PC-HELP.CZ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:11, on 29.5.2009
Platform: Windows Vista (WinNT 6.00.1904)
Dobrý den, procesor mi stále jede kolem 50-60% a nevím si s tím rady.

MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\FixCamera.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NetBeans 6.1\bin\netbeans.exe
C:\Program Files\NetBeans 6.1\platform8\lib\nbexec.exe
C:\Program Files\NetBeans 6.1\platform8\lib\nbexec.exe
C:\Program Files\Java\jdk1.6.0_10\jre\bin\java.exe
C:\Windows\explorer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\SpeedFan\speedfan.exe
D:\3\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [recinfo166] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [recinfo] RecInfo.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RestartNeroSetup] "C:\Users\Hanz\AppData\Local\Temp\Nero Web\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 7" RUNSETUPXU="1" UPGRADE="1"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Launch] C:\Users\Hanz\AppData\Local\Temp\Rar$EX00.054\Setup.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 9954 bytes

Odinstaluj:

Dealio Toolbar
AVG Security Toolbar
Search Settings
RecInfo

Vypni si Body obnovení a odinstaluj to.
Restartuj a dej sem nový log z HJT

Dealio Toolbar a Search Settings se mi podařilo odinstalovat, ale avg toolbar jsem na disku nenašel a ani to rec info, tak nevim...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:38, on 29.5.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\FixCamera.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\3\hijackthis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [recinfo166] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [recinfo] RecInfo.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RestartNeroSetup] "C:\Users\Hanz\AppData\Local\Temp\Nero Web\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 7" RUNSETUPXU="1" UPGRADE="1"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Launch] C:\Users\Hanz\AppData\Local\Temp\Rar$EX00.054\Setup.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 8991 bytes

Spusť si HJT a fixni (zatrhnout čtvereček před hodnotou a zmáčknout "Fix checked") :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [recinfo] RecInfo.exe
O4 - HKLM\..\Run: [RestartNeroSetup] "C:\Users\Hanz\AppData\Local\Temp\Nero Web\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 7" RUNSETUPXU="1" UPGRADE="1"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime

Potom si stáhni Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

V HJT jsem vše provedl dle instrukcí a výsledek testu je zde:
Malwarebytes' Anti-Malware 1.37
Verze databáze: 2194
Windows 6.0.6000

30.5.2009 1:08:48
mbam-log-2009-05-30 (01-08-48).txt

Typ skenu: Rychlý sken
Objektu skenováno: 76354
Uplynulý cas: 7 minute(s), 10 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

