmented Shell Folder 2"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
-> {HKLM...CLSID} = "BandProxy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand"
-> {HKLM...CLSID} = "Microsoft BrowserBand"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "Vyhledávat v podokně"
-> {HKLM...CLSID} = "Vyhledávat v podokně"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Hledání na webu"
-> {HKLM...CLSID} = "Hledání na webu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Nástroj možností registrového stromu"
-> {HKLM...CLSID} = "Nástroj možností registrového stromu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Adresa"
-> {HKLM...CLSID} = "&Adresa"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Textové pole adresy"
-> {HKLM...CLSID} = "Textové pole adresy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Automatické dokončování Microsoft"
-> {HKLM...CLSID} = "Automatické dokončování Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"
-> {HKLM...CLSID} = "TridentImageExtractor"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{6756A641-DE71-11d0-831B-00AA005B4383}" = "Automaticky dokončovaný seznam MRU"
-> {HKLM...CLSID} = "Automaticky dokončovaný seznam MRU"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Custom MRU AutoCompleted List"
-> {HKLM...CLSID} = "Custom MRU AutoCompleted List"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Přístupný"
-> {HKLM...CLSID} = "Přístupný"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{acf35015-526e-4230-9596-becbe19f0ac9}" = "Track Popup Bar"
-> {HKLM...CLSID} = "Track Popup Bar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Automaticky dokončovaný seznam historie"
-> {HKLM...CLSID} = "Automaticky dokončovaný seznam historie"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{03C036F1-A186-11D0-824A-00AA005B4383}" = "Automaticky se doplňující seznam složky prostředí společnosti Microsoft"
-> {HKLM...CLSID} = "Automaticky se doplňující seznam složky prostředí společnosti Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Kontejner automatického dokončování více seznamů"
-> {HKLM...CLSID} = "Kontejner automatického dokončování více seznamů"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Nabídka serveru pruhu prostředí"
-> {HKLM...CLSID} = "Nabídka serveru pruhu prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Panel plochy aplikací prostředí"
-> {HKLM...CLSID} = "Panel plochy aplikací prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Panel plochy prostředí"
-> {HKLM...CLSID} = "Panel plochy prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"
-> {HKLM...CLSID} = "Shell Rebar BandSite"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "Asistence uživatele"
-> {HKLM...CLSID} = "Asistence uživatele"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Globální nastavení složek"
-> {HKLM...CLSID} = "Globální nastavení složek"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

"{4EB37360-49E8-11D3-95B5-004033382980}" = "ALZip 4.0 Context Menu Shell Extension"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]

"{0E0ADD34-AF8E-47FA-A99B-3E7556FAF54C}" = "EurotranXP"
-> {HKLM...CLSID} = "EurotranXP"
\InProcServer32\(Default) = "C:\Program Files\Eurotran XP\etnxp.dll" [empty string]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll" ["Nokia"]

"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "c:\program files\real\realplayer\rpshell.dll" ["RealNetworks, Inc."]

"{8903F6C9-25E3-40AC-A98F-E6D35CD0469C}" = "PSPad"
-> {HKLM...CLSID} = "PSPad"
\InProcServer32\(Default) = "C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL" [null data]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{1CC513EE-A20D-4f42-BDAF-4BE42BCDB6EC}" = "UIM File Extension"
-> {HKLM...CLSID} = "UimShlExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\UimExt.dll" [empty string]

"{1CC513AE-A20D-4f42-BDAF-4BE42BCDB6EC}" = "UIM Drive Extension"
-> {HKLM...CLSID} = "UimDriveExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\UimExt.dll" [empty string]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "ESET Smart Security - Context Menu Shell Extension"
-> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

<<!>> "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Browseui preloader"
-> {HKLM...CLSID} = "Browseui preloader"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

<<!>> "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Proces mezipaměti kategorií součástí"
-> {HKLM...CLSID} = "Proces mezipaměti kategorií součástí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\
<<!>> "Debugger" = "Drwtsn32 -p %ld -e %ld" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> grooveLocalGWS\CLSID = "{88FED34C-F0CA-4636-A375-3CB6248B04CD}"
-> {HKLM...CLSID} = "Local Groove Web Services Protocol"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL" [MS]

<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]

<<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}"
-> {HKLM...CLSID} = "IEProtocolHandler Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]

Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

eDockMenu\(Default) = "{3894E110-F827-11D4-A0C5-00A024384E38}"
-> {HKLM...CLSID} = "eDock Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\soft602\ESHELL.DLL" ["Software602 a.s."]

