Prosím o kontrolu logu - Pc vytížen na 100% Vyřešeno

[Spyke]

Zdravím,
poslední dobou se mi stává, že se Pc začne z ničeho nic sekat, ač nemá důvod, procesor je v tu chvíli vytížen na 100% a nejde s tím absolutně nic dělat. Tudíž Vás prosím o kontrolu. Předem děkuji..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:30, on 31.8.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\EXPERTool\TBPANEL.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /silent
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97CAF143-D751-4C0A-B218-61E77A662D28}: NameServer = 81.25.16.250,81.25.28.250
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 12017 bytes

[Reklama]

[Damned]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Spyke]

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2723
Windows 6.0.6001 Service Pack 1

31.8.2009 23:23:30
mbam-log-2009-08-31 (23-23-23).txt

Typ skenu: Rychlý sken
Objektu skenováno: 89267
Uplynulý cas: 3 minute(s), 43 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\install.exe (Trojan.Agent) -> No action taken.

[Damned]

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Spyke]

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2723
Windows 6.0.6001 Service Pack 1

31.8.2009 23:36:53
mbam-log-2009-08-31 (23-36-53).txt

Typ skenu: Rychlý sken
Objektu skenováno: 89336
Uplynulý cas: 3 minute(s), 21 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.


ComboFix 09-08-31.03 - Spyke 31.08.2009 23:48.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.420.1029.18.2046.1042 [GMT 2:00]
Spuštěný z: c:\users\Spyke\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\users\Spyke\AppData\Roaming\.#
c:\users\Spyke\AppData\Roaming\BITS
c:\users\Spyke\AppData\Roaming\BITS\BITS.ini
c:\users\Spyke\AppData\Roaming\BITS\DHTTable.dat
c:\users\Spyke\AppData\Roaming\BITS\ProxyList.ini
c:\users\Spyke\AppData\Roaming\inst.exe
c:\windows\Fonts\img hearts.ttf
c:\windows\Fonts\img travel.ttf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-28 do 2009-08-31 )))))))))))))))))))))))))))))))
.

2009-08-31 21:14 . 2009-08-31 21:14 -------- d-----w- c:\users\Spyke\AppData\Roaming\Malwarebytes
2009-08-31 21:14 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-31 21:14 . 2009-08-31 21:14 -------- d-----w- c:\programdata\Malwarebytes
2009-08-31 21:14 . 2009-08-31 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-31 21:14 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 20:51 . 2009-08-31 20:51 -------- d-----w- c:\users\Spyke\AppData\Local\ABBYY
2009-08-31 20:51 . 2009-08-31 20:51 -------- d-----w- c:\users\Spyke\AppData\Local\Cooliris
2009-08-31 20:38 . 2009-08-31 20:38 -------- d-----w- c:\program files\Trend Micro
2009-08-31 02:15 . 2009-08-31 02:18 -------- d-----w- c:\program files\2GM Anonymizer
2009-08-29 12:41 . 2009-08-29 12:41 -------- d-----w- c:\users\Spyke\AppData\Roaming\Download Manager
2009-08-27 01:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 17:21 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 17:21 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 17:01 . 2009-08-24 17:01 -------- d-----w- c:\users\Spyke\AppData\Local\IBAGroup
2009-08-24 17:00 . 2009-08-24 17:00 -------- d-----w- c:\programdata\Fugazo
2009-08-24 17:00 . 2009-08-24 17:04 -------- d-----w- c:\program files\Games
2009-08-24 16:57 . 2009-08-24 16:59 -------- d-----w- C:\Games
2009-08-24 15:47 . 2009-08-24 15:47 -------- d-----w- c:\users\Spyke\AppData\Local\My Games
2009-08-20 21:47 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-20 21:47 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-20 21:47 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-20 21:47 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-20 21:47 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-20 21:47 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-20 21:47 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-20 21:47 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-19 03:22 . 2009-08-19 03:22 -------- d-----w- c:\users\Spyke\AppData\Local\id Software
2009-08-19 03:05 . 2009-08-19 03:09 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-18 15:51 . 2009-08-18 15:54 -------- d-----w- c:\program files\Bomberic 2
2009-08-18 14:07 . 2009-08-18 14:23 -------- d-----w- c:\program files\Drakensang
2009-08-18 14:04 . 2009-08-18 14:07 -------- d-----w- c:\program files\Bungee Jumping
2009-08-17 01:04 . 2009-08-17 01:04 -------- d-----w- c:\program files\Aspyr
2009-08-11 18:55 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 18:55 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 18:55 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 18:55 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 18:55 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 18:55 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 18:55 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 18:55 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-07 22:27 . 2009-08-07 22:35 -------- d-----w- c:\users\Spyke\AppData\Roaming\NationRed
2009-08-07 22:21 . 2009-08-07 22:27 -------- d-----w- c:\program files\Nation Red
2009-08-06 11:29 . 2009-08-06 11:29 -------- d-----w- c:\program files\PacSteamT
2009-08-06 11:23 . 2009-08-06 11:52 -------- d-----w- c:\program files\Common Files\Steam
2009-08-06 11:23 . 2009-08-31 21:43 -------- d-----w- c:\program files\Steam
2009-08-06 10:50 . 2009-08-06 12:23 -------- d-----w- c:\program files\TF2
2009-08-05 20:36 . 2009-06-25 14:36 1291640 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-08-05 20:36 . 2009-06-25 14:36 729088 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-08-05 19:25 . 2009-08-19 03:10 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-05 19:25 . 2009-08-19 03:09 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-05 19:25 . 2009-08-19 03:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-05 16:52 . 2009-08-05 16:52 -------- d-----w- c:\users\Spyke\AppData\Local\PunkBuster
2009-08-05 13:07 . 2009-08-19 03:10 139152 ----a-w- c:\users\Spyke\AppData\Roaming\PnkBstrK.sys
2009-08-05 13:00 . 2009-08-05 13:00 -------- d-----w- c:\program files\EA Games
2009-08-05 01:12 . 2009-08-05 01:12 -------- d-----w- c:\program files\City Interactive
2009-08-05 00:38 . 2009-08-05 00:38 -------- d-----w- c:\program files\Team6 game studios
2009-08-04 11:57 . 2009-08-04 11:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-04 11:43 . 2009-08-04 11:43 -------- d-----w- c:\program files\505games
2009-08-03 12:26 . 2009-08-03 12:26 -------- d-----w- c:\program files\Battlefront
2009-08-03 12:18 . 2009-08-03 12:18 -------- d-----w- c:\program files\Break For Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 21:40 . 2009-04-14 18:20 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-31 20:56 . 2009-05-18 15:10 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-08-31 20:31 . 2009-04-14 16:08 -------- d-----w- c:\program files\Digsby
2009-08-29 12:34 . 2009-04-14 16:21 -------- d-----w- c:\program files\Java
2009-08-24 17:01 . 2009-04-14 16:15 -------- d-----w- c:\program files\Fraps
2009-08-24 16:35 . 2007-01-08 21:15 610548 ----a-w- c:\windows\system32\perfh005.dat
2009-08-24 16:35 . 2007-01-08 21:15 120950 ----a-w- c:\windows\system32\perfc005.dat
2009-08-24 14:48 . 2009-04-15 21:05 -------- d-----w- c:\program files\Ubisoft
2009-08-24 14:48 . 2009-04-14 13:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-19 03:07 . 2009-05-02 20:35 -------- d-----w- c:\program files\Activision
2009-08-18 17:28 . 2009-04-20 14:31 -------- d-----w- c:\program files\WB Games
2009-08-18 14:06 . 2009-04-14 13:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-16 18:59 . 2009-04-14 13:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-12 23:32 . 2009-04-14 16:08 -------- d-----w- c:\users\Spyke\AppData\Roaming\Digsby
2009-08-12 00:07 . 2009-04-14 13:50 -------- d-----w- c:\programdata\Microsoft Help
2009-08-12 00:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-07 22:27 . 2009-04-14 13:35 -------- d-----w- c:\program files\OpenAL
2009-08-06 01:14 . 2009-04-15 17:36 -------- d-----w- c:\program files\Codemasters
2009-08-06 01:11 . 2009-04-15 17:57 -------- d-----w- c:\programdata\Codemasters
2009-08-05 10:30 . 2009-04-14 12:30 140752 ----a-w- c:\users\Spyke\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-03 12:14 . 2009-04-20 15:40 -------- d-----w- c:\program files\Paradox Interactive
2009-08-03 11:35 . 2009-07-03 20:06 -------- d-----w- c:\program files\Rainmeter
2009-08-03 11:35 . 2009-07-17 14:47 -------- d-----w- c:\program files\LaunchTab
2009-08-03 11:35 . 2009-07-17 14:32 -------- d-----w- c:\program files\CD Art Display
2009-08-01 09:00 . 2009-04-15 12:45 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 00:45 . 2009-04-20 16:27 -------- d-----w- c:\users\Spyke\AppData\Roaming\Grand Ages Rome
2009-07-25 12:52 . 2009-07-25 12:52 -------- d-----w- c:\programdata\BC
2009-07-25 12:42 . 2009-07-25 12:42 -------- d-----w- c:\program files\GFI
2009-07-25 12:28 . 2009-07-02 09:37 -------- d-----w- c:\program files\CAPCOM
2009-07-25 03:23 . 2009-04-14 16:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 23:05 . 2009-07-24 22:04 -------- d-----w- c:\programdata\FarmFrenzy3
2009-07-24 22:04 . 2009-07-24 22:04 -------- d-----w- c:\program files\Farm Frenzy 3
2009-07-23 20:16 . 2009-04-14 16:17 -------- d-----w- c:\program files\Garena
2009-07-22 18:31 . 2009-07-22 17:24 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate
2009-07-22 18:20 . 2009-07-22 18:20 -------- d-----w- c:\users\Spyke\AppData\Roaming\proDAD
2009-07-22 18:20 . 2009-07-22 18:20 -------- d-----w- c:\program files\proDAD
2009-07-22 18:20 . 2009-07-22 18:20 -------- d-----w- c:\program files\LooksBuilderSE
2009-07-22 18:19 . 2009-07-22 18:18 -------- d-----w- c:\program files\Boris FX, Inc
2009-07-22 18:18 . 2009-07-22 17:19 -------- d-----w- c:\program files\Pinnacle
2009-07-22 17:40 . 2009-07-22 17:40 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-07-22 17:25 . 2009-07-22 17:25 29926 ----a-r- c:\users\Spyke\AppData\Roaming\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2009-07-22 17:25 . 2009-07-22 17:25 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-07-22 17:19 . 2009-07-22 17:19 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-07-22 17:19 . 2009-07-22 17:07 -------- d-----w- c:\programdata\Pinnacle
2009-07-22 17:19 . 2009-07-22 17:19 -------- d-----w- c:\programdata\Studio 12
2009-07-22 17:19 . 2009-07-22 17:19 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2009-07-21 21:52 . 2009-07-29 10:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 10:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 10:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 10:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 17:01 . 2009-07-21 17:01 -------- d-----w- c:\programdata\Awem
2009-07-20 14:37 . 2009-07-20 14:37 -------- d-----w- c:\users\Spyke\AppData\Roaming\YoudaGames
2009-07-20 14:23 . 2009-07-20 14:23 -------- d-----w- c:\users\Spyke\AppData\Roaming\Balloon Express
2009-07-17 15:49 . 2009-04-15 07:57 -------- d-----w- c:\users\Spyke\AppData\Roaming\AIMP
2009-07-17 15:26 . 2009-07-17 14:44 -------- d-----w- c:\users\Spyke\AppData\Roaming\AveDesk
2009-07-17 14:29 . 2009-07-17 14:29 -------- d-----w- c:\users\Spyke\AppData\Roaming\CD Art Display
2009-07-16 16:46 . 2009-07-16 16:33 -------- d-----w- c:\program files\Fotolab
2009-07-16 16:37 . 2009-07-16 16:37 -------- d-----w- c:\programdata\hps
2009-07-14 15:17 . 2009-07-14 15:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 15:17 . 2009-07-14 15:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-14 00:16 . 2009-07-07 21:31 -------- d-----w- c:\program files\Warcraft III
2009-07-11 23:44 . 2009-07-11 23:44 -------- d-----w- c:\program files\RedLynx
2009-07-09 01:14 . 2009-07-09 01:14 -------- d-----w- c:\programdata\ConeXware
2009-07-07 23:22 . 2009-07-07 23:03 104439 ----a-w- c:\windows\War3Unin.dat
2009-07-07 23:10 . 2009-07-07 23:03 2829 ----a-w- c:\windows\War3Unin.pif
2009-07-07 23:10 . 2009-07-07 23:03 139264 ----a-w- c:\windows\War3Unin.exe
2009-07-07 15:14 . 2009-07-07 15:14 -------- d-----w- c:\program files\TeamViewer
2009-07-07 15:13 . 2009-07-07 15:12 -------- d-----w- c:\users\Spyke\AppData\Roaming\TeamViewer
2009-07-07 15:12 . 2009-07-07 15:12 -------- d-----w- c:\program files\QS
2009-07-07 13:49 . 2009-07-07 13:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-07 13:49 . 2009-07-07 13:48 -------- d-----w- c:\users\Spyke\AppData\Roaming\PC Suite
2009-07-07 13:49 . 2009-07-07 13:48 -------- d-----w- c:\users\Spyke\AppData\Roaming\Nokia
2009-07-07 13:49 . 2009-07-07 13:48 -------- d-----w- c:\programdata\PC Suite
2009-07-07 13:48 . 2009-07-07 13:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-07-07 13:48 . 2009-07-07 13:47 -------- d-----w- c:\program files\DIFX
2009-07-07 13:47 . 2009-07-07 13:47 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-07 13:47 . 2009-07-07 13:47 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-07 13:47 . 2009-07-07 13:45 -------- d-----w- c:\program files\Nokia
2009-07-07 13:47 . 2009-07-07 13:46 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-07 13:44 . 2009-07-07 13:44 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-07 13:44 . 2009-07-07 13:44 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-07 13:44 . 2009-07-07 13:44 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-07 13:44 . 2009-07-07 13:44 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-07 13:44 . 2009-07-07 13:44 -------- d-----w- c:\programdata\Installations
2009-07-07 13:44 . 2009-07-07 13:44 33921368 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_cze_web.exe
2009-07-06 20:44 . 2009-07-07 20:22 103424 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-06 20:44 . 2009-07-07 20:22 937984 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-06 20:44 . 2009-07-07 20:22 65536 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-06 20:44 . 2009-07-07 20:22 4722688 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-06 20:44 . 2009-07-07 20:22 344064 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-06 20:44 . 2009-07-07 20:22 106496 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-05 23:20 . 2009-07-05 23:19 -------- d-----w- c:\program files\Trine
2009-07-05 21:25 . 2009-07-05 21:25 -------- d-----w- c:\users\Spyke\AppData\Roaming\Ubisoft
2009-07-05 21:23 . 2009-04-26 20:00 -------- d-----w- c:\programdata\Tages
2009-07-05 21:21 . 2009-04-26 19:39 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-05 21:21 . 2009-04-26 19:39 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-30 17:19 . 2009-07-01 17:11 106496 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Plugins\npcoolirisplugin.dll
2009-06-30 17:19 . 2009-07-01 17:11 65536 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
2009-06-30 17:19 . 2009-07-01 17:11 4734976 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll
2009-06-15 15:24 . 2009-07-15 14:59 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-05-08 23:51 . 2009-05-08 09:07 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-05-08 23:51 . 2009-05-08 09:07 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-05-23 2170880]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Steam"="c:\program files\steam\steam.exe" [2009-08-06 1217784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-17 6793760]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT HPW"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-07-14 81920]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-22 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-22 92704]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"TrayFactory"="c:\program files\PS Tray Factory\PSTrayFactory.EXE" [2006-01-18 299169]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-03-05 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\CTXFIHLP.EXE [2007-03-05 19968]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TrayFactory"="c:\program files\PS Tray Factory\PSTrayFactory.exe" [2006-01-18 299169]