ComboFix 09-05-29.01 - Hanz 30.05.2009 11:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2038.1007 [GMT 2:00]
Spuštěný z: d:\3\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-28 do 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-30 09:25 . 2009-05-30 09:26 -------- d-----w c:\users\Hanz\AppData\Local\temp
2009-05-29 23:00 . 2009-05-29 23:00 -------- d-----w c:\users\Hanz\AppData\Roaming\Malwarebytes
2009-05-29 23:00 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-29 23:00 . 2009-05-29 23:00 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-29 23:00 . 2009-05-29 23:00 -------- d-----w c:\programdata\Malwarebytes
2009-05-29 23:00 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-28 18:00 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF3CB064-CCA2-42DC-82A2-A814D0D340FE}\mpengine.dll
2009-05-27 18:40 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-27 18:40 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-27 18:39 . 2009-05-27 18:39 -------- d-----w c:\program files\iPod
2009-05-27 18:38 . 2009-05-27 18:40 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-27 18:38 . 2009-05-27 18:40 -------- d-----w c:\program files\iTunes
2009-05-27 18:38 . 2009-05-27 18:38 -------- d-----w c:\program files\Bonjour
2009-05-27 18:31 . 2009-05-27 18:31 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-24 08:54 . 2009-05-24 08:54 -------- d-----w c:\users\Hanz\AppData\Roaming\QIP
2009-05-24 08:54 . 2009-05-24 08:54 -------- d-----w c:\program files\QIP Infium
2009-05-23 18:12 . 2009-05-23 18:13 -------- d-----w c:\users\Hanz\avidemux
2009-05-23 18:03 . 2009-05-23 18:03 -------- d-----w c:\program files\Free Video Cutter
2009-05-23 17:35 . 2009-05-23 17:35 -------- d-----w c:\program files\SpeedFan
2009-05-23 13:14 . 2009-05-23 13:14 -------- d-----w c:\program files\RADVideo
2009-05-21 07:11 . 2008-07-02 00:43 233472 ----a-w c:\windows\system32\TubeFinder.exe
2009-05-21 07:11 . 2008-06-04 16:42 9728 ----a-w c:\windows\system32\PCCLPFR.DLL
2009-05-21 07:11 . 2008-06-04 16:42 119568 ----a-w c:\windows\system32\VB6FR.DLL
2009-05-21 07:11 . 2008-06-04 16:42 101888 ----a-w c:\windows\system32\VB6STKIT.DLL
2009-05-21 07:11 . 2009-05-21 07:11 -------- d-----w c:\program files\Free FLV Converter
2009-05-21 07:11 . 2008-06-04 16:42 32768 ----a-w c:\windows\system32\CMDLGFR.DLL
2009-05-21 07:11 . 2008-06-04 16:42 141312 ----a-w c:\windows\system32\MSCMCFR.DLL
2009-05-21 07:06 . 2009-05-21 07:06 39424 ----a-w c:\windows\zipinst.exe
2009-05-21 07:06 . 2009-05-21 07:06 -------- d-----w c:\program files\VideoCacheView
2009-05-21 06:58 . 2009-05-21 06:58 -------- d-----w c:\users\Hanz\AppData\Roaming\HighAndes
2009-05-21 06:58 . 2009-05-21 06:58 -------- d-----w c:\users\Hanz\AppData\Local\HighAndes
2009-05-21 06:58 . 2009-05-21 06:58 -------- d-----w c:\programdata\HighAndes
2009-05-21 06:52 . 2009-05-21 06:52 -------- d-----w c:\program files\HighAndes
2009-05-10 20:35 . 2009-05-10 20:35 -------- d-----w c:\users\Public\aplet
2009-05-10 20:33 . 2009-05-10 20:33 -------- d-----w c:\users\Hanz\AppData\Local\GHISLER
2009-05-10 19:59 . 2009-05-10 20:03 -------- d-----w c:\users\Hanz\AppData\Roaming\GHISLER
2009-05-10 19:59 . 2009-05-10 20:00 -------- d-----w C:\totalcmd
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\UC.PIF
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\RAR.PIF
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\PKZIP.PIF
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\PKUNZIP.PIF
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\NOCLOSE.PIF
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\LHA.PIF
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\ARJ.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 14:11 . 2007-10-09 09:06 81404 ----a-w c:\windows\system32\perfc005.dat
2009-05-29 14:11 . 2007-10-09 09:06 473598 ----a-w c:\windows\system32\perfh005.dat
2009-05-29 11:02 . 2009-03-30 17:07 -------- d-----w c:\programdata\NCH Software
2009-05-29 11:02 . 2009-03-30 17:06 -------- d-----w c:\program files\NCH Software
2009-05-27 18:39 . 2009-01-04 21:02 -------- d-----w c:\program files\Common Files\Apple
2009-05-27 18:38 . 2008-09-04 17:51 -------- d-----w c:\programdata\Apple Computer
2009-05-23 18:24 . 2008-12-11 11:43 -------- d-----w c:\users\Hanz\AppData\Roaming\gtk-2.0
2009-05-19 13:30 . 2009-02-06 08:55 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-19 13:30 . 2008-07-21 15:23 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-19 13:30 . 2008-07-21 15:23 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-15 11:37 . 2008-09-08 18:15 -------- d-----w c:\users\Hanz\AppData\Roaming\Skype
2009-05-15 06:18 . 2008-09-08 18:16 -------- d-----w c:\users\Hanz\AppData\Roaming\skypePM
2009-05-14 19:57 . 2008-10-05 11:07 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-14 01:01 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-01 18:21 . 2008-01-11 01:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-27 17:39 . 2009-04-27 17:39 -------- d-----w c:\program files\Activision
2009-04-27 15:50 . 2009-04-27 15:48 -------- d-----w c:\users\Hanz\AppData\Roaming\SecondLife
2009-04-27 15:48 . 2009-04-27 15:47 -------- d-----w c:\program files\SecondLife
2009-04-22 16:00 . 2009-04-22 16:00 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-04-22 16:00 . 2009-04-22 16:00 -------- d-----w c:\program files\Autodesk
2009-04-22 13:07 . 2009-04-22 13:07 -------- d-----w c:\program files\Zoner
2009-04-22 13:06 . 2009-04-22 13:06 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-21 17:43 . 2009-04-11 10:46 -------- d-----w c:\program files\ISO Commander
2009-04-12 14:28 . 2009-04-12 14:28 -------- d-----w c:\program files\TUGZip
2009-04-11 12:43 . 2009-04-11 12:43 69 ----a-w c:\windows\system32\3gpvideoconverterb.dat
2009-04-11 12:43 . 2009-04-11 12:43 69 ----a-w c:\windows\system32\3gpvideoconvertera.dat
2009-04-11 11:17 . 2008-07-19 10:21 -------- d-----w c:\program files\Common Files\Ahead
2009-04-11 09:40 . 2009-04-11 09:39 -------- d-----w c:\program files\vLite
2009-04-07 06:17 . 2009-03-23 20:54 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:16 . 2009-04-15 05:52 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-15 05:51 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:22 . 2009-04-15 05:52 3471328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:22 . 2009-04-15 05:52 3505120 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:20 . 2009-04-15 05:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-15 05:52 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-15 05:52 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:17 . 2009-04-15 05:52 550400 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:16 . 2009-04-15 05:51 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-15 05:52 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-15 05:52 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-15 05:52 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-15 05:51 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-15 05:51 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-15 05:52 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-15 05:51 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-15 05:51 48128 ----a-w c:\windows\system32\mshtmler.dll
2006-01-23 09:32 . 2006-01-23 09:32 131072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 13:40 . 2006-06-07 13:40 132848 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-11-04 01:23 . 2007-11-04 00:40 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-24 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-19 1947928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-14 148888]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4727F356-345A-4581-800F-39C8046EC39B}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{5495D5F9-0F6B-4CFC-A492-3ECB9B09E8E4}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{0ED9E506-C238-4D54-89DD-36EEA35C10F5}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{C1986EB2-F5BD-4773-A114-E0C722316881}c:\\program files\\g3torrent\\g3torrent.exe"= UDP:c:\program files\g3torrent\g3torrent.exe:g3torrent
"UDP Query User{BCC453E3-E196-4A76-8438-9F5ECCADFD75}c:\\program files\\g3torrent\\g3torrent.exe"= TCP:c:\program files\g3torrent\g3torrent.exe:g3torrent
"TCP Query User{FD092298-AE59-41AC-B3E1-99FD9716CE34}c:\\counter strike\\hl.exe"= UDP:c:\counter strike\hl.exe:Half-Life Launcher
"UDP Query User{9EAF705D-0E37-4C3D-9DDF-D326569A1890}c:\\counter strike\\hl.exe"= TCP:c:\counter strike\hl.exe:Half-Life Launcher
