Prosim o kontrolu, zpomaleny NB

Zpráva

pad.dy · #1 Příspěvek od **pad.dy** » 16 črc 2010 14:22

Dobry den, chtel bych poprosit o kontrolu logu. Notebook se mi posledni dobou strasne seka, obcas i internet. Diky za vas cas a tady je log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Pad.dy at 2010-07-16 15:21:45
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 22 GB (15%) free of 148 GB
Total RAM: 3069 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:21:48, on 16.7.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Xfire\Xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Pad.dy\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\RSIT.exe
C:\Program Files\trend micro\Pad.dy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search13.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Orion.lnk = C:\Convesoft\Orion\Messenger.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Statistika součásti Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/sr ... ab_srl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4D9C8BF-D5AB-4EAE-B273-69898E5228AE}: NameServer = 89.203.192.1,89.203.192.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 11856 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{A682138B-1122-418E-A83D-16215CC132CD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-04 142896]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-04 1037608]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-03-11 397312]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-04 526896]
"eAudio"=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-03-07 544768]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-02-25 34040]
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2009-05-30 3659264]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-04-28 809480]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-03-05 147456]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-03-04 167936]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2009-03-18 173352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-26 149280]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-06-28 218376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2010-03-07 2937528]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Pad.dy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Orion.lnk - C:\Convesoft\Orion\Messenger.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2009-05-30 3024896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2007-06-28 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-07-15 21:06:37 ----D---- C:\Windows\temp
2010-07-15 21:06:34 ----A---- C:\ComboFix.txt
2010-07-15 21:05:32 ----SHD---- C:\$RECYCLE.BIN
2010-07-15 20:34:13 ----A---- C:\Windows\zip.exe
2010-07-15 20:34:13 ----A---- C:\Windows\SWSC.exe
2010-07-15 20:34:13 ----A---- C:\Windows\SWREG.exe
2010-07-15 20:34:13 ----A---- C:\Windows\sed.exe
2010-07-15 20:34:13 ----A---- C:\Windows\PEV.exe
2010-07-15 20:34:13 ----A---- C:\Windows\NIRCMD.exe
2010-07-15 20:34:13 ----A---- C:\Windows\MBR.exe
2010-07-15 20:34:13 ----A---- C:\Windows\grep.exe
2010-07-15 20:33:48 ----D---- C:\Windows\ERDNT
2010-07-15 20:28:10 ----D---- C:\Qoobox
2010-07-15 20:27:52 ----A---- C:\Windows\SWXCACLS.exe
2010-07-13 23:56:06 ----D---- C:\ProgramData\Firefly Studios
2010-07-13 19:47:40 ----D---- C:\Users\Pad.dy\AppData\Roaming\LolClient
2010-07-13 17:50:49 ----D---- C:\Program Files\League of Legends
2010-07-11 20:29:29 ----ASH---- C:\hiberfil.sys
2010-07-09 21:04:40 ----A---- C:\Windows\system32\xfcodec.dll
2010-07-06 20:58:50 ----D---- C:\Users\Pad.dy\AppData\Roaming\Mount&Blade
2010-07-06 20:57:06 ----D---- C:\Program Files\Mount&Blade
2010-07-06 20:01:19 ----D---- C:\Program Files\Knights and Merchants TPR
2010-07-06 18:39:54 ----A---- C:\Windows\uninst.exe
2010-07-04 12:22:39 ----D---- C:\Users\Pad.dy\AppData\Roaming\GameRanger
2010-07-01 22:26:56 ----D---- C:\Program Files\Firefly Studios
2010-06-26 19:41:29 ----D---- C:\Program Files\Valve
2010-06-25 22:45:15 ----A---- C:\Windows\RtDefLvl.ini
2010-06-25 22:45:13 ----A---- C:\Windows\system32\SRSWOW.dll
2010-06-25 22:45:13 ----A---- C:\Windows\system32\SRSTSXT.dll
2010-06-25 22:45:13 ----A---- C:\Windows\system32\SRSTSHD.dll
2010-06-25 22:45:13 ----A---- C:\Windows\system32\SRSHP360.dll
2010-06-25 22:45:13 ----A---- C:\Windows\system32\RtkPgExt.dll
2010-06-25 22:45:13 ----A---- C:\Windows\system32\RtkCoInst.dll
2010-06-25 22:45:13 ----A---- C:\Windows\system32\RtkApoApi.dll
2010-06-25 22:45:13 ----A---- C:\Windows\system32\RtkAPO.dll
2010-06-25 22:45:13 ----A---- C:\Windows\system32\maxxaudioapo.dll
2010-06-25 22:45:13 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2010-06-25 22:45:13 ----A---- C:\Windows\SkyTel.exe
2010-06-25 22:45:13 ----A---- C:\Windows\RtlUpd.exe
2010-06-25 22:45:13 ----A---- C:\Windows\RtHDVCpl.exe
2010-06-25 21:58:30 ----A---- C:\Windows\system32\npptNT2.sys
2010-06-25 21:47:38 ----D---- C:\Program Files\Lineage II
2010-06-25 12:19:11 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-25 12:19:11 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-25 12:19:11 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-25 12:19:11 ----A---- C:\Windows\system32\mscoree.dll
2010-06-25 12:19:10 ----A---- C:\Windows\system32\dfshim.dll
2010-06-24 12:23:47 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-24 12:23:47 ----A---- C:\Windows\system32\Apphlpdm.dll