c:\users\Spyke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2009-4-14 50848]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-14 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1441424256-2553929416-2813665706-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{61DF4A35-C812-4D8E-9FBC-024583E4E303}"= UDP:c:\windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"{713DB524-8409-495A-BF04-930ED7D53E25}"= TCP:c:\windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"{851931CB-3E25-4648-AF94-B4D9FD90E7A7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{22F9E86B-39CA-4D53-8F75-3A4288E17F4C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CD37B274-4116-4224-80A0-BC49518D86EF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{257522F2-4739-4797-B29F-41D7A1E8BE3D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{67C67347-2BC7-4B26-9448-2A9960FDAECA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0C13E855-59B4-4EFD-A519-353786379EF5}"= c:\program files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:CyberLink PowerDVD 9.0
"{79D56DB8-DF47-401F-ADDA-DF9064B5E1CE}"= c:\program files\CyberLink\PowerDVD9\PowerDVD9.EXE:CyberLink PowerDVD 9.0
"{5EB89A4C-03EB-48B6-986F-A261472997AD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BE256B8D-7C01-483C-9F04-F32CBFA8880A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6EF7D186-52EF-4377-A6D9-A3AEF4ACD8BA}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{EF681A09-A750-408B-8954-A0DD22F44BBF}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{82A76CE3-9D82-428E-A124-596DF2592A53}"= UDP:c:\program files\Paradox Interactive\Elven Legacy\ElvenLegacy.exe:Elven Legacy
"{598118F9-7F7B-44C8-B856-7F059EBC1A39}"= TCP:c:\program files\Paradox Interactive\Elven Legacy\ElvenLegacy.exe:Elven Legacy
"{9A0B38DA-9C8D-41B0-A972-64E0BD886013}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{9C0C987F-4DB9-404E-AA50-45698A199BE4}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{F6A4AEB0-3652-4FFB-AF22-753794B02FD4}"= UDP:c:\program files\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe:X-Men Origins - Wolverine
"{C27D4590-BABC-4465-BE5C-A8DF2B82ED2A}"= TCP:c:\program files\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe:X-Men Origins - Wolverine
"{ED3F64E6-B863-4CFE-AAE1-4FC3131C4BFE}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{388229EA-01F6-45C6-9E30-6DA04CB9CF9F}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{E83DB089-EC04-4662-B64D-440E3EC17927}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{174B1E37-B6BA-4AA0-8067-12039664FE4B}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{357396BC-7F33-4FEF-8149-86FDFC6DD630}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{80945573-A6B5-467E-87E7-A69D0C15EA4C}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{EF4ED491-00C8-4E50-A5CE-367C018FEF21}"= UDP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{ECF2ABA2-8CEE-4515-851A-63471414559C}"= TCP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{EE012F99-09DB-448F-BCA6-EEBAA70A9012}"= UDP:c:\program files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{124550E7-3549-4F50-8CB1-A9321D4366A1}"= TCP:c:\program files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{59616A17-DEFF-4577-80A1-E3BBC0E46086}"= UDP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{E2CA0208-170C-4A5F-A86F-98E639CFF1EC}"= TCP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{5E9274A3-CFC5-4248-B7C2-1EC21BAC09D5}"= UDP:c:\program files\Codemasters\FUEL\FUEL.exe:FUEL
"{C684DCC2-8B8C-4B36-B3A9-55C3A55716C2}"= TCP:c:\program files\Codemasters\FUEL\FUEL.exe:FUEL
"{B376C6A7-9E69-4DCF-AFC0-552938C3EB86}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{CE7AC010-DED0-4EDB-9581-95099CD0A7DD}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{1D999984-0C68-4AFC-9DB5-D477BE4CA478}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{2C199814-5134-4B0B-8CF3-D5B1F2CEBD5F}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{02E027CA-D9B9-47CF-B465-4ABAA676D910}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{67FD536E-AC48-4C0A-85B6-B3C20D9E5820}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{B62D2613-F81C-4BF6-8F27-84F60E7F820B}"= UDP:c:\program files\CAPCOM\Bionic Commando\bionic_commando.exe:Bionic Commando
"{12CB028B-88F4-48B4-8334-21ACF719C1F6}"= TCP:c:\program files\CAPCOM\Bionic Commando\bionic_commando.exe:Bionic Commando
"{6B854842-A4E5-40C1-8DE3-FE14F4943E72}"= UDP:c:\program files\CAPCOM\Bionic Commando\Support\CAP1-0101.exe:Bionic Commando
"{26D9A17F-3F11-4245-8BDA-C756AC814E0C}"= TCP:c:\program files\CAPCOM\Bionic Commando\Support\CAP1-0101.exe:Bionic Commando
"{1E7071DC-7F94-435D-A1D1-42BDB78EB399}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3DD3E165-1AAB-49BA-A930-7477CA294D8A}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{BCF1C92B-E920-4B3F-93D0-C2155AB02693}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8BF755AB-8EF5-4BED-B1B5-B29B48410DF5}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D144BFE3-F1DF-4905-B4B6-541B0551EBF7}"= UDP:c:\program files\Activision\Wolfenstein\MP\Wolf2MP.exe:Wolfenstein(TM)
"{EFC1EB29-8753-4E00-91EA-ED1FD3E3D509}"= TCP:c:\program files\Activision\Wolfenstein\MP\Wolf2MP.exe:Wolfenstein(TM)
"{2DC12E4C-F8B1-44C8-92A9-5BD6426E9612}"= UDP:c:\program files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:Wolfenstein(TM)
"{D6A4DBE2-185E-40F9-83E2-39695FDC441F}"= TCP:c:\program files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:Wolfenstein(TM)
"{2C3631F9-1CBE-40F6-B1DF-79223A576463}"= UDP:c:\program files\Activision\Wolfenstein Lite Server\Wolf2MPLite.exe:Wolfenstein(TM) Lite Server
"{FDB90512-3B9D-4259-8F6A-8635C71D40D1}"= TCP:c:\program files\Activision\Wolfenstein Lite Server\Wolf2MPLite.exe:Wolfenstein(TM) Lite Server
"{7C6E124D-ED49-4468-9BD9-8CBF9BCB7ABE}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{6156E3FC-5B90-413B-B8DB-7D08284FC10E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{2A6D8D02-0BD9-4C44-8216-5AD0968CDAFF}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{7744244D-ABD1-4561-AD8F-29BDF2DECF42}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{1483F1FE-DA6F-43B2-AB50-D496646785F6}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{B56B0BB0-0165-4459-9489-334BB1B63DE3}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdate.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdateEx.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/14 19:53];c:\program files\CyberLink\PowerDVD9\000.fcl [28.2.2009 19:40 87536]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [27.10.2008 18:03 759072]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9.4.2009 15:19 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [9.4.2009 15:21 38240]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [16.6.2009 10:48 185640]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [14.4.2009 20:12 603904]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
S3 btnetBUs;IVT Bluetooth Bus Service for BtNic;c:\windows\System32\drivers\btnetBus.sys [22.10.2008 12:35 29832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'