"TCP Query User{41A2245E-DFE3-4F3F-BDC7-F744D4C0CA78}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{A752ABFD-BAB7-40DA-A3C6-DC05EBB6D433}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{69B6269A-326B-4104-AF04-235D1A5C5701}c:\\program files\\flatout2\\flatout2.exe"= UDP:c:\program files\flatout2\flatout2.exe:FlatOut2
"UDP Query User{C3B8A82C-0500-401D-A7D1-A2B6D9A74E1B}c:\\program files\\flatout2\\flatout2.exe"= TCP:c:\program files\flatout2\flatout2.exe:FlatOut2
"{6795BC60-AAE4-4858-95DE-028C7AED8C23}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E7F347A6-D8B7-4F17-B3D8-C9DC60916E81}c:\\users\\hanz\\desktop\\bulánci\\bulanci.exe"= UDP:c:\users\hanz\desktop\bulánci\bulanci.exe:bulanci.exe
"UDP Query User{F8052C76-C5CB-40C3-B928-DFAE393EA95F}c:\\users\\hanz\\desktop\\bulánci\\bulanci.exe"= TCP:c:\users\hanz\desktop\bulánci\bulanci.exe:bulanci.exe
"TCP Query User{BB8EA972-25B7-46C5-BFE4-D3FF11FCA757}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{7E8CF16F-F396-4379-BC25-DA3F9B90117A}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{261EF938-8D8A-45E1-B376-B401A1C737A9}c:\\program files\\java\\jdk1.6.0_10\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_10\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{B31AD8B3-5F49-4AA8-8DA2-15B03EE9F774}c:\\program files\\java\\jdk1.6.0_10\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_10\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{B559ECBE-C485-4006-8711-B5381BFBB03A}c:\\program files\\java\\jdk1.6.0_10\\jre\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_10\jre\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{ED982229-E28E-453B-8AD6-3710DD8532DF}c:\\program files\\java\\jdk1.6.0_10\\jre\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_10\jre\bin\java.exe:Java(TM) Platform SE binary
"{6D39843B-AD8B-4549-98B1-EEA02EEB1E2C}"= TCP:1234:Televize
"TCP Query User{336EBF4D-7806-4838-84FB-0642AD965B1B}c:\\age of empires\\age2_x1.exe"= UDP:c:\age of empires\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{B78EFADA-6A89-44C3-817C-5DB6A88F28F4}c:\\age of empires\\age2_x1.exe"= TCP:c:\age of empires\age2_x1.exe:Age of Empires II Expansion
"{3BE73CD0-B4A7-4DB8-BDF8-ACA5F75989BD}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{EFDD3062-48A3-46E6-98AF-8DD082F39EC3}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{809D6DCD-5B38-406B-BFCC-A6F17913C9C5}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D1A1C158-AA78-4715-8A85-2B6F8144856D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{B4F4E99C-A97B-460C-B8DC-A167896FF424}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{60D7BCF1-E1EC-46C7-82AD-63E786A74514}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"TCP Query User{32FF5335-47EF-4A14-837E-AA81CB3EB7E1}c:\\users\\hanz\\desktop\\bulánci\\bulanci.exe"= UDP:c:\users\hanz\desktop\bulánci\bulanci.exe:bulanci.exe
"UDP Query User{73CEA23D-2E14-46D1-9DAB-C5EE6AB31B78}c:\\users\\hanz\\desktop\\bulánci\\bulanci.exe"= TCP:c:\users\hanz\desktop\bulánci\bulanci.exe:bulanci.exe
"TCP Query User{30C18E95-638F-42E0-9B5E-354374E78465}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= UDP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"UDP Query User{1635CA92-E1BD-491C-8066-E685C7DAF4BB}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= TCP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"TCP Query User{2D4E04DA-E5F0-4C5F-ABD2-4BAE39A45EFF}c:\\program files\\java\\jdk1.6.0_10\\jre\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_10\jre\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{FDBEFCEA-5A5D-4498-99B2-BC79BED913FC}c:\\program files\\java\\jdk1.6.0_10\\jre\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_10\jre\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{E3630BF9-145E-4BCA-9230-C9F0BE42E2F6}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{7C5919AD-AFD3-4C59-9058-75BE7FFEBE70}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2
"{57D1C806-173F-4031-B866-6E81077A8D1D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BB08E934-7FBD-4072-AB7D-08843BCC8D49}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0F7EAA4B-FDE8-4E61-AC22-979AB7771362}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EEAB2EC0-22F7-4DC3-8AEC-D9C7612790E0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E2F36AA4-BA9A-4DF5-8180-F5E5B787F7C7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{01A7B7CD-0834-473A-A928-D8B6EBCCECE1}d:\\cs\\counter-strike 1.6\\czero.exe"= UDP:d:\cs\counter-strike 1.6\czero.exe:Condition Zero Launcher
"UDP Query User{FB253E4F-C2EA-41EB-8B6C-C1187ED14251}d:\\cs\\counter-strike 1.6\\czero.exe"= TCP:d:\cs\counter-strike 1.6\czero.exe:Condition Zero Launcher
"TCP Query User{8AB270C0-F873-4362-9D40-55D04FD3D2A6}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{77EA5335-227F-4A50-8DF5-CD5DA0E3D53C}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{B6BBD729-B998-4893-AF35-0DBE953623A8}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{65FFE484-3894-47B6-93F9-CBD21F84B805}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{45824762-F2E8-4FC5-B8CC-422DECE5DD08}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{312E72E7-CB74-44D4-A7DC-8632C9E0D2EC}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{1033D7CD-48F8-4C21-8CA3-1D624CF73B61}c:\\program files\\java\\jre6\\launch4j-tmp\\frd.exe"= UDP:c:\program files\java\jre6\launch4j-tmp\frd.exe:Java(TM) Platform SE binary
"UDP Query User{79A16DA9-B101-411F-B1F5-9DB1FA8FCE96}c:\\program files\\java\\jre6\\launch4j-tmp\\frd.exe"= TCP:c:\program files\java\jre6\launch4j-tmp\frd.exe:Java(TM) Platform SE binary
"{943C7FA1-2394-41B9-BEBE-7B28D29173C3}"= UDP:5353:Adobe CSI CS4
"{D9791EDE-9948-47B2-8AA4-5F502B1D45F2}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{1F52D199-B74B-4030-AF64-9EB85CCDAA01}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{0752D2D4-B0EB-4342-8BD5-A0A8D76806EA}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9050C25A-D009-4A76-93A2-E82E6E443056}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A525CA2E-4F0B-4026-A43C-12FDBBFC3C49}c:\\users\\hanz\\desktop\\counter strike - condition zero\\cs16_czero11_full\\counter-strike 1.6\\czero.exe"= UDP:c:\users\hanz\desktop\counter strike - condition zero\cs16_czero11_full\counter-strike 1.6\czero.exe:czero.exe
"UDP Query User{066BD511-3685-4B78-ACEF-280039691E8D}c:\\users\\hanz\\desktop\\counter strike - condition zero\\cs16_czero11_full\\counter-strike 1.6\\czero.exe"= TCP:c:\users\hanz\desktop\counter strike - condition zero\cs16_czero11_full\counter-strike 1.6\czero.exe:czero.exe
"{930907B4-9355-47F3-AB93-4464EB2119D9}"= UDP:86:BroadCam Web Server
"TCP Query User{EAC2BF27-B593-4206-920F-3F16155B6122}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{1577063D-0FD4-450A-9A74-D595A32F0B2C}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{1169F467-ECCD-4F35-8704-A253C7BC85B5}c:\\users\\hanz\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\hanz\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{1B554044-5730-4664-9CEE-D74F2BD7E711}c:\\users\\hanz\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\hanz\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{B5E6B77B-2950-4FDB-B716-51FBFC9DDDDA}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{3E841BDA-D60E-4603-967E-C753285F6D85}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{492E6B3A-1E17-41E1-89D3-E0375FE7B25C}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{C39FCEF0-23EB-40C8-9B8A-B2526E25A503}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{86B7680D-D54D-413D-8E0C-1CA231735FFF}c:\\totalcmd\\totalcmd.exe"= UDP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{A63BA7C9-AB17-4EEC-AF49-D03F26904E10}c:\\totalcmd\\totalcmd.exe"= TCP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{9B05F536-CDF1-4579-8FA6-DFB0779CFD28}c:\\users\\hanz\\desktop\\worms 4 mayhem\\worms 4 mayhem.exe"= UDP:c:\users\hanz\desktop\worms 4 mayhem\worms 4 mayhem.exe:worms 4 mayhem.exe
"UDP Query User{0F23218C-0189-45D8-8243-470E1A521B4F}c:\\users\\hanz\\desktop\\worms 4 mayhem\\worms 4 mayhem.exe"= TCP:c:\users\hanz\desktop\worms 4 mayhem\worms 4 mayhem.exe:worms 4 mayhem.exe
"{B078457F-35A3-48DD-8C24-B166D3CBAA6B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{19F873D8-1EA6-4D79-AE36-47CE0E7602D8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C4989903-B234-4AAA-88AD-746BF7A02D91}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8DE6DAAE-D2D2-4BF8-A830-2EDBD7E89C9C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21.7.2008 17:23 325896]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6.2.2009 10:55 298776]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [23.3.2009 22:54 1153368]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [11.1.2008 3:27 118784]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'