======List of files/folders modified in the last 1 months======

2010-07-16 15:21:45 ----D---- C:\Program Files\trend micro
2010-07-16 15:18:22 ----D---- C:\Program Files\Mozilla Firefox
2010-07-16 10:49:00 ----D---- C:\Users\Pad.dy\AppData\Roaming\Xfire
2010-07-16 10:21:57 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-07-16 10:21:53 ----D---- C:\Windows\Prefetch
2010-07-16 09:17:30 ----SHD---- C:\System Volume Information
2010-07-16 08:48:50 ----D---- C:\Windows\System32
2010-07-16 08:48:50 ----D---- C:\Windows\inf
2010-07-16 08:48:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-16 08:43:25 ----D---- C:\ProgramData\Kaspersky Lab
2010-07-15 21:20:18 ----D---- C:\Windows
2010-07-15 21:06:39 ----D---- C:\Windows\system32\drivers
2010-07-15 20:56:42 ----D---- C:\Windows\system32\catroot2
2010-07-15 20:55:48 ----A---- C:\Windows\system.ini
2010-07-15 20:55:30 ----D---- C:\Windows\system32\drivers\etc
2010-07-15 20:53:52 ----D---- C:\Windows\system32\config
2010-07-15 20:53:52 ----D---- C:\Boot
2010-07-15 20:51:51 ----D---- C:\Program Files
2010-07-15 20:46:46 ----D---- C:\Windows\AppPatch
2010-07-15 20:46:44 ----D---- C:\Program Files\Common Files
2010-07-15 16:03:03 ----D---- C:\Windows\Debug
2010-07-15 08:17:29 ----D---- C:\Windows\winsxs
2010-07-15 08:05:12 ----D---- C:\Windows\system32\catroot
2010-07-15 08:05:09 ----D---- C:\Program Files\Windows Mail
2010-07-15 08:02:38 ----SHD---- C:\Windows\Installer
2010-07-15 08:02:29 ----D---- C:\ProgramData\Microsoft Help
2010-07-15 08:02:29 ----D---- C:\Config.Msi
2010-07-14 12:48:06 ----D---- C:\Program Files\Warcraft III
2010-07-14 08:12:14 ----D---- C:\ProgramData\Xfire
2010-07-13 23:56:06 ----D---- C:\ProgramData
2010-07-13 23:45:05 ----D---- C:\Program Files\Xfire
2010-07-13 23:06:48 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-13 22:16:08 ----D---- C:\Program Files\EA Sports
2010-07-13 16:09:01 ----D---- C:\ProgramData\PMB Files
2010-07-02 21:39:05 ----A---- C:\Windows\system32\mrt.exe
2010-06-26 16:34:55 ----D---- C:\Users\Pad.dy\AppData\Roaming\Hamachi
2010-06-25 22:45:56 ----D---- C:\Windows\system32\RTCOM
2010-06-25 22:45:15 ----A---- C:\Windows\DIFxAPI.dll
2010-06-25 21:29:26 ----D---- C:\Windows\Microsoft.NET
2010-06-25 21:29:22 ----RSD---- C:\Windows\assembly
2010-06-25 20:38:53 ----D---- C:\Windows\ehome
2010-06-23 22:43:52 ----D---- C:\Users\Pad.dy\AppData\Roaming\Skype
2010-06-23 17:21:58 ----D---- C:\Users\Pad.dy\AppData\Roaming\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AlfaFF;AlfaFF File System mini-filter; C:\Windows\system32\Drivers\AlfaFF.sys [2009-05-30 43184]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-03-04 18992]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-01 691696]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R1 ACEDRV05;ACEDRV05; \??\C:\Windows\system32\drivers\ACEDRV05.sys [2010-05-20 97792]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-05-30 112144]
R1 KLIF;KLIF; C:\Windows\system32\DRIVERS\klif.sys [2009-05-30 127768]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-03-05 41456]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-04-01 281760]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-04-01 25888]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-04 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-04 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-03-11 48128]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-01-08 2554368]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-12-11 11515848]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-06-21 47360]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
R3 vfs101x;vfs101x; C:\Windows\system32\drivers\vfs101x.sys [2008-04-22 40752]
S3 a01apwvq;a01apwvq; C:\Windows\system32\drivers\a01apwvq.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BthPort;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]
S3 catchme;catchme; \??\C:\Users\Pad.dy\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Pad.dy\AppData\Local\Temp\YZL2AC0.tmp []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-06-19 25280]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 rak;rak; \??\C:\Windows\system32\rakion.sys [2010-01-09 60928]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTCore32;RTCore32; \??\D:\RMClock\RTCore32.sys [2005-05-25 4608]
S3 SUSCOM;Susteen Serial port driver; C:\Windows\system32\DRIVERS\SUSCOM.SYS [2002-10-22 40448]
S3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-04 196784]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 whmice2k;Advanced Wheel Mouse Upper Filter Driver; C:\Windows\system32\DRIVERS\whmice2k.sys [2004-04-26 6885]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-06-28 218376]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-04 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-10-03 358936]
R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2009-05-30 3474432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-12-11 122984]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-03-26 75064]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-04-22 599344]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-30 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#2 Příspěvek od **riffman** » 16 črc 2010 15:36