2009-08-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-08-31 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]

2009-08-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
.
.
------- Doplňkový sken -------
.
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {97CAF143-D751-4C0A-B218-61E77A662D28} = 81.25.16.250,81.25.28.250
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.21.0.cab
FF - ProfilePath - c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz
FF - component: c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\Spyke\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 23:56
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[Spyke]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Spyke\AppData\Local\Temp\TRZ4B75.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1441424256-2553929416-2813665706-1000\Software\SecuROM\License information*]
"datasecu"=hex:e0,f0,93,45,46,eb,e0,e5,69,d7,d1,1c,71,21,1c,e4,fd,ec,7b,d4,d7,
46,e0,35,0b,ad,1c,bd,ba,99,0d,4a,68,00,67,e1,b8,04,34,20,b3,b3,0f,33,ec,00,\
"rkeysecu"=hex:4a,64,69,4c,fb,55,c2,f9,09,2a,85,2a,49,34,51,53

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,2b,63,09,c0,a4,
d2,20,3a,e2,63,26,f1,3f,c8,ff,68,5e,46,e9,0b,bb,2c,fa,fb,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,af,f6,11,cd,98,
33,3f,6e,6a,9c,d6,61,af,45,84,18,3e,40,61,98,a2,1f,07,32,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,84,6c,c2,50,51,
73,68,9a,ff,7c,85,e0,43,d4,0e,fe,9a,e8,a1,ec,cf,e0,be,66,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,2f,67,bb,dc,ac,
ac,21,50,86,8c,21,01,be,91,eb,e7,b6,d0,2b,a0,12,70,79,28,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,ba,99,cb,2e,1c,
9e,2c,0c,f5,1d,4d,73,a8,13,5c,05,80,4f,75,b2,ad,be,a6,fc,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,02,ee,88,4d,b8,
4a,de,44,df,20,58,62,78,6b,cf,c8,82,f0,01,ef,63,ac,ed,31,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f3,dd,54,10,74,
df,44,9f,fb,a7,78,e6,12,2f,9a,ea,d1,90,84,af,85,f7,c9,52,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4c,da,2a,c8,f1,
b5,c8,6d,01,3a,48,fc,e8,04,4a,f1,0d,92,4d,cd,23,0e,f7,aa,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,02,f1,56,52,82,
c7,84,9f,f6,0f,4e,58,98,5b,89,c9,52,67,32,3c,bb,23,9f,05,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,84,be,29,70,68,
e7,83,c6,3d,ce,ea,26,2d,45,aa,78,15,59,bb,c9,4e,09,c7,e4,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,09,2e,30,52,ce,
e6,f2,ed,2a,b7,cc,b5,b9,7f,41,e7,b8,79,a4,54,c9,b5,b6,5f,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,c7,f1,c5,ac,
4f,53,b5,6c,43,2d,1e,aa,22,2f,9c,84,c2,18,3d,41,d6,97,fa,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="B04394C450FAEBFC444EDA1284974E0AE1F8E0DBE5CF43449EE391E11EF3EF68B0A21BFE13ED491F1FA8930A43B0A9A43FC40FCDE945C2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808A2D97226D213B5559DAE55F70AFA422DB7C3B67C6D43296D0DB8613AF11F8C5D6F013182F8D6305A4665C8DD1051CF73B40C1394D8BB1E56D5C04B7F92026108081A242D26981A76C36870D7519436CF8BF7E2A7D0145934E19DDD4A28F4332F541CD0536EE0E5859A5025F5BAA27D4CB8B4C1030BCFF3E0C3B2944550C14A9923BC321D78DD2ED9EEC7867D1A2C2FEA5D848FAA204408A836F430500C82F280E4C70CE74E0E0FBC0E8EF4E92437DA1DBABA6E540A1EB6CB946CB4004127FD1230996143DD472CE664F69867EF1F934DBABDC56A2CDAA3016138E91B3973416FBFA5FC747BB3A98887E95BD6778FEED6E78B408CC94D757040085C9DA18014AF6F716BF25B4F32C32D61E94E9C8B8788F3B44E8C0B9C58B6FAA2DBB50CB8D2DD43987D6C9869F331306C379821687D2830DBA1EF7CC37BE4FCDFFCC86CDBDEF45F48C8C132289E5A0FAF79B1AC4FF06C97BBB2F18E911301D82E176D1EFE9C698F422685898469BFECE02BCCCABF0C03449E3C8216A75784C20E476EDC88F5A0C0DDB202664B0D5311CC0ACDEA0A750AF465BC424AFD03D91495EDCC4B3555F48405CFB3729BC77B6651184E60545F969084F789C8DED4E3C9ECAD3B6E93AC341136A2C93BECDA147BE29B1C63987AB09C847460116912F783526FA12E89F09F4004942AB4858CEC03889F390E24FCD346817E07080F825D0795601BDACC9A6D1013526CB483A54854DB71DADF1A2470DCAA24F07799F0D3BC1EEE7724E8A4492220CDDDF457F55DEA0F236A3D6E2BE9544539C288A02D0A33E351BA1FBF92CFBC77BAFE94454BD564630A066C6B579944A955574F948BA519757D1A46046793C9FB930316E77ED205B042FE9A306E4A6A4452BDBCB7E1404572B005F53DAA9AD6A314D3DEA968E6326229D9D42DBBBC24154FB82CA10E66AE8FEA97EF476CDD17F93F0E3ACC669778F7E05110288CA4F5AFB13D583B6E1974197127D9D139CBDD1CD801D6665A6184844ED224BBB32A893D9D78E045674ED46A4A3A3E61A9C7273CEA3347DD2AB3AB2E1EFEC9D4096AA8F90146CC515F6DB7F3420D08CC52A690A1425A00703E6FE331BCACA336E672C43688BA8247C35424BC6B0F89C0D3325BA5EF65DC3005EDC75DDB64B373AAC8EF56291C4F6182D4475D18E3F93C4CA96EB749741D80F078969572636179B8E464519965E22E90B2F102DFE1EF93E03ED2D7E65A611AF6CFB250BB1CF7047633FCB5D344D1106427996EA096EA6E3A9537"

[HKEY_LOCAL_MACHINE\SOFTWARE\Portrait Displays\DisplayTune\PLUG_AP\APPS\{15733AD1-1CEF-459A-9245-0924FC63BDD5}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\5&2665eb8b&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)
.
Celkový čas: 2009-08-31 23:58
ComboFix-quarantined-files.txt 2009-08-31 21:58

Před spuštěním: Volných bajtů: 15 918 501 888
Po spuštění: Volných bajtů: 15 881 351 168

701 --- E O F --- 2009-08-29 00:59

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\users\Spyke\AppData\Local\Temp\TRZ4B75.tmp

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Spyke]

Po dokončení Combofixu mi sice nešly otevírat .exe soubory, ale to vyřešil restart. A také mi to vymazalo výchozí bránu z TCP/IP protokolu.
Informace o chování Pc dodám. Jelikož to nedělá stále, je těžké zjistit, zda-li je již v pořádku. Tak jako tak zatím mnohokrát děkuji..


ComboFix 09-08-31.03 - Spyke 01.09.2009 0:22.2.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.420.1029.18.2046.931 [GMT 2:00]
Spuštěný z: c:\users\Spyke\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Spyke\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\users\Spyke\AppData\Local\Temp\TRZ4B75.tmp"
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-28 do 2009-08-31 )))))))))))))))))))))))))))))))
.