2009-05-30 c:\windows\Tasks\User_Feed_Synchronization-{02A20998-75D5-45B4-B9C3-0ECF9EBA78CB}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-recinfo166 - c:\recinfo\RecInfo.exe
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe
HKLM-Run-recinfo - RecInfo.exe
SafeBoot-procexp90.Sys


.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cvut.cz\herodes.feld
FF - ProfilePath - c:\users\Hanz\AppData\Roaming\Mozilla\Firefox\Profiles\3zh061i4.default\
FF - prefs.js: browser.search.selectedEngine - BS.Player Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 11:26
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H????????????2?????w????????????0???<???????|??????w`??w????3 ?w!??w??????????????????F?L???~zzv????????????????+?A?????????J?A???05??????????F?$l@?`???????????? A??5`5????J?A?[?@??????v@???????05??@????????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????H????????????2?????w????????????0???<???????|??????w`??w????3 ?w!??w??????????????????F?L???~zzv????????????????+?A?????????J?A???05??????????F?$l@?`???????????? A??5`5????J?A?[?@??????v@???????05??@????????
Wbutton = c:\program files\Launch Manager\WButton.exe?????H????????????2?????w????????????0???<???????|??????w`??w????3 ?w!??w??????????????????F?L???~zzv????????????????+?A?????????J?A???05??????????F?$l@?`???????????? A??5`5????J?A?[?@??????v@???????05??@????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3648)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2009-05-30 11:29
ComboFix-quarantined-files.txt 2009-05-30 09:28

Před spuštěním: Volných bajtů: 31 431 589 888
Po spuštění: Volných bajtů: 31 530 110 976

292 --- E O F --- 2009-05-25 15:05

Potom si na vistu doinstaluj Service Pack 1.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

