Re: Kontrola logu
Napsal: 18 dub 2010 22:06
Co jste instaloval těsně před tím, než se problém objevil?
Stránka 2 z 2
Re: Kontrola logu
Napsal: 20 dub 2010 17:27
nic :/
Re: Kontrola logu
Napsal: 20 dub 2010 18:13
Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .
Re: Kontrola logu
Napsal: 08 kvě 2010 08:43
Nic nenalezeno. Aktuální zatížení explorer.exe - 48 procent.
Re: Kontrola logu
Napsal: 08 kvě 2010 18:12
Ještě zkusíme ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Re: Kontrola logu
Napsal: 08 kvě 2010 20:32
Ok, díky, zítra provedu scan.
Re: Kontrola logu
Napsal: 08 kvě 2010 22:07
ComboFix 10-05-07.07 - Petr Potůček 08.05.2010 22:48:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3069.2019 [GMT 2:00]
Spuštěný z: c:\users\Petr Potůček\Desktop\ComboFix.exe
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-08 do 2010-05-08 )))))))))))))))))))))))))))))))
.
2010-05-08 20:57 . 2010-05-08 20:57 -------- d-----w- c:\users\Host\AppData\Local\temp
2010-05-08 20:57 . 2010-05-08 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-08 08:36 . 2010-05-08 08:36 -------- d-----w- c:\program files\Algodoo Phun Edition
2010-05-07 20:03 . 2010-05-08 07:45 -------- d-----w- c:\programdata\Kaspersky Lab
2010-05-07 20:01 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\53929232.sys
2010-05-07 20:01 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\5392923.sys
2010-05-07 20:01 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\53929231.sys
2010-05-05 18:59 . 2010-05-05 18:59 -------- d-----w- c:\users\Host\AppData\Roaming\skypePM
2010-05-05 18:57 . 2010-05-05 20:35 -------- d-----w- c:\users\Host\AppData\Roaming\Skype
2010-05-04 12:48 . 2010-05-04 12:48 -------- d-----w- c:\users\Host\AppData\Roaming\Creative
2010-04-20 21:04 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-16 16:36 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 16:36 . 2010-04-16 16:36 -------- d-----w- c:\programdata\Malwarebytes
2010-04-16 16:36 . 2010-04-16 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-16 16:36 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-16 16:21 . 2010-04-16 16:22 -------- d-----w- c:\program files\Unlocker
2010-04-16 12:07 . 2010-04-16 12:10 -------- d-----w- C:\rsit
2010-04-15 13:12 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 13:12 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 13:11 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 13:11 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 13:11 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 12:34 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 12:34 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 12:34 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 12:34 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 13:37 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 13:37 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-09 17:49 . 2010-04-09 17:56 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-04-09 17:49 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-04-09 17:49 . 2010-04-09 17:49 -------- d-----w- c:\program files\Samsung
2010-04-09 17:01 . 2010-04-09 17:01 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 20:49 . 2008-01-21 06:46 639248 ----a-w- c:\windows\system32\perfh005.dat
2010-05-08 20:49 . 2008-01-21 06:46 135978 ----a-w- c:\windows\system32\perfc005.dat
2010-05-08 20:28 . 2009-02-11 10:25 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-08 16:40 . 2009-04-18 11:57 -------- d-----w- c:\programdata\Google Updater
2010-05-08 06:43 . 2009-02-26 20:33 -------- d-----w- c:\program files\Google
2010-05-07 23:05 . 2010-01-28 18:29 -------- d-----w- c:\program files\Steam
2010-05-01 08:22 . 2009-05-01 16:42 -------- d-----w- c:\program files\Common Files\Steam
2010-04-16 01:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 01:07 . 2008-04-22 01:34 -------- d-----w- c:\programdata\Microsoft Help
2010-04-09 17:49 . 2008-04-22 00:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 17:07 . 2009-04-18 15:21 -------- d-----w- c:\program files\Safari
2010-04-09 13:45 . 2009-04-16 17:19 -------- d-----w- c:\program files\Opera
2010-04-09 13:39 . 2009-02-13 21:53 -------- d-----w- c:\program files\CCleaner
2010-04-09 13:29 . 2010-01-19 13:18 -------- d-----w- c:\program files\ICQ7.0
2010-03-27 11:32 . 2009-07-10 11:35 1356 ----a-w- c:\users\Host\AppData\Local\d3d9caps.dat
2010-03-21 22:12 . 2010-03-21 22:12 -------- d-----w- c:\program files\Ghostgum
2010-03-21 20:53 . 2010-03-21 20:53 286720 ----a-w- c:\windows\system32\swb_uninst.exe
2010-03-21 20:53 . 2010-03-21 20:53 -------- d-----w- c:\program files\AVKanalyzer
2010-03-02 12:53 . 2010-03-02 12:09 796672 ----a-w- c:\windows\GPInstall.exe
2010-02-24 08:16 . 2010-03-01 20:44 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 07:56 . 2009-03-29 15:04 107304 ----a-w- c:\users\Host\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 12:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 12:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 12:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 12:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 23:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 23:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 23:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\steam\steam.exe" [2010-04-27 1238352]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-03-02 349568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"PLFSet"="c:\windows\PLFSet.dll" [2007-12-14 45056]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-12-09 58112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
c:\users\Host\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
c:\users\Petr Pot…źek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
G-Recorder.lnk - c:\program files\G-Recorder\G-Recorder.exe [2009-12-17 2183168]
