Dobrý den, když chci vypnout pc tak normálně se pomalu vypíná pak monitor jako by byl pc vypnutý, ale pc pořád běží, to semé i u restart.
a tady je log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Zuben at 2010-01-06 21:10:15
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (4%) free of 80 GB
Total RAM: 3070 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:27, on 6.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\xampp\apache\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\xampp\FileZillaFTP\FileZilla server.exe
C:\Program Files\GameTracker\GSInGameService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\xampp\xampp_service_mercury.exe
C:\xampp\MercuryMail\mercury.exe
C:\Program Files\QIP Infium\infium.exe
C:\xampp\mysql\bin\mysqld.exe
c:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zuben\Plocha\RSIT.exe
C:\Program Files\trend micro\Zuben.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaparit.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Zuben\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Zuben\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Data aplikací\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C69E2D89-FBF7-4F7F-8849-39C6DFCEEA4A}: NameServer = 216.146.35.35,216.146.36.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O20 - Winlogon Notify: winmty32 - C:\WINDOWS\SYSTEM32\winmty32.dll
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: FileZilla Server - FileZilla Project - C:\xampp\FileZillaFTP\FileZilla server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mercury - Apache Friends - C:\xampp\xampp_service_mercury.exe
O23 - Service: MySQL - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: MySQL5 - Unknown owner - c:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 10278 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll [2005-04-22 328275]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-01-01 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Zuben\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-10-05 150768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccec60fc-2608-4e58-9659-3ffc159e8ea9}]
SHOUTcast Loader - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll [2008-09-17 1275176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll [2005-04-22 328275]
{0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - SHOUTcast Radio Toolbar - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll [2008-09-17 1275176]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-25 98304]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"NBKeyScan"=C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe [2008-12-05 2254120]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-01 198160]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
DynDNS Updater Tray Icon.lnk - C:\Program Files\DynDNS Updater\DynTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-23 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmty32]
C:\WINDOWS\system32\winmty32.dll [2009-12-15 37888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe"="C:\Program Files\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe:LocalSubNet:Enabled:XNA Game Studio 3.0 Transport"
"C:\Program Files\Microsoft XNA\XNA Game Studio\v3.0\Bin\XnaLiveProxy.exe"="C:\Program Files\Microsoft XNA\XNA Game Studio\v3.0\Bin\XnaLiveProxy.exe:LocalSubNet:Enabled:XNA Framework Games for Windows - LIVE"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28736e26-f18c-11de-a160-001d7d9758d4}]
shell\AutoRun\command - G:\Launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9ce7f4b-c701-11de-a106-001d7d9758d4}]
shell\AutoRun\command - D:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9ce7f4c-c701-11de-a106-001d7d9758d4}]
shell\AutoRun\command - G:\svchost.exe
======List of files/folders created in the last 1 months======
2010-01-06 21:10:16 ----D---- C:\Program Files\trend micro
2010-01-06 21:10:15 ----D---- C:\rsit
2010-01-06 19:17:15 ----D---- C:\Program Files\Counter-Strike Source
2010-01-03 17:26:13 ----D---- C:\AoC
2010-01-02 03:22:29 ----D---- C:\Program Files\IIS
2010-01-02 02:44:25 ----D---- C:\Program Files\Microsoft ASP.NET
2010-01-02 02:43:54 ----D---- C:\Inetpub
2010-01-02 02:33:28 ----D---- C:\Program Files\Microsoft
2010-01-01 22:16:34 ----D---- C:\Program Files\Microsoft Help
2010-01-01 22:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958655-v2$
2010-01-01 22:08:00 ----D---- C:\WINDOWS\symbols
2010-01-01 22:07:56 ----D---- C:\Program Files\Microsoft Visual Studio 10.0
2010-01-01 14:52:54 ----D---- C:\Program Files\Common Files\INCA Shared
2010-01-01 02:13:20 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-01-01 02:13:15 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-01-01 02:13:15 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-01-01 02:13:13 ----D---- C:\Program Files\Common Files\xing shared
2010-01-01 02:12:59 ----D---- C:\Program Files\Real
2010-01-01 02:12:59 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-01-01 02:12:58 ----D---- C:\Program Files\Common Files\Real
2010-01-01 02:12:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-01-01 02:12:56 ----D---- C:\Documents and Settings\Zuben\Data aplikací\Real
2009-12-31 23:56:43 ----D---- C:\Program Files\DynDNS Updater
2009-12-31 23:56:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\DynDNS
2009-12-31 21:37:16 ----D---- C:\Documents and Settings\Zuben\Data aplikací\TeamViewer
2009-12-31 16:34:15 ----D---- C:\Program Files\PFConfig
2009-12-31 01:51:45 ----D---- C:\Program Files\Adobe Media Player
2009-12-31 01:49:46 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-12-30 18:31:50 ----D---- C:\Program Files\LogMeIn Hamachi
2009-12-30 16:29:56 ----D---- C:\Program Files\AVTJet Studio
2009-12-29 14:02:44 ----D---- C:\Games
2009-12-29 00:25:52 ----D---- C:\Documents and Settings\Zuben\Data aplikací\Vivox
2009-12-28 20:12:28 ----D---- C:\Program Files\Firefly Studios
2009-12-28 02:32:32 ----D---- C:\Documents and Settings\Zuben\Data aplikací\Apple Computer
2009-12-28 01:51:42 ----D---- C:\Program Files\cestinarstvi
2009-12-28 01:49:18 ----D---- C:\Program Files\QuickTime
2009-12-28 01:49:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2009-12-28 01:48:59 ----D---- C:\Program Files\Common Files\Apple
2009-12-28 01:48:49 ----D---- C:\Program Files\Apple Software Update
2009-12-28 01:48:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2009-12-28 01:29:06 ----D---- C:\Program Files\WinDjView
2009-12-27 21:49:50 ----D---- C:\Documents and Settings\Zuben\Data aplikací\BorWare
2009-12-27 21:35:32 ----A---- C:\WINDOWS\ODBC.INI
2009-12-27 21:35:18 ----D---- C:\Program Files\OpenType Tools
2009-12-27 15:33:57 ----D---- C:\Documents and Settings\Zuben\Data aplikací\Dev-Cpp
2009-12-27 15:33:37 ----D---- C:\Dev-Cpp
2009-12-27 14:27:24 ----D---- C:\Dokumenty
2009-12-25 20:31:55 ----D---- C:\Program Files\Zaparit
2009-12-25 13:15:18 ----D---- C:\WINDOWS\Left 4 Dead
2009-12-25 13:15:18 ----D---- C:\Program Files\Left 4 Dead
2009-12-25 13:15:08 ----A---- C:\WINDOWS\Left 4 Dead Setup Log.txt
2009-12-24 21:03:19 ----D---- C:\Documents and Settings\Zuben\Data aplikací\Nero
2009-12-24 18:18:02 ----D---- C:\Program Files\Nero
2009-12-24 18:17:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2009-12-24 18:17:53 ----D---- C:\Program Files\Common Files\Nero
2009-12-20 23:19:22 ----D---- C:\Program Files\Common Files\DivX Shared
2009-12-20 23:19:21 ----D---- C:\Program Files\DivX
2009-12-18 22:59:24 ----D---- C:\Program Files\DAEMON Tools Pro
2009-12-18 22:54:16 ----D---- C:\Program Files\Garena
2009-12-17 18:29:08 ----D---- C:\Nexon
2009-12-17 18:29:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\NexonEU
2009-12-15 20:35:25 ----A---- C:\WINDOWS\system32\winmty32.dll
2009-12-15 20:29:46 ----A---- C:\WINDOWS\system32\winlyv32.dll
2009-12-15 20:29:35 ----A---- C:\WINDOWS\system32\winqwl32.dll
2009-12-15 20:29:30 ----A---- C:\WINDOWS\system32\winlob32.dll
2009-12-15 20:29:03 ----D---- C:\Program Files\DVR-Compress
2009-12-15 20:29:03 ----D---- C:\Documents and Settings\Zuben\Data aplikací\Haenlein-Software
2009-12-15 20:29:00 ----D---- C:\Program Files\DVR-Studio Pro 2
2009-12-15 17:10:05 ----A---- C:\WINDOWS\game.ini
2009-12-09 20:31:40 ----D---- C:\Documents and Settings\Zuben\Data aplikací\Nvu
2009-12-09 20:31:34 ----D---- C:\Program Files\Nvu
2009-12-09 17:02:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Pro
2009-12-07 18:51:12 ----D---- C:\Documents and Settings\Zuben\Data aplikací\Ashampoo
2009-12-07 18:50:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\ashampoo
2009-12-07 18:50:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\page
2009-12-07 18:50:31 ----D---- C:\Program Files\Ashampoo
======List of files/folders modified in the last 1 months======
2010-01-06 21:10:16 ----RD---- C:\Program Files
2010-01-06 21:07:08 ----D---- C:\WINDOWS
2010-01-06 20:15:00 ----D---- C:\WINDOWS\Temp
2010-01-06 20:15:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-06 20:09:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 19:30:44 ----D---- C:\WINDOWS\system32\config
2010-01-06 19:04:03 ----D---- C:\Program Files\Flock
2010-01-04 17:29:27 ----D---- C:\Documents and Settings\Zuben\Data aplikací\Skype
2010-01-04 16:34:32 ----D---- C:\WINDOWS\system32\drivers
2010-01-04 16:08:15 ----D---- C:\Documents and Settings\Zuben\Data aplikací\skypePM
2010-01-02 23:14:03 ----D---- C:\Documents and Settings\Zuben\Data aplikací\uTorrent
2010-01-02 03:50:28 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-02 03:50:25 ----RSD---- C:\WINDOWS\assembly
2010-01-02 03:22:47 ----SHD---- C:\WINDOWS\Installer
2010-01-02 02:46:13 ----D---- C:\WINDOWS\system32
2010-01-02 02:43:54 ----D---- C:\WINDOWS\system32\inetsrv
2010-01-02 02:43:15 ----SD---- C:\Documents and Settings\Zuben\Data aplikací\Microsoft
2010-01-01 22:28:19 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-01 22:16:07 ----HD---- C:\WINDOWS\inf
2010-01-01 22:13:34 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-01 22:11:49 ----A---- C:\WINDOWS\imsins.BAK
2010-01-01 22:11:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-01 22:11:28 ----D---- C:\WINDOWS\Prefetch
2010-01-01 22:11:02 ----D---- C:\WINDOWS\WinSxS
2010-01-01 22:08:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-01 22:07:57 ----D---- C:\Program Files\MSBuild
2010-01-01 21:21:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-01 21:12:17 ----D---- C:\WINDOWS\system32\en-US
2010-01-01 21:11:50 ----D---- C:\Program Files\Microsoft.NET
2010-01-01 14:52:54 ----D---- C:\Program Files\Common Files
2010-01-01 02:41:08 ----D---- C:\Program Files\Mozilla Firefox
2009-12-31 02:01:17 ----D---- C:\Documents and Settings\Zuben\Data aplikací\Adobe
2009-12-31 01:54:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-12-31 01:54:07 ----D---- C:\Program Files\Adobe
2009-12-31 01:53:46 ----D---- C:\Program Files\Common Files\Adobe
2009-12-31 01:51:15 ----RSD---- C:\WINDOWS\Fonts
2009-12-30 20:58:34 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-30 20:50:12 ----D---- C:\Program Files\Sony Ericsson
2009-12-30 18:31:43 ----D---- C:\Documents and Settings\Zuben\Data aplikací\Hamachi
2009-12-29 13:51:36 ----D---- C:\FreeRapid-0.82
2009-12-28 20:18:38 ----D---- C:\Downloads
2009-12-28 03:02:23 ----A---- C:\Documents and Settings\Zuben\Data aplikací\MPQEditor.ini
2009-12-28 01:48:51 ----SD---- C:\WINDOWS\Tasks
2009-12-28 01:17:18 ----D---- C:\Program Files\Google
2009-12-27 21:46:29 ----D---- C:\Program Files\Internet Explorer
2009-12-24 21:21:30 ----D---- C:\Fraps
2009-12-24 20:49:30 ----D---- C:\Documents and Settings\Zuben\Data aplikací\exe
2009-12-24 18:23:09 ----D---- C:\programs
2009-12-22 22:37:54 ----D---- C:\Program Files\Apophysis 2.0
2009-12-19 01:29:40 ----D---- C:\Mangos
2009-12-14 19:09:19 ----D---- C:\Program Files\Activision
2009-12-14 19:08:27 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-14 19:08:04 ----D---- C:\Documents and Settings\Zuben\Data aplikací\DAEMON Tools Pro
2009-12-07 19:40:16 ----D---- C:\totalcmd
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-23 4481024]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-14 4429312]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-05-04 46720]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-05-04 19968]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 aarr82v5;aarr82v5; C:\WINDOWS\system32\drivers\aarr82v5.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Zuben\LOCALS~1\Temp\MWA85C.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-04-06 25512]
S3 hipeer20;Remobo Instant Private Network; C:\WINDOWS\system32\DRIVERS\remobo32.sys [2009-04-22 26112]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2.2;Apache2.2; c:\xampp\apache\bin\httpd.exe [2009-08-06 24640]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-23 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 DynDNS Updater;DynDNS Updater; C:\Program Files\DynDNS Updater\DynUpSvc.exe [2009-09-28 99704]
R2 FileZilla Server;FileZilla Server; C:\xampp\FileZillaFTP\FileZilla server.exe [2009-08-06 691200]
R2 GS In-Game Service;GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [2009-09-17 1636192]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Mercury;Mercury; C:\xampp\xampp_service_mercury.exe [2009-08-06 73728]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 MySQL;MySQL; C:\xampp\mysql\bin\mysqld.exe [2009-08-06 5497856]
R2 MySQL5;MySQL5; c:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=c:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL5 []
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [2008-12-05 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-14 75064]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-25 593920]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [2009-10-07 129856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-31 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe [2009-10-07 35144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-31 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MsDepSvc;Web Deployment Agent Service; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2009-09-09 55176]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-11-12 3403420]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [2009-10-07 752984]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe [2009-10-07 124224]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu LOGU + menší problém
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Prosím o kontrolu LOGU + menší problém
Po každé pomoci přispěji sms zprávou za 9Kč
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu LOGU + menší problém
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu LOGU + menší problém
ComboFix 10-01-04.01 - Zuben 06.01.2010 21:43:22.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3070.2339 [GMT 1:00]
Spuštěný z: c:\documents and settings\Zuben\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100106-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-06 20:10 . 2010-01-06 20:10 -------- d-----w- c:\program files\trend micro
2010-01-06 20:10 . 2010-01-06 20:10 -------- d-----w- C:\rsit
2010-01-06 18:17 . 2010-01-06 19:05 -------- d-----w- c:\program files\Counter-Strike Source
2010-01-03 16:26 . 2010-01-03 16:27 -------- d-----w- C:\AoC
2010-01-02 02:22 . 2010-01-02 02:22 -------- d-----w- c:\program files\IIS
2010-01-02 01:44 . 2010-01-02 01:44 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-01-02 01:43 . 2010-01-02 01:43 -------- d-----w- C:\Inetpub
