Preventivní test (Nezdá se mi využití paměti ram) Vyřešeno

[cheas]

Zdravím...
Prosím o kontrolu logu z HJT, můj Systém je WinXP Home Edition SP2, a mám podezření na škodlivý SW, systém sem projel ad-aware, spyware terminatorem, antivirákem, pro jistotu i CCleanerem a TuneUp utilities... ale pořád se mi nezdají některé procesy a hlavně využití paměti... Například kolik paměti "žere" svchost.exe (někdy až 80mb) a hlavně kolikrát je spuštěnej... a taky explorer.exe toho zabírá nějak moc...

-ještě bych chtěl upozornit na program a2uploader...slouží k úpravě telefonu a není to vir... i když ho jako vira označují všechny Antiviry, a spyware terminátor ho zas označuje jako malware... je to úplně normální



LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:22, on 6.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\KM-Software\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vista Rainbar\Rainmeter.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\KM-Software\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\Rainmeter.exe
O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\AKSoftware\TransBar\TransBar.exe /s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4295199194
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Služba Google Update (gupdate1c9abc9dcbeb352) (gupdate1c9abc9dcbeb352) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6782 bytes

[Reklama]

[Damned]

Svchost.exe je hlavní systémový proces, může běžet i vícekrát. Explorer má vytížení podle toho co si zobrazuješ, máš tam nějaký designový věci jako pro Vistu, bude si tedy žádat vyšší výkon.

a2uploader může být dobrý program, chová-li se jako vir, vir to bude.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[cheas]

Pro mě je hlavně problém že a2up je jediný svého druhu (na můj telefon) a jako vir se nechová ani se sám nespouští nic... četl jsem že je to proto že do něj Antivirus nevidí... tak nevím...

Na tu vistu mám tohle...takže spomalovat by to nemělo+ten panel
[url]http://www.stahuj.centrum.cz/uprava_plochy/programy/universal-vista-inspirat-brico-pack/?g[hledano]=brico&g[oz]=Ultimate+2[/url]
=================================
Log:
Malwarebytes' Anti-Malware 1.40
Verze databáze: 2570
Windows 5.1.2600 Service Pack 2

6.8.2009 17:52:06
mbam-log-2009-08-06 (17-52-02).txt

Typ skenu: Rychlý sken
Objektu skenováno: 90726
Uplynulý cas: 6 minute(s), 35 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Documents and Settings\Vlastník\Data aplikací\Google\Shell32.dll (Trojan.FakeAlert) -> No action taken.

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\Documents and Settings\Vlastník\Data aplikací\Google\Shell32.dll

[cheas]

http://www.virustotal.com/cs/analisis/e ... 1248233340

[Damned]

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[cheas]

Prvně ten log... a za chvíli ti sem hodim i ten z toho combofixu

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2570
Windows 5.1.2600 Service Pack 2

6.8.2009 18:14:15
mbam-log-2009-08-06 (18-14-15).txt

Typ skenu: Rychlý sken
Objektu skenováno: 90726
Uplynulý cas: 6 minute(s), 35 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Documents and Settings\Vlastník\Data aplikací\Google\Shell32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[Damned]

Fajn, ještě ComboFix

[cheas]

ComboFix 09-08-04.04 - Vlastník 06.08.2009 18:21.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.585 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vlastník\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1395b38.msi
c:\windows\system32\auto.exe
c:\windows\system32\Drivers\wkzjcg.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_pwmx