zdravim

C:\ComboFix.txt - jeho obsah sem jeste zkopirujte

pad.dy · #3 Příspěvek od **pad.dy** » 16 črc 2010 15:58

Vy jste me teda prokouk

Tady to je:

ComboFix 10-07-15.01 - Pad.dy 15.07.2010 20:39:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3069.1996 [GMT 2:00]
Spuštěný z: c:\users\Pad.dy\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\users\Pad.dy\AppData\Roaming\.#
c:\users\Pad.dy\AppData\Roaming\.#\MBX@1370@252990.###
c:\users\Pad.dy\AppData\Roaming\.#\MBX@1370@2529C0.###
c:\users\Pad.dy\AppData\Roaming\.#\MBX@1370@2529F0.###
c:\users\Pad.dy\AppData\Roaming\inst.exe
c:\windows\system32\game.dll
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-15 do 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-13 21:56 . 2010-07-13 21:56 -------- d-----w- c:\programdata\Firefly Studios
2010-07-13 17:47 . 2010-07-13 17:47 -------- d-----w- c:\users\Pad.dy\AppData\Roaming\LolClient
2010-07-13 15:50 . 2010-07-15 09:38 -------- d-----w- c:\program files\League of Legends
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-06 18:58 . 2010-07-06 23:35 -------- d-----w- c:\users\Pad.dy\AppData\Roaming\Mount&Blade
2010-07-06 18:57 . 2010-07-06 18:59 -------- d-----w- c:\program files\Mount&Blade
2010-07-06 18:01 . 2010-07-06 18:03 -------- d-----w- c:\program files\Knights and Merchants TPR
2010-07-06 16:39 . 1998-02-06 19:37 299520 ----a-w- c:\windows\uninst.exe
2010-07-04 10:22 . 2010-07-04 10:22 -------- d-----w- c:\users\Pad.dy\AppData\Roaming\GameRanger
2010-07-01 20:26 . 2010-07-13 21:06 -------- d-----w- c:\program files\Firefly Studios
2010-06-26 17:41 . 2010-07-13 16:32 -------- d-----w- c:\program files\Valve
2010-06-25 19:58 . 2006-02-04 01:50 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-06-25 19:47 . 2010-07-11 19:38 -------- d-----w- c:\program files\Lineage II
2010-06-25 10:19 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 10:19 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 10:19 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 10:19 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 10:19 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 10:23 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-24 10:23 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 18:58 . 2009-05-30 14:57 72567072 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-07-15 18:55 . 2010-02-22 14:14 69078 ----a-w- c:\programdata\nvModes.dat
2010-07-15 18:54 . 2009-05-30 14:57 978032 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-07-15 18:53 . 2009-06-21 08:01 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-15 18:42 . 2008-01-21 06:46 610780 ----a-w- c:\windows\system32\perfh005.dat
2010-07-15 18:42 . 2008-01-21 06:46 121134 ----a-w- c:\windows\system32\perfc005.dat
2010-07-15 18:11 . 2009-05-30 14:57 -------- d-----w- c:\programdata\Kaspersky Lab
2010-07-15 12:57 . 2009-11-16 16:48 -------- d-----w- c:\users\Pad.dy\AppData\Roaming\Xfire
2010-07-15 12:32 . 2010-02-21 11:25 138968 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-15 12:32 . 2010-02-21 11:25 214592 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-15 06:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-15 06:02 . 2008-04-25 05:49 -------- d-----w- c:\programdata\Microsoft Help
2010-07-14 10:48 . 2009-05-30 19:51 -------- d-----w- c:\program files\Warcraft III
2010-07-14 06:12 . 2009-11-16 16:48 -------- d-----w- c:\programdata\Xfire
2010-07-13 21:45 . 2009-11-16 16:48 -------- d-----w- c:\program files\Xfire
2010-07-13 21:06 . 2008-04-25 05:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-13 20:16 . 2010-04-26 16:21 -------- d-----w- c:\program files\EA Sports
2010-07-13 14:09 . 2010-03-07 13:53 -------- d-----w- c:\programdata\PMB Files
2010-07-10 15:36 . 2010-07-13 06:23 6747768 ----a-w- c:\programdata\Xfire\127a.exe
2010-06-29 22:45 . 2010-06-29 22:45 1240800 ----a-w- c:\users\Pad.dy\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
2010-06-29 22:43 . 2010-06-29 22:43 159456 ----a-w- c:\users\Pad.dy\AppData\Roaming\GameRanger\GameRanger\Data\GameRanger.dll