ComboFix 09-05-29.01 - Hanz 31.05.2009 15:28.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2038.953 [GMT 2:00]
Spuštěný z: d:\3\ComboFix.exe
Použité ovládací přepínače :: c:\users\Hanz\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-28 do 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 13:33 . 2009-05-31 13:33 -------- d-----w c:\users\Hanz\AppData\Local\temp
2009-05-30 17:47 . 2009-05-30 17:47 36864 ----a-w c:\users\Hanz\AppData\Roaming\Autodesk\AutoCAD 2010\R18.0\csy\ContextualTabSelectorRules.dll
2009-05-30 17:30 . 2009-05-30 17:39 -------- d-----w c:\program files\AutoCAD 2010
2009-05-30 17:29 . 2008-03-05 13:56 1420824 ----a-w c:\windows\system32\D3DCompiler_37.dll
2009-05-30 17:29 . 2008-02-05 21:07 462864 ----a-w c:\windows\system32\d3dx10_37.dll
2009-05-30 17:29 . 2008-03-05 13:56 3786760 ----a-w c:\windows\system32\D3DX9_37.dll
2009-05-30 16:42 . 2009-05-30 16:43 -------- d-----w c:\program files\AnswerWorks 4.0
2009-05-30 16:40 . 2009-05-30 17:47 -------- d-----w c:\users\Hanz\AppData\Roaming\Autodesk
2009-05-30 16:40 . 2009-05-30 17:30 -------- d-----w c:\users\Hanz\AppData\Local\Autodesk
2009-05-30 16:40 . 2009-05-30 17:30 -------- d-----w c:\programdata\Autodesk
2009-05-30 16:40 . 2009-05-30 16:54 -------- d-----w c:\program files\AutoCAD 2006
2009-05-29 23:00 . 2009-05-29 23:00 -------- d-----w c:\users\Hanz\AppData\Roaming\Malwarebytes
2009-05-29 23:00 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-29 23:00 . 2009-05-29 23:00 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-29 23:00 . 2009-05-29 23:00 -------- d-----w c:\programdata\Malwarebytes
2009-05-29 23:00 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-28 18:00 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF3CB064-CCA2-42DC-82A2-A814D0D340FE}\mpengine.dll
2009-05-27 18:40 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-27 18:40 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-27 18:39 . 2009-05-27 18:39 -------- d-----w c:\program files\iPod
2009-05-27 18:38 . 2009-05-27 18:40 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-27 18:38 . 2009-05-27 18:40 -------- d-----w c:\program files\iTunes
2009-05-27 18:38 . 2009-05-27 18:38 -------- d-----w c:\program files\Bonjour
2009-05-27 18:31 . 2009-05-27 18:31 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-24 08:54 . 2009-05-24 08:54 -------- d-----w c:\users\Hanz\AppData\Roaming\QIP
2009-05-24 08:54 . 2009-05-24 08:54 -------- d-----w c:\program files\QIP Infium
2009-05-23 18:12 . 2009-05-23 18:13 -------- d-----w c:\users\Hanz\avidemux
2009-05-23 17:35 . 2009-05-23 17:35 -------- d-----w c:\program files\SpeedFan
2009-05-23 13:14 . 2009-05-23 13:14 -------- d-----w c:\program files\RADVideo
2009-05-21 07:11 . 2008-07-02 00:43 233472 ----a-w c:\windows\system32\TubeFinder.exe
2009-05-21 07:11 . 2008-06-04 16:42 9728 ----a-w c:\windows\system32\PCCLPFR.DLL
2009-05-21 07:11 . 2008-06-04 16:42 119568 ----a-w c:\windows\system32\VB6FR.DLL
2009-05-21 07:11 . 2008-06-04 16:42 101888 ----a-w c:\windows\system32\VB6STKIT.DLL
2009-05-21 07:11 . 2008-06-04 16:42 32768 ----a-w c:\windows\system32\CMDLGFR.DLL
2009-05-21 07:11 . 2008-06-04 16:42 141312 ----a-w c:\windows\system32\MSCMCFR.DLL
2009-05-21 07:06 . 2009-05-21 07:06 39424 ----a-w c:\windows\zipinst.exe
2009-05-21 07:06 . 2009-05-21 07:06 -------- d-----w c:\program files\VideoCacheView
2009-05-21 06:58 . 2009-05-21 06:58 -------- d-----w c:\users\Hanz\AppData\Roaming\HighAndes
2009-05-21 06:58 . 2009-05-21 06:58 -------- d-----w c:\users\Hanz\AppData\Local\HighAndes
2009-05-21 06:58 . 2009-05-21 06:58 -------- d-----w c:\programdata\HighAndes
2009-05-10 20:35 . 2009-05-10 20:35 -------- d-----w c:\users\Public\aplet
2009-05-10 20:33 . 2009-05-10 20:33 -------- d-----w c:\users\Hanz\AppData\Local\GHISLER
2009-05-10 19:59 . 2009-05-10 20:03 -------- d-----w c:\users\Hanz\AppData\Roaming\GHISLER
2009-05-10 19:59 . 2009-05-10 20:00 -------- d-----w C:\totalcmd
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\UC.PIF
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\RAR.PIF
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\PKZIP.PIF
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\PKUNZIP.PIF
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\NOCLOSE.PIF
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\LHA.PIF
2009-05-10 19:59 . 2008-08-08 05:04 545 ----a-w c:\windows\ARJ.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 13:26 . 2008-09-08 18:15 -------- d-----w c:\users\Hanz\AppData\Roaming\Skype
2009-05-31 12:11 . 2008-12-11 11:43 -------- d-----w c:\users\Hanz\AppData\Roaming\gtk-2.0
2009-05-31 08:01 . 2008-09-08 18:16 -------- d-----w c:\users\Hanz\AppData\Roaming\skypePM
2009-05-30 17:46 . 2008-12-04 22:02 -------- d-----w c:\programdata\FLEXnet
2009-05-30 17:43 . 2008-07-19 10:17 134272 ----a-w c:\users\Hanz\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-30 17:39 . 2009-04-22 16:00 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-05-30 10:36 . 2008-12-01 19:18 -------- d-----w c:\program files\EWB512
2009-05-29 14:11 . 2007-10-09 09:06 81404 ----a-w c:\windows\system32\perfc005.dat
2009-05-29 14:11 . 2007-10-09 09:06 473598 ----a-w c:\windows\system32\perfh005.dat
2009-05-29 11:02 . 2009-03-30 17:07 -------- d-----w c:\programdata\NCH Software
2009-05-27 18:39 . 2009-01-04 21:02 -------- d-----w c:\program files\Common Files\Apple
2009-05-27 18:38 . 2008-09-04 17:51 -------- d-----w c:\programdata\Apple Computer
2009-05-19 13:30 . 2009-02-06 08:55 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-19 13:30 . 2008-07-21 15:23 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-19 13:30 . 2008-07-21 15:23 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-14 19:57 . 2008-10-05 11:07 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-14 01:01 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-01 18:21 . 2008-01-11 01:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-27 17:39 . 2009-04-27 17:39 -------- d-----w c:\program files\Activision
2009-04-27 15:50 . 2009-04-27 15:48 -------- d-----w c:\users\Hanz\AppData\Roaming\SecondLife
2009-04-27 15:48 . 2009-04-27 15:47 -------- d-----w c:\program files\SecondLife
2009-04-22 16:00 . 2009-04-22 16:00 -------- d-----w c:\program files\Autodesk
2009-04-22 13:07 . 2009-04-22 13:07 -------- d-----w c:\program files\Zoner
2009-04-22 13:06 . 2009-04-22 13:06 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-21 17:43 . 2009-04-11 10:46 -------- d-----w c:\program files\ISO Commander
2009-04-12 14:28 . 2009-04-12 14:28 -------- d-----w c:\program files\TUGZip
2009-04-11 12:43 . 2009-04-11 12:43 69 ----a-w c:\windows\system32\3gpvideoconverterb.dat
2009-04-11 12:43 . 2009-04-11 12:43 69 ----a-w c:\windows\system32\3gpvideoconvertera.dat
2009-04-11 11:17 . 2008-07-19 10:21 -------- d-----w c:\program files\Common Files\Ahead
2009-04-11 09:40 . 2009-04-11 09:39 -------- d-----w c:\program files\vLite
2009-04-07 06:17 . 2009-03-23 20:54 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:16 . 2009-04-15 05:52 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-15 05:51 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-16 06:13 . 2009-03-16 06:13 16712 ----a-w c:\windows\system32\AcSignExtRes.dll
2009-03-03 04:22 . 2009-04-15 05:52 3471328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:22 . 2009-04-15 05:52 3505120 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:20 . 2009-04-15 05:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-15 05:52 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-15 05:52 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:17 . 2009-04-15 05:52 550400 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:16 . 2009-04-15 05:51 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-15 05:52 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-15 05:52 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-15 05:52 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-15 05:51 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-15 05:51 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-15 05:52 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-15 05:51 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-15 05:51 48128 ----a-w c:\windows\system32\mshtmler.dll
2006-01-23 09:32 . 2006-01-23 09:32 131072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 13:40 . 2006-06-07 13:40 132848 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-11-04 01:23 . 2007-11-04 00:40 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-05-30_09.26.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-30 17:28 . 2009-05-30 17:28 54272 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39\vcomp90.dll
+ 2009-05-30 17:28 . 2009-05-30 17:28 62976 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90RUS.DLL
+ 2009-05-30 17:28 . 2009-05-30 17:28 46080 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90KOR.DLL
+ 2009-05-30 17:28 . 2009-05-30 17:28 46592 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90JPN.DLL
+ 2009-05-30 17:28 . 2009-05-30 17:28 64512 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ITA.DLL