((((((((((((((((((((((((( Soubory vytvořené od 2009-07-06 do 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 15:43 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 15:43 . 2009-08-06 15:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 15:43 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-06 15:15 . 2009-08-06 15:15 -------- d-----w- c:\program files\Trend Micro
2009-08-06 12:01 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 11:38 . 2009-08-06 11:38 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-08-06 11:27 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-06 11:21 . 2009-08-06 11:21 -------- d-----w- c:\program files\Lavasoft
2009-08-04 10:31 . 2009-08-04 10:31 -------- d-----w- c:\program files\Zeallsoft
2009-08-04 08:31 . 2009-08-04 08:32 -------- d-----w- c:\program files\nCube
2009-08-04 08:04 . 2009-08-04 08:04 66063 ----a-w- c:\windows\BricoPackUninst.cmd
2009-08-04 08:02 . 2009-08-04 08:04 5470 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-08-04 08:01 . 2009-08-04 08:01 -------- d-----w- c:\windows\BricoPacks
2009-08-04 06:47 . 2009-08-04 06:47 -------- d-----w- c:\program files\Stardock
2009-08-03 19:14 . 2009-08-04 09:09 -------- d-----w- c:\program files\Vista Rainbar
2009-07-29 12:46 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 12:46 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 18:54 . 2009-07-28 18:54 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-28 18:53 . 2009-07-28 18:54 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-28 18:53 . 2009-07-28 18:53 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-28 18:53 . 2009-07-28 18:53 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-27 13:15 . 2009-07-27 13:15 -------- d-----w- c:\program files\Webteh
2009-07-22 19:08 . 2009-07-22 19:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-16 14:12 . 2009-07-16 14:12 2322304 ----a-w- c:\windows\system32\TUKernel.exe
2009-07-13 19:58 . 2008-12-05 02:21 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-07-13 19:58 . 2008-12-05 02:21 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-07-13 19:57 . 2009-07-13 19:57 -------- d-----w- c:\program files\Xilisoft
2009-07-13 19:56 . 2009-07-13 19:57 -------- d-----w- c:\program files\everest
2009-07-09 19:12 . 2009-07-09 19:12 -------- d-----w- c:\program files\EA Sports
2009-07-09 18:40 . 2009-07-09 18:40 -------- d-----w- c:\program files\Electronic Arts
2009-07-07 20:31 . 2005-04-20 11:32 2916352 ------w- c:\windows\UNNMP.exe
2009-07-07 20:24 . 2005-07-29 15:12 2977792 ------w- c:\windows\UNNeroVision.exe
2009-07-07 20:24 . 2001-03-08 16:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-07-07 20:23 . 2009-07-07 20:31 -------- d-----w- c:\program files\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 16:14 . 2009-08-06 16:14 312 ----a-w- c:\program files\zmkl.txt
2009-08-06 14:40 . 2009-04-10 12:14 -------- d-----w- c:\program files\Steam
2009-08-05 19:30 . 2009-05-24 10:01 -------- d-----w- c:\program files\epsxe152
2009-08-04 07:00 . 2009-02-12 16:39 -------- d-----w- c:\program files\Winamp
2009-07-31 07:19 . 2009-02-11 16:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 07:19 . 2009-02-11 16:59 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 07:19 . 2009-02-11 16:59 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-28 19:04 . 2009-03-12 15:04 -------- d-----w- c:\program files\EA GAMES
2009-07-21 05:09 . 2009-08-03 14:07 192184 ----a-w- c:\windows\Fonts\dirt2 soulstalker.ttf
2009-07-18 17:54 . 2009-04-01 14:35 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-07-18 17:54 . 2009-04-01 14:35 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-07-18 12:59 . 2009-02-16 12:31 -------- d-----w- c:\program files\GarrysMod_StandAlone
2009-07-17 10:22 . 2009-02-22 19:45 -------- d-----w- c:\program files\Ship Simulator 2006 Gold Edition
2009-07-16 16:19 . 2009-02-22 17:24 -------- d-----w- c:\program files\Hamachi
2009-07-16 16:19 . 2009-02-22 16:49 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-13 14:19 . 2009-02-11 18:39 -------- d-----w- c:\program files\Sony Ericsson
2009-07-12 13:10 . 2009-02-12 16:47 -------- d-----w- c:\program files\Any Video Converter
2009-07-08 19:44 . 2009-03-29 10:16 -------- d-----w- c:\program files\Codemasters
2009-07-07 20:29 . 2009-07-07 13:03 -------- d-----w- c:\program files\Common Files\Nero
2009-07-07 15:33 . 2009-02-11 15:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 13:50 . 2009-07-07 13:50 -------- d-----w- c:\program files\Windows Sidebar
2009-07-07 13:36 . 2009-07-07 13:36 -------- d-----w- c:\program files\Nero
2009-07-07 11:26 . 2009-07-07 11:22 -------- d-----w- c:\program files\fraps
2009-07-05 19:15 . 2009-07-05 19:15 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-05 19:01 . 2009-06-07 16:34 -------- d-----w- c:\program files\BlueMotion KM
2009-07-03 19:52 . 2009-07-03 19:52 -------- d-----w- c:\program files\MSXML 6.0
2009-07-03 16:59 . 2006-06-23 12:27 906240 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 19:58 . 2009-07-02 19:58 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-07-02 19:57 . 2009-02-20 12:34 -------- d-----w- c:\program files\Sony
2009-07-02 19:52 . 2009-07-02 19:52 -------- d-----w- c:\program files\Apple Software Update
2009-07-02 19:47 . 2009-02-20 12:10 -------- d-----w- c:\program files\Sony Setup
2009-06-23 12:50 . 2009-06-23 12:47 -------- d--h--w- c:\program files\InstallJammer Registry
2009-06-22 14:50 . 2009-06-22 14:47 -------- d-----w- c:\program files\TmNationsForever
2009-06-18 16:22 . 2009-06-18 16:22 39800 ----a-w- c:\windows\Fonts\Square 721 extended bt.ttf
2009-06-18 16:21 . 2009-06-18 16:20 32288 ----a-w- c:\windows\Fonts\GISMONDA.TTF
2009-06-17 08:29 . 2009-08-03 14:07 22060 ----a-w- c:\windows\Fonts\Loyal.ttf
2009-06-16 15:54 . 2009-07-05 17:27 446024 ----a-w- c:\windows\Fonts\Pointy Solid.ttf
2009-06-16 14:55 . 2001-10-25 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:06 . 2009-08-03 14:07 47852 ----a-w- c:\windows\Fonts\LaPointesRoad.ttf
2009-06-09 07:01 . 2009-07-28 12:20 591264 ----a-w- c:\windows\Fonts\RawStreetWall.ttf
2009-06-03 19:27 . 2005-08-30 04:06 1293312 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 11:53 . 2009-07-28 12:20 648736 ----a-w- c:\windows\Fonts\HawaiiLover.ttf
2009-05-17 09:41 . 2009-05-17 09:41 1107296 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 08:37 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vista Rainbar"="c:\program files\Vista Rainbar\Rainmeter.exe" [2006-01-21 118784]
"TransBar"="c:\documents and settings\Vlastník\Local Settings\Data aplikací\AKSoftware\TransBar\TransBar.exe" [2005-06-01 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-31 2000152]
"DrvIcon"="c:\program files\KM-Software\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe" [2008-07-07 45056]
"OFFICEKB"="c:\program files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2009-02-12 387584]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2003-08-15 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Vlastnˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 07:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"realteks"="c:\documents and settings\Vlastník\Data aplikací\Google\yifjx15914223.exe" 2
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\GarrysMod_StandAlone\\hl2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Counter-Strike Source\\srcds.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\pureskill2001\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pureskill2001\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pureskill2001\\team fortress 2\\hl2.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11.2.2009 18:59 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6.8.2009 13:27 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11.2.2009 18:59 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11.2.2009 18:59 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12.2.2009 18:02 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12.2.2009 18:02 297752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [15.3.2009 12:17 603904]
S2 gupdate1c9abc9dcbeb352;Služba Google Update (gupdate1c9abc9dcbeb352);c:\program files\Google\Update\GoogleUpdate.exe [23.3.2009 17:13 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [1.4.2009 16:35 13224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-08-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-05-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8234383953.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

2009-08-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 15:11]

2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 15:12]

2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 15:12]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Start WingMan Profiler - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.21.0.cab
FF - ProfilePath - c:\documents and settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\zc0wonvp.default\
FF - prefs.js: browser.startup.homepage - About:Blank
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 18:30
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(460)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-06 18:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-06 16:36

Před spuštěním: Volných bajtů: 58 976 014 336
Po spuštění: Volných bajtů: 58 879 012 864

266 --- E O F --- 2009-07-30 07:00

[cheas]

ComboFix 09-08-04.04 - Vlastník 06.08.2009 18:21.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.585 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vlastník\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1395b38.msi
c:\windows\system32\auto.exe
c:\windows\system32\Drivers\wkzjcg.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_pwmx