2010-06-26 14:34 . 2009-06-03 16:23 -------- d-----w- c:\users\Pad.dy\AppData\Roaming\Hamachi
2010-06-25 20:45 . 2008-04-25 05:18 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-06-25 20:17 . 2009-05-30 12:35 103160 ----a-w- c:\users\Pad.dy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-23 20:43 . 2010-03-16 21:38 -------- d-----w- c:\users\Pad.dy\AppData\Roaming\Skype
2010-06-23 15:21 . 2010-03-16 21:39 -------- d-----w- c:\users\Pad.dy\AppData\Roaming\skypePM
2010-06-13 06:47 . 2010-06-13 06:47 -------- d-----w- c:\programdata\NtiDvdCopy
2010-06-11 20:19 . 2010-05-31 11:08 680 ----a-w- c:\users\Pad.dy\AppData\Local\d3d9caps.dat
2010-06-11 19:54 . 2010-06-11 19:47 315392 ----a-w- c:\windows\HideWin.exe
2010-06-03 19:04 . 2010-06-03 19:04 -------- d-----w- c:\program files\Microsoft Chart Controls
2010-06-03 15:53 . 2010-06-03 15:43 -------- d--h--w- c:\program files\Temp
2010-06-03 15:50 . 2010-06-03 15:50 -------- d-----w- c:\program files\Realtek
2010-05-29 09:02 . 2009-06-01 18:06 139152 ----a-w- c:\users\Pad.dy\AppData\Roaming\PnkBstrK.sys
2010-05-29 09:02 . 2009-06-01 18:06 139152 ----a-w- c:\users\Pad.dy\AppData\Roaming\PnkBstrK.sys
2010-05-29 09:01 . 2009-06-01 18:06 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-26 17:06 . 2010-06-09 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 14:13 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 12:52 . 2010-05-02 10:44 -------- d-----w- c:\program files\Common Files\BioWare
2010-05-22 12:43 . 2010-05-22 12:34 -------- d-----w- c:\program files\Mass Effect 2
2010-05-21 12:14 . 2009-10-03 05:50 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 17:42 . 2010-05-20 17:42 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2010-05-19 11:37 . 2009-05-30 12:44 -------- d-----w- c:\program files\Launch Manager
2010-05-16 12:13 . 2009-05-30 14:57 63897376 ----a-w- c:\windows\system32\drivers\fidbox(28).dat
2010-05-09 08:25 . 2010-05-09 08:25 75 ----a-w- c:\users\Pad.dy\jagex_runescape_preferences2.dat
2010-05-09 08:25 . 2010-05-09 08:25 41 ----a-w- c:\users\Pad.dy\jagex__preferences3.dat
2010-05-09 08:25 . 2010-05-09 08:24 41 ----a-w- c:\users\Pad.dy\jagex_runescape_preferences.dat
2010-05-05 12:03 . 2009-05-30 14:57 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-05 12:03 . 2009-05-30 14:57 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-04 05:59 . 2010-06-09 14:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 14:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-09 14:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-09 14:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-09 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 09:47 . 2010-05-01 09:47 94 ----a-w- c:\users\Pad.dy\AppData\Local\fusioncache.dat
2010-04-25 14:02 . 2009-10-23 14:31 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-04-23 14:13 . 2010-05-26 13:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-17 17:10 . 2009-05-30 14:57 20731680 --sha-w- c:\windows\System32\drivers\fidbox(31).dat
2009-12-23 17:53 . 2006-11-02 06:25 10 --sha-r- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\config.sys
2009-12-23 17:53 . 2006-11-02 06:25 10 --sha-r- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\config.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-07 2937528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-05-30 3659264]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-28 809480]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-03-05 147456]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-03-04 167936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-18 173352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-26 149280]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 218376]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-5-30 1216512]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-05-30 12:40 3024896 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):b2,fe,98,d1,9d,49,ca,01