2009-08-31 22:29 . 2009-08-31 22:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-31 22:29 . 2009-08-31 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-31 21:58 . 2009-08-31 22:29 -------- d-----w- c:\users\Spyke\AppData\Local\temp
2009-08-31 21:14 . 2009-08-31 21:14 -------- d-----w- c:\users\Spyke\AppData\Roaming\Malwarebytes
2009-08-31 21:14 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-31 21:14 . 2009-08-31 21:14 -------- d-----w- c:\programdata\Malwarebytes
2009-08-31 21:14 . 2009-08-31 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-31 21:14 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 20:51 . 2009-08-31 20:51 -------- d-----w- c:\users\Spyke\AppData\Local\ABBYY
2009-08-31 20:51 . 2009-08-31 20:51 -------- d-----w- c:\users\Spyke\AppData\Local\Cooliris
2009-08-31 20:38 . 2009-08-31 20:38 -------- d-----w- c:\program files\Trend Micro
2009-08-31 02:15 . 2009-08-31 02:18 -------- d-----w- c:\program files\2GM Anonymizer
2009-08-29 12:41 . 2009-08-29 12:41 -------- d-----w- c:\users\Spyke\AppData\Roaming\Download Manager
2009-08-27 01:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 17:21 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 17:21 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 17:01 . 2009-08-24 17:01 -------- d-----w- c:\users\Spyke\AppData\Local\IBAGroup
2009-08-24 17:00 . 2009-08-24 17:00 -------- d-----w- c:\programdata\Fugazo
2009-08-24 17:00 . 2009-08-24 17:04 -------- d-----w- c:\program files\Games
2009-08-24 16:57 . 2009-08-24 16:59 -------- d-----w- C:\Games
2009-08-24 15:47 . 2009-08-24 15:47 -------- d-----w- c:\users\Spyke\AppData\Local\My Games
2009-08-20 21:47 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-20 21:47 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-20 21:47 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-20 21:47 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-20 21:47 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-20 21:47 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-20 21:47 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-20 21:47 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-19 03:22 . 2009-08-19 03:22 -------- d-----w- c:\users\Spyke\AppData\Local\id Software
2009-08-19 03:05 . 2009-08-19 03:09 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-18 15:51 . 2009-08-18 15:54 -------- d-----w- c:\program files\Bomberic 2
2009-08-18 14:07 . 2009-08-18 14:23 -------- d-----w- c:\program files\Drakensang
2009-08-18 14:04 . 2009-08-18 14:07 -------- d-----w- c:\program files\Bungee Jumping
2009-08-17 01:04 . 2009-08-17 01:04 -------- d-----w- c:\program files\Aspyr
2009-08-11 18:55 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 18:55 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 18:55 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 18:55 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 18:55 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 18:55 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 18:55 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 18:55 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-07 22:27 . 2009-08-07 22:35 -------- d-----w- c:\users\Spyke\AppData\Roaming\NationRed
2009-08-07 22:21 . 2009-08-07 22:27 -------- d-----w- c:\program files\Nation Red
2009-08-06 11:29 . 2009-08-06 11:29 -------- d-----w- c:\program files\PacSteamT
2009-08-06 11:23 . 2009-08-06 11:52 -------- d-----w- c:\program files\Common Files\Steam
2009-08-06 11:23 . 2009-08-31 21:43 -------- d-----w- c:\program files\Steam
2009-08-06 10:50 . 2009-08-06 12:23 -------- d-----w- c:\program files\TF2
2009-08-05 20:36 . 2009-06-25 14:36 1291640 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-08-05 20:36 . 2009-06-25 14:36 729088 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-08-05 19:25 . 2009-08-19 03:10 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-05 19:25 . 2009-08-19 03:09 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-05 19:25 . 2009-08-19 03:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-05 16:52 . 2009-08-05 16:52 -------- d-----w- c:\users\Spyke\AppData\Local\PunkBuster
2009-08-05 13:07 . 2009-08-19 03:10 139152 ----a-w- c:\users\Spyke\AppData\Roaming\PnkBstrK.sys
2009-08-05 13:00 . 2009-08-05 13:00 -------- d-----w- c:\program files\EA Games
2009-08-05 01:12 . 2009-08-05 01:12 -------- d-----w- c:\program files\City Interactive
2009-08-05 00:38 . 2009-08-05 00:38 -------- d-----w- c:\program files\Team6 game studios
2009-08-04 11:57 . 2009-08-04 11:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-04 11:43 . 2009-08-04 11:43 -------- d-----w- c:\program files\505games
2009-08-03 12:26 . 2009-08-03 12:26 -------- d-----w- c:\program files\Battlefront
2009-08-03 12:18 . 2009-08-03 12:18 -------- d-----w- c:\program files\Break For Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 22:18 . 2009-05-18 15:10 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-08-31 21:40 . 2009-04-14 18:20 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-31 20:31 . 2009-04-14 16:08 -------- d-----w- c:\program files\Digsby
2009-08-29 12:34 . 2009-04-14 16:21 -------- d-----w- c:\program files\Java
2009-08-24 17:01 . 2009-04-14 16:15 -------- d-----w- c:\program files\Fraps
2009-08-24 16:35 . 2007-01-08 21:15 610548 ----a-w- c:\windows\system32\perfh005.dat
2009-08-24 16:35 . 2007-01-08 21:15 120950 ----a-w- c:\windows\system32\perfc005.dat
2009-08-24 14:48 . 2009-04-15 21:05 -------- d-----w- c:\program files\Ubisoft
2009-08-24 14:48 . 2009-04-14 13:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-19 03:07 . 2009-05-02 20:35 -------- d-----w- c:\program files\Activision
2009-08-18 17:28 . 2009-04-20 14:31 -------- d-----w- c:\program files\WB Games
2009-08-18 14:06 . 2009-04-14 13:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-16 18:59 . 2009-04-14 13:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-12 23:32 . 2009-04-14 16:08 -------- d-----w- c:\users\Spyke\AppData\Roaming\Digsby
2009-08-12 00:07 . 2009-04-14 13:50 -------- d-----w- c:\programdata\Microsoft Help
2009-08-12 00:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-07 22:27 . 2009-04-14 13:35 -------- d-----w- c:\program files\OpenAL
2009-08-06 01:14 . 2009-04-15 17:36 -------- d-----w- c:\program files\Codemasters
2009-08-06 01:11 . 2009-04-15 17:57 -------- d-----w- c:\programdata\Codemasters
2009-08-05 10:30 . 2009-04-14 12:30 140752 ----a-w- c:\users\Spyke\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-03 12:14 . 2009-04-20 15:40 -------- d-----w- c:\program files\Paradox Interactive
2009-08-03 11:35 . 2009-07-03 20:06 -------- d-----w- c:\program files\Rainmeter
2009-08-03 11:35 . 2009-07-17 14:47 -------- d-----w- c:\program files\LaunchTab
2009-08-03 11:35 . 2009-07-17 14:32 -------- d-----w- c:\program files\CD Art Display
2009-08-01 09:00 . 2009-04-15 12:45 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 00:45 . 2009-04-20 16:27 -------- d-----w- c:\users\Spyke\AppData\Roaming\Grand Ages Rome
2009-07-25 12:52 . 2009-07-25 12:52 -------- d-----w- c:\programdata\BC
2009-07-25 12:42 . 2009-07-25 12:42 -------- d-----w- c:\program files\GFI
2009-07-25 12:28 . 2009-07-02 09:37 -------- d-----w- c:\program files\CAPCOM
2009-07-25 03:23 . 2009-04-14 16:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 23:05 . 2009-07-24 22:04 -------- d-----w- c:\programdata\FarmFrenzy3
2009-07-24 22:04 . 2009-07-24 22:04 -------- d-----w- c:\program files\Farm Frenzy 3
2009-07-23 20:16 . 2009-04-14 16:17 -------- d-----w- c:\program files\Garena
2009-07-22 18:31 . 2009-07-22 17:24 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate
2009-07-22 18:20 . 2009-07-22 18:20 -------- d-----w- c:\users\Spyke\AppData\Roaming\proDAD
2009-07-22 18:20 . 2009-07-22 18:20 -------- d-----w- c:\program files\proDAD
2009-07-22 18:20 . 2009-07-22 18:20 -------- d-----w- c:\program files\LooksBuilderSE
2009-07-22 18:19 . 2009-07-22 18:18 -------- d-----w- c:\program files\Boris FX, Inc
2009-07-22 18:18 . 2009-07-22 17:19 -------- d-----w- c:\program files\Pinnacle
2009-07-22 17:40 . 2009-07-22 17:40 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-07-22 17:25 . 2009-07-22 17:25 29926 ----a-r- c:\users\Spyke\AppData\Roaming\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2009-07-22 17:25 . 2009-07-22 17:25 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-07-22 17:19 . 2009-07-22 17:19 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-07-22 17:19 . 2009-07-22 17:07 -------- d-----w- c:\programdata\Pinnacle
2009-07-22 17:19 . 2009-07-22 17:19 -------- d-----w- c:\programdata\Studio 12
2009-07-22 17:19 . 2009-07-22 17:19 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2009-07-21 21:52 . 2009-07-29 10:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 10:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 10:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 10:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 17:01 . 2009-07-21 17:01 -------- d-----w- c:\programdata\Awem
2009-07-20 14:37 . 2009-07-20 14:37 -------- d-----w- c:\users\Spyke\AppData\Roaming\YoudaGames
2009-07-20 14:23 . 2009-07-20 14:23 -------- d-----w- c:\users\Spyke\AppData\Roaming\Balloon Express
2009-07-17 15:49 . 2009-04-15 07:57 -------- d-----w- c:\users\Spyke\AppData\Roaming\AIMP
2009-07-17 15:26 . 2009-07-17 14:44 -------- d-----w- c:\users\Spyke\AppData\Roaming\AveDesk
2009-07-17 14:29 . 2009-07-17 14:29 -------- d-----w- c:\users\Spyke\AppData\Roaming\CD Art Display
2009-07-16 16:46 . 2009-07-16 16:33 -------- d-----w- c:\program files\Fotolab
2009-07-16 16:37 . 2009-07-16 16:37 -------- d-----w- c:\programdata\hps
2009-07-14 15:17 . 2009-07-14 15:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 15:17 . 2009-07-14 15:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-14 00:16 . 2009-07-07 21:31 -------- d-----w- c:\program files\Warcraft III
2009-07-11 23:44 . 2009-07-11 23:44 -------- d-----w- c:\program files\RedLynx
2009-07-09 01:14 . 2009-07-09 01:14 -------- d-----w- c:\programdata\ConeXware
2009-07-07 23:22 . 2009-07-07 23:03 104439 ----a-w- c:\windows\War3Unin.dat
2009-07-07 23:10 . 2009-07-07 23:03 2829 ----a-w- c:\windows\War3Unin.pif
2009-07-07 23:10 . 2009-07-07 23:03 139264 ----a-w- c:\windows\War3Unin.exe
2009-07-07 15:14 . 2009-07-07 15:14 -------- d-----w- c:\program files\TeamViewer
2009-07-07 15:13 . 2009-07-07 15:12 -------- d-----w- c:\users\Spyke\AppData\Roaming\TeamViewer
2009-07-07 15:12 . 2009-07-07 15:12 -------- d-----w- c:\program files\QS
2009-07-07 13:49 . 2009-07-07 13:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-07 13:49 . 2009-07-07 13:48 -------- d-----w- c:\users\Spyke\AppData\Roaming\PC Suite
2009-07-07 13:49 . 2009-07-07 13:48 -------- d-----w- c:\users\Spyke\AppData\Roaming\Nokia
2009-07-07 13:49 . 2009-07-07 13:48 -------- d-----w- c:\programdata\PC Suite
2009-07-07 13:48 . 2009-07-07 13:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-07-07 13:48 . 2009-07-07 13:47 -------- d-----w- c:\program files\DIFX
2009-07-07 13:47 . 2009-07-07 13:47 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-07 13:47 . 2009-07-07 13:47 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-07 13:47 . 2009-07-07 13:45 -------- d-----w- c:\program files\Nokia
2009-07-07 13:47 . 2009-07-07 13:46 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-07 13:44 . 2009-07-07 13:44 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-07 13:44 . 2009-07-07 13:44 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-07 13:44 . 2009-07-07 13:44 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-07 13:44 . 2009-07-07 13:44 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-07 13:44 . 2009-07-07 13:44 -------- d-----w- c:\programdata\Installations
2009-07-07 13:44 . 2009-07-07 13:44 33921368 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_cze_web.exe
2009-07-06 20:44 . 2009-07-07 20:22 103424 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-06 20:44 . 2009-07-07 20:22 937984 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-06 20:44 . 2009-07-07 20:22 65536 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-06 20:44 . 2009-07-07 20:22 4722688 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-06 20:44 . 2009-07-07 20:22 344064 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-06 20:44 . 2009-07-07 20:22 106496 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-05 23:20 . 2009-07-05 23:19 -------- d-----w- c:\program files\Trine
2009-07-05 21:25 . 2009-07-05 21:25 -------- d-----w- c:\users\Spyke\AppData\Roaming\Ubisoft
2009-07-05 21:23 . 2009-04-26 20:00 -------- d-----w- c:\programdata\Tages
2009-07-05 21:21 . 2009-04-26 19:39 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-05 21:21 . 2009-04-26 19:39 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-30 17:19 . 2009-07-01 17:11 106496 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Plugins\npcoolirisplugin.dll
2009-06-30 17:19 . 2009-07-01 17:11 65536 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
2009-06-30 17:19 . 2009-07-01 17:11 4734976 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll
2009-06-15 15:24 . 2009-07-15 14:59 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-05-08 23:51 . 2009-05-08 09:07 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-05-08 23:51 . 2009-05-08 09:07 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-05-23 2170880]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Steam"="c:\program files\steam\steam.exe" [2009-08-06 1217784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-17 6793760]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT HPW"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-07-14 81920]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-22 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-22 92704]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"TrayFactory"="c:\program files\PS Tray Factory\PSTrayFactory.EXE" [2006-01-18 299169]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-03-05 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\CTXFIHLP.EXE [2007-03-05 19968]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TrayFactory"="c:\program files\PS Tray Factory\PSTrayFactory.exe" [2006-01-18 299169]