setup_9.0.0.722_07.05.2010_21-25.lnk - c:\users\Petr Pot…źek\Desktop\Virus Removal Tool\setup_9.0.0.722_07.05.2010_21-25\startup.exe [2010-5-7 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-2-11 1216512]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-22 535336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Petr Potůček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Typle.lnk]
path=c:\users\Petr Potůček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Typle.lnk
backup=c:\windows\pss\Typle.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Petr Potůček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Petr Potůček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectTray]
2006-09-20 15:44 126976 ----a-w- c:\program files\Genius\TVGo DVB-T02Q MCE\DetectTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-17 12:54 133104 ----atw- c:\users\Petr Potůček\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-03-28 12:39 133368 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
2006-03-02 09:54 290816 ----a-w- c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
2007-12-25 13:53 548864 ----a-r- c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
2007-06-26 18:26 2058752 ----a-w- d:\zábava\Programy\yodm3D\Yodm3D.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):9c,f4,ac,cb,c8,fc,c9,01
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R2 gupdate1c9c01d987a940;Služba Google Update (gupdate1c9c01d987a940);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R3 btnetBUs;IVT Bluetooth Bus Service for BtNic;c:\windows\system32\Drivers\btnetBus.sys [2008-10-22 29832]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-04-17 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-04-17 79360]
R3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [2009-04-17 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-04-17 79360]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\zábava\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 EC168BDA;TVGo DVB-T02Q MCE;c:\windows\system32\DRIVERS\EC168BDA.sys [2006-09-25 38400]
R3 GarenaPEngine;GarenaPEngine;c:\users\PETRPO~1\AppData\Local\Temp\CTCA751.tmp [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-04-10 20480]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-18 721904]
S0 53929232;53929232 Boot Guard Driver;c:\windows\system32\DRIVERS\53929232.sys [2009-10-22 37392]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S1 53929231;53929231;c:\windows\system32\DRIVERS\53929231.sys [2009-09-25 128016]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S1 setup_9.0.0.722_07.05.2010_21-25drv;setup_9.0.0.722_07.05.2010_21-25drv;c:\windows\system32\DRIVERS\5392923.sys [2009-10-09 311312]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-03 1029456]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-05-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:00]
2010-05-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 11:57]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 11:58]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 11:58]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1860964676-2034717189-1328423215-1003Core.job
- c:\users\Host\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 18:59]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1860964676-2034717189-1328423215-1003UA.job
- c:\users\Host\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 18:59]
2010-05-08 c:\windows\Tasks\User_Feed_Synchronization-{F16BC65A-19BE-4A32-B7F4-AD087B0EEFBC}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\Flash Saver\save.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Přizpůsobit Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout Star Downloaderem - c:\program files\Star Downloader\sdie.htm
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Zobrazit originál
Trusted Zone: im-history.com
FF - ProfilePath - c:\users\Petr Potůček\AppData\Roaming\Mozilla\Firefox\Profiles\6k0lzcqg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npstar.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-360desktop - (no file)
HKCU-Run-Driver Updater - (no file)
HKCU-Run-fsm - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-BrainWave Generator - c:\program files\BrainWave Generator\Uninst.isu
AddRemove-HijackThis - c:\users\Petr Potůček\Desktop\HijackThis.exe
AddRemove-Steam App 30 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 40 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 60 - c:\program files\Valve\Steam\steam.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 22:58
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8631B870]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8b7c7d24
\Driver\ACPI -> acpi.sys @ 0x8b09ad68
\Driver\atapi -> 0x862f5500
\Driver\iaStor -> 0x8631b870
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\PETRPO~1\AppData\Local\Temp\CTCA751.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1860964676-2034717189-1328423215-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cd,05,1a,52,81,27,07,9e,b4,e4,f8,d4,3a,5f,75,b8,cb,4a,9e,1b,fa,ec,f3,
77,74,9b,ee,ef,a5,52,d9,d1,62,e9,6c,76,86,de,e1,48,0b,9a,b5,74,74,96,79,b7,\
"??"=hex:ce,4a,71,db,ea,06,4e,4f,aa,b0,c9,b0,56,87,f8,4a
[HKEY_USERS\S-1-5-21-1860964676-2034717189-1328423215-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,30,6e,66,e1,99,7b,a4,d4,c5,b7,c6,ec,be,d5,35,31,b7,a1,51,ea,
52,f7,6b,5d,bf,08,6c,ae,ed,d7,ed,fd,99,60,c2,18,d7,0a,7b,6e,34,a3,67,54,40,\
"rkeysecu"=hex:d3,f5,ee,d6,db,01,99,a2,47,8d,cb,ce,c0,68,a5,42
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Celkový čas: 2010-05-08 23:02:55
ComboFix-quarantined-files.txt 2010-05-08 21:02
Před spuštěním: Volných bajtů: 26 832 900 096
Po spuštění: Volných bajtů: 27 223 654 400
- - End Of File - - CB10B77B526EB28340F1C0809E03B4D8
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3069.2019 [GMT 2:00]
Spuštěný z: c:\users\Petr Potůček\Desktop\ComboFix.exe
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-08 do 2010-05-08 )))))))))))))))))))))))))))))))
.