2010-01-02 01:33 . 2010-01-02 01:33 -------- d-----w- c:\program files\Microsoft
2010-01-01 21:16 . 2010-01-01 21:16 -------- d-----w- c:\program files\Microsoft Help
2010-01-01 21:08 . 2010-01-01 21:08 -------- d-----w- c:\windows\symbols
2010-01-01 21:07 . 2010-01-01 21:08 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-01-01 13:54 . 2005-01-03 06:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-01-01 13:52 . 2010-01-01 13:52 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-01-01 01:13 . 2010-01-01 01:13 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-01 01:12 . 2010-01-01 01:12 -------- d-----w- c:\program files\Real
2010-01-01 01:12 . 2010-01-01 01:13 -------- d-----w- c:\program files\Common Files\Real
2009-12-31 22:56 . 2009-12-31 22:56 -------- d-----w- c:\program files\DynDNS Updater
2009-12-31 19:23 . 2009-12-31 19:23 -------- d-----w- c:\documents and settings\Zuben\ScriptDev2
2009-12-31 18:52 . 2009-12-31 19:03 -------- d-----w- c:\documents and settings\Zuben\mangos6
2009-12-31 18:18 . 2009-12-31 18:30 -------- d-----w- c:\documents and settings\Zuben\playerbot
2009-12-31 15:34 . 2009-12-31 15:39 -------- d-----w- c:\program files\PFConfig
2009-12-31 00:51 . 2009-12-31 00:51 -------- d-----w- c:\program files\Adobe Media Player
2009-12-31 00:49 . 2009-12-31 00:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-30 17:31 . 2009-12-30 17:31 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-30 15:29 . 2009-12-31 14:44 -------- d-----w- c:\program files\AVTJet Studio
2009-12-29 13:02 . 2009-12-30 15:20 -------- d-----w- C:\Games
2009-12-28 19:12 . 2009-12-30 19:58 -------- d-----w- c:\program files\Firefly Studios
2009-12-28 00:51 . 2009-12-28 00:51 -------- d-----w- c:\program files\cestinarstvi
2009-12-28 00:49 . 2009-12-28 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-28 00:48 . 2009-12-28 00:48 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 00:48 . 2009-12-28 00:48 -------- d-----w- c:\program files\Apple Software Update
2009-12-28 00:29 . 2009-12-28 00:29 -------- d-----w- c:\program files\WinDjView
2009-12-27 20:35 . 2009-12-27 20:35 -------- d-----w- c:\program files\OpenType Tools
2009-12-27 14:33 . 2009-12-27 14:53 -------- d-----w- C:\Dev-Cpp
2009-12-27 13:27 . 2009-12-27 13:27 -------- d-----w- C:\Dokumenty
2009-12-25 19:31 . 2009-12-25 19:31 -------- d-----w- c:\program files\Zaparit
2009-12-25 12:15 . 2009-12-25 21:56 -------- d-----w- c:\program files\Left 4 Dead
2009-12-25 12:15 . 2009-12-25 12:15 -------- d-----w- c:\windows\Left 4 Dead
2009-12-24 17:18 . 2009-12-24 17:18 -------- d-----w- c:\program files\Nero
2009-12-24 17:17 . 2009-12-24 17:18 -------- d-----w- c:\program files\Common Files\Nero
2009-12-20 22:19 . 2009-12-20 22:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-20 22:19 . 2009-12-20 22:19 -------- d-----w- c:\program files\DivX
2009-12-19 01:38 . 2009-12-19 01:52 -------- d-----w- c:\documents and settings\Zuben\mangos3
2009-12-19 00:16 . 2009-12-19 00:18 -------- d-----w- c:\documents and settings\Zuben\mangos2
2009-12-18 21:59 . 2009-12-18 22:01 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-12-18 21:54 . 2009-12-24 20:29 -------- d-----w- c:\program files\Garena
2009-12-17 17:29 . 2009-12-20 22:19 -------- d-----w- C:\Nexon
2009-12-15 19:35 . 2009-12-15 19:35 37888 ----a-w- c:\windows\system32\winmty32.dll
2009-12-15 19:29 . 2009-12-15 19:29 37888 ----a-w- c:\windows\system32\winlyv32.dll
2009-12-15 19:29 . 2009-12-15 19:29 37888 ----a-w- c:\windows\system32\winqwl32.dll
2009-12-15 19:29 . 2009-12-15 19:29 37888 ----a-w- c:\windows\system32\winlob32.dll
2009-12-15 19:29 . 2009-12-15 19:29 -------- d-----w- c:\program files\DVR-Compress
2009-12-15 19:29 . 2009-12-15 19:35 -------- d-----w- c:\program files\DVR-Studio Pro 2
2009-12-11 14:21 . 2009-12-11 14:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-09 19:31 . 2009-12-09 19:31 -------- d-----w- c:\program files\Nvu
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 20:36 . 2009-11-09 21:31 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-06 20:32 . 2009-11-09 21:31 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-06 18:04 . 2009-10-30 17:00 -------- d-----w- c:\program files\Flock
2010-01-01 21:13 . 2009-11-04 15:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-01 21:07 . 2009-11-04 15:53 -------- d-----w- c:\program files\MSBuild
2010-01-01 20:21 . 2001-10-25 12:00 553444 ----a-w- c:\windows\system32\perfh005.dat
2010-01-01 20:21 . 2001-10-25 12:00 120528 ----a-w- c:\windows\system32\perfc005.dat
2010-01-01 20:11 . 2009-11-04 15:55 -------- d-----w- c:\program files\Microsoft.NET
2009-12-31 00:53 . 2009-10-31 22:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-30 19:58 . 2009-10-30 16:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 19:50 . 2009-11-18 04:43 -------- d-----w- c:\program files\Sony Ericsson
2009-12-28 00:17 . 2009-10-31 19:05 -------- d-----w- c:\program files\Google
2009-12-22 21:37 . 2009-11-01 14:30 -------- d-----w- c:\program files\Apophysis 2.0
2009-12-18 23:15 . 2009-11-02 14:36 191560 ----a-w- c:\windows\War3Unin.dat
2009-12-14 18:25 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-12-14 18:09 . 2009-11-14 11:11 -------- d-----w- c:\program files\Activision
2009-12-14 18:08 . 2009-10-30 16:38 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-09 15:59 . 2009-11-01 13:12 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-07 17:50 . 2009-12-07 17:50 -------- d-----w- c:\program files\Ashampoo
2009-12-06 13:20 . 2009-12-06 13:20 -------- d-----w- c:\program files\No-IP
2009-12-05 05:08 . 2009-11-05 18:36 -------- d-----w- c:\program files\TortoiseSVN
2009-12-04 23:18 . 2009-11-01 21:20 -------- d-----w- c:\program files\RegCleaner
2009-12-02 18:48 . 2009-12-02 18:47 -------- d-----w- c:\program files\exe
2009-11-30 16:26 . 2009-11-30 16:26 -------- d-----w- c:\program files\Common Files\EzTools
2009-11-30 16:26 . 2009-11-30 16:26 -------- d-----w- c:\program files\EzTools
2009-11-25 19:55 . 2009-11-25 19:55 -------- d-----w- c:\program files\Microsoft XNA
2009-11-25 19:05 . 2009-11-04 15:58 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-25 19:02 . 2009-11-04 15:55 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-11-25 19:02 . 2009-11-25 19:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-11-25 19:02 . 2009-11-25 19:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-25 18:54 . 2009-11-25 18:54 -------- d-----w- c:\program files\Blueberry Software
2009-11-25 04:47 . 2009-11-25 04:47 -------- d-----w- c:\program files\SharpDevelop
2009-11-25 04:38 . 2009-11-01 12:27 -------- d-----w- c:\program files\Java
2009-11-24 23:54 . 2009-11-01 12:13 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-01 12:13 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-11-01 12:13 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-11-01 12:13 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-11-01 12:13 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-11-01 12:13 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-01 12:13 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-01 12:13 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-01 12:13 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-23 14:37 . 2009-11-23 14:37 -------- d-----w- c:\program files\Valve
2009-11-20 18:29 . 2009-11-20 18:29 -------- d-----w- c:\windows\Fonts\Fonts
2009-11-20 17:51 . 2009-11-20 17:51 -------- d-----w- c:\program files\ffdshow
2009-11-19 18:56 . 2009-11-19 18:56 -------- d-----w- c:\program files\FormatFactory
2009-11-19 18:17 . 2009-11-19 18:17 -------- d-----w- c:\program files\VideoConverter
2009-11-19 18:09 . 2009-11-19 18:09 -------- d-----w- c:\program files\Ulead Systems
2009-11-18 21:10 . 2009-11-18 21:10 -------- d-----w- c:\program files\GameTracker
2009-11-18 16:11 . 2009-11-18 16:09 -------- d-----w- c:\program files\ShadowFlare Software
2009-11-18 04:58 . 2009-11-18 04:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-11-18 04:58 . 2009-11-18 04:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-17 19:39 . 2009-11-17 19:39 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-15 23:55 . 2009-11-15 23:48 -------- d-----w- c:\program files\WoWModelViewer
2009-11-15 15:52 . 2009-11-15 15:52 -------- d-----w- c:\program files\7-Zip
2009-11-15 13:20 . 2009-11-04 18:59 -------- d-----w- c:\program files\WinSCP
2009-11-14 14:47 . 2009-11-14 14:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-14 14:46 . 2009-11-14 14:46 -------- d-----r- c:\program files\Skype
2009-11-14 14:46 . 2009-11-14 14:46 -------- d-----w- c:\program files\Common Files\Skype
2009-11-14 11:40 . 2009-11-09 21:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-14 10:35 . 2009-11-13 22:53 -------- d-----w- c:\program files\Winamp
2009-11-14 10:24 . 2009-11-13 23:06 -------- d-----w- c:\program files\JetAudio
2009-11-13 23:06 . 2009-11-13 23:06 -------- d-----w- c:\program files\Common Files\COWON
2009-11-13 23:01 . 2009-11-13 23:01 -------- d-----w- c:\program files\Orban
2009-11-13 23:01 . 2009-11-13 23:01 -------- d-----w- c:\program files\RCN Shoutcast Player
2009-11-13 22:15 . 2009-11-13 22:15 -------- d-----w- c:\program files\SHOUTcast Radio Toolbar
2009-11-13 22:14 . 2009-11-13 22:14 -------- d-----w- c:\program files\SHOUTcast
2009-11-11 17:38 . 2009-11-09 21:31 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-11 14:15 . 2009-11-11 14:15 4179293 ----a-w- C:\everesthome220.exe
2009-11-09 22:21 . 2009-11-09 22:18 -------- d-----w- c:\program files\GamePark
2009-11-09 16:14 . 2009-11-09 16:14 205312 ------w- c:\windows\system32\screensaver_shell.scr
2009-11-08 07:44 . 2009-11-20 17:51 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-07 22:25 . 2009-11-07 22:25 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-06 15:57 . 2009-11-06 15:57 730449 ----a-w- c:\program files\Hamachi.rar
2009-11-05 18:58 . 2009-10-30 15:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-05 18:58 . 2009-10-30 15:37 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-05 18:57 . 2009-10-30 15:37 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-02 14:42 . 2009-11-02 14:36 2829 ----a-w- c:\windows\War3Unin.pif
2009-11-02 14:42 . 2009-11-02 14:36 139264 ----a-w- c:\windows\War3Unin.exe
2009-11-01 12:30 . 2009-11-01 12:29 6159395 ----a-w- C:\FreeRapid-0.83u1.zip
2009-10-30 17:04 . 2009-10-30 17:04 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-30 17:00 . 2009-10-30 17:00 0 ----a-w- c:\windows\nsreg.dat
2009-10-30 16:56 . 2009-10-30 16:35 15600 ----a-w- c:\windows\gdrv.sys
2009-10-30 16:38 . 2009-10-30 16:38 315392 ----a-w- c:\windows\HideWin.exe
2009-10-30 16:33 . 2009-10-30 16:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-30 15:35 . 2009-10-30 15:35 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-11 03:17 . 2009-11-01 12:27 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 13:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-12-05 2254120]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-01 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DynDNS Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2009-9-28 91504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmty32]
2009-12-15 19:35 37888 ----a-w- c:\windows\system32\winmty32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms EU\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms EU\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms EU\\NMService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3308:TCP"= 3308:TCP:MySQL Server
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.11.2009 13:13 114768]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [5.11.2009 5:58 24640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.11.2009 13:13 20560]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [18.11.2009 22:10 1636192]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.11.2009 14:12 722416]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [7.10.2009 2:44 129856]
S2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [28.9.2009 13:38 99704]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.10.2009 20:05 133104]
S2 Mercury;Mercury;c:\xampp\xampp_service_mercury.exe [5.11.2009 5:58 73728]
S2 MySQL5;MySQL5;"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\MySQL\MySQL Server 5.0\my.ini" MySQL5 --> c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Zuben\LOCALS~1\Temp\MWA85C.tmp --> c:\docume~1\Zuben\LOCALS~1\Temp\MWA85C.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.11.2009 5:43 13224]
S3 hipeer20;Remobo Instant Private Network;c:\windows\system32\drivers\remobo32.sys [22.4.2009 16:21 26112]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [9.9.2009 12:13 55176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [7.10.2009 2:44 752984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 19:05]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 19:05]
2010-01-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 13:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.zaparit.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &SHOUTcast Search - c:\documents and settings\All Users\Data aplikací\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
TCP: {C69E2D89-FBF7-4F7F-8849-39C6DFCEEA4A} = 216.146.35.35,216.146.36.36
FF - ProfilePath - c:\documents and settings\Zuben\Data aplikací\Mozilla\Firefox\Profiles\h8vilp17.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Counter-Strike 1.6 - c:\program files\Counter-Strike 1.6\Uninstal.exe
AddRemove-Counter-Strike: Source - g:\games\Counter-Strike Source\Uninst.exe
AddRemove-Programmer's Wizard 2 - c:\program files\cestinarstvi\Programmer's Wizard 2\DeIsL1.isu
AddRemove-Rohan_RBF - f:\rohan_global\GoUninstRBF.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 21:51
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Zuben\LOCALS~1\Temp\MWA85C.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL5"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-839522115-1644621251-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{99163B71-B8B7-1159-7D3E-79DEC6E2DBFB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paofpplcmomognoepkheebmlnenoekih"=hex:61,62,62,6e,63,6b,6f,6f,70,61,66,6a,6a,
6e,61,6b,6b,6d,6f,61,6c,6e,62,62,69,6d,70,6f,6c,67,67,6c,6d,6a,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\winmty32.dll
- - - - - - - > 'explorer.exe'(1712)
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-01-06 21:52:48
ComboFix-quarantined-files.txt 2010-01-06 20:52
Před spuštěním: 3 655 196 672
Po spuštění: 5 747 744 768
- - End Of File - - 0687C62C91B84BC023A505D98195D37A
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3070.2339 [GMT 1:00]
Spuštěný z: c:\documents and settings\Zuben\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100106-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-06 20:10 . 2010-01-06 20:10 -------- d-----w- c:\program files\trend micro
2010-01-06 20:10 . 2010-01-06 20:10 -------- d-----w- C:\rsit
2010-01-06 18:17 . 2010-01-06 19:05 -------- d-----w- c:\program files\Counter-Strike Source
2010-01-03 16:26 . 2010-01-03 16:27 -------- d-----w- C:\AoC
2010-01-02 02:22 . 2010-01-02 02:22 -------- d-----w- c:\program files\IIS
2010-01-02 01:44 . 2010-01-02 01:44 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-01-02 01:43 . 2010-01-02 01:43 -------- d-----w- C:\Inetpub
2010-01-02 01:33 . 2010-01-02 01:33 -------- d-----w- c:\program files\Microsoft
2010-01-01 21:16 . 2010-01-01 21:16 -------- d-----w- c:\program files\Microsoft Help