((((((((((((((((((((((((( Soubory vytvořené od 2009-07-06 do 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 15:43 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 15:43 . 2009-08-06 15:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 15:43 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-06 15:15 . 2009-08-06 15:15 -------- d-----w- c:\program files\Trend Micro
2009-08-06 12:01 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 11:38 . 2009-08-06 11:38 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-08-06 11:27 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-06 11:21 . 2009-08-06 11:21 -------- d-----w- c:\program files\Lavasoft
2009-08-04 10:31 . 2009-08-04 10:31 -------- d-----w- c:\program files\Zeallsoft
2009-08-04 08:31 . 2009-08-04 08:32 -------- d-----w- c:\program files\nCube
2009-08-04 08:04 . 2009-08-04 08:04 66063 ----a-w- c:\windows\BricoPackUninst.cmd
2009-08-04 08:02 . 2009-08-04 08:04 5470 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-08-04 08:01 . 2009-08-04 08:01 -------- d-----w- c:\windows\BricoPacks
2009-08-04 06:47 . 2009-08-04 06:47 -------- d-----w- c:\program files\Stardock
2009-08-03 19:14 . 2009-08-04 09:09 -------- d-----w- c:\program files\Vista Rainbar
2009-07-29 12:46 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 12:46 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 18:54 . 2009-07-28 18:54 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-28 18:53 . 2009-07-28 18:54 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-28 18:53 . 2009-07-28 18:53 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-28 18:53 . 2009-07-28 18:53 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-27 13:15 . 2009-07-27 13:15 -------- d-----w- c:\program files\Webteh
2009-07-22 19:08 . 2009-07-22 19:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-16 14:12 . 2009-07-16 14:12 2322304 ----a-w- c:\windows\system32\TUKernel.exe
2009-07-13 19:58 . 2008-12-05 02:21 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-07-13 19:58 . 2008-12-05 02:21 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-07-13 19:57 . 2009-07-13 19:57 -------- d-----w- c:\program files\Xilisoft
2009-07-13 19:56 . 2009-07-13 19:57 -------- d-----w- c:\program files\everest
2009-07-09 19:12 . 2009-07-09 19:12 -------- d-----w- c:\program files\EA Sports
2009-07-09 18:40 . 2009-07-09 18:40 -------- d-----w- c:\program files\Electronic Arts
2009-07-07 20:31 . 2005-04-20 11:32 2916352 ------w- c:\windows\UNNMP.exe
2009-07-07 20:24 . 2005-07-29 15:12 2977792 ------w- c:\windows\UNNeroVision.exe
2009-07-07 20:24 . 2001-03-08 16:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-07-07 20:23 . 2009-07-07 20:31 -------- d-----w- c:\program files\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 16:14 . 2009-08-06 16:14 312 ----a-w- c:\program files\zmkl.txt
2009-08-06 14:40 . 2009-04-10 12:14 -------- d-----w- c:\program files\Steam
2009-08-05 19:30 . 2009-05-24 10:01 -------- d-----w- c:\program files\epsxe152
2009-08-04 07:00 . 2009-02-12 16:39 -------- d-----w- c:\program files\Winamp
2009-07-31 07:19 . 2009-02-11 16:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 07:19 . 2009-02-11 16:59 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 07:19 . 2009-02-11 16:59 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-28 19:04 . 2009-03-12 15:04 -------- d-----w- c:\program files\EA GAMES
2009-07-21 05:09 . 2009-08-03 14:07 192184 ----a-w- c:\windows\Fonts\dirt2 soulstalker.ttf
2009-07-18 17:54 . 2009-04-01 14:35 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-07-18 17:54 . 2009-04-01 14:35 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-07-18 12:59 . 2009-02-16 12:31 -------- d-----w- c:\program files\GarrysMod_StandAlone
2009-07-17 10:22 . 2009-02-22 19:45 -------- d-----w- c:\program files\Ship Simulator 2006 Gold Edition
2009-07-16 16:19 . 2009-02-22 17:24 -------- d-----w- c:\program files\Hamachi
2009-07-16 16:19 . 2009-02-22 16:49 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-13 14:19 . 2009-02-11 18:39 -------- d-----w- c:\program files\Sony Ericsson
2009-07-12 13:10 . 2009-02-12 16:47 -------- d-----w- c:\program files\Any Video Converter
2009-07-08 19:44 . 2009-03-29 10:16 -------- d-----w- c:\program files\Codemasters
2009-07-07 20:29 . 2009-07-07 13:03 -------- d-----w- c:\program files\Common Files\Nero
2009-07-07 15:33 . 2009-02-11 15:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 13:50 . 2009-07-07 13:50 -------- d-----w- c:\program files\Windows Sidebar
2009-07-07 13:36 . 2009-07-07 13:36 -------- d-----w- c:\program files\Nero
2009-07-07 11:26 . 2009-07-07 11:22 -------- d-----w- c:\program files\fraps
2009-07-05 19:15 . 2009-07-05 19:15 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-05 19:01 . 2009-06-07 16:34 -------- d-----w- c:\program files\BlueMotion KM
2009-07-03 19:52 . 2009-07-03 19:52 -------- d-----w- c:\program files\MSXML 6.0
2009-07-03 16:59 . 2006-06-23 12:27 906240 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 19:58 . 2009-07-02 19:58 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-07-02 19:57 . 2009-02-20 12:34 -------- d-----w- c:\program files\Sony
2009-07-02 19:52 . 2009-07-02 19:52 -------- d-----w- c:\program files\Apple Software Update
2009-07-02 19:47 . 2009-02-20 12:10 -------- d-----w- c:\program files\Sony Setup
2009-06-23 12:50 . 2009-06-23 12:47 -------- d--h--w- c:\program files\InstallJammer Registry
2009-06-22 14:50 . 2009-06-22 14:47 -------- d-----w- c:\program files\TmNationsForever
2009-06-18 16:22 . 2009-06-18 16:22 39800 ----a-w- c:\windows\Fonts\Square 721 extended bt.ttf
2009-06-18 16:21 . 2009-06-18 16:20 32288 ----a-w- c:\windows\Fonts\GISMONDA.TTF
2009-06-17 08:29 . 2009-08-03 14:07 22060 ----a-w- c:\windows\Fonts\Loyal.ttf
2009-06-16 15:54 . 2009-07-05 17:27 446024 ----a-w- c:\windows\Fonts\Pointy Solid.ttf
2009-06-16 14:55 . 2001-10-25 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:06 . 2009-08-03 14:07 47852 ----a-w- c:\windows\Fonts\LaPointesRoad.ttf
2009-06-09 07:01 . 2009-07-28 12:20 591264 ----a-w- c:\windows\Fonts\RawStreetWall.ttf
2009-06-03 19:27 . 2005-08-30 04:06 1293312 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 11:53 . 2009-07-28 12:20 648736 ----a-w- c:\windows\Fonts\HawaiiLover.ttf
2009-05-17 09:41 . 2009-05-17 09:41 1107296 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 08:37 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vista Rainbar"="c:\program files\Vista Rainbar\Rainmeter.exe" [2006-01-21 118784]
"TransBar"="c:\documents and settings\Vlastník\Local Settings\Data aplikací\AKSoftware\TransBar\TransBar.exe" [2005-06-01 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-31 2000152]
"DrvIcon"="c:\program files\KM-Software\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe" [2008-07-07 45056]
"OFFICEKB"="c:\program files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2009-02-12 387584]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2003-08-15 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Vlastnˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 07:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"realteks"="c:\documents and settings\Vlastník\Data aplikací\Google\yifjx15914223.exe" 2
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\GarrysMod_StandAlone\\hl2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Counter-Strike Source\\srcds.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\pureskill2001\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pureskill2001\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pureskill2001\\team fortress 2\\hl2.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11.2.2009 18:59 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6.8.2009 13:27 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11.2.2009 18:59 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11.2.2009 18:59 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12.2.2009 18:02 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12.2.2009 18:02 297752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [15.3.2009 12:17 603904]
S2 gupdate1c9abc9dcbeb352;Služba Google Update (gupdate1c9abc9dcbeb352);c:\program files\Google\Update\GoogleUpdate.exe [23.3.2009 17:13 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [1.4.2009 16:35 13224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-08-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-05-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8234383953.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