c:\users\Spyke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2009-4-14 50848]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-14 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1441424256-2553929416-2813665706-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{61DF4A35-C812-4D8E-9FBC-024583E4E303}"= UDP:c:\windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"{713DB524-8409-495A-BF04-930ED7D53E25}"= TCP:c:\windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"{851931CB-3E25-4648-AF94-B4D9FD90E7A7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{22F9E86B-39CA-4D53-8F75-3A4288E17F4C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CD37B274-4116-4224-80A0-BC49518D86EF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{257522F2-4739-4797-B29F-41D7A1E8BE3D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{67C67347-2BC7-4B26-9448-2A9960FDAECA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0C13E855-59B4-4EFD-A519-353786379EF5}"= c:\program files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:CyberLink PowerDVD 9.0
"{79D56DB8-DF47-401F-ADDA-DF9064B5E1CE}"= c:\program files\CyberLink\PowerDVD9\PowerDVD9.EXE:CyberLink PowerDVD 9.0
"{5EB89A4C-03EB-48B6-986F-A261472997AD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BE256B8D-7C01-483C-9F04-F32CBFA8880A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6EF7D186-52EF-4377-A6D9-A3AEF4ACD8BA}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{EF681A09-A750-408B-8954-A0DD22F44BBF}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{82A76CE3-9D82-428E-A124-596DF2592A53}"= UDP:c:\program files\Paradox Interactive\Elven Legacy\ElvenLegacy.exe:Elven Legacy
"{598118F9-7F7B-44C8-B856-7F059EBC1A39}"= TCP:c:\program files\Paradox Interactive\Elven Legacy\ElvenLegacy.exe:Elven Legacy
"{9A0B38DA-9C8D-41B0-A972-64E0BD886013}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{9C0C987F-4DB9-404E-AA50-45698A199BE4}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{F6A4AEB0-3652-4FFB-AF22-753794B02FD4}"= UDP:c:\program files\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe:X-Men Origins - Wolverine
"{C27D4590-BABC-4465-BE5C-A8DF2B82ED2A}"= TCP:c:\program files\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe:X-Men Origins - Wolverine
"{ED3F64E6-B863-4CFE-AAE1-4FC3131C4BFE}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{388229EA-01F6-45C6-9E30-6DA04CB9CF9F}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{E83DB089-EC04-4662-B64D-440E3EC17927}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{174B1E37-B6BA-4AA0-8067-12039664FE4B}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{357396BC-7F33-4FEF-8149-86FDFC6DD630}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{80945573-A6B5-467E-87E7-A69D0C15EA4C}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{EF4ED491-00C8-4E50-A5CE-367C018FEF21}"= UDP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{ECF2ABA2-8CEE-4515-851A-63471414559C}"= TCP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{EE012F99-09DB-448F-BCA6-EEBAA70A9012}"= UDP:c:\program files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{124550E7-3549-4F50-8CB1-A9321D4366A1}"= TCP:c:\program files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{59616A17-DEFF-4577-80A1-E3BBC0E46086}"= UDP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{E2CA0208-170C-4A5F-A86F-98E639CFF1EC}"= TCP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{5E9274A3-CFC5-4248-B7C2-1EC21BAC09D5}"= UDP:c:\program files\Codemasters\FUEL\FUEL.exe:FUEL
"{C684DCC2-8B8C-4B36-B3A9-55C3A55716C2}"= TCP:c:\program files\Codemasters\FUEL\FUEL.exe:FUEL
"{B376C6A7-9E69-4DCF-AFC0-552938C3EB86}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{CE7AC010-DED0-4EDB-9581-95099CD0A7DD}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{1D999984-0C68-4AFC-9DB5-D477BE4CA478}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{2C199814-5134-4B0B-8CF3-D5B1F2CEBD5F}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{02E027CA-D9B9-47CF-B465-4ABAA676D910}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{67FD536E-AC48-4C0A-85B6-B3C20D9E5820}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{B62D2613-F81C-4BF6-8F27-84F60E7F820B}"= UDP:c:\program files\CAPCOM\Bionic Commando\bionic_commando.exe:Bionic Commando
"{12CB028B-88F4-48B4-8334-21ACF719C1F6}"= TCP:c:\program files\CAPCOM\Bionic Commando\bionic_commando.exe:Bionic Commando
"{6B854842-A4E5-40C1-8DE3-FE14F4943E72}"= UDP:c:\program files\CAPCOM\Bionic Commando\Support\CAP1-0101.exe:Bionic Commando
"{26D9A17F-3F11-4245-8BDA-C756AC814E0C}"= TCP:c:\program files\CAPCOM\Bionic Commando\Support\CAP1-0101.exe:Bionic Commando
"{1E7071DC-7F94-435D-A1D1-42BDB78EB399}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3DD3E165-1AAB-49BA-A930-7477CA294D8A}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{BCF1C92B-E920-4B3F-93D0-C2155AB02693}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8BF755AB-8EF5-4BED-B1B5-B29B48410DF5}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D144BFE3-F1DF-4905-B4B6-541B0551EBF7}"= UDP:c:\program files\Activision\Wolfenstein\MP\Wolf2MP.exe:Wolfenstein(TM)
"{EFC1EB29-8753-4E00-91EA-ED1FD3E3D509}"= TCP:c:\program files\Activision\Wolfenstein\MP\Wolf2MP.exe:Wolfenstein(TM)
"{2DC12E4C-F8B1-44C8-92A9-5BD6426E9612}"= UDP:c:\program files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:Wolfenstein(TM)
"{D6A4DBE2-185E-40F9-83E2-39695FDC441F}"= TCP:c:\program files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:Wolfenstein(TM)
"{2C3631F9-1CBE-40F6-B1DF-79223A576463}"= UDP:c:\program files\Activision\Wolfenstein Lite Server\Wolf2MPLite.exe:Wolfenstein(TM) Lite Server
"{FDB90512-3B9D-4259-8F6A-8635C71D40D1}"= TCP:c:\program files\Activision\Wolfenstein Lite Server\Wolf2MPLite.exe:Wolfenstein(TM) Lite Server
"{7C6E124D-ED49-4468-9BD9-8CBF9BCB7ABE}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{6156E3FC-5B90-413B-B8DB-7D08284FC10E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{2A6D8D02-0BD9-4C44-8216-5AD0968CDAFF}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{7744244D-ABD1-4561-AD8F-29BDF2DECF42}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{1483F1FE-DA6F-43B2-AB50-D496646785F6}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{B56B0BB0-0165-4459-9489-334BB1B63DE3}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdate.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdateEx.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [27.10.2008 18:03 759072]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9.4.2009 15:19 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [9.4.2009 15:21 38240]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [16.6.2009 10:48 185640]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [14.4.2009 20:12 603904]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
S3 btnetBUs;IVT Bluetooth Bus Service for BtNic;c:\windows\System32\drivers\btnetBus.sys [22.10.2008 12:35 29832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'

2009-08-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-08-31 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]

2009-08-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
.
.
------- Doplňkový sken -------
.
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {97CAF143-D751-4C0A-B218-61E77A662D28} = 81.25.16.250,81.25.28.250
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.21.0.cab
FF - ProfilePath - c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz
FF - component: c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\Spyke\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 00:29
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\users\Spyke\AppData\Local\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1441424256-2553929416-2813665706-1000\Software\SecuROM\License information*]
"datasecu"=hex:e0,f0,93,45,46,eb,e0,e5,69,d7,d1,1c,71,21,1c,e4,fd,ec,7b,d4,d7,
46,e0,35,0b,ad,1c,bd,ba,99,0d,4a,68,00,67,e1,b8,04,34,20,b3,b3,0f,33,ec,00,\
"rkeysecu"=hex:4a,64,69,4c,fb,55,c2,f9,09,2a,85,2a,49,34,51,53