2010-01-01 21:08 . 2010-01-01 21:08 -------- d-----w- c:\windows\symbols
2010-01-01 21:07 . 2010-01-01 21:08 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-01-01 13:54 . 2005-01-03 06:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-01-01 13:52 . 2010-01-01 13:52 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-01-01 01:13 . 2010-01-01 01:13 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-01 01:12 . 2010-01-01 01:12 -------- d-----w- c:\program files\Real
2010-01-01 01:12 . 2010-01-01 01:13 -------- d-----w- c:\program files\Common Files\Real
2009-12-31 22:56 . 2009-12-31 22:56 -------- d-----w- c:\program files\DynDNS Updater
2009-12-31 19:23 . 2009-12-31 19:23 -------- d-----w- c:\documents and settings\Zuben\ScriptDev2
2009-12-31 18:52 . 2009-12-31 19:03 -------- d-----w- c:\documents and settings\Zuben\mangos6
2009-12-31 18:18 . 2009-12-31 18:30 -------- d-----w- c:\documents and settings\Zuben\playerbot
2009-12-31 15:34 . 2009-12-31 15:39 -------- d-----w- c:\program files\PFConfig
2009-12-31 00:51 . 2009-12-31 00:51 -------- d-----w- c:\program files\Adobe Media Player
2009-12-31 00:49 . 2009-12-31 00:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-30 17:31 . 2009-12-30 17:31 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-30 15:29 . 2009-12-31 14:44 -------- d-----w- c:\program files\AVTJet Studio
2009-12-29 13:02 . 2009-12-30 15:20 -------- d-----w- C:\Games
2009-12-28 19:12 . 2009-12-30 19:58 -------- d-----w- c:\program files\Firefly Studios
2009-12-28 00:51 . 2009-12-28 00:51 -------- d-----w- c:\program files\cestinarstvi
2009-12-28 00:49 . 2009-12-28 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-28 00:48 . 2009-12-28 00:48 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 00:48 . 2009-12-28 00:48 -------- d-----w- c:\program files\Apple Software Update
2009-12-28 00:29 . 2009-12-28 00:29 -------- d-----w- c:\program files\WinDjView
2009-12-27 20:35 . 2009-12-27 20:35 -------- d-----w- c:\program files\OpenType Tools
2009-12-27 14:33 . 2009-12-27 14:53 -------- d-----w- C:\Dev-Cpp
2009-12-27 13:27 . 2009-12-27 13:27 -------- d-----w- C:\Dokumenty
2009-12-25 19:31 . 2009-12-25 19:31 -------- d-----w- c:\program files\Zaparit
2009-12-25 12:15 . 2009-12-25 21:56 -------- d-----w- c:\program files\Left 4 Dead
2009-12-25 12:15 . 2009-12-25 12:15 -------- d-----w- c:\windows\Left 4 Dead
2009-12-24 17:18 . 2009-12-24 17:18 -------- d-----w- c:\program files\Nero
2009-12-24 17:17 . 2009-12-24 17:18 -------- d-----w- c:\program files\Common Files\Nero
2009-12-20 22:19 . 2009-12-20 22:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-20 22:19 . 2009-12-20 22:19 -------- d-----w- c:\program files\DivX
2009-12-19 01:38 . 2009-12-19 01:52 -------- d-----w- c:\documents and settings\Zuben\mangos3
2009-12-19 00:16 . 2009-12-19 00:18 -------- d-----w- c:\documents and settings\Zuben\mangos2
2009-12-18 21:59 . 2009-12-18 22:01 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-12-18 21:54 . 2009-12-24 20:29 -------- d-----w- c:\program files\Garena
2009-12-17 17:29 . 2009-12-20 22:19 -------- d-----w- C:\Nexon
2009-12-15 19:35 . 2009-12-15 19:35 37888 ----a-w- c:\windows\system32\winmty32.dll
2009-12-15 19:29 . 2009-12-15 19:29 37888 ----a-w- c:\windows\system32\winlyv32.dll
2009-12-15 19:29 . 2009-12-15 19:29 37888 ----a-w- c:\windows\system32\winqwl32.dll
2009-12-15 19:29 . 2009-12-15 19:29 37888 ----a-w- c:\windows\system32\winlob32.dll
2009-12-15 19:29 . 2009-12-15 19:29 -------- d-----w- c:\program files\DVR-Compress
2009-12-15 19:29 . 2009-12-15 19:35 -------- d-----w- c:\program files\DVR-Studio Pro 2
2009-12-11 14:21 . 2009-12-11 14:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-09 19:31 . 2009-12-09 19:31 -------- d-----w- c:\program files\Nvu
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 20:36 . 2009-11-09 21:31 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-06 20:32 . 2009-11-09 21:31 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-06 18:04 . 2009-10-30 17:00 -------- d-----w- c:\program files\Flock
2010-01-01 21:13 . 2009-11-04 15:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-01 21:07 . 2009-11-04 15:53 -------- d-----w- c:\program files\MSBuild
2010-01-01 20:21 . 2001-10-25 12:00 553444 ----a-w- c:\windows\system32\perfh005.dat
2010-01-01 20:21 . 2001-10-25 12:00 120528 ----a-w- c:\windows\system32\perfc005.dat
2010-01-01 20:11 . 2009-11-04 15:55 -------- d-----w- c:\program files\Microsoft.NET
2009-12-31 00:53 . 2009-10-31 22:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-30 19:58 . 2009-10-30 16:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 19:50 . 2009-11-18 04:43 -------- d-----w- c:\program files\Sony Ericsson
2009-12-28 00:17 . 2009-10-31 19:05 -------- d-----w- c:\program files\Google
2009-12-22 21:37 . 2009-11-01 14:30 -------- d-----w- c:\program files\Apophysis 2.0
2009-12-18 23:15 . 2009-11-02 14:36 191560 ----a-w- c:\windows\War3Unin.dat
2009-12-14 18:25 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-12-14 18:09 . 2009-11-14 11:11 -------- d-----w- c:\program files\Activision
2009-12-14 18:08 . 2009-10-30 16:38 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-09 15:59 . 2009-11-01 13:12 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-07 17:50 . 2009-12-07 17:50 -------- d-----w- c:\program files\Ashampoo
2009-12-06 13:20 . 2009-12-06 13:20 -------- d-----w- c:\program files\No-IP
2009-12-05 05:08 . 2009-11-05 18:36 -------- d-----w- c:\program files\TortoiseSVN
2009-12-04 23:18 . 2009-11-01 21:20 -------- d-----w- c:\program files\RegCleaner
2009-12-02 18:48 . 2009-12-02 18:47 -------- d-----w- c:\program files\exe
2009-11-30 16:26 . 2009-11-30 16:26 -------- d-----w- c:\program files\Common Files\EzTools
2009-11-30 16:26 . 2009-11-30 16:26 -------- d-----w- c:\program files\EzTools
2009-11-25 19:55 . 2009-11-25 19:55 -------- d-----w- c:\program files\Microsoft XNA
2009-11-25 19:05 . 2009-11-04 15:58 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-25 19:02 . 2009-11-04 15:55 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-11-25 19:02 . 2009-11-25 19:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-11-25 19:02 . 2009-11-25 19:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-25 18:54 . 2009-11-25 18:54 -------- d-----w- c:\program files\Blueberry Software
2009-11-25 04:47 . 2009-11-25 04:47 -------- d-----w- c:\program files\SharpDevelop
2009-11-25 04:38 . 2009-11-01 12:27 -------- d-----w- c:\program files\Java
2009-11-24 23:54 . 2009-11-01 12:13 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-01 12:13 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-11-01 12:13 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-11-01 12:13 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-11-01 12:13 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-11-01 12:13 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-01 12:13 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-01 12:13 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-01 12:13 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-23 14:37 . 2009-11-23 14:37 -------- d-----w- c:\program files\Valve
2009-11-20 18:29 . 2009-11-20 18:29 -------- d-----w- c:\windows\Fonts\Fonts
2009-11-20 17:51 . 2009-11-20 17:51 -------- d-----w- c:\program files\ffdshow
2009-11-19 18:56 . 2009-11-19 18:56 -------- d-----w- c:\program files\FormatFactory
2009-11-19 18:17 . 2009-11-19 18:17 -------- d-----w- c:\program files\VideoConverter
2009-11-19 18:09 . 2009-11-19 18:09 -------- d-----w- c:\program files\Ulead Systems
2009-11-18 21:10 . 2009-11-18 21:10 -------- d-----w- c:\program files\GameTracker
2009-11-18 16:11 . 2009-11-18 16:09 -------- d-----w- c:\program files\ShadowFlare Software
2009-11-18 04:58 . 2009-11-18 04:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-11-18 04:58 . 2009-11-18 04:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-17 19:39 . 2009-11-17 19:39 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-15 23:55 . 2009-11-15 23:48 -------- d-----w- c:\program files\WoWModelViewer
2009-11-15 15:52 . 2009-11-15 15:52 -------- d-----w- c:\program files\7-Zip
2009-11-15 13:20 . 2009-11-04 18:59 -------- d-----w- c:\program files\WinSCP
2009-11-14 14:47 . 2009-11-14 14:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-14 14:46 . 2009-11-14 14:46 -------- d-----r- c:\program files\Skype
2009-11-14 14:46 . 2009-11-14 14:46 -------- d-----w- c:\program files\Common Files\Skype
2009-11-14 11:40 . 2009-11-09 21:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-14 10:35 . 2009-11-13 22:53 -------- d-----w- c:\program files\Winamp
2009-11-14 10:24 . 2009-11-13 23:06 -------- d-----w- c:\program files\JetAudio
2009-11-13 23:06 . 2009-11-13 23:06 -------- d-----w- c:\program files\Common Files\COWON
2009-11-13 23:01 . 2009-11-13 23:01 -------- d-----w- c:\program files\Orban
2009-11-13 23:01 . 2009-11-13 23:01 -------- d-----w- c:\program files\RCN Shoutcast Player
2009-11-13 22:15 . 2009-11-13 22:15 -------- d-----w- c:\program files\SHOUTcast Radio Toolbar
2009-11-13 22:14 . 2009-11-13 22:14 -------- d-----w- c:\program files\SHOUTcast
2009-11-11 17:38 . 2009-11-09 21:31 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-11 14:15 . 2009-11-11 14:15 4179293 ----a-w- C:\everesthome220.exe
2009-11-09 22:21 . 2009-11-09 22:18 -------- d-----w- c:\program files\GamePark
2009-11-09 16:14 . 2009-11-09 16:14 205312 ------w- c:\windows\system32\screensaver_shell.scr
2009-11-08 07:44 . 2009-11-20 17:51 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-07 22:25 . 2009-11-07 22:25 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-06 15:57 . 2009-11-06 15:57 730449 ----a-w- c:\program files\Hamachi.rar
2009-11-05 18:58 . 2009-10-30 15:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-05 18:58 . 2009-10-30 15:37 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-05 18:57 . 2009-10-30 15:37 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-02 14:42 . 2009-11-02 14:36 2829 ----a-w- c:\windows\War3Unin.pif
2009-11-02 14:42 . 2009-11-02 14:36 139264 ----a-w- c:\windows\War3Unin.exe
2009-11-01 12:30 . 2009-11-01 12:29 6159395 ----a-w- C:\FreeRapid-0.83u1.zip
2009-10-30 17:04 . 2009-10-30 17:04 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-30 17:00 . 2009-10-30 17:00 0 ----a-w- c:\windows\nsreg.dat
2009-10-30 16:56 . 2009-10-30 16:35 15600 ----a-w- c:\windows\gdrv.sys
2009-10-30 16:38 . 2009-10-30 16:38 315392 ----a-w- c:\windows\HideWin.exe
2009-10-30 16:33 . 2009-10-30 16:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-30 15:35 . 2009-10-30 15:35 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-11 03:17 . 2009-11-01 12:27 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 13:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-12-05 2254120]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-01 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DynDNS Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2009-9-28 91504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmty32]
2009-12-15 19:35 37888 ----a-w- c:\windows\system32\winmty32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms EU\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms EU\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms EU\\NMService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3308:TCP"= 3308:TCP:MySQL Server
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.11.2009 13:13 114768]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [5.11.2009 5:58 24640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.11.2009 13:13 20560]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [18.11.2009 22:10 1636192]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.11.2009 14:12 722416]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [7.10.2009 2:44 129856]
S2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [28.9.2009 13:38 99704]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.10.2009 20:05 133104]
S2 Mercury;Mercury;c:\xampp\xampp_service_mercury.exe [5.11.2009 5:58 73728]
S2 MySQL5;MySQL5;"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\MySQL\MySQL Server 5.0\my.ini" MySQL5 --> c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Zuben\LOCALS~1\Temp\MWA85C.tmp --> c:\docume~1\Zuben\LOCALS~1\Temp\MWA85C.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.11.2009 5:43 13224]
S3 hipeer20;Remobo Instant Private Network;c:\windows\system32\drivers\remobo32.sys [22.4.2009 16:21 26112]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [9.9.2009 12:13 55176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [7.10.2009 2:44 752984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 19:05]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 19:05]
2010-01-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 13:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.zaparit.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &SHOUTcast Search - c:\documents and settings\All Users\Data aplikací\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
TCP: {C69E2D89-FBF7-4F7F-8849-39C6DFCEEA4A} = 216.146.35.35,216.146.36.36
FF - ProfilePath - c:\documents and settings\Zuben\Data aplikací\Mozilla\Firefox\Profiles\h8vilp17.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Counter-Strike 1.6 - c:\program files\Counter-Strike 1.6\Uninstal.exe
AddRemove-Counter-Strike: Source - g:\games\Counter-Strike Source\Uninst.exe
AddRemove-Programmer's Wizard 2 - c:\program files\cestinarstvi\Programmer's Wizard 2\DeIsL1.isu
AddRemove-Rohan_RBF - f:\rohan_global\GoUninstRBF.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 21:51
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Zuben\LOCALS~1\Temp\MWA85C.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL5"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-839522115-1644621251-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{99163B71-B8B7-1159-7D3E-79DEC6E2DBFB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paofpplcmomognoepkheebmlnenoekih"=hex:61,62,62,6e,63,6b,6f,6f,70,61,66,6a,6a,
6e,61,6b,6b,6d,6f,61,6c,6e,62,62,69,6d,70,6f,6c,67,67,6c,6d,6a,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\winmty32.dll
- - - - - - - > 'explorer.exe'(1712)
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-01-06 21:52:48
ComboFix-quarantined-files.txt 2010-01-06 20:52
Před spuštěním: 3 655 196 672
Po spuštění: 5 747 744 768
- - End Of File - - 0687C62C91B84BC023A505D98195D37A
Po každé pomoci přispěji sms zprávou za 9Kč
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu LOGU + menší problém
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vbykoná příkazy ze skriptu.Folder::
c:\program files\Ask.com
c:\program files\Garena
Collect::
c:\windows\system32\winmty32.dll
c:\docume~1\Zuben\LOCALS~1\Temp\MWA85C.tmp
Driver::
GarenaPEngine
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmty32]
Regnull::
[HKEY_USERS\S-1-5-21-602162358-839522115-1644621251-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{99163B71-B8B7-1159-7D3E-79DEC6E2DBFB}*]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu LOGU + menší problém
ComboFix 10-01-04.01 - Zuben 06.01.2010 22:28:03.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3070.2375 [GMT 1:00]
Spuštěný z: c:\documents and settings\Zuben\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Zuben\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100106-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: c:\windows\system32\winmty32.dll
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Garena
c:\program files\Garena\AESocket.dll