2009-08-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 15:11]

2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 15:12]

2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 15:12]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Start WingMan Profiler - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.21.0.cab
FF - ProfilePath - c:\documents and settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\zc0wonvp.default\
FF - prefs.js: browser.startup.homepage - About:Blank
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 18:30
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(460)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-06 18:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-06 16:36

Před spuštěním: Volných bajtů: 58 976 014 336
Po spuštění: Volných bajtů: 58 879 012 864

266 --- E O F --- 2009-07-30 07:00

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\documents and settings\Vlastník\Data aplikací\Google\yifjx15914223.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe

Folder::
c:\program files\Webteh

Driver::
Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
Lavasoft Ad-Aware Service
AAWService

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"realteks"=-




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[cheas]

ComboFix 09-08-04.04 - Vlastník 06.08.2009 19:01.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.577 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vlastník\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Vlastník\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Vlastník\Data aplikací\Google\yifjx15914223.exe"
"c:\program files\Lavasoft\Ad-Aware\AAWService.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Webteh
c:\program files\Webteh\BSplayer\AC3 Filter\_changes_eng.txt
c:\program files\Webteh\BSplayer\AC3 Filter\_changes_rus.txt
c:\program files\Webteh\BSplayer\AC3 Filter\_readme.txt
c:\program files\Webteh\BSplayer\AC3 Filter\ac3config.exe
c:\program files\Webteh\BSplayer\AC3 Filter\ac3config.exe.manifest
c:\program files\Webteh\BSplayer\AC3 Filter\ac3filter.acm
c:\program files\Webteh\BSplayer\AC3 Filter\ac3filter.ax
c:\program files\Webteh\BSplayer\AC3 Filter\ac3filter.ax.manifest
c:\program files\Webteh\BSplayer\AC3 Filter\ac3filter_reg_presets.reg
c:\program files\Webteh\BSplayer\AC3 Filter\ac3filter_reg_renderers_win2k.reg
c:\program files\Webteh\BSplayer\AC3 Filter\ac3filter_reg_renderers_win9x.reg
c:\program files\Webteh\BSplayer\AC3 Filter\ac3filter_reg_reset.reg
c:\program files\Webteh\BSplayer\AC3 Filter\dialog_patch.exe
c:\program files\Webteh\BSplayer\AC3 Filter\doc\ac3filter_eng.pdf
c:\program files\Webteh\BSplayer\AC3 Filter\doc\ac3filter_rus.pdf
c:\program files\Webteh\BSplayer\AC3 Filter\doc\loudness_eng.pdf
c:\program files\Webteh\BSplayer\AC3 Filter\doc\loudness_rus.pdf
c:\program files\Webteh\BSplayer\AC3 Filter\doc\spdif_eng.pdf
c:\program files\Webteh\BSplayer\AC3 Filter\doc\spdif_rus.pdf
c:\program files\Webteh\BSplayer\AC3 Filter\GPL_eng.txt
c:\program files\Webteh\BSplayer\AC3 Filter\GPL_rus.txt
c:\program files\Webteh\BSplayer\AC3 Filter\iconv.dll
c:\program files\Webteh\BSplayer\AC3 Filter\lang\ac3filter.pot
c:\program files\Webteh\BSplayer\AC3 Filter\lang\fre.po
c:\program files\Webteh\BSplayer\AC3 Filter\lang\ger.po
c:\program files\Webteh\BSplayer\AC3 Filter\lang\hun.po
c:\program files\Webteh\BSplayer\AC3 Filter\lang\ind.po
c:\program files\Webteh\BSplayer\AC3 Filter\lang\ita.po
c:\program files\Webteh\BSplayer\AC3 Filter\lang\kor.po
c:\program files\Webteh\BSplayer\AC3 Filter\lang\pol.po
c:\program files\Webteh\BSplayer\AC3 Filter\lang\por.po
c:\program files\Webteh\BSplayer\AC3 Filter\lang\rus.po
c:\program files\Webteh\BSplayer\AC3 Filter\lang\slo.po
c:\program files\Webteh\BSplayer\AC3 Filter\lang\spa.po
c:\program files\Webteh\BSplayer\AC3 Filter\lang\zho.po
c:\program files\Webteh\BSplayer\AC3 Filter\uninstall.exe
c:\program files\Webteh\BSplayer\AC3 Filter\unreg.log
c:\program files\Webteh\BSplayer\bplay.exe
c:\program files\Webteh\BSplayer\bslib\bslib.dll
c:\program files\Webteh\BSplayer\bslib\BSPMLIB.DAT
c:\program files\Webteh\BSplayer\bslib\BSPMLIB2.DAT
c:\program files\Webteh\BSplayer\bslib\pcnt.dat
c:\program files\Webteh\BSplayer\bspcodecdl.exe
c:\program files\Webteh\BSplayer\bspfilters.sam
c:\program files\Webteh\BSplayer\bsplay.exe
c:\program files\Webteh\BSplayer\bsplayer.exe
c:\program files\Webteh\BSplayer\bsplayer.exe.manifest
c:\program files\Webteh\BSplayer\BSplayer.xml
c:\program files\Webteh\BSplayer\bsplist.bsl
c:\program files\Webteh\BSplayer\bsrendv2.dll
c:\program files\Webteh\BSplayer\doc\cmdline.txt
c:\program files\Webteh\BSplayer\doc\ini_files.html
c:\program files\Webteh\BSplayer\EQ.xml
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\andreas_78er.matrix.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\andreas_doppelte_99er.matrix.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\andreas_einfache_99er.matrix.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\Bulletproof's Heavy Compression Matrix.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\Bulletproof's High Quality Matrix.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\CG-Animation Matrix.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\eqm_autogk_sharp.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\eqm_avc_hr.cfg
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\eqm_v1.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\eqm_v3ehr.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\eqm_v3hr.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\eqm_v3lr.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\eqm_v3uhr_rev2.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\eqm_v3ulr_rev3.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\hvs-best-picture.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\hvs-better-picture.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\hvs-good-picture.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\Low Bitrate Matrix.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\MPEG.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\pvcd.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\q_matrix.cfg
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\q_matrix_def.cfg
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\q_matrix2.cfg
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\Soulhunters V3.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\Soulhunters V5.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\Standard.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\Ultimate Matrix.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\Ultra Low Bitrate Matrix.xcm
c:\program files\Webteh\BSplayer\FFDShow\custom matrices\Very Low Bitrate Matrix.xcm
c:\program files\Webteh\BSplayer\FFDShow\ff_kernelDeint.dll
c:\program files\Webteh\BSplayer\FFDShow\ff_liba52.dll
c:\program files\Webteh\BSplayer\FFDShow\ff_libdts.dll
c:\program files\Webteh\BSplayer\FFDShow\ff_libfaad2.dll
c:\program files\Webteh\BSplayer\FFDShow\ff_libmad.dll
c:\program files\Webteh\BSplayer\FFDShow\ff_realaac.dll
c:\program files\Webteh\BSplayer\FFDShow\ff_samplerate.dll
c:\program files\Webteh\BSplayer\FFDShow\ff_theora.dll
c:\program files\Webteh\BSplayer\FFDShow\ff_tremor.dll
c:\program files\Webteh\BSplayer\FFDShow\ff_unrar.dll
c:\program files\Webteh\BSplayer\FFDShow\ff_wmv9.dll
c:\program files\Webteh\BSplayer\FFDShow\ff_x264.dll
c:\program files\Webteh\BSplayer\FFDShow\ffdshow.ax
c:\program files\Webteh\BSplayer\FFDShow\ffdshow.ax.manifest
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1026.bg
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1028.tc
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1029.cz
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1031.de
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1033.en
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1034.es
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1035.fi
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1036.fr
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1038.hu
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1040.it
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1041.ja
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1041.jp
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1045.pl
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1046.br
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1049.ru
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1051.sk
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.1053.se
c:\program files\Webteh\BSplayer\FFDShow\languages\ffdshow.2052.sc
c:\program files\Webteh\BSplayer\FFDShow\libavcodec.dll
c:\program files\Webteh\BSplayer\FFDShow\libmpeg2_ff.dll
c:\program files\Webteh\BSplayer\FFDShow\libmplayer.dll
c:\program files\Webteh\BSplayer\FFDShow\msvcp71.dll
c:\program files\Webteh\BSplayer\FFDShow\msvcr71.dll
c:\program files\Webteh\BSplayer\FFDShow\openIE.js
c:\program files\Webteh\BSplayer\FFDShow\pthreadGC2.dll
c:\program files\Webteh\BSplayer\FFDShow\TomsMoComp_ff.dll
c:\program files\Webteh\BSplayer\FFDShow\unins000.dat
c:\program files\Webteh\BSplayer\FFDShow\unins000.exe
c:\program files\Webteh\BSplayer\FFDShow\unreg.log
c:\program files\Webteh\BSplayer\FFDShow\xvidcore.dll
c:\program files\Webteh\BSplayer\changes.txt
c:\program files\Webteh\BSplayer\insfiles\BSplayer.xml