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="B04394C450FAEBFC444EDA1284974E0AE1F8E0DBE5CF43449EE391E11EF3EF68B0A21BFE13ED491F1FA8930A43B0A9A43FC40FCDE945C2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808A2D97226D213B5559DAE55F70AFA422DB7C3B67C6D43296D0DB8613AF11F8C5D6F013182F8D6305A4665C8DD1051CF73B40C1394D8BB1E56D5C04B7F92026108081A242D26981A76C36870D7519436CF8BF7E2A7D0145934E19DDD4A28F4332F541CD0536EE0E5859A5025F5BAA27D4CB8B4C1030BCFF3E0C3B2944550C14A9923BC321D78DD2ED9EEC7867D1A2C2FEA5D848FAA204408A836F430500C82F280E4C70CE74E0E0FBC0E8EF4E92437DA1DBABA6E540A1EB6CB946CB4004127FD1230996143DD472CE664F69867EF1F934DBABDC56A2CDAA3016138E91B3973416FBFA5FC747BB3A98887E95BD6778FEED6E78B408CC94D757040085C9DA18014AF6F716BF25B4F32C32D61E94E9C8B8788F3B44E8C0B9C58B6FAA2DBB50CB8D2DD43987D6C9869F331306C379821687D2830DBA1EF7CC37BE4FCDFFCC86CDBDEF45F48C8C132289E5A0FAF79B1AC4FF06C97BBB2F18E911301D82E176D1EFE9C698F422685898469BFECE02BCCCABF0C03449E3C8216A75784C20E476EDC88F5A0C0DDB202664B0D5311CC0ACDEA0A750AF465BC424AFD03D91495EDCC4B3555F48405CFB3729BC77B6651184E60545F969084F789C8DED4E3C9ECAD3B6E93AC341136A2C93BECDA147BE29B1C63987AB09C847460116912F783526FA12E89F09F4004942AB4858CEC03889F390E24FCD346817E07080F825D0795601BDACC9A6D1013526CB483A54854DB71DADF1A2470DCAA24F07799F0D3BC1EEE7724E8A4492220CDDDF457F55DEA0F236A3D6E2BE9544539C288A02D0A33E351BA1FBF92CFBC77BAFE94454BD564630A066C6B579944A955574F948BA519757D1A46046793C9FB930316E77ED205B042FE9A306E4A6A4452BDBCB7E1404572B005F53DAA9AD6A314D3DEA968E6326229D9D42DBBBC24154FB82CA10E66AE8FEA97EF476CDD17F93F0E3ACC669778F7E05110288CA4F5AFB13D583B6E1974197127D9D139CBDD1CD801D6665A6184844ED224BBB32A893D9D78E045674ED46A4A3A3E61A9C7273CEA3347DD2AB3AB2E1EFEC9D4096AA8F90146CC515F6DB7F3420D08CC52A690A1425A00703E6FE331BCACA336E672C43688BA8247C35424BC6B0F89C0D3325BA5EF65DC3005EDC75DDB64B373AAC8EF56291C4F6182D4475D18E3F93C4CA96EB749741D80F078969572636179B8E464519965E22E90B2F102DFE1EF93E03ED2D7E65A611AF6CFB250BB1CF7047633FCB5D344D1106427996EA096EA6E3A9537"

[HKEY_LOCAL_MACHINE\SOFTWARE\Portrait Displays\DisplayTune\PLUG_AP\APPS\{15733AD1-1CEF-459A-9245-0924FC63BDD5}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\5&2665eb8b&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4712)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\PS Tray Factory\HKDll.dll
c:\program files\Portrait Displays\Pivot Software\winphook.dll
.
Celkový čas: 2009-08-31 0:32
ComboFix-quarantined-files.txt 2009-08-31 22:32
ComboFix2.txt 2009-08-31 21:58

Před spuštěním: Volných bajtů: 15 913 107 456
Po spuštění: Volných bajtů: 15 872 741 376

402 --- E O F --- 2009-08-29 00:59



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:40:06, on 1.9.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\EXPERTool\TBPANEL.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /silent
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97CAF143-D751-4C0A-B218-61E77A662D28}: NameServer = 81.25.16.250,81.25.28.250
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 11447 bytes

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\users\Spyke\AppData\Local\Temp\catchme.dll



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
*****************************************************************************************************************************************
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
*****************************************************************************************************************************************
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Až vyzkoušíš, tak napiš jak se chová.

[Spyke]