c:\program files\Garena\atl71.dll
c:\program files\Garena\Avatar\boy.swf
c:\program files\Garena\Avatar\boy_s.swf
c:\program files\Garena\Avatar\girl.swf
c:\program files\Garena\Avatar\girl_s.swf
c:\program files\Garena\Avatar\unknown.swf
c:\program files\Garena\Avatar\unknown_s.swf
c:\program files\Garena\clients2.dat
c:\program files\Garena\CommonLib.dll
c:\program files\Garena\config\bs.br.xml
c:\program files\Garena\config\bs.cn.xml
c:\program files\Garena\config\bs.en.xml
c:\program files\Garena\config\bs.id.xml
c:\program files\Garena\config\bs.pp.xml
c:\program files\Garena\config\bs.ru.xml
c:\program files\Garena\config\bs.sd.xml
c:\program files\Garena\config\bs.sp.xml
c:\program files\Garena\config\bs.th.xml
c:\program files\Garena\config\bs.tw.xml
c:\program files\Garena\config\bs.vn.xml
c:\program files\Garena\config\loccn.xml
c:\program files\Garena\config\locen.xml
c:\program files\Garena\config\lockr.xml
c:\program files\Garena\config\loctw.xml
c:\program files\Garena\config\locvn.xml
c:\program files\Garena\CS15Hook.dll
c:\program files\Garena\deps\olgame.gga
c:\program files\Garena\deps\vww.gzp
c:\program files\Garena\deps\webgame.gga
c:\program files\Garena\dlls\CTSys.dll
c:\program files\Garena\dlls\flags.dll
c:\program files\Garena\dlls\FPSHelper.dll
c:\program files\Garena\dlls\GFireMan.dll
c:\program files\Garena\dlls\IPvR.dll
c:\program files\Garena\dlls\PEngine.dll
c:\program files\Garena\dlls\PluginLanguage.dll
c:\program files\Garena\dlls\Sca.dll
c:\program files\Garena\dlls\WC3J.dll
c:\program files\Garena\files\files.ggz
c:\program files\Garena\FPSHook.dll
c:\program files\Garena\Gamecn.dat
c:\program files\Garena\GameConfig.xml
c:\program files\Garena\Gameen.dat
c:\program files\Garena\Gametw.dat
c:\program files\Garena\Gamevn.dat
c:\program files\Garena\Garena.exe
c:\program files\Garena\GarenaSkin.dll
c:\program files\Garena\GarenaSkin1.dll
c:\program files\Garena\GarenaTV.xml
c:\program files\Garena\GarenaTV\0.bmp
c:\program files\Garena\GarenaTV\1.bmp
c:\program files\Garena\GarenaTV\2.bmp
c:\program files\Garena\GarenaTV\3.bmp
c:\program files\Garena\GarenaTV\4.bmp
c:\program files\Garena\GarenaTV\5.bmp
c:\program files\Garena\GarenaTV\6.bmp
c:\program files\Garena\GarenaTV\cn.ggz
c:\program files\Garena\GarenaTV\cn_s.ggz
c:\program files\Garena\GarenaTV\en.ggz
c:\program files\Garena\GarenaTV\en_s.ggz
c:\program files\Garena\GarenaTV\id_s.ggz
c:\program files\Garena\GarenaTV\Thumbs.db
c:\program files\Garena\GarenaTV\tw.ggz
c:\program files\Garena\GarenaTV\tw_s.ggz
c:\program files\Garena\GarenaTV_UI.dll
c:\program files\Garena\GarenaTVHook.dll
c:\program files\Garena\GGICON.ico
c:\program files\Garena\Gn.ggz
c:\program files\Garena\gs.dat
c:\program files\Garena\hc.xml
c:\program files\Garena\Inject.dll
c:\program files\Garena\L4DSocket.dll
c:\program files\Garena\langs.xml
c:\program files\Garena\Languages\FPSGame.dll.cn
c:\program files\Garena\Languages\FPSGame.dll.en
c:\program files\Garena\Languages\FPSGame.dll.tw
c:\program files\Garena\Languages\Garena.exe.br
c:\program files\Garena\Languages\Garena.exe.cn
c:\program files\Garena\Languages\Garena.exe.en
c:\program files\Garena\Languages\Garena.exe.id
c:\program files\Garena\Languages\Garena.exe.ru
c:\program files\Garena\Languages\Garena.exe.sp
c:\program files\Garena\Languages\Garena.exe.th
c:\program files\Garena\Languages\Garena.exe.tw
c:\program files\Garena\Languages\Garena.exe.vn
c:\program files\Garena\Languages\GarenaTV_UI.dll.cn
c:\program files\Garena\Languages\GarenaTV_UI.dll.en
c:\program files\Garena\Languages\GarenaTV_UI.dll.id
c:\program files\Garena\Languages\GarenaTV_UI.dll.tw
c:\program files\Garena\Languages\languages.glf
c:\program files\Garena\Languages\OLGame.dll.en
c:\program files\Garena\Languages\OLGame.dll.vn
c:\program files\Garena\Languages\update.exe.cn
c:\program files\Garena\Languages\update.exe.tw
c:\program files\Garena\Languages\update2.exe.cn
c:\program files\Garena\Languages\update2.exe.tw
c:\program files\Garena\Languages\WC3Ass.dll.cn
c:\program files\Garena\Languages\WC3Ass.dll.en
c:\program files\Garena\Languages\WC3Ass.dll.tw
c:\program files\Garena\Languages\WC3Ass.dll.vn
c:\program files\Garena\Languages\WC3Ladder.dll.cn
c:\program files\Garena\Languages\WC3Ladder.dll.en
c:\program files\Garena\Languages\WC3Ladder.dll.tw
c:\program files\Garena\layout\BlackShotView.layout
c:\program files\Garena\layout\layout.ggz
c:\program files\Garena\lib\BlackShot.dll
c:\program files\Garena\lib\common\Language.dll
c:\program files\Garena\lib\GarenaRoomSystem.dll
c:\program files\Garena\lib\GarenaWebService.dll
c:\program files\Garena\lib\HttpLayer.dll
c:\program files\Garena\lib\Layout.dll
c:\program files\Garena\lib\LibPlugin.ggz
c:\program files\Garena\lib\LoadSwf.dll
c:\program files\Garena\lib\MessagePumpLib.dll
c:\program files\Garena\lib\NetworkLayer.dll
c:\program files\Garena\lib\PKCS.dll
c:\program files\Garena\lib\RSA.dll
c:\program files\Garena\lib\WebCache.dll
c:\program files\Garena\mdata.ggz
c:\program files\Garena\PluginKernel.dll
c:\program files\Garena\plugins\Game\GarenaTVRecorder.dll
c:\program files\Garena\plugins\Game\WC3Ass.dll
c:\program files\Garena\plugins\Game\WC3Ladder.dll
c:\program files\Garena\plugins\Game\WC3VC.dll
c:\program files\Garena\plugins\Plugins.ggz
c:\program files\Garena\plugins\UI\AdPlugin.dll
c:\program files\Garena\plugins\UI\AdPlugin\close_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\close_rollover.bmp
c:\program files\Garena\plugins\UI\AdPlugin\down_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\down_rollover.bmp
c:\program files\Garena\plugins\UI\AdPlugin\skinmsn.bmp
c:\program files\Garena\plugins\UI\AdPlugin\up_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\up_rollover.bmp
c:\program files\Garena\plugins\UI\AvoidCrackPlugin.dll
c:\program files\Garena\plugins\UI\BlackShotPlugin.dll
c:\program files\Garena\plugins\UI\CafeLogin.dll
c:\program files\Garena\plugins\UI\FavListUIPlugin.dll
c:\program files\Garena\plugins\UI\FPSGame.dll
c:\program files\Garena\plugins\UI\GarenaTV.dll
c:\program files\Garena\plugins\UI\GarenaTVRecUI.dll
c:\program files\Garena\plugins\UI\GEngine.dll
c:\program files\Garena\plugins\UI\Chenyx.dll
c:\program files\Garena\plugins\UI\ManagePlugin.dll
c:\program files\Garena\plugins\UI\OLGame.dll
c:\program files\Garena\plugins\UI\StatPlugin.dll
c:\program files\Garena\plugins\UI\ViwawaPlugin.dll
c:\program files\Garena\plugins\UI\WebGameUI.dll
c:\program files\Garena\plugins\UI\zDep.dll
c:\program files\Garena\plugins\UI\zzzPlugin.dll
c:\program files\Garena\RecConfig.xml
c:\program files\Garena\Roomcn.dat
c:\program files\Garena\Roomen.dat
c:\program files\Garena\Roomtw.dat
c:\program files\Garena\server.xml
c:\program files\Garena\shop\items\1.gif
c:\program files\Garena\shop\items\100.gif
c:\program files\Garena\shop\items\105.gif
c:\program files\Garena\shop\items\150.gif
c:\program files\Garena\shop\items\151.gif
c:\program files\Garena\shop\items\2.gif
c:\program files\Garena\shop\items\200.gif
c:\program files\Garena\shop\items\201.gif
c:\program files\Garena\shop\items\202.gif
c:\program files\Garena\shop\items\203.gif
c:\program files\Garena\shop\items\204.gif
c:\program files\Garena\shop\items\205.gif
c:\program files\Garena\shop\items\206.gif
c:\program files\Garena\shop\items\21.gif
c:\program files\Garena\shop\items\22.gif
c:\program files\Garena\shop\items\23.gif
c:\program files\Garena\shop\items\24.gif
c:\program files\Garena\shop\items\3.gif
c:\program files\Garena\shop\items\300.gif
c:\program files\Garena\shop\items\301.gif
c:\program files\Garena\shop\items\302.gif
c:\program files\Garena\shop\items\303.gif
c:\program files\Garena\shop\items\304.gif
c:\program files\Garena\shop\items\305.gif
c:\program files\Garena\shop\items\306.gif
c:\program files\Garena\shop\items\307.gif
c:\program files\Garena\shop\items\308.gif
c:\program files\Garena\shop\items\309.gif
c:\program files\Garena\shop\items\310.gif
c:\program files\Garena\shop\items\311.gif
c:\program files\Garena\shop\items\312.gif
c:\program files\Garena\shop\items\313.gif
c:\program files\Garena\shop\items\4.gif
c:\program files\Garena\shop\items\40.gif
c:\program files\Garena\shop\items\60.gif
c:\program files\Garena\shop\items\61.gif
c:\program files\Garena\shop\items\62.gif
c:\program files\Garena\shop\items\63.gif
c:\program files\Garena\shop\items\64.gif
c:\program files\Garena\shop\items\65.gif
c:\program files\Garena\shop\items\66.gif
c:\program files\Garena\shop\items\67.gif
c:\program files\Garena\shop\items\68.gif
c:\program files\Garena\shop\items\69.gif
c:\program files\Garena\shop\items\70.gif
c:\program files\Garena\shop\items\8.gif
c:\program files\Garena\shop\items\Thumbs.db
c:\program files\Garena\Skin\Flags\-.gif
c:\program files\Garena\Skin\Flags\ad.gif
c:\program files\Garena\Skin\Flags\ae.gif
c:\program files\Garena\Skin\Flags\af.gif
c:\program files\Garena\Skin\Flags\ag.gif
c:\program files\Garena\Skin\Flags\ai.gif
c:\program files\Garena\Skin\Flags\al.gif
c:\program files\Garena\Skin\Flags\am.gif
c:\program files\Garena\Skin\Flags\an.gif
c:\program files\Garena\Skin\Flags\ao.gif
c:\program files\Garena\Skin\Flags\aq.gif
c:\program files\Garena\Skin\Flags\ar.gif
c:\program files\Garena\Skin\Flags\as.gif
c:\program files\Garena\Skin\Flags\at.gif
c:\program files\Garena\Skin\Flags\au.gif
c:\program files\Garena\Skin\Flags\aw.gif
c:\program files\Garena\Skin\Flags\az.gif
c:\program files\Garena\Skin\Flags\ba.gif
c:\program files\Garena\Skin\Flags\bb.gif
c:\program files\Garena\Skin\Flags\bd.gif
c:\program files\Garena\Skin\Flags\be.gif
c:\program files\Garena\Skin\Flags\bf.gif
c:\program files\Garena\Skin\Flags\bg.gif
c:\program files\Garena\Skin\Flags\bh.gif
c:\program files\Garena\Skin\Flags\bi.gif
c:\program files\Garena\Skin\Flags\bj.gif
c:\program files\Garena\Skin\Flags\bm.gif
c:\program files\Garena\Skin\Flags\bn.gif
c:\program files\Garena\Skin\Flags\bo.gif
c:\program files\Garena\Skin\Flags\br.gif
c:\program files\Garena\Skin\Flags\bs.gif
c:\program files\Garena\Skin\Flags\bt.gif
c:\program files\Garena\Skin\Flags\bv.gif
c:\program files\Garena\Skin\Flags\bw.gif
c:\program files\Garena\Skin\Flags\by.gif
c:\program files\Garena\Skin\Flags\bz.gif
c:\program files\Garena\Skin\Flags\ca.gif
c:\program files\Garena\Skin\Flags\cd.gif
c:\program files\Garena\Skin\Flags\cf.gif
c:\program files\Garena\Skin\Flags\cg.gif
c:\program files\Garena\Skin\Flags\ci.gif
c:\program files\Garena\Skin\Flags\ck.gif
c:\program files\Garena\Skin\Flags\cl.gif
c:\program files\Garena\Skin\Flags\cm.gif
c:\program files\Garena\Skin\Flags\cn.gif
c:\program files\Garena\Skin\Flags\co.gif
c:\program files\Garena\Skin\Flags\cr.gif
c:\program files\Garena\Skin\Flags\cu.gif
c:\program files\Garena\Skin\Flags\cv.gif
c:\program files\Garena\Skin\Flags\cy.gif
c:\program files\Garena\Skin\Flags\cz.gif
c:\program files\Garena\Skin\Flags\de.gif
c:\program files\Garena\Skin\Flags\dj.gif
c:\program files\Garena\Skin\Flags\dk.gif
c:\program files\Garena\Skin\Flags\dm.gif
c:\program files\Garena\Skin\Flags\do.gif
c:\program files\Garena\Skin\Flags\dz.gif
c:\program files\Garena\Skin\Flags\ec.gif
c:\program files\Garena\Skin\Flags\ee.gif
c:\program files\Garena\Skin\Flags\eg.gif
c:\program files\Garena\Skin\Flags\er.gif
c:\program files\Garena\Skin\Flags\es.gif
c:\program files\Garena\Skin\Flags\et.gif
c:\program files\Garena\Skin\Flags\eu.gif
c:\program files\Garena\Skin\Flags\fi.gif
c:\program files\Garena\Skin\Flags\fj.gif
c:\program files\Garena\Skin\Flags\fk.gif
c:\program files\Garena\Skin\Flags\fm.gif
c:\program files\Garena\Skin\Flags\fo.gif
c:\program files\Garena\Skin\Flags\fr.gif
c:\program files\Garena\Skin\Flags\fx.gif
c:\program files\Garena\Skin\Flags\ga.gif
c:\program files\Garena\Skin\Flags\gb.gif
c:\program files\Garena\Skin\Flags\gd.gif
c:\program files\Garena\Skin\Flags\ge.gif
c:\program files\Garena\Skin\Flags\gh.gif
c:\program files\Garena\Skin\Flags\gi.gif
c:\program files\Garena\Skin\Flags\gl.gif
c:\program files\Garena\Skin\Flags\gm.gif
c:\program files\Garena\Skin\Flags\gn.gif
c:\program files\Garena\Skin\Flags\gp.gif
c:\program files\Garena\Skin\Flags\gq.gif
c:\program files\Garena\Skin\Flags\gr.gif
c:\program files\Garena\Skin\Flags\gt.gif
c:\program files\Garena\Skin\Flags\gu.gif
c:\program files\Garena\Skin\Flags\gw.gif
c:\program files\Garena\Skin\Flags\gy.gif
c:\program files\Garena\Skin\Flags\hk.gif
c:\program files\Garena\Skin\Flags\hm.gif
c:\program files\Garena\Skin\Flags\hn.gif
c:\program files\Garena\Skin\Flags\hr.gif
c:\program files\Garena\Skin\Flags\ht.gif
c:\program files\Garena\Skin\Flags\hu.gif
c:\program files\Garena\Skin\Flags\ch.gif
c:\program files\Garena\Skin\Flags\id.gif
c:\program files\Garena\Skin\Flags\ie.gif
c:\program files\Garena\Skin\Flags\il.gif
c:\program files\Garena\Skin\Flags\im.gif
c:\program files\Garena\Skin\Flags\in.gif
c:\program files\Garena\Skin\Flags\io.gif
c:\program files\Garena\Skin\Flags\iq.gif
c:\program files\Garena\Skin\Flags\ir.gif
c:\program files\Garena\Skin\Flags\is.gif
c:\program files\Garena\Skin\Flags\it.gif
c:\program files\Garena\Skin\Flags\je.gif
c:\program files\Garena\Skin\Flags\jm.gif
c:\program files\Garena\Skin\Flags\jo.gif
c:\program files\Garena\Skin\Flags\jp.gif
c:\program files\Garena\Skin\Flags\ke.gif
c:\program files\Garena\Skin\Flags\kg.gif
c:\program files\Garena\Skin\Flags\kh.gif
c:\program files\Garena\Skin\Flags\ki.gif
c:\program files\Garena\Skin\Flags\km.gif
c:\program files\Garena\Skin\Flags\kn.gif
c:\program files\Garena\Skin\Flags\kp.gif
c:\program files\Garena\Skin\Flags\kr.gif
c:\program files\Garena\Skin\Flags\kw.gif
c:\program files\Garena\Skin\Flags\ky.gif
c:\program files\Garena\Skin\Flags\kz.gif
c:\program files\Garena\Skin\Flags\la.gif
c:\program files\Garena\Skin\Flags\lb.gif
c:\program files\Garena\Skin\Flags\lc.gif
c:\program files\Garena\Skin\Flags\li.gif
c:\program files\Garena\Skin\Flags\lk.gif
c:\program files\Garena\Skin\Flags\lr.gif
c:\program files\Garena\Skin\Flags\ls.gif
c:\program files\Garena\Skin\Flags\lt.gif
c:\program files\Garena\Skin\Flags\lu.gif
c:\program files\Garena\Skin\Flags\lv.gif
c:\program files\Garena\Skin\Flags\ly.gif
c:\program files\Garena\Skin\Flags\ma.gif
c:\program files\Garena\Skin\Flags\mc.gif
c:\program files\Garena\Skin\Flags\md.gif
c:\program files\Garena\Skin\Flags\me.gif
c:\program files\Garena\Skin\Flags\mg.gif
c:\program files\Garena\Skin\Flags\mh.gif
c:\program files\Garena\Skin\Flags\mk.gif
c:\program files\Garena\Skin\Flags\ml.gif
c:\program files\Garena\Skin\Flags\mm.gif
c:\program files\Garena\Skin\Flags\mn.gif
c:\program files\Garena\Skin\Flags\mo.gif
c:\program files\Garena\Skin\Flags\mp.gif
c:\program files\Garena\Skin\Flags\mq.gif
c:\program files\Garena\Skin\Flags\mr.gif
c:\program files\Garena\Skin\Flags\ms.gif
c:\program files\Garena\Skin\Flags\mt.gif
c:\program files\Garena\Skin\Flags\mu.gif
c:\program files\Garena\Skin\Flags\mv.gif
c:\program files\Garena\Skin\Flags\mw.gif
c:\program files\Garena\Skin\Flags\mx.gif
c:\program files\Garena\Skin\Flags\my.gif
c:\program files\Garena\Skin\Flags\mz.gif
c:\program files\Garena\Skin\Flags\na.gif
c:\program files\Garena\Skin\Flags\nc.gif
c:\program files\Garena\Skin\Flags\ne.gif
c:\program files\Garena\Skin\Flags\nf.gif
c:\program files\Garena\Skin\Flags\ng.gif
c:\program files\Garena\Skin\Flags\ni.gif
c:\program files\Garena\Skin\Flags\nl.gif
c:\program files\Garena\Skin\Flags\no.gif
c:\program files\Garena\Skin\Flags\np.gif
c:\program files\Garena\Skin\Flags\nr.gif
c:\program files\Garena\Skin\Flags\nz.gif