R3 GarenaPEngine;GarenaPEngine;c:\users\Pad.dy\AppData\Local\Temp\YZL2AC0.tmp [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 rak;rak;c:\windows\system32\rakion.sys [2010-01-09 60928]
R3 RTCore32;RTCore32;d:\rmclock\RTCore32.sys [2005-05-25 4608]
R3 SUSCOM;Susteen Serial port driver;c:\windows\system32\DRIVERS\SUSCOM.SYS [2002-10-22 40448]
R3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;c:\windows\system32\DRIVERS\whmice2k.sys [2004-04-26 6885]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-01 691696]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2009-05-30 43184]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-03-05 41456]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2009-05-30 3474432]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-22 599344]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-22 40752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'

2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{A682138B-1122-418E-A83D-16215CC132CD}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://cs.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: &Stáhnout FlashGetem - c:\progra~1\FlashGet\jc_link.htm
IE: &Stáhnout všechny FlashGetem - c:\progra~1\FlashGet\jc_all.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
TCP: {A4D9C8BF-D5AB-4EAE-B273-69898E5228AE} = 89.203.192.1,89.203.192.2
FF - ProfilePath - c:\users\Pad.dy\AppData\Roaming\Mozilla\Firefox\Profiles\asvx3wb8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - component: c:\users\Pad.dy\AppData\Roaming\Mozilla\Firefox\Profiles\asvx3wb8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\Pad.dy\AppData\Roaming\Mozilla\Firefox\Profiles\asvx3wb8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\Pad.dy\AppData\Roaming\Mozilla\Firefox\Profiles\asvx3wb8.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\users\Pad.dy\AppData\Roaming\Mozilla\Firefox\Profiles\asvx3wb8.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Pad.dy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-15 20:56
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Pad.dy\AppData\Local\Temp\YZL2AC0.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-871351969-2093288780-586093260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4FF25C5B-5240-E7AB-3284-3A13BC8FA084}*]
"mafgghademgcbhicoceilhmadp"=hex:6b,61,6c,6c,6e,62,63,6b,63,64,63,66,6f,6f,6e,
68,66,6b,6b,6a,6d,6d,00,00
"napgahgbcjmhdempaofldhnbfikk"=hex:6b,61,69,6c,6b,63,70,62,6f,70,6d,6a,63,70,
61,6d,6e,64,6d,68,65,68,00,68
"ablfaiddhbnhhimfijdffhplanhkdbcddl"=hex:67,61,6c,69,69,64,63,6c,70,67,62,6c,
64,65,00,96
"makfhiglcoofockjkbjloibhbb"=hex:6f,61,64,69,65,6d,62,6a,6d,63,64,66,6b,61,62,
70,63,6e,61,6d,62,63,65,63,63,61,68,63,64,65,00,00

[HKEY_USERS\S-1-5-21-871351969-2093288780-586093260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7a,97,df,89,2f,21,2b,73,18,13,2c,b5,39,b2,e3,7c,00,1c,c0,3e,ce,76,07,
ef,e3,4c,b4,9e,b9,c8,75,1c,ac,7a,30,82,48,8c,37,81,da,61,a3,01,41,a4,95,9b,\
"??"=hex:8e,30,b9,c4,e0,41,ab,b7,e7,d0,5d,cf,5b,7e,74,66