ComboFix 09-08-31.03 - Spyke 01.09.2009 2:25.3.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.420.1029.18.2046.1201 [GMT 2:00]
Spuštěný z: c:\users\Spyke\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Spyke\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\users\Spyke\AppData\Local\Temp\catchme.dll"
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-08-01 do 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-09-01 00:32 . 2009-09-01 00:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-01 00:32 . 2009-09-01 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-31 21:58 . 2009-09-01 00:32 -------- d-----w- c:\users\Spyke\AppData\Local\temp
2009-08-31 21:14 . 2009-08-31 21:14 -------- d-----w- c:\users\Spyke\AppData\Roaming\Malwarebytes
2009-08-31 21:14 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-31 21:14 . 2009-08-31 21:14 -------- d-----w- c:\programdata\Malwarebytes
2009-08-31 21:14 . 2009-08-31 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-31 21:14 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 20:51 . 2009-08-31 20:51 -------- d-----w- c:\users\Spyke\AppData\Local\ABBYY
2009-08-31 20:51 . 2009-08-31 20:51 -------- d-----w- c:\users\Spyke\AppData\Local\Cooliris
2009-08-31 20:38 . 2009-08-31 20:38 -------- d-----w- c:\program files\Trend Micro
2009-08-31 02:15 . 2009-08-31 02:18 -------- d-----w- c:\program files\2GM Anonymizer
2009-08-29 12:41 . 2009-08-29 12:41 -------- d-----w- c:\users\Spyke\AppData\Roaming\Download Manager
2009-08-27 01:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 17:21 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 17:21 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 17:01 . 2009-08-24 17:01 -------- d-----w- c:\users\Spyke\AppData\Local\IBAGroup
2009-08-24 17:00 . 2009-08-24 17:00 -------- d-----w- c:\programdata\Fugazo
2009-08-24 17:00 . 2009-08-24 17:04 -------- d-----w- c:\program files\Games
2009-08-24 16:57 . 2009-08-24 16:59 -------- d-----w- C:\Games
2009-08-24 15:47 . 2009-08-24 15:47 -------- d-----w- c:\users\Spyke\AppData\Local\My Games
2009-08-20 21:47 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-20 21:47 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-20 21:47 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-20 21:47 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-20 21:47 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-20 21:47 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-20 21:47 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-20 21:47 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-19 03:22 . 2009-08-19 03:22 -------- d-----w- c:\users\Spyke\AppData\Local\id Software
2009-08-19 03:05 . 2009-08-19 03:09 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-18 15:51 . 2009-08-18 15:54 -------- d-----w- c:\program files\Bomberic 2
2009-08-18 14:07 . 2009-08-18 14:23 -------- d-----w- c:\program files\Drakensang
2009-08-18 14:04 . 2009-08-18 14:07 -------- d-----w- c:\program files\Bungee Jumping
2009-08-17 01:04 . 2009-08-17 01:04 -------- d-----w- c:\program files\Aspyr
2009-08-11 18:55 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 18:55 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 18:55 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 18:55 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 18:55 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 18:55 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 18:55 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 18:55 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-07 22:27 . 2009-08-07 22:35 -------- d-----w- c:\users\Spyke\AppData\Roaming\NationRed
2009-08-07 22:21 . 2009-08-07 22:27 -------- d-----w- c:\program files\Nation Red
2009-08-06 11:29 . 2009-08-06 11:29 -------- d-----w- c:\program files\PacSteamT
2009-08-06 11:23 . 2009-08-06 11:52 -------- d-----w- c:\program files\Common Files\Steam
2009-08-06 11:23 . 2009-08-31 22:37 -------- d-----w- c:\program files\Steam
2009-08-06 10:50 . 2009-08-06 12:23 -------- d-----w- c:\program files\TF2
2009-08-05 20:36 . 2009-06-25 14:36 1291640 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-08-05 20:36 . 2009-06-25 14:36 729088 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-08-05 19:25 . 2009-08-19 03:10 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-05 19:25 . 2009-08-19 03:09 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-05 19:25 . 2009-08-19 03:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-05 16:52 . 2009-08-05 16:52 -------- d-----w- c:\users\Spyke\AppData\Local\PunkBuster
2009-08-05 13:07 . 2009-08-19 03:10 139152 ----a-w- c:\users\Spyke\AppData\Roaming\PnkBstrK.sys
2009-08-05 13:00 . 2009-08-05 13:00 -------- d-----w- c:\program files\EA Games
2009-08-05 01:12 . 2009-08-05 01:12 -------- d-----w- c:\program files\City Interactive
2009-08-05 00:38 . 2009-08-05 00:38 -------- d-----w- c:\program files\Team6 game studios
2009-08-04 11:57 . 2009-08-04 11:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-04 11:43 . 2009-08-04 11:43 -------- d-----w- c:\program files\505games
2009-08-03 12:26 . 2009-08-03 12:26 -------- d-----w- c:\program files\Battlefront
2009-08-03 12:18 . 2009-08-03 12:18 -------- d-----w- c:\program files\Break For Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 22:34 . 2009-04-14 18:20 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-31 22:18 . 2009-05-18 15:10 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-08-31 20:31 . 2009-04-14 16:08 -------- d-----w- c:\program files\Digsby
2009-08-29 12:34 . 2009-04-14 16:21 -------- d-----w- c:\program files\Java
2009-08-24 17:01 . 2009-04-14 16:15 -------- d-----w- c:\program files\Fraps
2009-08-24 16:35 . 2007-01-08 21:15 610548 ----a-w- c:\windows\system32\perfh005.dat
2009-08-24 16:35 . 2007-01-08 21:15 120950 ----a-w- c:\windows\system32\perfc005.dat
2009-08-24 14:48 . 2009-04-15 21:05 -------- d-----w- c:\program files\Ubisoft
2009-08-24 14:48 . 2009-04-14 13:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-19 03:07 . 2009-05-02 20:35 -------- d-----w- c:\program files\Activision
2009-08-18 17:28 . 2009-04-20 14:31 -------- d-----w- c:\program files\WB Games
2009-08-18 14:06 . 2009-04-14 13:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-16 18:59 . 2009-04-14 13:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-12 23:32 . 2009-04-14 16:08 -------- d-----w- c:\users\Spyke\AppData\Roaming\Digsby
2009-08-12 00:07 . 2009-04-14 13:50 -------- d-----w- c:\programdata\Microsoft Help
2009-08-12 00:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-07 22:27 . 2009-04-14 13:35 -------- d-----w- c:\program files\OpenAL
2009-08-06 01:14 . 2009-04-15 17:36 -------- d-----w- c:\program files\Codemasters
2009-08-06 01:11 . 2009-04-15 17:57 -------- d-----w- c:\programdata\Codemasters
2009-08-05 10:30 . 2009-04-14 12:30 140752 ----a-w- c:\users\Spyke\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-03 12:14 . 2009-04-20 15:40 -------- d-----w- c:\program files\Paradox Interactive
2009-08-03 11:35 . 2009-07-03 20:06 -------- d-----w- c:\program files\Rainmeter
2009-08-03 11:35 . 2009-07-17 14:47 -------- d-----w- c:\program files\LaunchTab
2009-08-03 11:35 . 2009-07-17 14:32 -------- d-----w- c:\program files\CD Art Display
2009-08-01 09:00 . 2009-04-15 12:45 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 00:45 . 2009-04-20 16:27 -------- d-----w- c:\users\Spyke\AppData\Roaming\Grand Ages Rome
2009-07-25 12:52 . 2009-07-25 12:52 -------- d-----w- c:\programdata\BC
2009-07-25 12:42 . 2009-07-25 12:42 -------- d-----w- c:\program files\GFI
2009-07-25 12:28 . 2009-07-02 09:37 -------- d-----w- c:\program files\CAPCOM
2009-07-25 03:23 . 2009-04-14 16:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 23:05 . 2009-07-24 22:04 -------- d-----w- c:\programdata\FarmFrenzy3
2009-07-24 22:04 . 2009-07-24 22:04 -------- d-----w- c:\program files\Farm Frenzy 3
2009-07-23 20:16 . 2009-04-14 16:17 -------- d-----w- c:\program files\Garena
2009-07-22 18:31 . 2009-07-22 17:24 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate
2009-07-22 18:20 . 2009-07-22 18:20 -------- d-----w- c:\users\Spyke\AppData\Roaming\proDAD
2009-07-22 18:20 . 2009-07-22 18:20 -------- d-----w- c:\program files\proDAD
2009-07-22 18:20 . 2009-07-22 18:20 -------- d-----w- c:\program files\LooksBuilderSE
2009-07-22 18:19 . 2009-07-22 18:18 -------- d-----w- c:\program files\Boris FX, Inc
2009-07-22 18:18 . 2009-07-22 17:19 -------- d-----w- c:\program files\Pinnacle
2009-07-22 17:40 . 2009-07-22 17:40 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-07-22 17:25 . 2009-07-22 17:25 29926 ----a-r- c:\users\Spyke\AppData\Roaming\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2009-07-22 17:25 . 2009-07-22 17:25 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-07-22 17:19 . 2009-07-22 17:19 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-07-22 17:19 . 2009-07-22 17:07 -------- d-----w- c:\programdata\Pinnacle
2009-07-22 17:19 . 2009-07-22 17:19 -------- d-----w- c:\programdata\Studio 12
2009-07-22 17:19 . 2009-07-22 17:19 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2009-07-21 21:52 . 2009-07-29 10:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 10:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 10:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 10:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 17:01 . 2009-07-21 17:01 -------- d-----w- c:\programdata\Awem
2009-07-20 14:37 . 2009-07-20 14:37 -------- d-----w- c:\users\Spyke\AppData\Roaming\YoudaGames
2009-07-20 14:23 . 2009-07-20 14:23 -------- d-----w- c:\users\Spyke\AppData\Roaming\Balloon Express
2009-07-17 15:49 . 2009-04-15 07:57 -------- d-----w- c:\users\Spyke\AppData\Roaming\AIMP
2009-07-17 15:26 . 2009-07-17 14:44 -------- d-----w- c:\users\Spyke\AppData\Roaming\AveDesk
2009-07-17 14:29 . 2009-07-17 14:29 -------- d-----w- c:\users\Spyke\AppData\Roaming\CD Art Display
2009-07-16 16:46 . 2009-07-16 16:33 -------- d-----w- c:\program files\Fotolab
2009-07-16 16:37 . 2009-07-16 16:37 -------- d-----w- c:\programdata\hps
2009-07-14 15:17 . 2009-07-14 15:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 15:17 . 2009-07-14 15:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-14 00:16 . 2009-07-07 21:31 -------- d-----w- c:\program files\Warcraft III
2009-07-11 23:44 . 2009-07-11 23:44 -------- d-----w- c:\program files\RedLynx
2009-07-09 01:14 . 2009-07-09 01:14 -------- d-----w- c:\programdata\ConeXware
2009-07-07 23:22 . 2009-07-07 23:03 104439 ----a-w- c:\windows\War3Unin.dat
2009-07-07 23:10 . 2009-07-07 23:03 2829 ----a-w- c:\windows\War3Unin.pif
2009-07-07 23:10 . 2009-07-07 23:03 139264 ----a-w- c:\windows\War3Unin.exe
2009-07-07 15:14 . 2009-07-07 15:14 -------- d-----w- c:\program files\TeamViewer
2009-07-07 15:13 . 2009-07-07 15:12 -------- d-----w- c:\users\Spyke\AppData\Roaming\TeamViewer
2009-07-07 15:12 . 2009-07-07 15:12 -------- d-----w- c:\program files\QS
2009-07-07 13:49 . 2009-07-07 13:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-07 13:49 . 2009-07-07 13:48 -------- d-----w- c:\users\Spyke\AppData\Roaming\PC Suite
2009-07-07 13:49 . 2009-07-07 13:48 -------- d-----w- c:\users\Spyke\AppData\Roaming\Nokia
2009-07-07 13:49 . 2009-07-07 13:48 -------- d-----w- c:\programdata\PC Suite
2009-07-07 13:48 . 2009-07-07 13:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-07-07 13:48 . 2009-07-07 13:47 -------- d-----w- c:\program files\DIFX
2009-07-07 13:47 . 2009-07-07 13:47 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-07 13:47 . 2009-07-07 13:47 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-07 13:47 . 2009-07-07 13:45 -------- d-----w- c:\program files\Nokia
2009-07-07 13:47 . 2009-07-07 13:46 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-07 13:44 . 2009-07-07 13:44 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-07 13:44 . 2009-07-07 13:44 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-07 13:44 . 2009-07-07 13:44 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-07 13:44 . 2009-07-07 13:44 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-07 13:44 . 2009-07-07 13:44 -------- d-----w- c:\programdata\Installations
2009-07-07 13:44 . 2009-07-07 13:44 33921368 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_cze_web.exe
2009-07-06 20:44 . 2009-07-07 20:22 103424 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-06 20:44 . 2009-07-07 20:22 937984 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-06 20:44 . 2009-07-07 20:22 65536 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-06 20:44 . 2009-07-07 20:22 4722688 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-06 20:44 . 2009-07-07 20:22 344064 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-06 20:44 . 2009-07-07 20:22 106496 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-05 23:20 . 2009-07-05 23:19 -------- d-----w- c:\program files\Trine
2009-07-05 21:25 . 2009-07-05 21:25 -------- d-----w- c:\users\Spyke\AppData\Roaming\Ubisoft
2009-07-05 21:23 . 2009-04-26 20:00 -------- d-----w- c:\programdata\Tages
2009-07-05 21:21 . 2009-04-26 19:39 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-05 21:21 . 2009-04-26 19:39 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-30 17:19 . 2009-07-01 17:11 106496 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Plugins\npcoolirisplugin.dll
2009-06-30 17:19 . 2009-07-01 17:11 65536 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
2009-06-30 17:19 . 2009-07-01 17:11 4734976 ----a-w- c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll
2009-06-15 15:24 . 2009-07-15 14:59 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-05-08 23:51 . 2009-05-08 09:07 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-05-08 23:51 . 2009-05-08 09:07 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-08-31_21.56.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-14 13:11 . 2009-08-31 21:44 41968 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-14 13:11 . 2009-08-31 22:38 41968 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-08-31 22:38 85396 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:00 . 2009-09-01 00:22 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-08-31 21:46 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-09-01 00:22 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-08-31 21:46 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-08-31 21:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:00 . 2009-09-01 00:22 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-14 12:31 . 2009-08-31 22:38 7924 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1441424256-2553929416-2813665706-1000_UserData.bin
- 2009-04-14 12:31 . 2009-08-31 21:44 7924 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1441424256-2553929416-2813665706-1000_UserData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-05-23 2170880]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Steam"="c:\program files\steam\steam.exe" [2009-08-06 1217784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-17 6793760]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT HPW"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-07-14 81920]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-22 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-22 92704]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"TrayFactory"="c:\program files\PS Tray Factory\PSTrayFactory.EXE" [2006-01-18 299169]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-03-05 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\CTXFIHLP.EXE [2007-03-05 19968]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TrayFactory"="c:\program files\PS Tray Factory\PSTrayFactory.exe" [2006-01-18 299169]