c:\program files\Garena\Skin\Flags\om.gif
c:\program files\Garena\Skin\Flags\pa.gif
c:\program files\Garena\Skin\Flags\pe.gif
c:\program files\Garena\Skin\Flags\pf.gif
c:\program files\Garena\Skin\Flags\pg.gif
c:\program files\Garena\Skin\Flags\ph.gif
c:\program files\Garena\Skin\Flags\pk.gif
c:\program files\Garena\Skin\Flags\pl.gif
c:\program files\Garena\Skin\Flags\pm.gif
c:\program files\Garena\Skin\Flags\pr.gif
c:\program files\Garena\Skin\Flags\ps.gif
c:\program files\Garena\Skin\Flags\pt.gif
c:\program files\Garena\Skin\Flags\pw.gif
c:\program files\Garena\Skin\Flags\py.gif
c:\program files\Garena\Skin\Flags\qa.gif
c:\program files\Garena\Skin\Flags\re.gif
c:\program files\Garena\Skin\Flags\ro.gif
c:\program files\Garena\Skin\Flags\rs.gif
c:\program files\Garena\Skin\Flags\ru.gif
c:\program files\Garena\Skin\Flags\rw.gif
c:\program files\Garena\Skin\Flags\sa.gif
c:\program files\Garena\Skin\Flags\sb.gif
c:\program files\Garena\Skin\Flags\sc.gif
c:\program files\Garena\Skin\Flags\sd.gif
c:\program files\Garena\Skin\Flags\se.gif
c:\program files\Garena\Skin\Flags\sg.gif
c:\program files\Garena\Skin\Flags\si.gif
c:\program files\Garena\Skin\Flags\sk.gif
c:\program files\Garena\Skin\Flags\sl.gif
c:\program files\Garena\Skin\Flags\sm.gif
c:\program files\Garena\Skin\Flags\sn.gif
c:\program files\Garena\Skin\Flags\so.gif
c:\program files\Garena\Skin\Flags\sr.gif
c:\program files\Garena\Skin\Flags\st.gif
c:\program files\Garena\Skin\Flags\sv.gif
c:\program files\Garena\Skin\Flags\sy.gif
c:\program files\Garena\Skin\Flags\sz.gif
c:\program files\Garena\Skin\Flags\tc.gif
c:\program files\Garena\Skin\Flags\td.gif
c:\program files\Garena\Skin\Flags\tf.gif
c:\program files\Garena\Skin\Flags\tg.gif
c:\program files\Garena\Skin\Flags\th.gif
c:\program files\Garena\Skin\Flags\Thumbs.db
c:\program files\Garena\Skin\Flags\tj.gif
c:\program files\Garena\Skin\Flags\tm.gif
c:\program files\Garena\Skin\Flags\tn.gif
c:\program files\Garena\Skin\Flags\to.gif
c:\program files\Garena\Skin\Flags\tp.gif
c:\program files\Garena\Skin\Flags\tr.gif
c:\program files\Garena\Skin\Flags\tt.gif
c:\program files\Garena\Skin\Flags\tv.gif
c:\program files\Garena\Skin\Flags\tw.gif
c:\program files\Garena\Skin\Flags\tz.gif
c:\program files\Garena\Skin\Flags\ua.gif
c:\program files\Garena\Skin\Flags\ug.gif
c:\program files\Garena\Skin\Flags\uk.gif
c:\program files\Garena\Skin\Flags\um.gif
c:\program files\Garena\Skin\Flags\us.gif
c:\program files\Garena\Skin\Flags\uy.gif
c:\program files\Garena\Skin\Flags\uz.gif
c:\program files\Garena\Skin\Flags\va.gif
c:\program files\Garena\Skin\Flags\vc.gif
c:\program files\Garena\Skin\Flags\ve.gif
c:\program files\Garena\Skin\Flags\vg.gif
c:\program files\Garena\Skin\Flags\vi.gif
c:\program files\Garena\Skin\Flags\vn.gif
c:\program files\Garena\Skin\Flags\vu.gif
c:\program files\Garena\Skin\Flags\ws.gif
c:\program files\Garena\Skin\Flags\ye.gif
c:\program files\Garena\Skin\Flags\yu.gif
c:\program files\Garena\Skin\Flags\za.gif
c:\program files\Garena\Skin\Flags\zm.gif
c:\program files\Garena\Skin\Flags\zr.gif
c:\program files\Garena\Skin\Flags\zw.gif
c:\program files\Garena\Skin\garenatv.ggz
c:\program files\Garena\Skin\Skin.ggz
c:\program files\Garena\skin_bs\garenatv.ggz
c:\program files\Garena\skin_bs\Skin.ggz
c:\program files\Garena\Skins.xml
c:\program files\Garena\SocketHook.dll
c:\program files\Garena\sound\folder.wav
c:\program files\Garena\sound\game.wav
c:\program files\Garena\sound\msg.wav
c:\program files\Garena\sound\nudge.wav
c:\program files\Garena\sound\quit.wav
c:\program files\Garena\sound\ring.wav
c:\program files\Garena\sound\sysmsg.wav
c:\program files\Garena\source.xml
c:\program files\Garena\sqlite3.dll
c:\program files\Garena\uninst.exe
c:\program files\Garena\update.dat
c:\program files\Garena\update.exe
c:\program files\Garena\update.xml
c:\program files\Garena\update2.exe
c:\program files\Garena\user.xml
c:\program files\Garena\user\16617228\ban.dat
c:\program files\Garena\user\16617228\data.dat
c:\program files\Garena\user\16617228\fps.dat
c:\program files\Garena\user\16617228\recent.txt
c:\program files\Garena\viwawa.cn.xml
c:\program files\Garena\viwawa.en.xml
c:\program files\Garena\viwawa.tw.xml
c:\program files\Garena\War3Hook.dll
c:\program files\Garena\web\1.cn.html
c:\program files\Garena\web\1.en.html
c:\program files\Garena\web\1.tw.html
c:\program files\Garena\web\2.cn.html
c:\program files\Garena\web\2.en.html
c:\program files\Garena\web\2.tw.html
c:\program files\Garena\web\3.cn.html
c:\program files\Garena\web\3.en.html
c:\program files\Garena\web\3.tw.html
c:\program files\Garena\web\6.cn.html
c:\program files\Garena\web\6.en.html
c:\program files\Garena\web\6.tw.html
c:\program files\Garena\web\cache\Freesky\css\foemb_2.css
c:\program files\Garena\web\cache\Freesky\img\do_bg2.jpg
c:\program files\Garena\web\cache\Freesky\img\do_btn.jpg
c:\program files\Garena\web\cache\Freesky\img\ggbackground.jpg
c:\program files\Garena\web\cache\ROM\config\css\screen.css
c:\program files\Garena\web\cache\ROM\config\images\bgd_body.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_hevertical.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_vertical.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_footer.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_html.gif
c:\program files\Garena\web\cache\ROM\config\images\header.jpg
c:\program files\Garena\web\cache\ROM\config\images\ico_bullet.gif
c:\program files\Garena\web\cache\ROM\config\images\Thumbs.db
c:\program files\Garena\web\cache\ROM\config\images\visu_download.jpg
c:\program files\Garena\web\cache\ROM\config\images\visu_line.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_logo-garena.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_run.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_setting.gif
c:\program files\Garena\web\cache\ROM\css\screen.css
c:\program files\Garena\web\cache\ROM\images\bgd_body.jpg
c:\program files\Garena\web\cache\ROM\images\bgd_html.gif
c:\program files\Garena\web\cache\ROM\images\bgd_news.gif
c:\program files\Garena\web\cache\ROM\images\btn_forum_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_forum_o.gif
c:\program files\Garena\web\cache\ROM\images\btn_support_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_support_o.gif
c:\program files\Garena\web\cache\ROM\images\btn_webiste_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_webiste_o.gif
c:\program files\Garena\web\cache\ROM\images\ico-01.gif
c:\program files\Garena\web\cache\ROM\images\slogan_rom.jpg
c:\program files\Garena\web\cache\ROM\images\Thumbs.db
c:\program files\Garena\web\cache\ROM\images\visu_banner.gif
c:\program files\Garena\web\cache\ROM\images\visu_banner_01.gif
c:\program files\Garena\web\cache\ROM\images\visu_forum.gif
c:\program files\Garena\web\cache\ROM\images\visu_garena.gif
c:\program files\Garena\web\cache\RUpoker\css\pokerembed.css
c:\program files\Garena\web\cache\RUpoker\img\bg.jpg
c:\program files\Garena\web\cache\RUpoker\img\btn.jpg
c:\program files\Garena\web\cache\RUpoker\img\ggbackground.jpg
c:\program files\Garena\web\embed_game.jpg
c:\program files\Garena\web\embed_game_cn.jpg
c:\program files\Garena\web\embed_game_tw.jpg
c:\program files\Garena\web\embed_garenafire_ZH.jpg
c:\program files\Garena\web\embed_gfire.jpg
c:\program files\Garena\web\gfire.cn.html
c:\program files\Garena\web\gfire.en.html
c:\program files\Garena\web\gfire.tw.html
c:\program files\Garena\web\ggbackground.jpg
c:\program files\Garena\web\loading.gif
c:\program files\Garena\web\loading.html
c:\program files\Garena\web\Thumbs.db
c:\program files\Garena\YYFileSystem.dll
c:\windows\system32\winmty32.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-06 20:10 . 2010-01-06 20:10 -------- d-----w- c:\program files\trend micro
2010-01-06 20:10 . 2010-01-06 20:10 -------- d-----w- C:\rsit
2010-01-06 18:17 . 2010-01-06 19:05 -------- d-----w- c:\program files\Counter-Strike Source
2010-01-03 16:26 . 2010-01-03 16:27 -------- d-----w- C:\AoC
2010-01-02 02:22 . 2010-01-02 02:22 -------- d-----w- c:\program files\IIS
2010-01-02 01:44 . 2010-01-02 01:44 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-01-02 01:43 . 2010-01-02 01:43 -------- d-----w- C:\Inetpub
2010-01-02 01:33 . 2010-01-02 01:33 -------- d-----w- c:\program files\Microsoft
2010-01-01 21:16 . 2010-01-01 21:16 -------- d-----w- c:\program files\Microsoft Help
2010-01-01 21:08 . 2010-01-01 21:08 -------- d-----w- c:\windows\symbols
2010-01-01 21:07 . 2010-01-01 21:08 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-01-01 13:54 . 2005-01-03 06:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-01-01 13:52 . 2010-01-01 13:52 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-01-01 01:13 . 2010-01-01 01:13 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-01 01:12 . 2010-01-01 01:12 -------- d-----w- c:\program files\Real
2010-01-01 01:12 . 2010-01-01 01:13 -------- d-----w- c:\program files\Common Files\Real
2009-12-31 22:56 . 2009-12-31 22:56 -------- d-----w- c:\program files\DynDNS Updater
2009-12-31 19:23 . 2009-12-31 19:23 -------- d-----w- c:\documents and settings\Zuben\ScriptDev2
2009-12-31 18:52 . 2009-12-31 19:03 -------- d-----w- c:\documents and settings\Zuben\mangos6
2009-12-31 18:18 . 2009-12-31 18:30 -------- d-----w- c:\documents and settings\Zuben\playerbot
2009-12-31 15:34 . 2009-12-31 15:39 -------- d-----w- c:\program files\PFConfig
2009-12-31 00:51 . 2009-12-31 00:51 -------- d-----w- c:\program files\Adobe Media Player
2009-12-31 00:49 . 2009-12-31 00:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-30 17:31 . 2009-12-30 17:31 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-30 15:29 . 2009-12-31 14:44 -------- d-----w- c:\program files\AVTJet Studio
2009-12-29 13:02 . 2009-12-30 15:20 -------- d-----w- C:\Games
2009-12-28 19:12 . 2009-12-30 19:58 -------- d-----w- c:\program files\Firefly Studios
2009-12-28 00:51 . 2009-12-28 00:51 -------- d-----w- c:\program files\cestinarstvi
2009-12-28 00:49 . 2009-12-28 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-28 00:48 . 2009-12-28 00:48 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 00:48 . 2009-12-28 00:48 -------- d-----w- c:\program files\Apple Software Update
2009-12-28 00:29 . 2009-12-28 00:29 -------- d-----w- c:\program files\WinDjView
2009-12-27 20:35 . 2009-12-27 20:35 -------- d-----w- c:\program files\OpenType Tools
2009-12-27 14:33 . 2009-12-27 14:53 -------- d-----w- C:\Dev-Cpp
2009-12-27 13:27 . 2009-12-27 13:27 -------- d-----w- C:\Dokumenty
2009-12-25 19:31 . 2009-12-25 19:31 -------- d-----w- c:\program files\Zaparit
2009-12-25 12:15 . 2009-12-25 21:56 -------- d-----w- c:\program files\Left 4 Dead
2009-12-25 12:15 . 2009-12-25 12:15 -------- d-----w- c:\windows\Left 4 Dead
2009-12-24 17:18 . 2009-12-24 17:18 -------- d-----w- c:\program files\Nero
2009-12-24 17:17 . 2009-12-24 17:18 -------- d-----w- c:\program files\Common Files\Nero
2009-12-20 22:19 . 2009-12-20 22:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-20 22:19 . 2009-12-20 22:19 -------- d-----w- c:\program files\DivX
2009-12-19 01:38 . 2009-12-19 01:52 -------- d-----w- c:\documents and settings\Zuben\mangos3
2009-12-19 00:16 . 2009-12-19 00:18 -------- d-----w- c:\documents and settings\Zuben\mangos2
2009-12-18 21:59 . 2009-12-18 22:01 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-12-17 17:29 . 2009-12-20 22:19 -------- d-----w- C:\Nexon
2009-12-15 19:29 . 2009-12-15 19:29 37888 ----a-w- c:\windows\system32\winlyv32.dll
2009-12-15 19:29 . 2009-12-15 19:29 37888 ----a-w- c:\windows\system32\winqwl32.dll
2009-12-15 19:29 . 2009-12-15 19:29 37888 ----a-w- c:\windows\system32\winlob32.dll
2009-12-15 19:29 . 2009-12-15 19:29 -------- d-----w- c:\program files\DVR-Compress
2009-12-15 19:29 . 2009-12-15 19:35 -------- d-----w- c:\program files\DVR-Studio Pro 2
2009-12-11 14:21 . 2009-12-11 14:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-09 19:31 . 2009-12-09 19:31 -------- d-----w- c:\program files\Nvu
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 21:23 . 2009-10-30 17:00 -------- d-----w- c:\program files\Flock
2010-01-06 20:36 . 2009-11-09 21:31 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-06 20:32 . 2009-11-09 21:31 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-01 21:13 . 2009-11-04 15:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-01 21:07 . 2009-11-04 15:53 -------- d-----w- c:\program files\MSBuild
2010-01-01 20:21 . 2001-10-25 12:00 553444 ----a-w- c:\windows\system32\perfh005.dat
2010-01-01 20:21 . 2001-10-25 12:00 120528 ----a-w- c:\windows\system32\perfc005.dat
2010-01-01 20:11 . 2009-11-04 15:55 -------- d-----w- c:\program files\Microsoft.NET
2009-12-31 00:53 . 2009-10-31 22:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-30 19:58 . 2009-10-30 16:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 19:50 . 2009-11-18 04:43 -------- d-----w- c:\program files\Sony Ericsson
2009-12-28 00:17 . 2009-10-31 19:05 -------- d-----w- c:\program files\Google
2009-12-22 21:37 . 2009-11-01 14:30 -------- d-----w- c:\program files\Apophysis 2.0
2009-12-18 23:15 . 2009-11-02 14:36 191560 ----a-w- c:\windows\War3Unin.dat
2009-12-14 18:25 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-12-14 18:09 . 2009-11-14 11:11 -------- d-----w- c:\program files\Activision
2009-12-14 18:08 . 2009-10-30 16:38 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-09 15:59 . 2009-11-01 13:12 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-07 17:50 . 2009-12-07 17:50 -------- d-----w- c:\program files\Ashampoo
2009-12-06 13:20 . 2009-12-06 13:20 -------- d-----w- c:\program files\No-IP
2009-12-05 05:08 . 2009-11-05 18:36 -------- d-----w- c:\program files\TortoiseSVN
2009-12-04 23:18 . 2009-11-01 21:20 -------- d-----w- c:\program files\RegCleaner
2009-12-02 18:48 . 2009-12-02 18:47 -------- d-----w- c:\program files\exe
2009-11-30 16:26 . 2009-11-30 16:26 -------- d-----w- c:\program files\Common Files\EzTools
2009-11-30 16:26 . 2009-11-30 16:26 -------- d-----w- c:\program files\EzTools
2009-11-25 19:55 . 2009-11-25 19:55 -------- d-----w- c:\program files\Microsoft XNA
2009-11-25 19:05 . 2009-11-04 15:58 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-25 19:02 . 2009-11-04 15:55 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-11-25 19:02 . 2009-11-25 19:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-11-25 19:02 . 2009-11-25 19:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-25 18:54 . 2009-11-25 18:54 -------- d-----w- c:\program files\Blueberry Software
2009-11-25 04:47 . 2009-11-25 04:47 -------- d-----w- c:\program files\SharpDevelop
2009-11-25 04:38 . 2009-11-01 12:27 -------- d-----w- c:\program files\Java
2009-11-24 23:54 . 2009-11-01 12:13 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-01 12:13 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-11-01 12:13 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-11-01 12:13 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-11-01 12:13 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-11-01 12:13 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-01 12:13 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-01 12:13 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-01 12:13 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-23 14:37 . 2009-11-23 14:37 -------- d-----w- c:\program files\Valve
2009-11-20 18:29 . 2009-11-20 18:29 -------- d-----w- c:\windows\Fonts\Fonts
2009-11-20 17:51 . 2009-11-20 17:51 -------- d-----w- c:\program files\ffdshow