ESET Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

PSPad\(Default) = "{8903F6C9-25E3-40AC-A98F-E6D35CD0469C}"
-> {HKLM...CLSID} = "PSPad"
\InProcServer32\(Default) = "C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]

jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Nokia\(Default) = "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll" ["Nokia"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]

eDockMenu\(Default) = "{3894E110-F827-11D4-A0C5-00A024384E38}"
-> {HKLM...CLSID} = "eDock Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\soft602\ESHELL.DLL" ["Software602 a.s."]

ESET Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\JOSEF\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BSplayerCDDA\
"Provider" = "BS.Player multimedia player"
"InvokeProgID" = "BSP.plist"
"InvokeVerb" = "play"
HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = "C:\Program Files\Webteh\BSplayer\bsplayer.exe "%L"" ["Webteh"]

BSplayerMusic\
"Provider" = "BS.Player multimedia player"
"InvokeProgID" = "BSP.plist"
"InvokeVerb" = "play"
HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = "C:\Program Files\Webteh\BSplayer\bsplayer.exe "%L"" ["Webteh"]

BSplayerVideo\
"Provider" = "BS.Player multimedia player"
"InvokeProgID" = "BSP.plist"
"InvokeVerb" = "play"
HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = "C:\Program Files\Webteh\BSplayer\bsplayer.exe "%L"" ["Webteh"]

CDBurnerXP\
"Provider" = "CDBurnerXP"
"InvokeProgID" = "CDBurnerXPOpen"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = ""C:\Program Files\CDBurnerXP\cdbxpp.exe"" [null data]

JABurnCDAudioOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "burncd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\burncd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /burncd "%1"" ["COWON America"]

JACreateAlbumOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "createalbum"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\createalbum\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /createalbum "%1"" ["COWON America"]

JAPlayCDAudioOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playcd "%1"" ["COWON America"]

JAPlayDVDMovieOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playdvd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playdvd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playdvd "%1"" ["COWON America"]

JAPlayMediaOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playmedia"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playmedia\DropTarget\CLSID = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]

JAPlaySVCDMovieOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playvcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playvcd "%1"" ["COWON America"]

JAPlayVCDMovieOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playvcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playvcd "%1"" ["COWON America"]

JARipCDAudioOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "ripcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\ripcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /ripcd "%1"" ["COWON America"]

LBAutoPlayHandler\
"Provider" = "Nokia Lifeblog"
"InvokeProgID" = "LBAutoPlay"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\LBAutoPlay\shell\import\command\(Default) = ""C:\Program Files\Nokia\Nokia Lifeblog\NokiaLifeblog2.exe" -"import %1"" ["Nokia"]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay7AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay9VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Nero\Nero 9\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NMMPlayCDAudioOnArrival\
"Provider" = "Nokia Music Manager"
"InvokeProgID" = "NokiaMusicManager"
"InvokeVerb" = "NMMPlayCD"
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"]

NMMRipCDAudioOnArrival\
"Provider" = "Nokia Music Manager"
"InvokeProgID" = "NokiaMusicManager"
"InvokeVerb" = "NMMRipCD"
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"]

PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

Picasa2ImportPicturesOnArrival\
"Provider" = "Picasa3"
"InvokeProgID" = "picasa2.autoplay"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "G:\INSTALL\Google\Picasa3\Picasa3.exe "%1"" ["Google Inc."]

PStarterBlankCDArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "BlankCD"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

PStarterDVDBurningOnArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "BlankDVD"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

PStarterMixedCDArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "MixedContent"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

PStarterMusicFilesArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "MusicFiles"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

PStarterPicturesArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

PStarterVideoFilesArrival\
"Provider" = "DVD Suite"
"InvokeProgID" = "VideoFiles"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]


Startup items in "JOSEF" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\JOSEF\Nabídka Start\Programy\Po spuštění
"TeaTimer" -> shortcut to: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer-Networking Ltd."]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
"ESET NOD32 Antivirus" -> shortcut to: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" ["ESET"]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"ParetoLogic Registration" -> launches: "C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns" [MS]
"ParetoLogic Update Version2" -> launches: "C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe" [null data]
"Spybot - Search & Destroy - Scheduled Task" -> launches: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK" ["Safer Networking Limited"]
"Spybot - Search & Destroy Updater - Scheduled Task" -> launches: "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe /autoupdate /autoclose" ["Safer Networking Limited"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{0E0ADD34-AF8E-47FA-A99B-3E7556FAF54C}\(Default) = "EurotranXP"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Eurotran XP\etnxp.dll" [empty string]