c:\program files\Webteh\BSplayer\insfiles\BSPMLIB.DAT
c:\program files\Webteh\BSplayer\insfiles\BSPMLIB2.DAT
c:\program files\Webteh\BSplayer\insfiles\EQ.xml
c:\program files\Webteh\BSplayer\lang\Arabic.lng
c:\program files\Webteh\BSplayer\lang\Arabic2.lng
c:\program files\Webteh\BSplayer\lang\Belarusian.lng
c:\program files\Webteh\BSplayer\lang\Bosnian.lng
c:\program files\Webteh\BSplayer\lang\Breton.lng
c:\program files\Webteh\BSplayer\lang\Bulgarian.lng
c:\program files\Webteh\BSplayer\lang\Catalan.lng
c:\program files\Webteh\BSplayer\lang\Croatian.lng
c:\program files\Webteh\BSplayer\lang\Czech.lng
c:\program files\Webteh\BSplayer\lang\Danish.lng
c:\program files\Webteh\BSplayer\lang\Dutch.lng
c:\program files\Webteh\BSplayer\lang\English.lng
c:\program files\Webteh\BSplayer\lang\Esperanto.lng
c:\program files\Webteh\BSplayer\lang\Estonian.lng
c:\program files\Webteh\BSplayer\lang\Finnish.lng
c:\program files\Webteh\BSplayer\lang\French.lng
c:\program files\Webteh\BSplayer\lang\Galician.lng
c:\program files\Webteh\BSplayer\lang\German.lng
c:\program files\Webteh\BSplayer\lang\Greek.lng
c:\program files\Webteh\BSplayer\lang\Hebrew.lng
c:\program files\Webteh\BSplayer\lang\Hungarian.lng
c:\program files\Webteh\BSplayer\lang\Chinese_Simplified.lng
c:\program files\Webteh\BSplayer\lang\Chinese_Traditional.lng
c:\program files\Webteh\BSplayer\lang\Italian.lng
c:\program files\Webteh\BSplayer\lang\lang_changes.txt
c:\program files\Webteh\BSplayer\lang\Latvian.lng
c:\program files\Webteh\BSplayer\lang\Lithuanian.lng
c:\program files\Webteh\BSplayer\lang\Macedonian.lng
c:\program files\Webteh\BSplayer\lang\Norwegian.lng
c:\program files\Webteh\BSplayer\lang\Polish.lng
c:\program files\Webteh\BSplayer\lang\Portuguese.lng
c:\program files\Webteh\BSplayer\lang\Portuguese_Brazilian.lng
c:\program files\Webteh\BSplayer\lang\Romanian.lng
c:\program files\Webteh\BSplayer\lang\Russian.lng
c:\program files\Webteh\BSplayer\lang\Serbian (Cyrillic).lng
c:\program files\Webteh\BSplayer\lang\Serbian (Latin).lng
c:\program files\Webteh\BSplayer\lang\Slovak.lng
c:\program files\Webteh\BSplayer\lang\Slovenian.lng
c:\program files\Webteh\BSplayer\lang\Spanish.lng
c:\program files\Webteh\BSplayer\lang\Swedish.lng
c:\program files\Webteh\BSplayer\lang\Turkish.lng
c:\program files\Webteh\BSplayer\lang\Ukrainian.lng
c:\program files\Webteh\BSplayer\lang\Uzbek.lng
c:\program files\Webteh\BSplayer\lang\Valenciŕ.lng
c:\program files\Webteh\BSplayer\Media\Umek - Posing As Me clip.mp3
c:\program files\Webteh\BSplayer\mmkeybsupp.dll
c:\program files\Webteh\BSplayer\MPEG2 decoder\Mpeg2DecFilter.ax
c:\program files\Webteh\BSplayer\MPEG2 decoder\unreg.log
c:\program files\Webteh\BSplayer\plugins\oldskin.dll
c:\program files\Webteh\BSplayer\sdk\bsp.h
c:\program files\Webteh\BSplayer\sdk\bsp.pas
c:\program files\Webteh\BSplayer\sdk\plugins\bspplg.h
c:\program files\Webteh\BSplayer\sdk\plugins\bspplg.pas
c:\program files\Webteh\BSplayer\sdk\plugins\C\Sample\sample_plugin.def
c:\program files\Webteh\BSplayer\sdk\plugins\C\Sample\sample_plugin.dsp
c:\program files\Webteh\BSplayer\sdk\plugins\C\Sample\sample_plugin.dsw
c:\program files\Webteh\BSplayer\sdk\plugins\C\Sample\sampleplugin.c
c:\program files\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_sub.c
c:\program files\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_sub.def
c:\program files\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_subtitles.dsp
c:\program files\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_subtitles.dsw
c:\program files\Webteh\BSplayer\sdk\plugins\Delphi\sample\sample_plugin.dpr
c:\program files\Webteh\BSplayer\sdk\plugins\Delphi\sample_subtitles\sample_sub.dpr
c:\program files\Webteh\BSplayer\Skins\Base\actaspbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\actsubbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\actsubpbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\actvolbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b1n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b1u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b3a.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b3d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b3n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b3u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b4a.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b4d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b4n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b4u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b5a.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b5d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b5n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b5u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b6n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b7n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b8.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b8n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\balbtnn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btn_dn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btn_ln.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btn_rn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btn_un.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btncolorn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btngrp1bg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btnmenun.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btnmenuu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\eq.ini
c:\program files\Webteh\BSplayer\Skins\Base\eqbtn1a.bmp
c:\program files\Webteh\BSplayer\Skins\Base\eqbtn1n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\eqbtn2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\eqbtn2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\eqbtnn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\eqmain.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn1n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn1u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn3n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn3u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn4n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn4u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exaudioa.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exaudion.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exaudiou.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn1n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn1u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn3n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn3u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn4n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn4u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdvda.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdvdn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdvdu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exitn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exitu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exradioa.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exradion.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exradiou.bmp
c:\program files\Webteh\BSplayer\Skins\Base\extbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\extva.bmp
c:\program files\Webteh\BSplayer\Skins\Base\extvn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\extvu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn1a.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn1n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn3n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn3u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn4n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn4u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn5n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn5u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn6n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn6u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn7n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn7u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn8n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn8u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvideoa.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvideon.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvideou.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsactbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb1d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb1n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb1u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb2d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb3d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb3n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb3u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb4d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb4n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb4u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb5d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb5n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb5u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsmain.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsn.BMP