+ 2009-05-30 17:28 . 2009-05-30 17:28 39936 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHT.DLL
+ 2009-05-30 17:28 . 2009-05-30 17:28 38912 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHS.DLL
+ 2009-05-30 17:28 . 2009-05-30 17:28 66048 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90FRA.DLL
+ 2009-05-30 17:28 . 2009-05-30 17:28 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESP.DLL
+ 2009-05-30 17:28 . 2009-05-30 17:28 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESN.DLL
+ 2009-05-30 17:28 . 2009-05-30 17:28 56832 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ENU.DLL
+ 2009-05-30 17:28 . 2009-05-30 17:28 66560 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90DEU.DLL
+ 2009-05-30 17:28 . 2009-05-30 17:28 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90u.dll
+ 2009-05-30 17:28 . 2009-05-30 17:28 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90.dll
+ 2009-05-07 01:00 . 2009-05-30 17:28 26105 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2008-01-11 01:26 . 2009-05-30 17:43 46542 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-31 12:29 77436 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-19 10:18 . 2009-05-31 12:29 10210 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2535512456-1776265027-2047246989-1000_UserData.bin
+ 2009-02-09 08:13 . 2009-02-09 08:13 43160 c:\windows\System32\AcSignIcon.dll
+ 2009-02-09 08:13 . 2009-02-09 08:13 29848 c:\windows\System32\AcSignExt.dll
+ 2009-03-16 06:15 . 2009-03-16 06:15 22856 c:\windows\Installer\{5783F2D7-8001-0405-1002-0060B0CE6BBA}\CustomRes.dll
+ 2009-03-16 06:15 . 2009-03-16 06:15 22856 c:\windows\Installer\{5783F2D7-8001-0405-0002-0060B0CE6BBA}\CustomRes.dll
+ 2009-05-30 16:54 . 2009-05-30 16:54 34304 c:\windows\Installer\{5783F2D7-4001-0405-0002-0060B0CE6BBA}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2005-04-11 15:31 . 2005-04-11 15:31 23632 c:\windows\Installer\{5783F2D7-4001-0405-0002-0060B0CE6BBA}\CustomRes.dll
+ 2009-05-30 16:54 . 2009-05-30 16:54 57344 c:\windows\Installer\{5783F2D7-4001-0405-0002-0060B0CE6BBA}\Acad162_icon.exe
+ 2009-05-30 17:29 . 2009-05-30 17:29 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-04-22 16:00 . 2009-04-22 16:00 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-04-22 16:00 . 2009-04-22 16:00 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-05-30 09:05 . 2009-05-30 09:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-30 17:41 . 2009-05-31 13:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-30 09:05 . 2009-05-30 09:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-30 17:41 . 2009-05-31 13:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-30 17:28 . 2009-05-30 17:28 655872 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcr90.dll
+ 2009-05-30 17:28 . 2009-05-30 17:28 572928 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcp90.dll
+ 2009-05-30 17:28 . 2009-05-30 17:28 225280 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcm90.dll
+ 2009-05-30 17:28 . 2009-05-30 17:28 161784 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e\ATL90.dll
+ 2000-04-04 04:05 . 2000-04-04 04:05 118784 c:\windows\System32\msstdfmt.dll
+ 2009-02-09 08:13 . 2009-02-09 08:13 429720 c:\windows\System32\AcSignOpt.exe
+ 2009-03-16 06:16 . 2009-03-16 06:16 294728 c:\windows\Installer\{5783F2D7-8001-0405-1002-0060B0CE6BBA}\InstRes.dll
+ 2009-02-09 08:40 . 2009-02-09 08:40 253592 c:\windows\Installer\{5783F2D7-8001-0405-1002-0060B0CE6BBA}\InstBasicUI.dll
+ 2009-05-30 17:39 . 2009-05-30 17:39 461824 c:\windows\Installer\{5783F2D7-8001-0405-1002-0060B0CE6BBA}\Acad162_icon.exe
+ 2009-03-16 06:16 . 2009-03-16 06:16 294728 c:\windows\Installer\{5783F2D7-8001-0405-0002-0060B0CE6BBA}\InstRes.dll
+ 2009-02-09 08:40 . 2009-02-09 08:40 253592 c:\windows\Installer\{5783F2D7-8001-0405-0002-0060B0CE6BBA}\InstBasicUI.dll
+ 2009-05-30 17:35 . 2009-05-30 17:35 461824 c:\windows\Installer\{5783F2D7-8001-0405-0002-0060B0CE6BBA}\Acad162_icon.exe
+ 2009-02-09 08:42 . 2009-02-09 08:42 113816 c:\windows\Downloaded Program Files\IDropENU.dll
+ 2009-03-16 06:16 . 2009-03-16 06:16 117576 c:\windows\Downloaded Program Files\IDropCSY.dll
+ 2009-05-30 16:40 . 2009-05-30 16:40 955656 c:\windows\assembly\tmp\3K5QBWH2\Autodesk.AutoCAD.Interop.Common.dll
+ 2009-05-30 16:40 . 2009-05-30 16:40 161032 c:\windows\assembly\tmp\0QBWH1N8\Autodesk.AutoCAD.Interop.dll
+ 2009-05-30 17:37 . 2009-05-30 17:37 341504 c:\windows\assembly\NativeImages_v2.0.50727_32\AdWindowsInterop\121abd1e2b2b1b8d292cee337636781c\AdWindowsInterop.ni.dll
+ 2009-05-30 17:34 . 2009-05-30 17:34 146728 c:\windows\assembly\GAC_MSIL\Autodesk.AutoCAD.Interop\18.0.0.0__eed84259d7cbf30b\Autodesk.AutoCAD.Interop.dll
+ 2009-05-30 17:34 . 2009-05-30 17:34 153336 c:\windows\assembly\GAC_MSIL\Autodesk.AutoCAD.Interop\17.1.51.0__eed84259d7cbf30b\Autodesk.AutoCAD.Interop.dll
+ 2009-05-30 17:34 . 2009-05-30 17:34 145144 c:\windows\assembly\GAC_MSIL\Autodesk.AutoCAD.Interop\17.0.54.0__eed84259d7cbf30b\Autodesk.AutoCAD.Interop.dll
+ 2009-05-30 17:34 . 2009-05-30 17:34 820984 c:\windows\assembly\GAC_MSIL\Autodesk.AutoCAD.Interop.Common\17.0.54.0__eed84259d7cbf30b\Autodesk.AutoCAD.Interop.Common.dll
- 2009-04-22 16:00 . 2009-04-22 16:00 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-04-22 16:00 . 2009-04-22 16:00 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-04-22 16:00 . 2009-04-22 16:00 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-04-22 16:00 . 2009-04-22 16:00 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-04-22 16:00 . 2009-04-22 16:00 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-10-09 17:46 . 2008-10-09 17:46 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-09 17:46 . 2008-10-09 17:46 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-09 17:46 . 2008-10-09 17:46 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-09 17:46 . 2008-10-09 17:46 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-22 16:00 . 2009-04-22 16:00 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-09 17:46 . 2008-10-09 17:46 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-09 17:46 . 2008-10-09 17:46 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-09 17:46 . 2008-10-09 17:46 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-22 16:00 . 2009-04-22 16:00 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-05-30 16:53 . 2009-05-30 16:53 161032 c:\windows\assembly\GAC\Autodesk.AutoCAD.Interop\16.2.54.0__eed84259d7cbf30b\Autodesk.AutoCAD.Interop.dll
+ 2009-05-30 16:53 . 2009-05-30 16:53 955656 c:\windows\assembly\GAC\Autodesk.AutoCAD.Interop.Common\16.2.54.0__eed84259d7cbf30b\Autodesk.AutoCAD.Interop.Common.dll
+ 2009-05-30 17:28 . 2009-05-30 17:28 3783672 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll
+ 2009-05-30 17:28 . 2009-05-30 17:28 3768312 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90.dll
+ 2006-11-02 10:22 . 2009-05-30 17:40 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-05-29 21:14 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:47 . 2009-05-30 17:42 2569712 c:\windows\System32\FNTCACHE.DAT
+ 2009-05-30 17:37 . 2009-05-30 17:37 4195840 c:\windows\assembly\NativeImages_v2.0.50727_32\AdWindows\8fd46484d4f733c82ddf281530476a7e\AdWindows.ni.dll
+ 2009-05-30 17:37 . 2009-05-30 17:37 1830400 c:\windows\assembly\NativeImages_v2.0.50727_32\AcWindows\57fea8d7542042e102ef40b147bc8ae3\AcWindows.ni.dll
+ 2009-05-30 17:37 . 2009-05-30 17:37 4864512 c:\windows\assembly\NativeImages_v2.0.50727_32\acmgd\e46b1fd4d4edd009f76fd28e70838534\acmgd.ni.dll
+ 2009-05-30 17:36 . 2009-05-30 17:36 1420800 c:\windows\assembly\NativeImages_v2.0.50727_32\AcLayer\8c65ab9289308616515166f296efd40d\AcLayer.ni.dll
+ 2009-05-30 17:36 . 2009-05-30 17:36 8356864 c:\windows\assembly\NativeImages_v2.0.50727_32\acdbmgd\1db0580c8f1162823a6e9d66b935eaf4\acdbmgd.ni.dll
+ 2009-05-30 17:36 . 2009-05-30 17:36 1573888 c:\windows\assembly\NativeImages_v2.0.50727_32\AcCui\0c59a1668155f7e38d4b5466c6c12394\AcCui.ni.dll
+ 2009-05-30 17:34 . 2009-05-30 17:34 1031464 c:\windows\assembly\GAC_MSIL\Autodesk.AutoCAD.Interop.Common\18.0.0.0__eed84259d7cbf30b\Autodesk.AutoCAD.Interop.Common.dll
+ 2009-05-30 17:34 . 2009-05-30 17:34 1103608 c:\windows\assembly\GAC_MSIL\Autodesk.AutoCAD.Interop.Common\17.1.51.0__eed84259d7cbf30b\Autodesk.AutoCAD.Interop.Common.dll
- 2008-10-09 17:46 . 2008-10-09 17:46 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-30 17:29 . 2009-05-30 17:29 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-09 17:46 . 2008-10-09 17:46 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-24 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-19 1947928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-14 148888]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4727F356-345A-4581-800F-39C8046EC39B}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{5495D5F9-0F6B-4CFC-A492-3ECB9B09E8E4}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{0ED9E506-C238-4D54-89DD-36EEA35C10F5}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{C1986EB2-F5BD-4773-A114-E0C722316881}c:\\program files\\g3torrent\\g3torrent.exe"= UDP:c:\program files\g3torrent\g3torrent.exe:g3torrent