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\CLSID\{72FE8681-0BFA-471B-9B2A-B37ED68DD09E}\(Default) = "Ask PopSwatter"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Zdroje informací"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{230D1201-7607-4CF6-A11F-9E4BF0A333E0}\
"ButtonText" = "Eurotran XP"
"CLSIDExtension" = "{0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8}"
-> {HKLM...CLSID} = "HandlerXP Class"
\InProcServer32\(Default) = "C:\Program Files\Eurotran XP\etnxp.dll" [empty string]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Odeslat do aplikace OneNote"
"MenuText" = "Od&eslat do aplikace OneNote"

{2C73F784-D2DE-4422-B070-2E3332FE5744}\
"MenuText" = "Eurotran XP..."
"CLSIDExtension" = "{0320AC26-52C8-4316-B2C4-24BB6FA73C9A}"
-> {HKLM...CLSID} = "MenuHandlerXP Class"
\InProcServer32\(Default) = "C:\Program Files\Eurotran XP\etnxp.dll" [empty string]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]


Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "Tabs" = "C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQNewTab\newTab.html" [null data]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Agent SAP, NwSapAgent, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]}
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]
ESET Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]
Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
MBAMService, MBAMService, ""C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"]
NMSAccessU, NMSAccessU, "C:\Program Files\CDBurnerXP\NMSAccessU.exe" [null data]
Sunbelt Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> {1a3e09be-1e45-494b-9174-d7385b45bbf5}, (null value)


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
LIDIL hpzll054\Driver = "hpzll054.dll" ["Hewlett-Packard Company"]
PDF-XChange4\Driver = "C:\WINDOWS\system32\pxc40pm.dll" [file not found]
PDFill Writer Monitor\Driver = "C:\Program Files\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll" ["Windows (R) Codename Longhorn DDK provider"]


---------- (launch time: 2010-04-21 14:20:30)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 269 seconds.
---------- (total run time: 335 seconds)

[Seky97]

http://www.virustotal.com/cs/analisis/5 ... 1271854618

[jaro3]

Podívej se , zda tam nemáš tento program:
Ask PopSwatter
PopSwatter
Pokud ano , odinstaluj , smaž.

Proveď kontrolu HDD na chyby a RAM Memtestem..

Stáhni si File Lister

a ulož si ho na plochu.Rozbal si ho na plochu.Otevři adresář File Lister, pravým klikni na soubor FileLister.vbe a vyber otevřít .
Spustí se program, nic není ale vidět.
Když program skončí, vytvoří se log, který se nachází v C:\Files.txt
A v adresáři File Lister. Zkopíruj sem prosím celý jeho obsah.

[Seky97]

+++++++++++++++++++++++++++
+ File Lister Version 1.1.4 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++

Report ran on --->>> 21.4.2010 16:24:40

====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

====== BHO's ======
BHO: (NO NAME) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: (NO NAME) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

BHO: (NO NAME) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

====== System Keys (some whitelisted items will not be shown)======

Winlogon\Userinit = C:\WINDOWS\system32\userinit.exe,
Winlogon\Shell = Explorer.exe

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


====== HKCU\~\Run Keys ======

[ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe

====== DNS Info (List may be empty) ======


NV Hostname = masinka
DataBasePath = %SystemRoot%\System32\drivers\etc
ForwardBroadcasts = 0
IPEnableRouter = 0
Hostname = masinka
DeadGWDetectDefault = 1