2009-11-19 18:56 . 2009-11-19 18:56 -------- d-----w- c:\program files\FormatFactory
2009-11-19 18:17 . 2009-11-19 18:17 -------- d-----w- c:\program files\VideoConverter
2009-11-19 18:09 . 2009-11-19 18:09 -------- d-----w- c:\program files\Ulead Systems
2009-11-18 21:10 . 2009-11-18 21:10 -------- d-----w- c:\program files\GameTracker
2009-11-18 16:11 . 2009-11-18 16:09 -------- d-----w- c:\program files\ShadowFlare Software
2009-11-18 04:58 . 2009-11-18 04:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-11-18 04:58 . 2009-11-18 04:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-17 19:39 . 2009-11-17 19:39 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-15 23:55 . 2009-11-15 23:48 -------- d-----w- c:\program files\WoWModelViewer
2009-11-15 15:52 . 2009-11-15 15:52 -------- d-----w- c:\program files\7-Zip
2009-11-15 13:20 . 2009-11-04 18:59 -------- d-----w- c:\program files\WinSCP
2009-11-14 14:47 . 2009-11-14 14:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-14 14:46 . 2009-11-14 14:46 -------- d-----r- c:\program files\Skype
2009-11-14 14:46 . 2009-11-14 14:46 -------- d-----w- c:\program files\Common Files\Skype
2009-11-14 11:40 . 2009-11-09 21:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-14 10:35 . 2009-11-13 22:53 -------- d-----w- c:\program files\Winamp
2009-11-14 10:24 . 2009-11-13 23:06 -------- d-----w- c:\program files\JetAudio
2009-11-13 23:06 . 2009-11-13 23:06 -------- d-----w- c:\program files\Common Files\COWON
2009-11-13 23:01 . 2009-11-13 23:01 -------- d-----w- c:\program files\Orban
2009-11-13 23:01 . 2009-11-13 23:01 -------- d-----w- c:\program files\RCN Shoutcast Player
2009-11-13 22:15 . 2009-11-13 22:15 -------- d-----w- c:\program files\SHOUTcast Radio Toolbar
2009-11-13 22:14 . 2009-11-13 22:14 -------- d-----w- c:\program files\SHOUTcast
2009-11-11 17:38 . 2009-11-09 21:31 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-11 14:15 . 2009-11-11 14:15 4179293 ----a-w- C:\everesthome220.exe
2009-11-09 22:21 . 2009-11-09 22:18 -------- d-----w- c:\program files\GamePark
2009-11-09 16:14 . 2009-11-09 16:14 205312 ------w- c:\windows\system32\screensaver_shell.scr
2009-11-08 07:44 . 2009-11-20 17:51 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-07 22:25 . 2009-11-07 22:25 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-06 15:57 . 2009-11-06 15:57 730449 ----a-w- c:\program files\Hamachi.rar
2009-11-05 18:58 . 2009-10-30 15:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-05 18:58 . 2009-10-30 15:37 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-05 18:57 . 2009-10-30 15:37 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-02 14:42 . 2009-11-02 14:36 2829 ----a-w- c:\windows\War3Unin.pif
2009-11-02 14:42 . 2009-11-02 14:36 139264 ----a-w- c:\windows\War3Unin.exe
2009-11-01 12:30 . 2009-11-01 12:29 6159395 ----a-w- C:\FreeRapid-0.83u1.zip
2009-10-30 17:04 . 2009-10-30 17:04 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-30 17:00 . 2009-10-30 17:00 0 ----a-w- c:\windows\nsreg.dat
2009-10-30 16:56 . 2009-10-30 16:35 15600 ----a-w- c:\windows\gdrv.sys
2009-10-30 16:38 . 2009-10-30 16:38 315392 ----a-w- c:\windows\HideWin.exe
2009-10-30 16:33 . 2009-10-30 16:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-30 15:35 . 2009-10-30 15:35 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-11 03:17 . 2009-11-01 12:27 411368 ----a-w- c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-06_20.51.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-06 21:37 . 2010-01-06 21:37 16384 c:\windows\Temp\Perflib_Perfdata_b80.dat
+ 2010-01-06 21:37 . 2010-01-06 21:37 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat
+ 2010-01-06 21:26 . 2010-01-06 21:26 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat
+ 2010-01-06 21:26 . 2010-01-06 21:26 16384 c:\windows\Temp\Perflib_Perfdata_30c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-12-05 2254120]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-01 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DynDNS Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2009-9-28 91504]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms EU\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms EU\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms EU\\NMService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3308:TCP"= 3308:TCP:MySQL Server
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.11.2009 14:12 722416]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.11.2009 13:13 114768]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [5.11.2009 5:58 24640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.11.2009 13:13 20560]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [18.11.2009 22:10 1636192]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 Mercury;Mercury;c:\xampp\xampp_service_mercury.exe [5.11.2009 5:58 73728]
R2 MySQL5;MySQL5;"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\MySQL\MySQL Server 5.0\my.ini" MySQL5 --> c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt [?]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [7.10.2009 2:44 129856]
S2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [28.9.2009 13:38 99704]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.10.2009 20:05 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.11.2009 5:43 13224]
S3 hipeer20;Remobo Instant Private Network;c:\windows\system32\drivers\remobo32.sys [22.4.2009 16:21 26112]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [9.9.2009 12:13 55176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [7.10.2009 2:44 752984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 19:05]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 19:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.zaparit.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &SHOUTcast Search - c:\documents and settings\All Users\Data aplikací\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
TCP: {C69E2D89-FBF7-4F7F-8849-39C6DFCEEA4A} = 216.146.35.35,216.146.36.36
FF - ProfilePath - c:\documents and settings\Zuben\Data aplikací\Mozilla\Firefox\Profiles\h8vilp17.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Garena - c:\program files\Garena\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 22:38
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4541F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3
\Driver\ACPI -> ACPI.sys @ 0xb9e66cb8
\Driver\atapi -> 0x8a4541f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
SecurityProcedure -> ntkrnlpa.exe @ 0x80582a0e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
SecurityProcedure -> ntkrnlpa.exe @ 0x80582a0e
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d05ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9d12b21
SendHandler -> NDIS.sys @ 0xb9cf087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL5"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4920)
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RTHDCPL.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\xampp\FileZillaFTP\FileZilla server.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\xampp\MercuryMail\mercury.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-06 22:43:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-06 21:43
ComboFix2.txt 2010-01-06 20:52
Před spuštěním: 5 729 931 264
Po spuštění: 5 590 933 504
- - End Of File - - FCE450BAFF269E549DCB7EE688F021B9
PS: počítač se stálé nevypíná
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3070.2375 [GMT 1:00]
Spuštěný z: c:\documents and settings\Zuben\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Zuben\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100106-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: c:\windows\system32\winmty32.dll
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Garena
c:\program files\Garena\AESocket.dll
c:\program files\Garena\atl71.dll
c:\program files\Garena\Avatar\boy.swf
c:\program files\Garena\Avatar\boy_s.swf
c:\program files\Garena\Avatar\girl.swf
c:\program files\Garena\Avatar\girl_s.swf
c:\program files\Garena\Avatar\unknown.swf
c:\program files\Garena\Avatar\unknown_s.swf
c:\program files\Garena\clients2.dat
c:\program files\Garena\CommonLib.dll
c:\program files\Garena\config\bs.br.xml
c:\program files\Garena\config\bs.cn.xml
c:\program files\Garena\config\bs.en.xml
c:\program files\Garena\config\bs.id.xml
c:\program files\Garena\config\bs.pp.xml
c:\program files\Garena\config\bs.ru.xml
c:\program files\Garena\config\bs.sd.xml
c:\program files\Garena\config\bs.sp.xml
c:\program files\Garena\config\bs.th.xml
c:\program files\Garena\config\bs.tw.xml
c:\program files\Garena\config\bs.vn.xml
c:\program files\Garena\config\loccn.xml
c:\program files\Garena\config\locen.xml
c:\program files\Garena\config\lockr.xml
c:\program files\Garena\config\loctw.xml
c:\program files\Garena\config\locvn.xml
c:\program files\Garena\CS15Hook.dll
c:\program files\Garena\deps\olgame.gga
c:\program files\Garena\deps\vww.gzp
c:\program files\Garena\deps\webgame.gga
c:\program files\Garena\dlls\CTSys.dll
c:\program files\Garena\dlls\flags.dll
c:\program files\Garena\dlls\FPSHelper.dll
c:\program files\Garena\dlls\GFireMan.dll
c:\program files\Garena\dlls\IPvR.dll
c:\program files\Garena\dlls\PEngine.dll
c:\program files\Garena\dlls\PluginLanguage.dll
c:\program files\Garena\dlls\Sca.dll
c:\program files\Garena\dlls\WC3J.dll
c:\program files\Garena\files\files.ggz
c:\program files\Garena\FPSHook.dll
c:\program files\Garena\Gamecn.dat
c:\program files\Garena\GameConfig.xml
c:\program files\Garena\Gameen.dat
c:\program files\Garena\Gametw.dat
c:\program files\Garena\Gamevn.dat
c:\program files\Garena\Garena.exe
c:\program files\Garena\GarenaSkin.dll
c:\program files\Garena\GarenaSkin1.dll
c:\program files\Garena\GarenaTV.xml
c:\program files\Garena\GarenaTV\0.bmp
c:\program files\Garena\GarenaTV\1.bmp
c:\program files\Garena\GarenaTV\2.bmp
c:\program files\Garena\GarenaTV\3.bmp
c:\program files\Garena\GarenaTV\4.bmp
c:\program files\Garena\GarenaTV\5.bmp
c:\program files\Garena\GarenaTV\6.bmp
c:\program files\Garena\GarenaTV\cn.ggz
c:\program files\Garena\GarenaTV\cn_s.ggz
c:\program files\Garena\GarenaTV\en.ggz
c:\program files\Garena\GarenaTV\en_s.ggz
c:\program files\Garena\GarenaTV\id_s.ggz
c:\program files\Garena\GarenaTV\Thumbs.db
c:\program files\Garena\GarenaTV\tw.ggz
c:\program files\Garena\GarenaTV\tw_s.ggz
c:\program files\Garena\GarenaTV_UI.dll
c:\program files\Garena\GarenaTVHook.dll
c:\program files\Garena\GGICON.ico
c:\program files\Garena\Gn.ggz
c:\program files\Garena\gs.dat
c:\program files\Garena\hc.xml
c:\program files\Garena\Inject.dll
c:\program files\Garena\L4DSocket.dll
c:\program files\Garena\langs.xml
c:\program files\Garena\Languages\FPSGame.dll.cn
c:\program files\Garena\Languages\FPSGame.dll.en
c:\program files\Garena\Languages\FPSGame.dll.tw
c:\program files\Garena\Languages\Garena.exe.br
c:\program files\Garena\Languages\Garena.exe.cn
c:\program files\Garena\Languages\Garena.exe.en
c:\program files\Garena\Languages\Garena.exe.id
c:\program files\Garena\Languages\Garena.exe.ru
c:\program files\Garena\Languages\Garena.exe.sp
c:\program files\Garena\Languages\Garena.exe.th
c:\program files\Garena\Languages\Garena.exe.tw
c:\program files\Garena\Languages\Garena.exe.vn
c:\program files\Garena\Languages\GarenaTV_UI.dll.cn
c:\program files\Garena\Languages\GarenaTV_UI.dll.en
c:\program files\Garena\Languages\GarenaTV_UI.dll.id
c:\program files\Garena\Languages\GarenaTV_UI.dll.tw
c:\program files\Garena\Languages\languages.glf
c:\program files\Garena\Languages\OLGame.dll.en
c:\program files\Garena\Languages\OLGame.dll.vn
c:\program files\Garena\Languages\update.exe.cn
c:\program files\Garena\Languages\update.exe.tw
c:\program files\Garena\Languages\update2.exe.cn
c:\program files\Garena\Languages\update2.exe.tw
c:\program files\Garena\Languages\WC3Ass.dll.cn
c:\program files\Garena\Languages\WC3Ass.dll.en
c:\program files\Garena\Languages\WC3Ass.dll.tw
c:\program files\Garena\Languages\WC3Ass.dll.vn
c:\program files\Garena\Languages\WC3Ladder.dll.cn
c:\program files\Garena\Languages\WC3Ladder.dll.en
c:\program files\Garena\Languages\WC3Ladder.dll.tw
c:\program files\Garena\layout\BlackShotView.layout
c:\program files\Garena\layout\layout.ggz
c:\program files\Garena\lib\BlackShot.dll
c:\program files\Garena\lib\common\Language.dll
c:\program files\Garena\lib\GarenaRoomSystem.dll
c:\program files\Garena\lib\GarenaWebService.dll
c:\program files\Garena\lib\HttpLayer.dll
c:\program files\Garena\lib\Layout.dll
c:\program files\Garena\lib\LibPlugin.ggz
c:\program files\Garena\lib\LoadSwf.dll
c:\program files\Garena\lib\MessagePumpLib.dll
c:\program files\Garena\lib\NetworkLayer.dll
c:\program files\Garena\lib\PKCS.dll
c:\program files\Garena\lib\RSA.dll
c:\program files\Garena\lib\WebCache.dll
c:\program files\Garena\mdata.ggz
c:\program files\Garena\PluginKernel.dll
c:\program files\Garena\plugins\Game\GarenaTVRecorder.dll
c:\program files\Garena\plugins\Game\WC3Ass.dll
c:\program files\Garena\plugins\Game\WC3Ladder.dll
c:\program files\Garena\plugins\Game\WC3VC.dll
c:\program files\Garena\plugins\Plugins.ggz
c:\program files\Garena\plugins\UI\AdPlugin.dll
c:\program files\Garena\plugins\UI\AdPlugin\close_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\close_rollover.bmp
c:\program files\Garena\plugins\UI\AdPlugin\down_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\down_rollover.bmp
c:\program files\Garena\plugins\UI\AdPlugin\skinmsn.bmp
c:\program files\Garena\plugins\UI\AdPlugin\up_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\up_rollover.bmp
c:\program files\Garena\plugins\UI\AvoidCrackPlugin.dll
c:\program files\Garena\plugins\UI\BlackShotPlugin.dll
c:\program files\Garena\plugins\UI\CafeLogin.dll
c:\program files\Garena\plugins\UI\FavListUIPlugin.dll
c:\program files\Garena\plugins\UI\FPSGame.dll
c:\program files\Garena\plugins\UI\GarenaTV.dll
c:\program files\Garena\plugins\UI\GarenaTVRecUI.dll
c:\program files\Garena\plugins\UI\GEngine.dll
c:\program files\Garena\plugins\UI\Chenyx.dll
c:\program files\Garena\plugins\UI\ManagePlugin.dll
c:\program files\Garena\plugins\UI\OLGame.dll
c:\program files\Garena\plugins\UI\StatPlugin.dll
c:\program files\Garena\plugins\UI\ViwawaPlugin.dll
c:\program files\Garena\plugins\UI\WebGameUI.dll
c:\program files\Garena\plugins\UI\zDep.dll
c:\program files\Garena\plugins\UI\zzzPlugin.dll
c:\program files\Garena\RecConfig.xml
c:\program files\Garena\Roomcn.dat
c:\program files\Garena\Roomen.dat
c:\program files\Garena\Roomtw.dat
c:\program files\Garena\server.xml
c:\program files\Garena\shop\items\1.gif
c:\program files\Garena\shop\items\100.gif
c:\program files\Garena\shop\items\105.gif
c:\program files\Garena\shop\items\150.gif
c:\program files\Garena\shop\items\151.gif
c:\program files\Garena\shop\items\2.gif
c:\program files\Garena\shop\items\200.gif
c:\program files\Garena\shop\items\201.gif
c:\program files\Garena\shop\items\202.gif
c:\program files\Garena\shop\items\203.gif
c:\program files\Garena\shop\items\204.gif
c:\program files\Garena\shop\items\205.gif
c:\program files\Garena\shop\items\206.gif
c:\program files\Garena\shop\items\21.gif
c:\program files\Garena\shop\items\22.gif
c:\program files\Garena\shop\items\23.gif
c:\program files\Garena\shop\items\24.gif
c:\program files\Garena\shop\items\3.gif
c:\program files\Garena\shop\items\300.gif
c:\program files\Garena\shop\items\301.gif
c:\program files\Garena\shop\items\302.gif
c:\program files\Garena\shop\items\303.gif