"UDP Query User{BCC453E3-E196-4A76-8438-9F5ECCADFD75}c:\\program files\\g3torrent\\g3torrent.exe"= TCP:c:\program files\g3torrent\g3torrent.exe:g3torrent
"TCP Query User{FD092298-AE59-41AC-B3E1-99FD9716CE34}c:\\counter strike\\hl.exe"= UDP:c:\counter strike\hl.exe:Half-Life Launcher
"UDP Query User{9EAF705D-0E37-4C3D-9DDF-D326569A1890}c:\\counter strike\\hl.exe"= TCP:c:\counter strike\hl.exe:Half-Life Launcher
"TCP Query User{41A2245E-DFE3-4F3F-BDC7-F744D4C0CA78}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{A752ABFD-BAB7-40DA-A3C6-DC05EBB6D433}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{69B6269A-326B-4104-AF04-235D1A5C5701}c:\\program files\\flatout2\\flatout2.exe"= UDP:c:\program files\flatout2\flatout2.exe:FlatOut2
"UDP Query User{C3B8A82C-0500-401D-A7D1-A2B6D9A74E1B}c:\\program files\\flatout2\\flatout2.exe"= TCP:c:\program files\flatout2\flatout2.exe:FlatOut2
"{6795BC60-AAE4-4858-95DE-028C7AED8C23}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E7F347A6-D8B7-4F17-B3D8-C9DC60916E81}c:\\users\\hanz\\desktop\\bulánci\\bulanci.exe"= UDP:c:\users\hanz\desktop\bulánci\bulanci.exe:bulanci.exe
"UDP Query User{F8052C76-C5CB-40C3-B928-DFAE393EA95F}c:\\users\\hanz\\desktop\\bulánci\\bulanci.exe"= TCP:c:\users\hanz\desktop\bulánci\bulanci.exe:bulanci.exe
"TCP Query User{BB8EA972-25B7-46C5-BFE4-D3FF11FCA757}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{7E8CF16F-F396-4379-BC25-DA3F9B90117A}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{261EF938-8D8A-45E1-B376-B401A1C737A9}c:\\program files\\java\\jdk1.6.0_10\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_10\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{B31AD8B3-5F49-4AA8-8DA2-15B03EE9F774}c:\\program files\\java\\jdk1.6.0_10\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_10\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{B559ECBE-C485-4006-8711-B5381BFBB03A}c:\\program files\\java\\jdk1.6.0_10\\jre\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_10\jre\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{ED982229-E28E-453B-8AD6-3710DD8532DF}c:\\program files\\java\\jdk1.6.0_10\\jre\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_10\jre\bin\java.exe:Java(TM) Platform SE binary
"{6D39843B-AD8B-4549-98B1-EEA02EEB1E2C}"= TCP:1234:Televize
"TCP Query User{336EBF4D-7806-4838-84FB-0642AD965B1B}c:\\age of empires\\age2_x1.exe"= UDP:c:\age of empires\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{B78EFADA-6A89-44C3-817C-5DB6A88F28F4}c:\\age of empires\\age2_x1.exe"= TCP:c:\age of empires\age2_x1.exe:Age of Empires II Expansion
"{3BE73CD0-B4A7-4DB8-BDF8-ACA5F75989BD}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{EFDD3062-48A3-46E6-98AF-8DD082F39EC3}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{809D6DCD-5B38-406B-BFCC-A6F17913C9C5}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D1A1C158-AA78-4715-8A85-2B6F8144856D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{B4F4E99C-A97B-460C-B8DC-A167896FF424}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{60D7BCF1-E1EC-46C7-82AD-63E786A74514}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"TCP Query User{32FF5335-47EF-4A14-837E-AA81CB3EB7E1}c:\\users\\hanz\\desktop\\bulánci\\bulanci.exe"= UDP:c:\users\hanz\desktop\bulánci\bulanci.exe:bulanci.exe
"UDP Query User{73CEA23D-2E14-46D1-9DAB-C5EE6AB31B78}c:\\users\\hanz\\desktop\\bulánci\\bulanci.exe"= TCP:c:\users\hanz\desktop\bulánci\bulanci.exe:bulanci.exe
"TCP Query User{30C18E95-638F-42E0-9B5E-354374E78465}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= UDP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"UDP Query User{1635CA92-E1BD-491C-8066-E685C7DAF4BB}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= TCP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"TCP Query User{2D4E04DA-E5F0-4C5F-ABD2-4BAE39A45EFF}c:\\program files\\java\\jdk1.6.0_10\\jre\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_10\jre\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{FDBEFCEA-5A5D-4498-99B2-BC79BED913FC}c:\\program files\\java\\jdk1.6.0_10\\jre\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_10\jre\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{E3630BF9-145E-4BCA-9230-C9F0BE42E2F6}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{7C5919AD-AFD3-4C59-9058-75BE7FFEBE70}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2
"{57D1C806-173F-4031-B866-6E81077A8D1D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BB08E934-7FBD-4072-AB7D-08843BCC8D49}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0F7EAA4B-FDE8-4E61-AC22-979AB7771362}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EEAB2EC0-22F7-4DC3-8AEC-D9C7612790E0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E2F36AA4-BA9A-4DF5-8180-F5E5B787F7C7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{01A7B7CD-0834-473A-A928-D8B6EBCCECE1}d:\\cs\\counter-strike 1.6\\czero.exe"= UDP:d:\cs\counter-strike 1.6\czero.exe:Condition Zero Launcher
"UDP Query User{FB253E4F-C2EA-41EB-8B6C-C1187ED14251}d:\\cs\\counter-strike 1.6\\czero.exe"= TCP:d:\cs\counter-strike 1.6\czero.exe:Condition Zero Launcher
"TCP Query User{8AB270C0-F873-4362-9D40-55D04FD3D2A6}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{77EA5335-227F-4A50-8DF5-CD5DA0E3D53C}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{B6BBD729-B998-4893-AF35-0DBE953623A8}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{65FFE484-3894-47B6-93F9-CBD21F84B805}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{45824762-F2E8-4FC5-B8CC-422DECE5DD08}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{312E72E7-CB74-44D4-A7DC-8632C9E0D2EC}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{1033D7CD-48F8-4C21-8CA3-1D624CF73B61}c:\\program files\\java\\jre6\\launch4j-tmp\\frd.exe"= UDP:c:\program files\java\jre6\launch4j-tmp\frd.exe:Java(TM) Platform SE binary
"UDP Query User{79A16DA9-B101-411F-B1F5-9DB1FA8FCE96}c:\\program files\\java\\jre6\\launch4j-tmp\\frd.exe"= TCP:c:\program files\java\jre6\launch4j-tmp\frd.exe:Java(TM) Platform SE binary
"{943C7FA1-2394-41B9-BEBE-7B28D29173C3}"= UDP:5353:Adobe CSI CS4
"{D9791EDE-9948-47B2-8AA4-5F502B1D45F2}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{1F52D199-B74B-4030-AF64-9EB85CCDAA01}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{0752D2D4-B0EB-4342-8BD5-A0A8D76806EA}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9050C25A-D009-4A76-93A2-E82E6E443056}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A525CA2E-4F0B-4026-A43C-12FDBBFC3C49}c:\\users\\hanz\\desktop\\counter strike - condition zero\\cs16_czero11_full\\counter-strike 1.6\\czero.exe"= UDP:c:\users\hanz\desktop\counter strike - condition zero\cs16_czero11_full\counter-strike 1.6\czero.exe:czero.exe
"UDP Query User{066BD511-3685-4B78-ACEF-280039691E8D}c:\\users\\hanz\\desktop\\counter strike - condition zero\\cs16_czero11_full\\counter-strike 1.6\\czero.exe"= TCP:c:\users\hanz\desktop\counter strike - condition zero\cs16_czero11_full\counter-strike 1.6\czero.exe:czero.exe
"{930907B4-9355-47F3-AB93-4464EB2119D9}"= UDP:86:BroadCam Web Server
"TCP Query User{EAC2BF27-B593-4206-920F-3F16155B6122}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{1577063D-0FD4-450A-9A74-D595A32F0B2C}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{1169F467-ECCD-4F35-8704-A253C7BC85B5}c:\\users\\hanz\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\hanz\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{1B554044-5730-4664-9CEE-D74F2BD7E711}c:\\users\\hanz\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\hanz\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{B5E6B77B-2950-4FDB-B716-51FBFC9DDDDA}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{3E841BDA-D60E-4603-967E-C753285F6D85}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{492E6B3A-1E17-41E1-89D3-E0375FE7B25C}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{C39FCEF0-23EB-40C8-9B8A-B2526E25A503}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{86B7680D-D54D-413D-8E0C-1CA231735FFF}c:\\totalcmd\\totalcmd.exe"= UDP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{A63BA7C9-AB17-4EEC-AF49-D03F26904E10}c:\\totalcmd\\totalcmd.exe"= TCP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{9B05F536-CDF1-4579-8FA6-DFB0779CFD28}c:\\users\\hanz\\desktop\\worms 4 mayhem\\worms 4 mayhem.exe"= UDP:c:\users\hanz\desktop\worms 4 mayhem\worms 4 mayhem.exe:worms 4 mayhem.exe
"UDP Query User{0F23218C-0189-45D8-8243-470E1A521B4F}c:\\users\\hanz\\desktop\\worms 4 mayhem\\worms 4 mayhem.exe"= TCP:c:\users\hanz\desktop\worms 4 mayhem\worms 4 mayhem.exe:worms 4 mayhem.exe
"{B078457F-35A3-48DD-8C24-B166D3CBAA6B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{19F873D8-1EA6-4D79-AE36-47CE0E7602D8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C4989903-B234-4AAA-88AD-746BF7A02D91}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8DE6DAAE-D2D2-4BF8-A830-2EDBD7E89C9C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21.7.2008 17:23 325896]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6.2.2009 10:55 298776]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [23.3.2009 22:54 1153368]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [11.1.2008 3:27 118784]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'