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

12.4.2010 19:42:30 0 C:\Nová složka
18.4.2010 18:56:17 722757 C:\RECYCLER
18.4.2010 18:56:17 722757 C:\RECYCLER\S-1-5-21-1644491937-630328440-839522115-1003
21.4.2010 16:21:54 0 32 C:\Files.txt
26.2.2010 16:00:40 1610612736 38 C:\pagefile.sys
5.4.2010 14:21:37 671243 C:\WINDOWS\$NtUninstallKB952011$
5.4.2010 14:21:37 621707 C:\WINDOWS\$NtUninstallKB952011$\spuninst
9.3.2010 15:15:32 741376 C:\WINDOWS\CRYSTAL
7.4.2010 15:24:33 0 C:\WINDOWS\Minidump
19.4.2010 19:46:30 0 C:\WINDOWS\Sun
19.4.2010 19:46:30 0 C:\WINDOWS\Sun\Java
19.4.2010 19:46:30 0 C:\WINDOWS\Sun\Java\Deployment
31.3.2010 21:43:15 16384 C:\WINDOWS\temp
20.3.2010 23:22:33 74752 32 C:\WINDOWS\cadkasdeinst01e.exe
7.3.2010 14:42:05 335 32 C:\WINDOWS\capella.ini
28.3.2010 13:09:18 120 32 C:\WINDOWS\CIS_Setup_3.9.95478.509_XP_Vista_x32.INI
9.3.2010 20:48:45 487 32 C:\WINDOWS\demdata.txt
9.3.2010 15:00:19 43 32 C:\WINDOWS\gswin32.ini
9.3.2010 15:10:45 356 32 C:\WINDOWS\pdf2word.INI
14.4.2010 21:26:43 1409 32 C:\WINDOWS\QTFont.for
14.4.2010 21:26:43 54156 34 C:\WINDOWS\QTFont.qfn
9.3.2010 20:42:13 883 32 C:\WINDOWS\winiini.fin
8.3.2010 17:44:26 5910034 C:\WINDOWS\system32\abdio
17.4.2010 11:37:09 0 C:\WINDOWS\system32\appmgmt
17.4.2010 11:37:09 0 C:\WINDOWS\system32\appmgmt\MACHINE
17.4.2010 11:37:09 0 C:\WINDOWS\system32\appmgmt\S-1-5-21-1644491937-630328440-839522115-1003
9.3.2010 15:15:33 10251866 C:\WINDOWS\system32\gs
9.3.2010 15:15:34 2802414 C:\WINDOWS\system32\gs\fonts
9.3.2010 15:15:33 7448133 C:\WINDOWS\system32\gs\gs7.05
9.3.2010 15:15:36 3919800 C:\WINDOWS\system32\gs\gs7.05\bin
9.3.2010 15:15:37 1759795 C:\WINDOWS\system32\gs\gs7.05\lib
9.3.2010 15:15:33 1768538 C:\WINDOWS\system32\gs\gs7.05\Resource
9.3.2010 15:15:33 1694211 C:\WINDOWS\system32\gs\gs7.05\Resource\CMap
9.3.2010 15:15:33 3926 C:\WINDOWS\system32\gs\gs7.05\Resource\ColorSpace
9.3.2010 15:15:33 70401 C:\WINDOWS\system32\gs\gs7.05\Resource\Decoding
20.3.2010 23:19:55 1392128 32 C:\WINDOWS\system32\ActPDF.dll
9.3.2010 15:15:44 51604 32 C:\WINDOWS\system32\Adist5k.ppd
20.3.2010 23:48:35 102400 32 C:\WINDOWS\system32\aloaha_prntmon.dll
20.3.2010 23:19:56 1143808 32 C:\WINDOWS\system32\BPDF.dll
9.3.2010 15:15:32 748160 32 C:\WINDOWS\system32\Co2c40en.dll
9.3.2010 15:15:32 229888 32 C:\WINDOWS\system32\Crpaig32.dll
9.3.2010 15:15:32 5350912 32 C:\WINDOWS\system32\Crpe32.dll
9.3.2010 15:15:32 993996 32 C:\WINDOWS\system32\Crystl32.ocx
11.3.2010 17:22:26 1974616 32 C:\WINDOWS\system32\D3DCompiler_42.dll
11.3.2010 17:22:25 5501792 32 C:\WINDOWS\system32\d3dcsx_42.dll
11.3.2010 17:22:24 453456 32 C:\WINDOWS\system32\d3dx10_42.dll
11.3.2010 17:22:25 235344 32 C:\WINDOWS\system32\d3dx11_42.dll
11.3.2010 17:22:24 1892184 32 C:\WINDOWS\system32\D3DX9_42.dll
20.3.2010 23:19:55 229376 32 C:\WINDOWS\system32\EMF2PDFDLL.dll
9.3.2010 15:15:39 204848 0 C:\WINDOWS\system32\gswin32c.exe
22.2.2010 19:24:36 37992 32 C:\WINDOWS\system32\gzip.dll
9.3.2010 15:15:32 18944 32 C:\WINDOWS\system32\Implode.dll
1.4.2010 11:41:48 274288 32 C:\WINDOWS\system32\mucltui.dll
1.4.2010 11:41:48 17264 32 C:\WINDOWS\system32\mucltui.dll.mui
1.4.2010 11:41:48 215920 32 C:\WINDOWS\system32\muweb.dll
9.3.2010 15:15:32 59392 32 C:\WINDOWS\system32\P2bbnd.dll
9.3.2010 15:15:32 87040 32 C:\WINDOWS\system32\P2bdao.dll
9.3.2010 15:15:32 50176 32 C:\WINDOWS\system32\P2ctdao.dll
9.3.2010 15:15:32 54272 32 C:\WINDOWS\system32\P2irdao.dll
9.3.2010 15:15:32 270336 32 C:\WINDOWS\system32\P2sodbc.dll
20.3.2010 23:07:11 31 32 C:\WINDOWS\system32\pdwindows20.bin
9.3.2010 15:15:32 979456 32 C:\WINDOWS\system32\Pg32.dll
20.3.2010 23:19:55 888832 32 C:\WINDOWS\system32\SaveTo.dll
27.2.2010 12:31:11 1000744 32 C:\WINDOWS\system32\ShellManager10E2D762.dll
9.3.2010 15:15:43 196608 32 C:\WINDOWS\system32\Utility.dll
11.3.2010 17:22:27 238936 32 C:\WINDOWS\system32\xactengine3_5.dll
11.3.2010 17:22:27 515416 32 C:\WINDOWS\system32\XAudio2_5.dll