2010-05-08 20:57 . 2010-05-08 20:57 -------- d-----w- c:\users\Host\AppData\Local\temp
2010-05-08 20:57 . 2010-05-08 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-08 08:36 . 2010-05-08 08:36 -------- d-----w- c:\program files\Algodoo Phun Edition
2010-05-07 20:03 . 2010-05-08 07:45 -------- d-----w- c:\programdata\Kaspersky Lab
2010-05-07 20:01 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\53929232.sys
2010-05-07 20:01 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\5392923.sys
2010-05-07 20:01 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\53929231.sys
2010-05-05 18:59 . 2010-05-05 18:59 -------- d-----w- c:\users\Host\AppData\Roaming\skypePM
2010-05-05 18:57 . 2010-05-05 20:35 -------- d-----w- c:\users\Host\AppData\Roaming\Skype
2010-05-04 12:48 . 2010-05-04 12:48 -------- d-----w- c:\users\Host\AppData\Roaming\Creative
2010-04-20 21:04 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-16 16:36 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 16:36 . 2010-04-16 16:36 -------- d-----w- c:\programdata\Malwarebytes
2010-04-16 16:36 . 2010-04-16 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-16 16:36 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-16 16:21 . 2010-04-16 16:22 -------- d-----w- c:\program files\Unlocker
2010-04-16 12:07 . 2010-04-16 12:10 -------- d-----w- C:\rsit
2010-04-15 13:12 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 13:12 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 13:11 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 13:11 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 13:11 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 12:34 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 12:34 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 12:34 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 12:34 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 13:37 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 13:37 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-09 17:49 . 2010-04-09 17:56 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-04-09 17:49 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-04-09 17:49 . 2010-04-09 17:49 -------- d-----w- c:\program files\Samsung
2010-04-09 17:01 . 2010-04-09 17:01 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 20:49 . 2008-01-21 06:46 639248 ----a-w- c:\windows\system32\perfh005.dat
2010-05-08 20:49 . 2008-01-21 06:46 135978 ----a-w- c:\windows\system32\perfc005.dat
2010-05-08 20:28 . 2009-02-11 10:25 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-08 16:40 . 2009-04-18 11:57 -------- d-----w- c:\programdata\Google Updater
2010-05-08 06:43 . 2009-02-26 20:33 -------- d-----w- c:\program files\Google
2010-05-07 23:05 . 2010-01-28 18:29 -------- d-----w- c:\program files\Steam
2010-05-01 08:22 . 2009-05-01 16:42 -------- d-----w- c:\program files\Common Files\Steam
2010-04-16 01:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 01:07 . 2008-04-22 01:34 -------- d-----w- c:\programdata\Microsoft Help
2010-04-09 17:49 . 2008-04-22 00:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 17:07 . 2009-04-18 15:21 -------- d-----w- c:\program files\Safari
2010-04-09 13:45 . 2009-04-16 17:19 -------- d-----w- c:\program files\Opera
2010-04-09 13:39 . 2009-02-13 21:53 -------- d-----w- c:\program files\CCleaner
2010-04-09 13:29 . 2010-01-19 13:18 -------- d-----w- c:\program files\ICQ7.0
2010-03-27 11:32 . 2009-07-10 11:35 1356 ----a-w- c:\users\Host\AppData\Local\d3d9caps.dat
2010-03-21 22:12 . 2010-03-21 22:12 -------- d-----w- c:\program files\Ghostgum
2010-03-21 20:53 . 2010-03-21 20:53 286720 ----a-w- c:\windows\system32\swb_uninst.exe
2010-03-21 20:53 . 2010-03-21 20:53 -------- d-----w- c:\program files\AVKanalyzer
2010-03-02 12:53 . 2010-03-02 12:09 796672 ----a-w- c:\windows\GPInstall.exe
2010-02-24 08:16 . 2010-03-01 20:44 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 07:56 . 2009-03-29 15:04 107304 ----a-w- c:\users\Host\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 12:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 12:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 12:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 12:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 23:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 23:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 23:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\steam\steam.exe" [2010-04-27 1238352]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-03-02 349568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"PLFSet"="c:\windows\PLFSet.dll" [2007-12-14 45056]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-12-09 58112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