c:\program files\Webteh\BSplayer\Skins\Base\fsnextd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsnextn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsnextu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsopend.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsopenn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsopenu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fspaused.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fspausen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fspauseu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsplayd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsplayn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsplayu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsprevd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsprevn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsprevu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsseek.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsseeku.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsstopd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsstopn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsstopu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\grp2.bmp
c:\program files\Webteh\BSplayer\Skins\Base\main.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\arr2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\arr2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\arrn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\arru.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\audiosec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\audiosec_big.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\bgmedia.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\bottomsec.ini
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnaddn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnaddpln.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnclosed.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnclosen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btncloseu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnmaxd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnmaxn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnmaxu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnmind.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnminn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnminu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnnextd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnnextn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnnextu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnpaused.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnpausen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnpauseu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnplayd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnplayn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnplayu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnprevd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnprevn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnprevu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrefresha.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrefreshn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrepa.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrepn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrestd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrestn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrestu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnshufa.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnshufn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\busy.mng
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ctrlsimg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\dvdsec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\dvdsec_big.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\edb.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ede.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\img_bar1.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ltbm.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\main.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\media_tv_sep_top.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_adddn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_adddu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_addfln.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_addflu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_addfn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_addfu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_addln.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_addlu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_pausen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_pauseu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_playn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_playu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_refrn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_refru.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_video_defaultbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\othersec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\pic_place.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\podsec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\podsec_big.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\radiosec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\radiosec_big.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\searchbtn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\seek.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\seekbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\seekbtnd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\seekbtnn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\seekbtnu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\skin.ini
c:\program files\Webteh\BSplayer\Skins\Base\medialib\thumbaudio.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\thumbbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\thumbbga.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\tvsec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\tvsec_big.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\videosec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\videosec_big.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\volume.bmp
c:\program files\Webteh\BSplayer\Skins\Base\minimizen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\minimizeu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\mutea.bmp
c:\program files\Webteh\BSplayer\Skins\Base\muted.bmp
c:\program files\Webteh\BSplayer\Skins\Base\muten.bmp
c:\program files\Webteh\BSplayer\Skins\Base\muteu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\nextd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\nextn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\nextu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\opend.bmp
c:\program files\Webteh\BSplayer\Skins\Base\openn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\openu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\paused.bmp
c:\program files\Webteh\BSplayer\Skins\Base\pausen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\pauseu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\playd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\playn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\playu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\plist.ini
c:\program files\Webteh\BSplayer\Skins\Base\prevd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\prevn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\prevu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\rgn.dat
c:\program files\Webteh\BSplayer\Skins\Base\rgnfs.dat
c:\program files\Webteh\BSplayer\Skins\Base\seek.bmp
c:\program files\Webteh\BSplayer\Skins\Base\seeku.bmp
c:\program files\Webteh\BSplayer\Skins\Base\skin.ini
c:\program files\Webteh\BSplayer\Skins\Base\skinfs.ini
c:\program files\Webteh\BSplayer\Skins\Base\sm_closed.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_closen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_closeu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_maxd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_maxn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_maxu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_mind.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_minn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_minu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\smenud.bmp
c:\program files\Webteh\BSplayer\Skins\Base\smenun.bmp
c:\program files\Webteh\BSplayer\Skins\Base\smenuu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\stopd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\stopn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\stopu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\voldd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\voldn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\voldu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\volud.bmp
c:\program files\Webteh\BSplayer\Skins\Base\volume.bmp
c:\program files\Webteh\BSplayer\Skins\Base\volun.bmp
c:\program files\Webteh\BSplayer\Skins\Base\voluu.bmp
c:\program files\Webteh\BSplayer\Skins\Bat lite.bsz
c:\program files\Webteh\BSplayer\Skins\BSplayer.v1.bsz
c:\program files\Webteh\BSplayer\Skins\mediaBOX v-1.bsz
c:\program files\Webteh\BSplayer\Skins\MediaBOX V-2.bsz
c:\program files\Webteh\BSplayer\uninstall.EXE