[HKEY_USERS\S-1-5-21-871351969-2093288780-586093260-1000\Software\SecuROM\License information*]
"datasecu"=hex:8a,99,a6,69,61,a4,dd,7a,2d,6c,57,bd,fc,c4,5f,84,b8,23,d6,37,bd,
d2,e5,30,bf,b2,ee,24,f6,3c,fb,6f,9c,63,9f,dc,8d,17,18,d1,79,cf,76,69,a1,a0,\
"rkeysecu"=hex:5e,50,59,ce,32,6e,73,6b,db,31,2c,77,4f,49,c7,3b

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4020)
c:\program files\Xfire\xfire_toucan_43094.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\conime.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\RtHDVCpl.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\Xfire\Xfire.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-07-15 21:06:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-15 19:06

Před spuštěním: Volných bajtů: 26 795 708 416
Po spuštění: Volných bajtů: 26 050 088 960

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,31
- - End Of File - - 132593EBE11EFECF3BDC7A510B51E589

#4 Příspěvek od **riffman** » 16 črc 2010 17:19

stahnete GMER , rozbalte a spustte

v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

probehne sken, po jehoz ukonceni na vas bafnou vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem

pad.dy · #5 Příspěvek od **pad.dy** » 16 črc 2010 18:28

Ehm, nejak se to sem nevejde takze sem hodim 1. log a 2. log upnu na leteckou postu protoze mi nesla pripojit priloha a klasicky se mi sem nevesel...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-16 18:33:10
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Pad.dy\AppData\Local\Temp\fwrcapob.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 899261F8

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Threads - GMER 1.0.15 ----

Thread System [4:488] 9581A100
Thread System [4:496] 9581A100
Thread System [4:500] 95852640
Thread System [4:504] 95852640
Thread System [4:512] 95854630
Thread System [4:516] 95854630
Thread System [4:520] 95854630
Thread System [4:528] 95852640
Thread System [4:4836] 894C2360
Thread System [4:4924] 8942F890
Thread System [4:4928] 8942F890

---- EOF - GMER 1.0.15 ----

http://leteckaposta.cz/671130539

#6 Příspěvek od **riffman** » 16 črc 2010 19:12

http://www.esagelab.com/files/bootkit_remover.rar

stahnout, rozbalit na plochu, spustit

po spusteni klik pravym mysidlem do okna, zvolit moznost Vybrat vse, CTRL+C a sem do odpovedi CTRL+V (tim mi sem plesknete log)

pad.dy · #7 Příspěvek od **pad.dy** » 16 črc 2010 19:24

Mam pocit ze jsem udelal asi neco spatne podle toho textu...

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 01d49f97fbbd6be24690f16caeaf20b8
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Press any key to quit...

#8 Příspěvek od **riffman** » 16 črc 2010 19:47

prave ze jste to udelal dobre

zeptam se - GRUB nebo nejaky jiny boot loader pouzivate?

pad.dy · #9 Příspěvek od **pad.dy** » 16 črc 2010 20:03

Ja nemam ani tuseni co je to boot loader...

#10 Příspěvek od **riffman** » 16 črc 2010 20:15

boot loader je takovej kram, co vam dava pri startu vyber z nekolika operacnich systemu

pad.dy · #11 Příspěvek od **pad.dy** » 16 črc 2010 20:18

Ach tak, ne ne, nic takovyho nepouzivam

#12 Příspěvek od **riffman** » 16 črc 2010 20:21

Start/Spustit a do chlivku zkopirujte nasledujici text:

"c:\documents and settings\jmeno_uzivatele - doplnte dle jmena uzivatele, pod kterym jste prave prihlasen\Plocha\remover.exe" fix \\.\PhysicalDrive0

potvrdit, restart a novy sken jako v predchozim pripade bootkit removerem, log sem

pad.dy · #13 Příspěvek od **pad.dy** » 16 črc 2010 21:01

Nejde, hlasi to: System Windows nemuze najit polozku c:/documents

#14 Příspěvek od **riffman** » 16 črc 2010 21:06

vzdyt jsem blbej jak kilo tvarohu, vy mate Visty, tam je to jinak

ten prikaz zni

"C:\Users\Pad.dy\Desktop\remover.exe" fix \\.\PhysicalDrive0

pad.dy · #15 Příspěvek od **pad.dy** » 16 črc 2010 21:11

Ano, jeste nez jste to napsal tak se mi podarilo ten prikaz spustit ale hodilo mi to error, screen je nize:

http://leteckaposta.cz/943496627

VIRY.CZ

Prosim o kontrolu, zpomaleny NB

Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB

Re: Prosim o kontrolu, zpomaleny NB