c:\users\Host\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
c:\users\Petr Pot…źek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
G-Recorder.lnk - c:\program files\G-Recorder\G-Recorder.exe [2009-12-17 2183168]
setup_9.0.0.722_07.05.2010_21-25.lnk - c:\users\Petr Pot…źek\Desktop\Virus Removal Tool\setup_9.0.0.722_07.05.2010_21-25\startup.exe [2010-5-7 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-2-11 1216512]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-22 535336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Petr Potůček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Typle.lnk]
path=c:\users\Petr Potůček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Typle.lnk
backup=c:\windows\pss\Typle.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Petr Potůček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Petr Potůček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectTray]
2006-09-20 15:44 126976 ----a-w- c:\program files\Genius\TVGo DVB-T02Q MCE\DetectTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-17 12:54 133104 ----atw- c:\users\Petr Potůček\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-03-28 12:39 133368 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
2006-03-02 09:54 290816 ----a-w- c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
2007-12-25 13:53 548864 ----a-r- c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
2007-06-26 18:26 2058752 ----a-w- d:\zábava\Programy\yodm3D\Yodm3D.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):9c,f4,ac,cb,c8,fc,c9,01
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R2 gupdate1c9c01d987a940;Služba Google Update (gupdate1c9c01d987a940);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R3 btnetBUs;IVT Bluetooth Bus Service for BtNic;c:\windows\system32\Drivers\btnetBus.sys [2008-10-22 29832]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-04-17 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-04-17 79360]
R3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [2009-04-17 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-04-17 79360]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\zábava\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 EC168BDA;TVGo DVB-T02Q MCE;c:\windows\system32\DRIVERS\EC168BDA.sys [2006-09-25 38400]
R3 GarenaPEngine;GarenaPEngine;c:\users\PETRPO~1\AppData\Local\Temp\CTCA751.tmp [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-04-10 20480]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-18 721904]
S0 53929232;53929232 Boot Guard Driver;c:\windows\system32\DRIVERS\53929232.sys [2009-10-22 37392]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S1 53929231;53929231;c:\windows\system32\DRIVERS\53929231.sys [2009-09-25 128016]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S1 setup_9.0.0.722_07.05.2010_21-25drv;setup_9.0.0.722_07.05.2010_21-25drv;c:\windows\system32\DRIVERS\5392923.sys [2009-10-09 311312]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-03 1029456]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-05-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:00]
2010-05-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 11:57]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 11:58]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 11:58]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1860964676-2034717189-1328423215-1003Core.job
- c:\users\Host\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 18:59]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1860964676-2034717189-1328423215-1003UA.job
- c:\users\Host\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 18:59]
2010-05-08 c:\windows\Tasks\User_Feed_Synchronization-{F16BC65A-19BE-4A32-B7F4-AD087B0EEFBC}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\Flash Saver\save.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Přizpůsobit Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout Star Downloaderem - c:\program files\Star Downloader\sdie.htm
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Zobrazit originál
Trusted Zone: im-history.com