c:\program files\Garena\shop\items\304.gif
c:\program files\Garena\shop\items\305.gif
c:\program files\Garena\shop\items\306.gif
c:\program files\Garena\shop\items\307.gif
c:\program files\Garena\shop\items\308.gif
c:\program files\Garena\shop\items\309.gif
c:\program files\Garena\shop\items\310.gif
c:\program files\Garena\shop\items\311.gif
c:\program files\Garena\shop\items\312.gif
c:\program files\Garena\shop\items\313.gif
c:\program files\Garena\shop\items\4.gif
c:\program files\Garena\shop\items\40.gif
c:\program files\Garena\shop\items\60.gif
c:\program files\Garena\shop\items\61.gif
c:\program files\Garena\shop\items\62.gif
c:\program files\Garena\shop\items\63.gif
c:\program files\Garena\shop\items\64.gif
c:\program files\Garena\shop\items\65.gif
c:\program files\Garena\shop\items\66.gif
c:\program files\Garena\shop\items\67.gif
c:\program files\Garena\shop\items\68.gif
c:\program files\Garena\shop\items\69.gif
c:\program files\Garena\shop\items\70.gif
c:\program files\Garena\shop\items\8.gif
c:\program files\Garena\shop\items\Thumbs.db
c:\program files\Garena\Skin\Flags\-.gif
c:\program files\Garena\Skin\Flags\ad.gif
c:\program files\Garena\Skin\Flags\ae.gif
c:\program files\Garena\Skin\Flags\af.gif
c:\program files\Garena\Skin\Flags\ag.gif
c:\program files\Garena\Skin\Flags\ai.gif
c:\program files\Garena\Skin\Flags\al.gif
c:\program files\Garena\Skin\Flags\am.gif
c:\program files\Garena\Skin\Flags\an.gif
c:\program files\Garena\Skin\Flags\ao.gif
c:\program files\Garena\Skin\Flags\aq.gif
c:\program files\Garena\Skin\Flags\ar.gif
c:\program files\Garena\Skin\Flags\as.gif
c:\program files\Garena\Skin\Flags\at.gif
c:\program files\Garena\Skin\Flags\au.gif
c:\program files\Garena\Skin\Flags\aw.gif
c:\program files\Garena\Skin\Flags\az.gif
c:\program files\Garena\Skin\Flags\ba.gif
c:\program files\Garena\Skin\Flags\bb.gif
c:\program files\Garena\Skin\Flags\bd.gif
c:\program files\Garena\Skin\Flags\be.gif
c:\program files\Garena\Skin\Flags\bf.gif
c:\program files\Garena\Skin\Flags\bg.gif
c:\program files\Garena\Skin\Flags\bh.gif
c:\program files\Garena\Skin\Flags\bi.gif
c:\program files\Garena\Skin\Flags\bj.gif
c:\program files\Garena\Skin\Flags\bm.gif
c:\program files\Garena\Skin\Flags\bn.gif
c:\program files\Garena\Skin\Flags\bo.gif
c:\program files\Garena\Skin\Flags\br.gif
c:\program files\Garena\Skin\Flags\bs.gif
c:\program files\Garena\Skin\Flags\bt.gif
c:\program files\Garena\Skin\Flags\bv.gif
c:\program files\Garena\Skin\Flags\bw.gif
c:\program files\Garena\Skin\Flags\by.gif
c:\program files\Garena\Skin\Flags\bz.gif
c:\program files\Garena\Skin\Flags\ca.gif
c:\program files\Garena\Skin\Flags\cd.gif
c:\program files\Garena\Skin\Flags\cf.gif
c:\program files\Garena\Skin\Flags\cg.gif
c:\program files\Garena\Skin\Flags\ci.gif
c:\program files\Garena\Skin\Flags\ck.gif
c:\program files\Garena\Skin\Flags\cl.gif
c:\program files\Garena\Skin\Flags\cm.gif
c:\program files\Garena\Skin\Flags\cn.gif
c:\program files\Garena\Skin\Flags\co.gif
c:\program files\Garena\Skin\Flags\cr.gif
c:\program files\Garena\Skin\Flags\cu.gif
c:\program files\Garena\Skin\Flags\cv.gif
c:\program files\Garena\Skin\Flags\cy.gif
c:\program files\Garena\Skin\Flags\cz.gif
c:\program files\Garena\Skin\Flags\de.gif
c:\program files\Garena\Skin\Flags\dj.gif
c:\program files\Garena\Skin\Flags\dk.gif
c:\program files\Garena\Skin\Flags\dm.gif
c:\program files\Garena\Skin\Flags\do.gif
c:\program files\Garena\Skin\Flags\dz.gif
c:\program files\Garena\Skin\Flags\ec.gif
c:\program files\Garena\Skin\Flags\ee.gif
c:\program files\Garena\Skin\Flags\eg.gif
c:\program files\Garena\Skin\Flags\er.gif
c:\program files\Garena\Skin\Flags\es.gif
c:\program files\Garena\Skin\Flags\et.gif
c:\program files\Garena\Skin\Flags\eu.gif
c:\program files\Garena\Skin\Flags\fi.gif
c:\program files\Garena\Skin\Flags\fj.gif
c:\program files\Garena\Skin\Flags\fk.gif
c:\program files\Garena\Skin\Flags\fm.gif
c:\program files\Garena\Skin\Flags\fo.gif
c:\program files\Garena\Skin\Flags\fr.gif
c:\program files\Garena\Skin\Flags\fx.gif
c:\program files\Garena\Skin\Flags\ga.gif
c:\program files\Garena\Skin\Flags\gb.gif
c:\program files\Garena\Skin\Flags\gd.gif
c:\program files\Garena\Skin\Flags\ge.gif
c:\program files\Garena\Skin\Flags\gh.gif
c:\program files\Garena\Skin\Flags\gi.gif
c:\program files\Garena\Skin\Flags\gl.gif
c:\program files\Garena\Skin\Flags\gm.gif
c:\program files\Garena\Skin\Flags\gn.gif
c:\program files\Garena\Skin\Flags\gp.gif
c:\program files\Garena\Skin\Flags\gq.gif
c:\program files\Garena\Skin\Flags\gr.gif
c:\program files\Garena\Skin\Flags\gt.gif
c:\program files\Garena\Skin\Flags\gu.gif
c:\program files\Garena\Skin\Flags\gw.gif
c:\program files\Garena\Skin\Flags\gy.gif
c:\program files\Garena\Skin\Flags\hk.gif
c:\program files\Garena\Skin\Flags\hm.gif
c:\program files\Garena\Skin\Flags\hn.gif
c:\program files\Garena\Skin\Flags\hr.gif
c:\program files\Garena\Skin\Flags\ht.gif
c:\program files\Garena\Skin\Flags\hu.gif
c:\program files\Garena\Skin\Flags\ch.gif
c:\program files\Garena\Skin\Flags\id.gif
c:\program files\Garena\Skin\Flags\ie.gif
c:\program files\Garena\Skin\Flags\il.gif
c:\program files\Garena\Skin\Flags\im.gif
c:\program files\Garena\Skin\Flags\in.gif
c:\program files\Garena\Skin\Flags\io.gif
c:\program files\Garena\Skin\Flags\iq.gif
c:\program files\Garena\Skin\Flags\ir.gif
c:\program files\Garena\Skin\Flags\is.gif
c:\program files\Garena\Skin\Flags\it.gif
c:\program files\Garena\Skin\Flags\je.gif
c:\program files\Garena\Skin\Flags\jm.gif
c:\program files\Garena\Skin\Flags\jo.gif
c:\program files\Garena\Skin\Flags\jp.gif
c:\program files\Garena\Skin\Flags\ke.gif
c:\program files\Garena\Skin\Flags\kg.gif
c:\program files\Garena\Skin\Flags\kh.gif
c:\program files\Garena\Skin\Flags\ki.gif
c:\program files\Garena\Skin\Flags\km.gif
c:\program files\Garena\Skin\Flags\kn.gif
c:\program files\Garena\Skin\Flags\kp.gif
c:\program files\Garena\Skin\Flags\kr.gif
c:\program files\Garena\Skin\Flags\kw.gif
c:\program files\Garena\Skin\Flags\ky.gif
c:\program files\Garena\Skin\Flags\kz.gif
c:\program files\Garena\Skin\Flags\la.gif
c:\program files\Garena\Skin\Flags\lb.gif
c:\program files\Garena\Skin\Flags\lc.gif
c:\program files\Garena\Skin\Flags\li.gif
c:\program files\Garena\Skin\Flags\lk.gif
c:\program files\Garena\Skin\Flags\lr.gif
c:\program files\Garena\Skin\Flags\ls.gif
c:\program files\Garena\Skin\Flags\lt.gif
c:\program files\Garena\Skin\Flags\lu.gif
c:\program files\Garena\Skin\Flags\lv.gif
c:\program files\Garena\Skin\Flags\ly.gif
c:\program files\Garena\Skin\Flags\ma.gif
c:\program files\Garena\Skin\Flags\mc.gif
c:\program files\Garena\Skin\Flags\md.gif
c:\program files\Garena\Skin\Flags\me.gif
c:\program files\Garena\Skin\Flags\mg.gif
c:\program files\Garena\Skin\Flags\mh.gif
c:\program files\Garena\Skin\Flags\mk.gif
c:\program files\Garena\Skin\Flags\ml.gif
c:\program files\Garena\Skin\Flags\mm.gif
c:\program files\Garena\Skin\Flags\mn.gif
c:\program files\Garena\Skin\Flags\mo.gif
c:\program files\Garena\Skin\Flags\mp.gif
c:\program files\Garena\Skin\Flags\mq.gif
c:\program files\Garena\Skin\Flags\mr.gif
c:\program files\Garena\Skin\Flags\ms.gif
c:\program files\Garena\Skin\Flags\mt.gif
c:\program files\Garena\Skin\Flags\mu.gif
c:\program files\Garena\Skin\Flags\mv.gif
c:\program files\Garena\Skin\Flags\mw.gif
c:\program files\Garena\Skin\Flags\mx.gif
c:\program files\Garena\Skin\Flags\my.gif
c:\program files\Garena\Skin\Flags\mz.gif
c:\program files\Garena\Skin\Flags\na.gif
c:\program files\Garena\Skin\Flags\nc.gif
c:\program files\Garena\Skin\Flags\ne.gif
c:\program files\Garena\Skin\Flags\nf.gif
c:\program files\Garena\Skin\Flags\ng.gif
c:\program files\Garena\Skin\Flags\ni.gif
c:\program files\Garena\Skin\Flags\nl.gif
c:\program files\Garena\Skin\Flags\no.gif
c:\program files\Garena\Skin\Flags\np.gif
c:\program files\Garena\Skin\Flags\nr.gif
c:\program files\Garena\Skin\Flags\nz.gif
c:\program files\Garena\Skin\Flags\om.gif
c:\program files\Garena\Skin\Flags\pa.gif
c:\program files\Garena\Skin\Flags\pe.gif
c:\program files\Garena\Skin\Flags\pf.gif
c:\program files\Garena\Skin\Flags\pg.gif
c:\program files\Garena\Skin\Flags\ph.gif
c:\program files\Garena\Skin\Flags\pk.gif
c:\program files\Garena\Skin\Flags\pl.gif
c:\program files\Garena\Skin\Flags\pm.gif
c:\program files\Garena\Skin\Flags\pr.gif
c:\program files\Garena\Skin\Flags\ps.gif
c:\program files\Garena\Skin\Flags\pt.gif
c:\program files\Garena\Skin\Flags\pw.gif
c:\program files\Garena\Skin\Flags\py.gif
c:\program files\Garena\Skin\Flags\qa.gif
c:\program files\Garena\Skin\Flags\re.gif
c:\program files\Garena\Skin\Flags\ro.gif
c:\program files\Garena\Skin\Flags\rs.gif
c:\program files\Garena\Skin\Flags\ru.gif
c:\program files\Garena\Skin\Flags\rw.gif
c:\program files\Garena\Skin\Flags\sa.gif
c:\program files\Garena\Skin\Flags\sb.gif
c:\program files\Garena\Skin\Flags\sc.gif
c:\program files\Garena\Skin\Flags\sd.gif
c:\program files\Garena\Skin\Flags\se.gif
c:\program files\Garena\Skin\Flags\sg.gif
c:\program files\Garena\Skin\Flags\si.gif
c:\program files\Garena\Skin\Flags\sk.gif
c:\program files\Garena\Skin\Flags\sl.gif
c:\program files\Garena\Skin\Flags\sm.gif
c:\program files\Garena\Skin\Flags\sn.gif
c:\program files\Garena\Skin\Flags\so.gif
c:\program files\Garena\Skin\Flags\sr.gif
c:\program files\Garena\Skin\Flags\st.gif
c:\program files\Garena\Skin\Flags\sv.gif
c:\program files\Garena\Skin\Flags\sy.gif
c:\program files\Garena\Skin\Flags\sz.gif
c:\program files\Garena\Skin\Flags\tc.gif
c:\program files\Garena\Skin\Flags\td.gif
c:\program files\Garena\Skin\Flags\tf.gif
c:\program files\Garena\Skin\Flags\tg.gif
c:\program files\Garena\Skin\Flags\th.gif
c:\program files\Garena\Skin\Flags\Thumbs.db
c:\program files\Garena\Skin\Flags\tj.gif
c:\program files\Garena\Skin\Flags\tm.gif
c:\program files\Garena\Skin\Flags\tn.gif
c:\program files\Garena\Skin\Flags\to.gif
c:\program files\Garena\Skin\Flags\tp.gif
c:\program files\Garena\Skin\Flags\tr.gif
c:\program files\Garena\Skin\Flags\tt.gif
c:\program files\Garena\Skin\Flags\tv.gif
c:\program files\Garena\Skin\Flags\tw.gif
c:\program files\Garena\Skin\Flags\tz.gif
c:\program files\Garena\Skin\Flags\ua.gif
c:\program files\Garena\Skin\Flags\ug.gif
c:\program files\Garena\Skin\Flags\uk.gif
c:\program files\Garena\Skin\Flags\um.gif
c:\program files\Garena\Skin\Flags\us.gif
c:\program files\Garena\Skin\Flags\uy.gif
c:\program files\Garena\Skin\Flags\uz.gif
c:\program files\Garena\Skin\Flags\va.gif
c:\program files\Garena\Skin\Flags\vc.gif
c:\program files\Garena\Skin\Flags\ve.gif
c:\program files\Garena\Skin\Flags\vg.gif
c:\program files\Garena\Skin\Flags\vi.gif
c:\program files\Garena\Skin\Flags\vn.gif
c:\program files\Garena\Skin\Flags\vu.gif
c:\program files\Garena\Skin\Flags\ws.gif
c:\program files\Garena\Skin\Flags\ye.gif
c:\program files\Garena\Skin\Flags\yu.gif
c:\program files\Garena\Skin\Flags\za.gif
c:\program files\Garena\Skin\Flags\zm.gif
c:\program files\Garena\Skin\Flags\zr.gif
c:\program files\Garena\Skin\Flags\zw.gif
c:\program files\Garena\Skin\garenatv.ggz
c:\program files\Garena\Skin\Skin.ggz
c:\program files\Garena\skin_bs\garenatv.ggz
c:\program files\Garena\skin_bs\Skin.ggz
c:\program files\Garena\Skins.xml
c:\program files\Garena\SocketHook.dll
c:\program files\Garena\sound\folder.wav
c:\program files\Garena\sound\game.wav
c:\program files\Garena\sound\msg.wav
c:\program files\Garena\sound\nudge.wav
c:\program files\Garena\sound\quit.wav
c:\program files\Garena\sound\ring.wav
c:\program files\Garena\sound\sysmsg.wav
c:\program files\Garena\source.xml
c:\program files\Garena\sqlite3.dll
c:\program files\Garena\uninst.exe
c:\program files\Garena\update.dat
c:\program files\Garena\update.exe
c:\program files\Garena\update.xml
c:\program files\Garena\update2.exe
c:\program files\Garena\user.xml
c:\program files\Garena\user\16617228\ban.dat
c:\program files\Garena\user\16617228\data.dat
c:\program files\Garena\user\16617228\fps.dat
c:\program files\Garena\user\16617228\recent.txt
c:\program files\Garena\viwawa.cn.xml
c:\program files\Garena\viwawa.en.xml
c:\program files\Garena\viwawa.tw.xml
c:\program files\Garena\War3Hook.dll
c:\program files\Garena\web\1.cn.html
c:\program files\Garena\web\1.en.html
c:\program files\Garena\web\1.tw.html
c:\program files\Garena\web\2.cn.html
c:\program files\Garena\web\2.en.html
c:\program files\Garena\web\2.tw.html
c:\program files\Garena\web\3.cn.html
c:\program files\Garena\web\3.en.html
c:\program files\Garena\web\3.tw.html
c:\program files\Garena\web\6.cn.html
c:\program files\Garena\web\6.en.html
c:\program files\Garena\web\6.tw.html
c:\program files\Garena\web\cache\Freesky\css\foemb_2.css
c:\program files\Garena\web\cache\Freesky\img\do_bg2.jpg
c:\program files\Garena\web\cache\Freesky\img\do_btn.jpg
c:\program files\Garena\web\cache\Freesky\img\ggbackground.jpg
c:\program files\Garena\web\cache\ROM\config\css\screen.css
c:\program files\Garena\web\cache\ROM\config\images\bgd_body.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_hevertical.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_vertical.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_footer.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_html.gif
c:\program files\Garena\web\cache\ROM\config\images\header.jpg
c:\program files\Garena\web\cache\ROM\config\images\ico_bullet.gif
c:\program files\Garena\web\cache\ROM\config\images\Thumbs.db
c:\program files\Garena\web\cache\ROM\config\images\visu_download.jpg
c:\program files\Garena\web\cache\ROM\config\images\visu_line.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_logo-garena.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_run.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_setting.gif
c:\program files\Garena\web\cache\ROM\css\screen.css
c:\program files\Garena\web\cache\ROM\images\bgd_body.jpg
c:\program files\Garena\web\cache\ROM\images\bgd_html.gif
c:\program files\Garena\web\cache\ROM\images\bgd_news.gif
c:\program files\Garena\web\cache\ROM\images\btn_forum_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_forum_o.gif
c:\program files\Garena\web\cache\ROM\images\btn_support_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_support_o.gif
c:\program files\Garena\web\cache\ROM\images\btn_webiste_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_webiste_o.gif
c:\program files\Garena\web\cache\ROM\images\ico-01.gif
c:\program files\Garena\web\cache\ROM\images\slogan_rom.jpg
c:\program files\Garena\web\cache\ROM\images\Thumbs.db
c:\program files\Garena\web\cache\ROM\images\visu_banner.gif
c:\program files\Garena\web\cache\ROM\images\visu_banner_01.gif
c:\program files\Garena\web\cache\ROM\images\visu_forum.gif
c:\program files\Garena\web\cache\ROM\images\visu_garena.gif
c:\program files\Garena\web\cache\RUpoker\css\pokerembed.css
c:\program files\Garena\web\cache\RUpoker\img\bg.jpg
c:\program files\Garena\web\cache\RUpoker\img\btn.jpg
c:\program files\Garena\web\cache\RUpoker\img\ggbackground.jpg
c:\program files\Garena\web\embed_game.jpg
c:\program files\Garena\web\embed_game_cn.jpg
c:\program files\Garena\web\embed_game_tw.jpg
c:\program files\Garena\web\embed_garenafire_ZH.jpg
c:\program files\Garena\web\embed_gfire.jpg
c:\program files\Garena\web\gfire.cn.html
c:\program files\Garena\web\gfire.en.html
c:\program files\Garena\web\gfire.tw.html
c:\program files\Garena\web\ggbackground.jpg
c:\program files\Garena\web\loading.gif
c:\program files\Garena\web\loading.html
c:\program files\Garena\web\Thumbs.db
c:\program files\Garena\YYFileSystem.dll