2009-05-31 c:\windows\Tasks\User_Feed_Synchronization-{02A20998-75D5-45B4-B9C3-0ECF9EBA78CB}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cvut.cz\herodes.feld
FF - ProfilePath - c:\users\Hanz\AppData\Roaming\Mozilla\Firefox\Profiles\3zh061i4.default\
FF - prefs.js: browser.search.selectedEngine - BS.Player Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 15:33
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3676)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2009-05-31 15:36
ComboFix-quarantined-files.txt 2009-05-31 13:35
ComboFix2.txt 2009-05-30 09:29

Před spuštěním: Volných bajtů: 37 710 905 344
Po spuštění: Volných bajtů: 38 008 348 672

395 --- E O F --- 2009-05-25 15:05


HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:29, on 31.5.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\tsnp2std.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\3\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Launch] C:\Users\Hanz\AppData\Local\Temp\Rar$EX00.054\Setup.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 7921 bytes

Jo a co jsi prosimtě myslel tim doinstalováním service packu?

Jo a když si spustim správce úloh, tak 80% procesoru mi žere program wmpnetwk.exe. Když ho ukončim, tak je procák na minimu, jenže program se zas během chvíle sám spustí.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:


takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž a zapni si AVG.


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Start- spustit, napiš: services.msc
Vpravo v okně najdi: WMPNetworkSvc , poklepej na něj a v dalším okně vyber typ spouštění na zakázáno.A potvrď.

Doinstalovat SP1, vidím v logu , že ho nemáš:
http://support.microsoft.com/kb/935791

Velmi děkuji za Váš drahocenný čas, doufám, že vše to už bude v pořádku. Poslední dobou se mi totiž notebook sám od sebe vypíná, řekl bych že přehřátím (teplota jádra je za běžného provozu kolem 70 stupňů). Tak snad to bylo tim, že byl přetíženej procesor...