FF - ProfilePath - c:\users\Petr Potůček\AppData\Roaming\Mozilla\Firefox\Profiles\6k0lzcqg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npstar.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-360desktop - (no file)
HKCU-Run-Driver Updater - (no file)
HKCU-Run-fsm - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-BrainWave Generator - c:\program files\BrainWave Generator\Uninst.isu
AddRemove-HijackThis - c:\users\Petr Potůček\Desktop\HijackThis.exe
AddRemove-Steam App 30 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 40 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 60 - c:\program files\Valve\Steam\steam.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 22:58
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8631B870]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8b7c7d24
\Driver\ACPI -> acpi.sys @ 0x8b09ad68
\Driver\atapi -> 0x862f5500
\Driver\iaStor -> 0x8631b870
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\PETRPO~1\AppData\Local\Temp\CTCA751.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1860964676-2034717189-1328423215-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cd,05,1a,52,81,27,07,9e,b4,e4,f8,d4,3a,5f,75,b8,cb,4a,9e,1b,fa,ec,f3,
77,74,9b,ee,ef,a5,52,d9,d1,62,e9,6c,76,86,de,e1,48,0b,9a,b5,74,74,96,79,b7,\
"??"=hex:ce,4a,71,db,ea,06,4e,4f,aa,b0,c9,b0,56,87,f8,4a
[HKEY_USERS\S-1-5-21-1860964676-2034717189-1328423215-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,30,6e,66,e1,99,7b,a4,d4,c5,b7,c6,ec,be,d5,35,31,b7,a1,51,ea,
52,f7,6b,5d,bf,08,6c,ae,ed,d7,ed,fd,99,60,c2,18,d7,0a,7b,6e,34,a3,67,54,40,\
"rkeysecu"=hex:d3,f5,ee,d6,db,01,99,a2,47,8d,cb,ce,c0,68,a5,42
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Celkový čas: 2010-05-08 23:02:55
ComboFix-quarantined-files.txt 2010-05-08 21:02
Před spuštěním: Volných bajtů: 26 832 900 096
Po spuštění: Volných bajtů: 27 223 654 400
- - End Of File - - CB10B77B526EB28340F1C0809E03B4D8
Re: Kontrola logu
Napsal: 09 kvě 2010 11:59
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\drivers\53929232.sys
c:\windows\system32\drivers\5392923.sys
c:\windows\system32\drivers\53929231.sys
c:\users\PETRPO~1\AppData\Local\Temp\CTCA751.tmp
Folder::
c:\program files\garena
Driver::
GarenaPEngine
53929232
53929231
5392923
Re: Kontrola logu
Napsal: 09 kvě 2010 20:28
ComboFix 10-05-07.07 - Petr Potůček 09.05.2010 19:41:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3069.2119 [GMT 2:00]
Spuštěný z: c:\users\Petr Potůček\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr Potůček\Desktop\CFScript.txt
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
file zipped: c:\windows\system32\drivers\5392923.sys
file zipped: c:\windows\system32\drivers\53929231.sys
file zipped: c:\windows\system32\drivers\53929232.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\garena
c:\program files\garena\AESocket.dll
c:\program files\garena\atl71.dll
c:\program files\garena\Avatar\boy.swf
c:\program files\garena\Avatar\boy_s.swf
c:\program files\garena\Avatar\girl.swf
c:\program files\garena\Avatar\girl_s.swf
c:\program files\garena\Avatar\unknown.swf
c:\program files\garena\Avatar\unknown_s.swf
c:\program files\garena\Cache\8920535_s.swf
c:\program files\garena\clients2.dat
c:\program files\garena\CommonLib.dll
c:\program files\garena\config\bs.br.xml
c:\program files\garena\config\bs.cn.xml
c:\program files\garena\config\bs.en.xml
c:\program files\garena\config\bs.id.xml
c:\program files\garena\config\bs.pp.xml
c:\program files\garena\config\bs.ru.xml
c:\program files\garena\config\bs.sd.xml
c:\program files\garena\config\bs.sp.xml
c:\program files\garena\config\bs.th.xml
c:\program files\garena\config\bs.tw.xml
c:\program files\garena\config\bs.vn.xml
c:\program files\garena\config\loccn.xml
c:\program files\garena\config\locen.xml
c:\program files\garena\config\lockr.xml
c:\program files\garena\config\loctw.xml
c:\program files\garena\config\locvn.xml
c:\program files\garena\CS15Hook.dll
c:\program files\garena\deps\vww.gzp
c:\program files\garena\deps\webgame.gga
c:\program files\garena\dlls\CTSys.dll
c:\program files\garena\dlls\flags.dll
c:\program files\garena\dlls\FPSHelper.dll
c:\program files\garena\dlls\GFireMan.dll
c:\program files\garena\dlls\IPvR.dll
c:\program files\garena\dlls\PEngine.dll
c:\program files\garena\dlls\PluginLanguage.dll
c:\program files\garena\dlls\Sca.dll
c:\program files\garena\dlls\WC3J.dll
c:\program files\garena\files\files.ggz
c:\program files\garena\FPSHook.dll
c:\program files\garena\Gamecn.dat