c:\windows\system32\winmty32.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-06 20:10 . 2010-01-06 20:10 -------- d-----w- c:\program files\trend micro
2010-01-06 20:10 . 2010-01-06 20:10 -------- d-----w- C:\rsit
2010-01-06 18:17 . 2010-01-06 19:05 -------- d-----w- c:\program files\Counter-Strike Source
2010-01-03 16:26 . 2010-01-03 16:27 -------- d-----w- C:\AoC
2010-01-02 02:22 . 2010-01-02 02:22 -------- d-----w- c:\program files\IIS
2010-01-02 01:44 . 2010-01-02 01:44 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-01-02 01:43 . 2010-01-02 01:43 -------- d-----w- C:\Inetpub
2010-01-02 01:33 . 2010-01-02 01:33 -------- d-----w- c:\program files\Microsoft
2010-01-01 21:16 . 2010-01-01 21:16 -------- d-----w- c:\program files\Microsoft Help
2010-01-01 21:08 . 2010-01-01 21:08 -------- d-----w- c:\windows\symbols
2010-01-01 21:07 . 2010-01-01 21:08 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-01-01 13:54 . 2005-01-03 06:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-01-01 13:52 . 2010-01-01 13:52 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-01-01 01:13 . 2010-01-01 01:13 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-01 01:12 . 2010-01-01 01:12 -------- d-----w- c:\program files\Real
2010-01-01 01:12 . 2010-01-01 01:13 -------- d-----w- c:\program files\Common Files\Real
2009-12-31 22:56 . 2009-12-31 22:56 -------- d-----w- c:\program files\DynDNS Updater
2009-12-31 19:23 . 2009-12-31 19:23 -------- d-----w- c:\documents and settings\Zuben\ScriptDev2
2009-12-31 18:52 . 2009-12-31 19:03 -------- d-----w- c:\documents and settings\Zuben\mangos6
2009-12-31 18:18 . 2009-12-31 18:30 -------- d-----w- c:\documents and settings\Zuben\playerbot
2009-12-31 15:34 . 2009-12-31 15:39 -------- d-----w- c:\program files\PFConfig
2009-12-31 00:51 . 2009-12-31 00:51 -------- d-----w- c:\program files\Adobe Media Player
2009-12-31 00:49 . 2009-12-31 00:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-30 17:31 . 2009-12-30 17:31 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-30 15:29 . 2009-12-31 14:44 -------- d-----w- c:\program files\AVTJet Studio
2009-12-29 13:02 . 2009-12-30 15:20 -------- d-----w- C:\Games
2009-12-28 19:12 . 2009-12-30 19:58 -------- d-----w- c:\program files\Firefly Studios
2009-12-28 00:51 . 2009-12-28 00:51 -------- d-----w- c:\program files\cestinarstvi
2009-12-28 00:49 . 2009-12-28 00:49 -------- d-----w- c:\program files\QuickTime
2009-12-28 00:48 . 2009-12-28 00:48 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 00:48 . 2009-12-28 00:48 -------- d-----w- c:\program files\Apple Software Update
2009-12-28 00:29 . 2009-12-28 00:29 -------- d-----w- c:\program files\WinDjView
2009-12-27 20:35 . 2009-12-27 20:35 -------- d-----w- c:\program files\OpenType Tools
2009-12-27 14:33 . 2009-12-27 14:53 -------- d-----w- C:\Dev-Cpp
2009-12-27 13:27 . 2009-12-27 13:27 -------- d-----w- C:\Dokumenty
2009-12-25 19:31 . 2009-12-25 19:31 -------- d-----w- c:\program files\Zaparit
2009-12-25 12:15 . 2009-12-25 21:56 -------- d-----w- c:\program files\Left 4 Dead
2009-12-25 12:15 . 2009-12-25 12:15 -------- d-----w- c:\windows\Left 4 Dead
2009-12-24 17:18 . 2009-12-24 17:18 -------- d-----w- c:\program files\Nero
2009-12-24 17:17 . 2009-12-24 17:18 -------- d-----w- c:\program files\Common Files\Nero
2009-12-20 22:19 . 2009-12-20 22:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-20 22:19 . 2009-12-20 22:19 -------- d-----w- c:\program files\DivX
2009-12-19 01:38 . 2009-12-19 01:52 -------- d-----w- c:\documents and settings\Zuben\mangos3
2009-12-19 00:16 . 2009-12-19 00:18 -------- d-----w- c:\documents and settings\Zuben\mangos2
2009-12-18 21:59 . 2009-12-18 22:01 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-12-17 17:29 . 2009-12-20 22:19 -------- d-----w- C:\Nexon
2009-12-15 19:29 . 2009-12-15 19:29 37888 ----a-w- c:\windows\system32\winlyv32.dll
2009-12-15 19:29 . 2009-12-15 19:29 37888 ----a-w- c:\windows\system32\winqwl32.dll
2009-12-15 19:29 . 2009-12-15 19:29 37888 ----a-w- c:\windows\system32\winlob32.dll
2009-12-15 19:29 . 2009-12-15 19:29 -------- d-----w- c:\program files\DVR-Compress
2009-12-15 19:29 . 2009-12-15 19:35 -------- d-----w- c:\program files\DVR-Studio Pro 2
2009-12-11 14:21 . 2009-12-11 14:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-09 19:31 . 2009-12-09 19:31 -------- d-----w- c:\program files\Nvu
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 21:23 . 2009-10-30 17:00 -------- d-----w- c:\program files\Flock
2010-01-06 20:36 . 2009-11-09 21:31 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-06 20:32 . 2009-11-09 21:31 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-01 21:13 . 2009-11-04 15:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-01 21:07 . 2009-11-04 15:53 -------- d-----w- c:\program files\MSBuild
2010-01-01 20:21 . 2001-10-25 12:00 553444 ----a-w- c:\windows\system32\perfh005.dat
2010-01-01 20:21 . 2001-10-25 12:00 120528 ----a-w- c:\windows\system32\perfc005.dat
2010-01-01 20:11 . 2009-11-04 15:55 -------- d-----w- c:\program files\Microsoft.NET
2009-12-31 00:53 . 2009-10-31 22:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-30 19:58 . 2009-10-30 16:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 19:50 . 2009-11-18 04:43 -------- d-----w- c:\program files\Sony Ericsson
2009-12-28 00:17 . 2009-10-31 19:05 -------- d-----w- c:\program files\Google
2009-12-22 21:37 . 2009-11-01 14:30 -------- d-----w- c:\program files\Apophysis 2.0
2009-12-18 23:15 . 2009-11-02 14:36 191560 ----a-w- c:\windows\War3Unin.dat
2009-12-14 18:25 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-12-14 18:09 . 2009-11-14 11:11 -------- d-----w- c:\program files\Activision
2009-12-14 18:08 . 2009-10-30 16:38 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-09 15:59 . 2009-11-01 13:12 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-07 17:50 . 2009-12-07 17:50 -------- d-----w- c:\program files\Ashampoo
2009-12-06 13:20 . 2009-12-06 13:20 -------- d-----w- c:\program files\No-IP
2009-12-05 05:08 . 2009-11-05 18:36 -------- d-----w- c:\program files\TortoiseSVN
2009-12-04 23:18 . 2009-11-01 21:20 -------- d-----w- c:\program files\RegCleaner
2009-12-02 18:48 . 2009-12-02 18:47 -------- d-----w- c:\program files\exe
2009-11-30 16:26 . 2009-11-30 16:26 -------- d-----w- c:\program files\Common Files\EzTools
2009-11-30 16:26 . 2009-11-30 16:26 -------- d-----w- c:\program files\EzTools
2009-11-25 19:55 . 2009-11-25 19:55 -------- d-----w- c:\program files\Microsoft XNA
2009-11-25 19:05 . 2009-11-04 15:58 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-25 19:02 . 2009-11-04 15:55 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-11-25 19:02 . 2009-11-25 19:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-11-25 19:02 . 2009-11-25 19:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-25 18:54 . 2009-11-25 18:54 -------- d-----w- c:\program files\Blueberry Software
2009-11-25 04:47 . 2009-11-25 04:47 -------- d-----w- c:\program files\SharpDevelop
2009-11-25 04:38 . 2009-11-01 12:27 -------- d-----w- c:\program files\Java
2009-11-24 23:54 . 2009-11-01 12:13 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-01 12:13 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-11-01 12:13 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-11-01 12:13 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-11-01 12:13 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-11-01 12:13 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-01 12:13 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-01 12:13 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-01 12:13 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-23 14:37 . 2009-11-23 14:37 -------- d-----w- c:\program files\Valve
2009-11-20 18:29 . 2009-11-20 18:29 -------- d-----w- c:\windows\Fonts\Fonts
2009-11-20 17:51 . 2009-11-20 17:51 -------- d-----w- c:\program files\ffdshow
2009-11-19 18:56 . 2009-11-19 18:56 -------- d-----w- c:\program files\FormatFactory
2009-11-19 18:17 . 2009-11-19 18:17 -------- d-----w- c:\program files\VideoConverter
2009-11-19 18:09 . 2009-11-19 18:09 -------- d-----w- c:\program files\Ulead Systems
2009-11-18 21:10 . 2009-11-18 21:10 -------- d-----w- c:\program files\GameTracker
2009-11-18 16:11 . 2009-11-18 16:09 -------- d-----w- c:\program files\ShadowFlare Software
2009-11-18 04:58 . 2009-11-18 04:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-11-18 04:58 . 2009-11-18 04:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-17 19:39 . 2009-11-17 19:39 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-15 23:55 . 2009-11-15 23:48 -------- d-----w- c:\program files\WoWModelViewer
2009-11-15 15:52 . 2009-11-15 15:52 -------- d-----w- c:\program files\7-Zip
2009-11-15 13:20 . 2009-11-04 18:59 -------- d-----w- c:\program files\WinSCP
2009-11-14 14:47 . 2009-11-14 14:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-14 14:46 . 2009-11-14 14:46 -------- d-----r- c:\program files\Skype
2009-11-14 14:46 . 2009-11-14 14:46 -------- d-----w- c:\program files\Common Files\Skype
2009-11-14 11:40 . 2009-11-09 21:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-14 10:35 . 2009-11-13 22:53 -------- d-----w- c:\program files\Winamp
2009-11-14 10:24 . 2009-11-13 23:06 -------- d-----w- c:\program files\JetAudio
2009-11-13 23:06 . 2009-11-13 23:06 -------- d-----w- c:\program files\Common Files\COWON
2009-11-13 23:01 . 2009-11-13 23:01 -------- d-----w- c:\program files\Orban
2009-11-13 23:01 . 2009-11-13 23:01 -------- d-----w- c:\program files\RCN Shoutcast Player
2009-11-13 22:15 . 2009-11-13 22:15 -------- d-----w- c:\program files\SHOUTcast Radio Toolbar
2009-11-13 22:14 . 2009-11-13 22:14 -------- d-----w- c:\program files\SHOUTcast
2009-11-11 17:38 . 2009-11-09 21:31 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-11 14:15 . 2009-11-11 14:15 4179293 ----a-w- C:\everesthome220.exe
2009-11-09 22:21 . 2009-11-09 22:18 -------- d-----w- c:\program files\GamePark
2009-11-09 16:14 . 2009-11-09 16:14 205312 ------w- c:\windows\system32\screensaver_shell.scr
2009-11-08 07:44 . 2009-11-20 17:51 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-07 22:25 . 2009-11-07 22:25 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-06 15:57 . 2009-11-06 15:57 730449 ----a-w- c:\program files\Hamachi.rar
2009-11-05 18:58 . 2009-10-30 15:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-05 18:58 . 2009-10-30 15:37 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-05 18:57 . 2009-10-30 15:37 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-02 14:42 . 2009-11-02 14:36 2829 ----a-w- c:\windows\War3Unin.pif
2009-11-02 14:42 . 2009-11-02 14:36 139264 ----a-w- c:\windows\War3Unin.exe
2009-11-01 12:30 . 2009-11-01 12:29 6159395 ----a-w- C:\FreeRapid-0.83u1.zip
2009-10-30 17:04 . 2009-10-30 17:04 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-30 17:00 . 2009-10-30 17:00 0 ----a-w- c:\windows\nsreg.dat
2009-10-30 16:56 . 2009-10-30 16:35 15600 ----a-w- c:\windows\gdrv.sys
2009-10-30 16:38 . 2009-10-30 16:38 315392 ----a-w- c:\windows\HideWin.exe
2009-10-30 16:33 . 2009-10-30 16:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-30 15:35 . 2009-10-30 15:35 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-11 03:17 . 2009-11-01 12:27 411368 ----a-w- c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-06_20.51.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-06 21:37 . 2010-01-06 21:37 16384 c:\windows\Temp\Perflib_Perfdata_b80.dat
+ 2010-01-06 21:37 . 2010-01-06 21:37 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat
+ 2010-01-06 21:26 . 2010-01-06 21:26 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat
+ 2010-01-06 21:26 . 2010-01-06 21:26 16384 c:\windows\Temp\Perflib_Perfdata_30c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-12-05 2254120]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-01 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DynDNS Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2009-9-28 91504]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms EU\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms EU\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms EU\\NMService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3308:TCP"= 3308:TCP:MySQL Server
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.11.2009 14:12 722416]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.11.2009 13:13 114768]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [5.11.2009 5:58 24640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.11.2009 13:13 20560]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [18.11.2009 22:10 1636192]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 Mercury;Mercury;c:\xampp\xampp_service_mercury.exe [5.11.2009 5:58 73728]
R2 MySQL5;MySQL5;"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\MySQL\MySQL Server 5.0\my.ini" MySQL5 --> c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt [?]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [7.10.2009 2:44 129856]
S2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [28.9.2009 13:38 99704]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.10.2009 20:05 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.11.2009 5:43 13224]
S3 hipeer20;Remobo Instant Private Network;c:\windows\system32\drivers\remobo32.sys [22.4.2009 16:21 26112]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [9.9.2009 12:13 55176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [7.10.2009 2:44 752984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 19:05]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 19:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.zaparit.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &SHOUTcast Search - c:\documents and settings\All Users\Data aplikací\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
TCP: {C69E2D89-FBF7-4F7F-8849-39C6DFCEEA4A} = 216.146.35.35,216.146.36.36
FF - ProfilePath - c:\documents and settings\Zuben\Data aplikací\Mozilla\Firefox\Profiles\h8vilp17.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Garena - c:\program files\Garena\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 22:38
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4541F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3
\Driver\ACPI -> ACPI.sys @ 0xb9e66cb8
\Driver\atapi -> 0x8a4541f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
SecurityProcedure -> ntkrnlpa.exe @ 0x80582a0e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
SecurityProcedure -> ntkrnlpa.exe @ 0x80582a0e
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d05ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9d12b21
SendHandler -> NDIS.sys @ 0xb9cf087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL5"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4920)
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RTHDCPL.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\xampp\FileZillaFTP\FileZilla server.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\xampp\MercuryMail\mercury.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-06 22:43:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-06 21:43
ComboFix2.txt 2010-01-06 20:52
Před spuštěním: 5 729 931 264
Po spuštění: 5 590 933 504
- - End Of File - - FCE450BAFF269E549DCB7EE688F021B9
PS: počítač se stálé nevypíná
Po každé pomoci přispěji sms zprávou za 9Kč
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu LOGU + menší problém
Ještě proveďte sken MBR: http://www2.gmer.net/mbr/mbr.exe a vložte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?