c:\users\Spyke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2009-4-14 50848]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-14 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1441424256-2553929416-2813665706-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{61DF4A35-C812-4D8E-9FBC-024583E4E303}"= UDP:c:\windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"{713DB524-8409-495A-BF04-930ED7D53E25}"= TCP:c:\windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"{851931CB-3E25-4648-AF94-B4D9FD90E7A7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{22F9E86B-39CA-4D53-8F75-3A4288E17F4C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CD37B274-4116-4224-80A0-BC49518D86EF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{257522F2-4739-4797-B29F-41D7A1E8BE3D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{67C67347-2BC7-4B26-9448-2A9960FDAECA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0C13E855-59B4-4EFD-A519-353786379EF5}"= c:\program files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:CyberLink PowerDVD 9.0
"{79D56DB8-DF47-401F-ADDA-DF9064B5E1CE}"= c:\program files\CyberLink\PowerDVD9\PowerDVD9.EXE:CyberLink PowerDVD 9.0
"{5EB89A4C-03EB-48B6-986F-A261472997AD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BE256B8D-7C01-483C-9F04-F32CBFA8880A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6EF7D186-52EF-4377-A6D9-A3AEF4ACD8BA}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{EF681A09-A750-408B-8954-A0DD22F44BBF}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{82A76CE3-9D82-428E-A124-596DF2592A53}"= UDP:c:\program files\Paradox Interactive\Elven Legacy\ElvenLegacy.exe:Elven Legacy
"{598118F9-7F7B-44C8-B856-7F059EBC1A39}"= TCP:c:\program files\Paradox Interactive\Elven Legacy\ElvenLegacy.exe:Elven Legacy
"{9A0B38DA-9C8D-41B0-A972-64E0BD886013}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{9C0C987F-4DB9-404E-AA50-45698A199BE4}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{F6A4AEB0-3652-4FFB-AF22-753794B02FD4}"= UDP:c:\program files\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe:X-Men Origins - Wolverine
"{C27D4590-BABC-4465-BE5C-A8DF2B82ED2A}"= TCP:c:\program files\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe:X-Men Origins - Wolverine
"{ED3F64E6-B863-4CFE-AAE1-4FC3131C4BFE}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{388229EA-01F6-45C6-9E30-6DA04CB9CF9F}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{E83DB089-EC04-4662-B64D-440E3EC17927}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{174B1E37-B6BA-4AA0-8067-12039664FE4B}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{357396BC-7F33-4FEF-8149-86FDFC6DD630}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{80945573-A6B5-467E-87E7-A69D0C15EA4C}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{EF4ED491-00C8-4E50-A5CE-367C018FEF21}"= UDP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{ECF2ABA2-8CEE-4515-851A-63471414559C}"= TCP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{EE012F99-09DB-448F-BCA6-EEBAA70A9012}"= UDP:c:\program files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{124550E7-3549-4F50-8CB1-A9321D4366A1}"= TCP:c:\program files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{59616A17-DEFF-4577-80A1-E3BBC0E46086}"= UDP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{E2CA0208-170C-4A5F-A86F-98E639CFF1EC}"= TCP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{5E9274A3-CFC5-4248-B7C2-1EC21BAC09D5}"= UDP:c:\program files\Codemasters\FUEL\FUEL.exe:FUEL
"{C684DCC2-8B8C-4B36-B3A9-55C3A55716C2}"= TCP:c:\program files\Codemasters\FUEL\FUEL.exe:FUEL
"{B376C6A7-9E69-4DCF-AFC0-552938C3EB86}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{CE7AC010-DED0-4EDB-9581-95099CD0A7DD}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{1D999984-0C68-4AFC-9DB5-D477BE4CA478}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{2C199814-5134-4B0B-8CF3-D5B1F2CEBD5F}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{02E027CA-D9B9-47CF-B465-4ABAA676D910}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{67FD536E-AC48-4C0A-85B6-B3C20D9E5820}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{B62D2613-F81C-4BF6-8F27-84F60E7F820B}"= UDP:c:\program files\CAPCOM\Bionic Commando\bionic_commando.exe:Bionic Commando
"{12CB028B-88F4-48B4-8334-21ACF719C1F6}"= TCP:c:\program files\CAPCOM\Bionic Commando\bionic_commando.exe:Bionic Commando
"{6B854842-A4E5-40C1-8DE3-FE14F4943E72}"= UDP:c:\program files\CAPCOM\Bionic Commando\Support\CAP1-0101.exe:Bionic Commando
"{26D9A17F-3F11-4245-8BDA-C756AC814E0C}"= TCP:c:\program files\CAPCOM\Bionic Commando\Support\CAP1-0101.exe:Bionic Commando
"{1E7071DC-7F94-435D-A1D1-42BDB78EB399}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3DD3E165-1AAB-49BA-A930-7477CA294D8A}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{BCF1C92B-E920-4B3F-93D0-C2155AB02693}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8BF755AB-8EF5-4BED-B1B5-B29B48410DF5}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D144BFE3-F1DF-4905-B4B6-541B0551EBF7}"= UDP:c:\program files\Activision\Wolfenstein\MP\Wolf2MP.exe:Wolfenstein(TM)
"{EFC1EB29-8753-4E00-91EA-ED1FD3E3D509}"= TCP:c:\program files\Activision\Wolfenstein\MP\Wolf2MP.exe:Wolfenstein(TM)
"{2DC12E4C-F8B1-44C8-92A9-5BD6426E9612}"= UDP:c:\program files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:Wolfenstein(TM)
"{D6A4DBE2-185E-40F9-83E2-39695FDC441F}"= TCP:c:\program files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:Wolfenstein(TM)
"{2C3631F9-1CBE-40F6-B1DF-79223A576463}"= UDP:c:\program files\Activision\Wolfenstein Lite Server\Wolf2MPLite.exe:Wolfenstein(TM) Lite Server
"{FDB90512-3B9D-4259-8F6A-8635C71D40D1}"= TCP:c:\program files\Activision\Wolfenstein Lite Server\Wolf2MPLite.exe:Wolfenstein(TM) Lite Server
"{7C6E124D-ED49-4468-9BD9-8CBF9BCB7ABE}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{6156E3FC-5B90-413B-B8DB-7D08284FC10E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{2A6D8D02-0BD9-4C44-8216-5AD0968CDAFF}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{7744244D-ABD1-4561-AD8F-29BDF2DECF42}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{1483F1FE-DA6F-43B2-AB50-D496646785F6}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{B56B0BB0-0165-4459-9489-334BB1B63DE3}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdate.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdateEx.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [27.10.2008 18:03 759072]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9.4.2009 15:19 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [9.4.2009 15:21 38240]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [16.6.2009 10:48 185640]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [14.4.2009 20:12 603904]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
S3 btnetBUs;IVT Bluetooth Bus Service for BtNic;c:\windows\System32\drivers\btnetBus.sys [22.10.2008 12:35 29832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'

2009-09-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-08-31 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]

2009-08-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
.
.
------- Doplňkový sken -------
.
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {97CAF143-D751-4C0A-B218-61E77A662D28} = 81.25.16.250,81.25.28.250
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.21.0.cab
FF - ProfilePath - c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz
FF - component: c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Spyke\AppData\Roaming\Mozilla\Firefox\Profiles\skx5j6tu.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\Spyke\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 02:32
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

( [0] 0x8B302474
( [0] 0xD3892C24
skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1441424256-2553929416-2813665706-1000\Software\SecuROM\License information*]
"datasecu"=hex:e0,f0,93,45,46,eb,e0,e5,69,d7,d1,1c,71,21,1c,e4,fd,ec,7b,d4,d7,
46,e0,35,0b,ad,1c,bd,ba,99,0d,4a,68,00,67,e1,b8,04,34,20,b3,b3,0f,33,ec,00,\
"rkeysecu"=hex:4a,64,69,4c,fb,55,c2,f9,09,2a,85,2a,49,34,51,53

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="B04394C450FAEBFC444EDA1284974E0AE1F8E0DBE5CF43449EE391E11EF3EF68B0A21BFE13ED491F1FA8930A43B0A9A43FC40FCDE945C2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808A2D97226D213B5559DAE55F70AFA422DB7C3B67C6D43296D0DB8613AF11F8C5D6F013182F8D6305A4665C8DD1051CF73B40C1394D8BB1E56D5C04B7F92026108081A242D26981A76C36870D7519436CF8BF7E2A7D0145934E19DDD4A28F4332F541CD0536EE0E5859A5025F5BAA27D4CB8B4C1030BCFF3E0C3B2944550C14A9923BC321D78DD2ED9EEC7867D1A2C2FEA5D848FAA204408A836F430500C82F280E4C70CE74E0E0FBC0E8EF4E92437DA1DBABA6E540A1EB6CB946CB4004127FD1230996143DD472CE664F69867EF1F934DBABDC56A2CDAA3016138E91B3973416FBFA5FC747BB3A98887E95BD6778FEED6E78B408CC94D757040085C9DA18014AF6F716BF25B4F32C32D61E94E9C8B8788F3B44E8C0B9C58B6FAA2DBB50CB8D2DD43987D6C9869F331306C379821687D2830DBA1EF7CC37BE4FCDFFCC86CDBDEF45F48C8C132289E5A0FAF79B1AC4FF06C97BBB2F18E911301D82E176D1EFE9C698F422685898469BFECE02BCCCABF0C03449E3C8216A75784C20E476EDC88F5A0C0DDB202664B0D5311CC0ACDEA0A750AF465BC424AFD03D91495EDCC4B3555F48405CFB3729BC77B6651184E60545F969084F789C8DED4E3C9ECAD3B6E93AC341136A2C93BECDA147BE29B1C63987AB09C847460116912F783526FA12E89F09F4004942AB4858CEC03889F390E24FCD346817E07080F825D0795601BDACC9A6D1013526CB483A54854DB71DADF1A2470DCAA24F07799F0D3BC1EEE7724E8A4492220CDDDF457F55DEA0F236A3D6E2BE9544539C288A02D0A33E351BA1FBF92CFBC77BAFE94454BD564630A066C6B579944A955574F948BA519757D1A46046793C9FB930316E77ED205B042FE9A306E4A6A4452BDBCB7E1404572B005F53DAA9AD6A314D3DEA968E6326229D9D42DBBBC24154FB82CA10E66AE8FEA97EF476CDD17F93F0E3ACC669778F7E05110288CA4F5AFB13D583B6E1974197127D9D139CBDD1CD801D6665A6184844ED224BBB32A893D9D78E045674ED46A4A3A3E61A9C7273CEA3347DD2AB3AB2E1EFEC9D4096AA8F90146CC515F6DB7F3420D08CC52A690A1425A00703E6FE331BCACA336E672C43688BA8247C35424BC6B0F89C0D3325BA5EF65DC3005EDC75DDB64B373AAC8EF56291C4F6182D4475D18E3F93C4CA96EB749741D80F078969572636179B8E464519965E22E90B2F102DFE1EF93E03ED2D7E65A611AF6CFB250BB1CF7047633FCB5D344D1106427996EA096EA6E3A9537"

[HKEY_LOCAL_MACHINE\SOFTWARE\Portrait Displays\DisplayTune\PLUG_AP\APPS\{15733AD1-1CEF-459A-9245-0924FC63BDD5}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\5&2665eb8b&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(5280)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\PS Tray Factory\HKDll.dll
c:\program files\Portrait Displays\Pivot Software\winphook.dll
.
Celkový čas: 2009-09-01 2:34
ComboFix-quarantined-files.txt 2009-09-01 00:34
ComboFix2.txt 2009-08-31 22:32
ComboFix3.txt 2009-08-31 21:58

Před spuštěním: Volných bajtů: 14 620 028 928
Po spuštění: Volných bajtů: 17 980 133 376

418 --- E O F --- 2009-08-29 00:59



Pokud je to vše, tak Vám patří můj velký dík. Sice nevím, jak to děláte, ale děláte to dobře..

Pc zatím běží normálně, ale nerad bych to zakřiknul. Topic tedy nechám ještě otevřen, a pokud se nic neobjeví, zítra ho označím za vyřešený. Ještě jednou děkuji

[Damned]

Jasně, napiš.

[Spyke]

Zdá se být vše v pořádku, počítač zase jede jak má. Mnohokrát děkuji..