c:\program files\garena\GameConfig.xml
c:\program files\garena\Gameen.dat
c:\program files\garena\Gametw.dat
c:\program files\garena\Gamevn.dat
c:\program files\garena\Garena.exe
c:\program files\garena\GarenaSkin.dll
c:\program files\garena\GarenaSkin1.dll
c:\program files\garena\GarenaTV.xml
c:\program files\garena\GarenaTV\0.bmp
c:\program files\garena\GarenaTV\1.bmp
c:\program files\garena\GarenaTV\2.bmp
c:\program files\garena\GarenaTV\3.bmp
c:\program files\garena\GarenaTV\4.bmp
c:\program files\garena\GarenaTV\5.bmp
c:\program files\garena\GarenaTV\6.bmp
c:\program files\garena\GarenaTV\cn.ggz
c:\program files\garena\GarenaTV\cn_s.ggz
c:\program files\garena\GarenaTV\en.ggz
c:\program files\garena\GarenaTV\en_s.ggz
c:\program files\garena\GarenaTV\id_s.ggz
c:\program files\garena\GarenaTV\tw.ggz
c:\program files\garena\GarenaTV\tw_s.ggz
c:\program files\garena\GarenaTV_UI.dll
c:\program files\garena\GarenaTVHook.dll
c:\program files\garena\GGICON.ico
c:\program files\garena\Gn.ggz
c:\program files\garena\gs.dat
c:\program files\garena\hc.xml
c:\program files\garena\Inject.dll
c:\program files\garena\L4DSocket.dll
c:\program files\garena\langs.xml
c:\program files\garena\Languages\FPSGame.dll.cn
c:\program files\garena\Languages\FPSGame.dll.en
c:\program files\garena\Languages\FPSGame.dll.tw
c:\program files\garena\Languages\Garena.exe.br
c:\program files\garena\Languages\Garena.exe.cn
c:\program files\garena\Languages\Garena.exe.en
c:\program files\garena\Languages\Garena.exe.id
c:\program files\garena\Languages\Garena.exe.ru
c:\program files\garena\Languages\Garena.exe.sp
c:\program files\garena\Languages\Garena.exe.th
c:\program files\garena\Languages\Garena.exe.tw
c:\program files\garena\Languages\Garena.exe.vn
c:\program files\garena\Languages\GarenaTV_UI.dll.cn
c:\program files\garena\Languages\GarenaTV_UI.dll.en
c:\program files\garena\Languages\GarenaTV_UI.dll.id
c:\program files\garena\Languages\GarenaTV_UI.dll.tw
c:\program files\garena\Languages\languages.glf
c:\program files\garena\Languages\update.exe.cn
c:\program files\garena\Languages\update.exe.tw
c:\program files\garena\Languages\update2.exe.cn
c:\program files\garena\Languages\update2.exe.tw
c:\program files\garena\Languages\WC3Ass.dll.cn
c:\program files\garena\Languages\WC3Ass.dll.en
c:\program files\garena\Languages\WC3Ass.dll.tw
c:\program files\garena\Languages\WC3Ass.dll.vn
c:\program files\garena\Languages\WC3Ladder.dll.cn
c:\program files\garena\Languages\WC3Ladder.dll.en
c:\program files\garena\Languages\WC3Ladder.dll.tw
c:\program files\garena\layout\BlackShotView.layout
c:\program files\garena\layout\layout.ggz
c:\program files\garena\lib\BlackShot.dll
c:\program files\garena\lib\common\Language.dll
c:\program files\garena\lib\GarenaRoomSystem.dll
c:\program files\garena\lib\GarenaWebService.dll
c:\program files\garena\lib\HttpLayer.dll
c:\program files\garena\lib\Layout.dll
c:\program files\garena\lib\LibPlugin.ggz
c:\program files\garena\lib\LoadSwf.dll
c:\program files\garena\lib\MessagePumpLib.dll
c:\program files\garena\lib\NetworkLayer.dll
c:\program files\garena\lib\PKCS.dll
c:\program files\garena\lib\RSA.dll
c:\program files\garena\lib\WebCache.dll
c:\program files\garena\mdata.ggz
c:\program files\garena\PluginKernel.dll
c:\program files\garena\plugins\Game\GarenaTVRecorder.dll
c:\program files\garena\plugins\Game\WC3Ass.dll
c:\program files\garena\plugins\Game\WC3Ladder.dll
c:\program files\garena\plugins\Game\WC3VC.dll
c:\program files\garena\plugins\Plugins.ggz
c:\program files\garena\plugins\UI\AdPlugin.dll
c:\program files\garena\plugins\UI\AdPlugin\close_rollout.bmp
c:\program files\garena\plugins\UI\AdPlugin\close_rollover.bmp
c:\program files\garena\plugins\UI\AdPlugin\down_rollout.bmp
c:\program files\garena\plugins\UI\AdPlugin\down_rollover.bmp
c:\program files\garena\plugins\UI\AdPlugin\skinmsn.bmp
c:\program files\garena\plugins\UI\AdPlugin\up_rollout.bmp
c:\program files\garena\plugins\UI\AdPlugin\up_rollover.bmp
c:\program files\garena\plugins\UI\AvoidCrackPlugin.dll
c:\program files\garena\plugins\UI\BlackShotPlugin.dll
c:\program files\garena\plugins\UI\CafeLogin.dll
c:\program files\garena\plugins\UI\FavListUIPlugin.dll
c:\program files\garena\plugins\UI\FPSGame.dll
c:\program files\garena\plugins\UI\GarenaTV.dll
c:\program files\garena\plugins\UI\GarenaTVRecUI.dll
c:\program files\garena\plugins\UI\GEngine.dll
c:\program files\garena\plugins\UI\Chenyx.dll
c:\program files\garena\plugins\UI\ManagePlugin.dll