====== "\Administrator & All Users\Startup" Last 60 Days======





====== "\Program Files" Last 60 Days======

29.3.2010 15:28:43 192 C:\Program Files\A1Click Ultra PC Cleaner
8.3.2010 17:44:24 3957407 C:\Program Files\Abdio
20.3.2010 23:13:15 4265267 C:\Program Files\Advanced PDF to IMAGE converter
7.3.2010 14:46:40 191 C:\Program Files\capella-software
21.3.2010 14:51:08 181478 C:\Program Files\DesetiPrsty
3.3.2010 18:08:42 166424498 C:\Program Files\ESET
11.4.2010 12:24:24 3053806 C:\Program Files\FCleaner
22.3.2010 21:29:25 7568043 C:\Program Files\FDRLab
9.3.2010 20:42:13 274449880 C:\Program Files\Finale 2006
27.2.2010 13:21:56 7297 C:\Program Files\FlashGet
27.2.2010 13:16:09 53248 C:\Program Files\Free Download Manager
9.3.2010 15:12:19 40448 C:\Program Files\Free PDF to Word Converter
6.3.2010 21:35:50 143360 C:\Program Files\Ghostgum
8.3.2010 21:05:43 2900325 C:\Program Files\Global Graphics
9.3.2010 15:00:05 102400 C:\Program Files\gs
2.4.2010 14:18:05 3996595 C:\Program Files\Malwarebytes' Anti-Malware
7.3.2010 15:05:41 119884795 C:\Program Files\MuseScore 0.9
20.3.2010 23:22:33 107 C:\Program Files\PDF Editor 2
6.3.2010 21:37:25 11610575 C:\Program Files\PDF Editor 3
9.3.2010 14:57:12 10596864 C:\Program Files\PlotSoft
2.4.2010 18:24:20 22106 C:\Program Files\Pmcc
5.3.2010 12:30:10 1963360 C:\Program Files\Recuva
28.3.2010 13:00:25 1149851 C:\Program Files\RegCleaner
24.3.2010 21:36:19 4532082 C:\Program Files\TopStyle 4
11.3.2010 17:22:59 111974504 C:\Program Files\Ubisoft
4.4.2010 20:59:39 539714465 C:\Program Files\Valve
13.3.2010 11:50:39 4124172 C:\Program Files\WordToPDF
20.3.2010 23:19:00 3306207 C:\Program Files\Wrocklage
22.3.2010 20:38:43 1066176 C:\Program Files\CENZURA

======"Drivers" Modified Last 60 Days======

4.4.2010 17:11:38 31101 32 C:\WINDOWS\system32\drivers\fwdrv.err
2.4.2010 14:18:07 20824 32 C:\WINDOWS\system32\drivers\mbam.sys
2.4.2010 14:18:10 38224 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys
28.1.2007 12:11:25 691696 32 C:\WINDOWS\system32\drivers\sptd.sys