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LAVASOFT_AD-AWARE_SERVICE
-------\Service_Lavasoft Ad-Aware Service


((((((((((((((((((((((((( Soubory vytvořené od 2009-07-06 do 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 15:43 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 15:43 . 2009-08-06 15:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 15:43 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-06 15:15 . 2009-08-06 15:15 -------- d-----w- c:\program files\Trend Micro
2009-08-06 12:01 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 11:38 . 2009-08-06 11:38 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-08-06 11:27 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-06 11:21 . 2009-08-06 11:21 -------- d-----w- c:\program files\Lavasoft
2009-08-04 10:31 . 2009-08-04 10:31 -------- d-----w- c:\program files\Zeallsoft
2009-08-04 08:31 . 2009-08-04 08:32 -------- d-----w- c:\program files\nCube
2009-08-04 08:04 . 2009-08-04 08:04 66063 ----a-w- c:\windows\BricoPackUninst.cmd
2009-08-04 08:02 . 2009-08-04 08:04 5470 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-08-04 08:01 . 2009-08-04 08:01 -------- d-----w- c:\windows\BricoPacks
2009-08-04 06:47 . 2009-08-04 06:47 -------- d-----w- c:\program files\Stardock
2009-08-03 19:14 . 2009-08-04 09:09 -------- d-----w- c:\program files\Vista Rainbar
2009-07-29 12:46 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 12:46 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 18:54 . 2009-07-28 18:54 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-28 18:53 . 2009-07-28 18:54 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-28 18:53 . 2009-07-28 18:53 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-28 18:53 . 2009-07-28 18:53 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-22 19:08 . 2009-07-22 19:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-16 14:12 . 2009-07-16 14:12 2322304 ----a-w- c:\windows\system32\TUKernel.exe
2009-07-13 19:58 . 2008-12-05 02:21 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-07-13 19:58 . 2008-12-05 02:21 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-07-13 19:57 . 2009-07-13 19:57 -------- d-----w- c:\program files\Xilisoft
2009-07-13 19:56 . 2009-07-13 19:57 -------- d-----w- c:\program files\everest
2009-07-09 19:12 . 2009-07-09 19:12 -------- d-----w- c:\program files\EA Sports
2009-07-09 18:40 . 2009-07-09 18:40 -------- d-----w- c:\program files\Electronic Arts
2009-07-07 20:31 . 2005-04-20 11:32 2916352 ------w- c:\windows\UNNMP.exe
2009-07-07 20:24 . 2005-07-29 15:12 2977792 ------w- c:\windows\UNNeroVision.exe
2009-07-07 20:24 . 2001-03-08 16:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-07-07 20:23 . 2009-07-07 20:31 -------- d-----w- c:\program files\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 16:14 . 2009-08-06 16:14 312 ----a-w- c:\program files\zmkl.txt
2009-08-06 14:40 . 2009-04-10 12:14 -------- d-----w- c:\program files\Steam
2009-08-05 19:30 . 2009-05-24 10:01 -------- d-----w- c:\program files\epsxe152
2009-08-04 07:00 . 2009-02-12 16:39 -------- d-----w- c:\program files\Winamp
2009-07-31 07:19 . 2009-02-11 16:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 07:19 . 2009-02-11 16:59 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 07:19 . 2009-02-11 16:59 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-28 19:04 . 2009-03-12 15:04 -------- d-----w- c:\program files\EA GAMES
2009-07-21 05:09 . 2009-08-03 14:07 192184 ----a-w- c:\windows\Fonts\dirt2 soulstalker.ttf
2009-07-18 17:54 . 2009-04-01 14:35 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-07-18 17:54 . 2009-04-01 14:35 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-07-18 12:59 . 2009-02-16 12:31 -------- d-----w- c:\program files\GarrysMod_StandAlone
2009-07-17 10:22 . 2009-02-22 19:45 -------- d-----w- c:\program files\Ship Simulator 2006 Gold Edition
2009-07-16 16:19 . 2009-02-22 17:24 -------- d-----w- c:\program files\Hamachi
2009-07-16 16:19 . 2009-02-22 16:49 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-13 14:19 . 2009-02-11 18:39 -------- d-----w- c:\program files\Sony Ericsson
2009-07-12 13:10 . 2009-02-12 16:47 -------- d-----w- c:\program files\Any Video Converter
2009-07-08 19:44 . 2009-03-29 10:16 -------- d-----w- c:\program files\Codemasters
2009-07-07 20:29 . 2009-07-07 13:03 -------- d-----w- c:\program files\Common Files\Nero
2009-07-07 15:33 . 2009-02-11 15:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 13:50 . 2009-07-07 13:50 -------- d-----w- c:\program files\Windows Sidebar
2009-07-07 13:36 . 2009-07-07 13:36 -------- d-----w- c:\program files\Nero
2009-07-07 11:26 . 2009-07-07 11:22 -------- d-----w- c:\program files\fraps
2009-07-05 19:15 . 2009-07-05 19:15 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-05 19:01 . 2009-06-07 16:34 -------- d-----w- c:\program files\BlueMotion KM