c:\program files\garena\plugins\UI\StatPlugin.dll
c:\program files\garena\plugins\UI\ViwawaPlugin.dll
c:\program files\garena\plugins\UI\WebGameUI.dll
c:\program files\garena\plugins\UI\zDep.dll
c:\program files\garena\plugins\UI\zzzPlugin.dll
c:\program files\garena\RecConfig.xml
c:\program files\garena\Roomcn.dat
c:\program files\garena\Roomen.dat
c:\program files\garena\Roomtw.dat
c:\program files\garena\server.xml
c:\program files\garena\shop\items\1.gif
c:\program files\garena\shop\items\100.gif
c:\program files\garena\shop\items\105.gif
c:\program files\garena\shop\items\150.gif
c:\program files\garena\shop\items\151.gif
c:\program files\garena\shop\items\2.gif
c:\program files\garena\shop\items\200.gif
c:\program files\garena\shop\items\201.gif
c:\program files\garena\shop\items\202.gif
c:\program files\garena\shop\items\203.gif
c:\program files\garena\shop\items\204.gif
c:\program files\garena\shop\items\205.gif
c:\program files\garena\shop\items\206.gif
c:\program files\garena\shop\items\21.gif
c:\program files\garena\shop\items\22.gif
c:\program files\garena\shop\items\23.gif
c:\program files\garena\shop\items\24.gif
c:\program files\garena\shop\items\3.gif
c:\program files\garena\shop\items\300.gif
c:\program files\garena\shop\items\301.gif
c:\program files\garena\shop\items\302.gif
c:\program files\garena\shop\items\303.gif
c:\program files\garena\shop\items\304.gif
c:\program files\garena\shop\items\305.gif
c:\program files\garena\shop\items\306.gif
c:\program files\garena\shop\items\307.gif
c:\program files\garena\shop\items\308.gif
c:\program files\garena\shop\items\309.gif
c:\program files\garena\shop\items\310.gif
c:\program files\garena\shop\items\311.gif
c:\program files\garena\shop\items\312.gif
c:\program files\garena\shop\items\313.gif
c:\program files\garena\shop\items\4.gif
c:\program files\garena\shop\items\40.gif
c:\program files\garena\shop\items\60.gif
c:\program files\garena\shop\items\61.gif
c:\program files\garena\shop\items\62.gif
c:\program files\garena\shop\items\63.gif
c:\program files\garena\shop\items\64.gif
c:\program files\garena\shop\items\65.gif
c:\program files\garena\shop\items\66.gif
c:\program files\garena\shop\items\67.gif
c:\program files\garena\shop\items\68.gif
c:\program files\garena\shop\items\69.gif
c:\program files\garena\shop\items\70.gif
c:\program files\garena\shop\items\8.gif
c:\program files\garena\Skin\Flags\-.gif
c:\program files\garena\Skin\Flags\ad.gif
c:\program files\garena\Skin\Flags\ae.gif
c:\program files\garena\Skin\Flags\af.gif
c:\program files\garena\Skin\Flags\ag.gif
c:\program files\garena\Skin\Flags\ai.gif
c:\program files\garena\Skin\Flags\al.gif
c:\program files\garena\Skin\Flags\am.gif
c:\program files\garena\Skin\Flags\an.gif
c:\program files\garena\Skin\Flags\ao.gif
c:\program files\garena\Skin\Flags\aq.gif
c:\program files\garena\Skin\Flags\ar.gif
c:\program files\garena\Skin\Flags\as.gif
c:\program files\garena\Skin\Flags\at.gif
c:\program files\garena\Skin\Flags\au.gif
c:\program files\garena\Skin\Flags\aw.gif
c:\program files\garena\Skin\Flags\az.gif
c:\program files\garena\Skin\Flags\ba.gif
c:\program files\garena\Skin\Flags\bb.gif
c:\program files\garena\Skin\Flags\bd.gif
c:\program files\garena\Skin\Flags\be.gif
c:\program files\garena\Skin\Flags\bf.gif
c:\program files\garena\Skin\Flags\bg.gif
c:\program files\garena\Skin\Flags\bh.gif
c:\program files\garena\Skin\Flags\bi.gif
c:\program files\garena\Skin\Flags\bj.gif
c:\program files\garena\Skin\Flags\bm.gif
c:\program files\garena\Skin\Flags\bn.gif
c:\program files\garena\Skin\Flags\bo.gif
c:\program files\garena\Skin\Flags\br.gif
c:\program files\garena\Skin\Flags\bs.gif
c:\program files\garena\Skin\Flags\bt.gif
c:\program files\garena\Skin\Flags\bv.gif
c:\program files\garena\Skin\Flags\bw.gif
c:\program files\garena\Skin\Flags\by.gif
c:\program files\garena\Skin\Flags\bz.gif
c:\program files\garena\Skin\Flags\ca.gif
c:\program files\garena\Skin\Flags\cd.gif
c:\program files\garena\Skin\Flags\cf.gif
c:\program files\garena\Skin\Flags\cg.gif
c:\program files\garena\Skin\Flags\ci.gif
c:\program files\garena\Skin\Flags\ck.gif
c:\program files\garena\Skin\Flags\cl.gif
c:\program files\garena\Skin\Flags\cm.gif
c:\program files\garena\Skin\Flags\cn.gif
c:\program files\garena\Skin\Flags\co.gif
c:\program files\garena\Skin\Flags\cr.gif
c:\program files\garena\Skin\Flags\cu.gif
c:\program files\garena\Skin\Flags\cv.gif