====== Files Deleted under "%Temp%" ======

2 Files deleted

======"All Users\Application Data" Last 60 Days======


====== HKLM\~\ShellServiceObjectDelayLoad======

PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll

CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll

SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll


====== HKLM\~\SharedTaskScheduler======

Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll

Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE
HKLM\Software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray

====== Services ( Services that are Whitelisted are not shown) ======

Afc (PPdus ASPI Shell)- C:\WINDOWS\system32\drivers\Afc.sys - Manual/Running
atksgt (atksgt)- C:\WINDOWS\system32\DRIVERS\atksgt.sys - Auto/Running
eamon (eamon)- C:\WINDOWS\system32\DRIVERS\eamon.sys - Auto/Running
ehdrv (ehdrv)- C:\WINDOWS\system32\DRIVERS\ehdrv.sys - System/Running
epfwtdir (epfwtdir)- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys - System/Running
fwdrv (Firewall Driver)- C:\WINDOWS\system32\drivers\fwdrv.sys - System/Running
irda (Protokol IrDA)- C:\WINDOWS\system32\DRIVERS\irda.sys - Auto/Running
irsir (Microsoft Serial Infrared Driver)- C:\WINDOWS\system32\DRIVERS\irsir.sys - Manual/Running
khips (Kerio HIPS Driver)- C:\WINDOWS\system32\drivers\khips.sys - System/Running
lirsgt (lirsgt)- C:\WINDOWS\system32\DRIVERS\lirsgt.sys - Auto/Running
MBAMProtector (MBAMProtector)- \??\C:\WINDOWS\system32\drivers\mbam.sys - Manual/Running
NdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
NwlnkIpx (Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS)- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys - Auto/Running
NwlnkNb (Služba NWLink pro rozhraní NetBIOS)- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys - Auto/Running
NwlnkSpx (Protokol NWLink SPX/SPXII)- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys - Auto/Running
Rasirda (WAN Miniport (IrDA))- C:\WINDOWS\system32\DRIVERS\rasirda.sys - Manual/Running
SafDskNT (SafeHouse)- \??\C:\WINDOWS\system32\drivers\SAFDSKNT.SYS - System/Running
sfdrv01 (StarForce Protection Environment Driver (version 1.x))- C:\WINDOWS\system32\drivers\sfdrv01.sys - Boot/Running
sfhlp02 (StarForce Protection Helper Driver (version 2.x))- C:\WINDOWS\system32\drivers\sfhlp02.sys - Boot/Running
sfsync02 (StarForce Protection Synchronization Driver (version 2.x))- C:\WINDOWS\system32\drivers\sfsync02.sys - Boot/Running
sfsync03 (StarForce Protection Synchronization Driver (version 3.x))- C:\WINDOWS\system32\drivers\sfsync03.sys - Boot/Running
sfvfs02 (StarForce Protection VFS Driver (version 2.x))- C:\WINDOWS\system32\drivers\sfvfs02.sys - Boot/Running
SLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
UimBus (Universal Image Mounter Controller)- C:\WINDOWS\system32\DRIVERS\UimBus.sys - System/Running
Uim_IM (UIM Drive Backup Image Plugin)- C:\WINDOWS\system32\Drivers\Uim_IM.sys - System/Running

====== Uninstall List ======

A file named 'UNI.txt' was created and saved to
FileListers default location. Post the results if requested.

======== Other Info ========

TOTAL PHYSICAL RAM: 1073 MB

Boot Info

[boot loader]
;timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

OS Type: Systém Microsoft Windows XP Professional
Build: 5.1.2600
Service Pack: 3.0

====== Files with Hidden Attributes======

A file named 'Hidden.txt' was created and saved to
FileListers default location. Post the results if requested.

==End of Report==

[jaro3]

Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\WINDOWS\system32\appmgmt
C:\WINDOWS\winiini.fin

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.





Stáhni si Malwarebytes' Anti-Malware nejpíš již máš..
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.


Stáhni si na svojí plochu Win32kDiag z některého odkazu:
http://ad13.geekstogo.com/Win32kDiag.exe
http://download.bleepingcomputer.com/ro ... 2kDiag.exe
http://rootrepeal.psikotick.com/Win32kDiag.exe
Poklepej na Win32kDiag.exe a nech ho dokončit práci.
Když práci skončí, klikni na nějakou klávesu k zavření programu.
Poklepej na soubor Win32kDiag.txt , který najdeš na své ploše a celý jeho obsah sem prosím vlož.