2009-07-03 19:52 . 2009-07-03 19:52 -------- d-----w- c:\program files\MSXML 6.0
2009-07-03 16:59 . 2006-06-23 12:27 906240 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 19:58 . 2009-07-02 19:58 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-07-02 19:57 . 2009-02-20 12:34 -------- d-----w- c:\program files\Sony
2009-07-02 19:52 . 2009-07-02 19:52 -------- d-----w- c:\program files\Apple Software Update
2009-07-02 19:47 . 2009-02-20 12:10 -------- d-----w- c:\program files\Sony Setup
2009-06-23 12:50 . 2009-06-23 12:47 -------- d--h--w- c:\program files\InstallJammer Registry
2009-06-22 14:50 . 2009-06-22 14:47 -------- d-----w- c:\program files\TmNationsForever
2009-06-18 16:22 . 2009-06-18 16:22 39800 ----a-w- c:\windows\Fonts\Square 721 extended bt.ttf
2009-06-18 16:21 . 2009-06-18 16:20 32288 ----a-w- c:\windows\Fonts\GISMONDA.TTF
2009-06-17 08:29 . 2009-08-03 14:07 22060 ----a-w- c:\windows\Fonts\Loyal.ttf
2009-06-16 15:54 . 2009-07-05 17:27 446024 ----a-w- c:\windows\Fonts\Pointy Solid.ttf
2009-06-16 14:55 . 2001-10-25 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:06 . 2009-08-03 14:07 47852 ----a-w- c:\windows\Fonts\LaPointesRoad.ttf
2009-06-09 07:01 . 2009-07-28 12:20 591264 ----a-w- c:\windows\Fonts\RawStreetWall.ttf
2009-06-03 19:27 . 2005-08-30 04:06 1293312 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 11:53 . 2009-07-28 12:20 648736 ----a-w- c:\windows\Fonts\HawaiiLover.ttf
2009-05-17 09:41 . 2009-05-17 09:41 1107296 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 08:37 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vista Rainbar"="c:\program files\Vista Rainbar\Rainmeter.exe" [2006-01-21 118784]
"TransBar"="c:\documents and settings\Vlastník\Local Settings\Data aplikací\AKSoftware\TransBar\TransBar.exe" [2005-06-01 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-31 2000152]
"DrvIcon"="c:\program files\KM-Software\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe" [2008-07-07 45056]
"OFFICEKB"="c:\program files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2009-02-12 387584]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2003-08-15 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Vlastnˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 07:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\GarrysMod_StandAlone\\hl2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Counter-Strike Source\\srcds.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\pureskill2001\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pureskill2001\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pureskill2001\\team fortress 2\\hl2.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11.2.2009 18:59 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6.8.2009 13:27 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11.2.2009 18:59 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11.2.2009 18:59 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12.2.2009 18:02 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12.2.2009 18:02 297752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [15.3.2009 12:17 603904]
S2 gupdate1c9abc9dcbeb352;Služba Google Update (gupdate1c9abc9dcbeb352);c:\program files\Google\Update\GoogleUpdate.exe [23.3.2009 17:13 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [1.4.2009 16:35 13224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-08-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-05-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8234383953.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

2009-08-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 15:11]

2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 15:12]

2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 15:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.21.0.cab
FF - ProfilePath - c:\documents and settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\zc0wonvp.default\
FF - prefs.js: browser.startup.homepage - About:Blank
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 19:11
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(520)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-06 19:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-06 17:18

Před spuštěním: Volných bajtů: 58 893 484 032
Po spuštění: Volných bajtů: 58 846 433 280

727 --- E O F --- 2009-07-30 07:00




========================
Pc má teď o dost rychlejší start a neseká se tolik ze začátku... i když ramka je zaplněná dost (488mb)... asi to budu řešit další gigovkou...
A opera mi při startu dokonce už nehlásí chybovou hlášku...
Díky moc za tvůj čas... nevím jak ti poděkovat, jediné co mě napadá je že mám kredit na czshare a je mi k ničemu (25gb-při převodu se odečte 30% takže by jsi dostal 17,5gb) Tak pokuď máš zájem tak mě kdyžtak kontaktuj přes PM