c:\program files\garena\Skin\Flags\cy.gif
c:\program files\garena\Skin\Flags\cz.gif
c:\program files\garena\Skin\Flags\de.gif
c:\program files\garena\Skin\Flags\dj.gif
c:\program files\garena\Skin\Flags\dk.gif
c:\program files\garena\Skin\Flags\dm.gif
c:\program files\garena\Skin\Flags\do.gif
c:\program files\garena\Skin\Flags\dz.gif
c:\program files\garena\Skin\Flags\ec.gif
c:\program files\garena\Skin\Flags\ee.gif
c:\program files\garena\Skin\Flags\eg.gif
c:\program files\garena\Skin\Flags\er.gif
c:\program files\garena\Skin\Flags\es.gif
c:\program files\garena\Skin\Flags\et.gif
c:\program files\garena\Skin\Flags\eu.gif
c:\program files\garena\Skin\Flags\fi.gif
c:\program files\garena\Skin\Flags\fj.gif
c:\program files\garena\Skin\Flags\fk.gif
c:\program files\garena\Skin\Flags\fm.gif
c:\program files\garena\Skin\Flags\fo.gif
c:\program files\garena\Skin\Flags\fr.gif
c:\program files\garena\Skin\Flags\fx.gif
c:\program files\garena\Skin\Flags\ga.gif
c:\program files\garena\Skin\Flags\gb.gif
c:\program files\garena\Skin\Flags\gd.gif
c:\program files\garena\Skin\Flags\ge.gif
c:\program files\garena\Skin\Flags\gh.gif
c:\program files\garena\Skin\Flags\gi.gif
c:\program files\garena\Skin\Flags\gl.gif
c:\program files\garena\Skin\Flags\gm.gif
c:\program files\garena\Skin\Flags\gn.gif
c:\program files\garena\Skin\Flags\gp.gif
c:\program files\garena\Skin\Flags\gq.gif
c:\program files\garena\Skin\Flags\gr.gif
c:\program files\garena\Skin\Flags\gt.gif
c:\program files\garena\Skin\Flags\gu.gif
c:\program files\garena\Skin\Flags\gw.gif
c:\program files\garena\Skin\Flags\gy.gif
c:\program files\garena\Skin\Flags\hk.gif
c:\program files\garena\Skin\Flags\hm.gif
c:\program files\garena\Skin\Flags\hn.gif
c:\program files\garena\Skin\Flags\hr.gif
c:\program files\garena\Skin\Flags\ht.gif
c:\program files\garena\Skin\Flags\hu.gif
c:\program files\garena\Skin\Flags\ch.gif
c:\program files\garena\Skin\Flags\id.gif
c:\program files\garena\Skin\Flags\ie.gif
c:\program files\garena\Skin\Flags\il.gif
c:\program files\garena\Skin\Flags\im.gif
c:\program files\garena\Skin\Flags\in.gif
c:\program files\garena\Skin\Flags\io.gif
c:\program files\garena\Skin\Flags\iq.gif
c:\program files\garena\Skin\Flags\ir.gif
c:\program files\garena\Skin\Flags\is.gif
c:\program files\garena\Skin\Flags\it.gif
c:\program files\garena\Skin\Flags\je.gif
c:\program files\garena\Skin\Flags\jm.gif
c:\program files\garena\Skin\Flags\jo.gif
c:\program files\garena\Skin\Flags\jp.gif
c:\program files\garena\Skin\Flags\ke.gif
c:\program files\garena\Skin\Flags\kg.gif
c:\program files\garena\Skin\Flags\kh.gif
c:\program files\garena\Skin\Flags\ki.gif
c:\program files\garena\Skin\Flags\km.gif
c:\program files\garena\Skin\Flags\kn.gif
c:\program files\garena\Skin\Flags\kp.gif
c:\program files\garena\Skin\Flags\kr.gif
c:\program files\garena\Skin\Flags\kw.gif
c:\program files\garena\Skin\Flags\ky.gif
c:\program files\garena\Skin\Flags\kz.gif
c:\program files\garena\Skin\Flags\la.gif
c:\program files\garena\Skin\Flags\lb.gif
c:\program files\garena\Skin\Flags\lc.gif
c:\program files\garena\Skin\Flags\li.gif
c:\program files\garena\Skin\Flags\lk.gif
c:\program files\garena\Skin\Flags\lr.gif
c:\program files\garena\Skin\Flags\ls.gif
c:\program files\garena\Skin\Flags\lt.gif
c:\program files\garena\Skin\Flags\lu.gif
c:\program files\garena\Skin\Flags\lv.gif
c:\program files\garena\Skin\Flags\ly.gif
c:\program files\garena\Skin\Flags\ma.gif
c:\program files\garena\Skin\Flags\mc.gif
c:\program files\garena\Skin\Flags\md.gif
c:\program files\garena\Skin\Flags\me.gif
c:\program files\garena\Skin\Flags\mg.gif
c:\program files\garena\Skin\Flags\mh.gif
c:\program files\garena\Skin\Flags\mk.gif
c:\program files\garena\Skin\Flags\ml.gif
c:\program files\garena\Skin\Flags\mm.gif
c:\program files\garena\Skin\Flags\mn.gif
c:\program files\garena\Skin\Flags\mo.gif
c:\program files\garena\Skin\Flags\mp.gif
c:\program files\garena\Skin\Flags\mq.gif
c:\program files\garena\Skin\Flags\mr.gif
c:\program files\garena\Skin\Flags\ms.gif
c:\program files\garena\Skin\Flags\mt.gif
c:\program files\garena\Skin\Flags\mu.gif
c:\program files\garena\Skin\Flags\mv.gif
c:\program files\garena\Skin\Flags\mw.gif
c:\program files\garena\Skin\Flags\mx.gif
c:\program files\garena\Skin\Flags\my.gif
c:\program files\garena\Skin\Flags\mz.gif
c:\program files\garena\Skin\Flags\na.gif
c:\program files\garena\Skin\Flags\nc.gif
c:\program files\garena\Skin\Flags\ne.gif
c:\program files\garena\Skin\Flags\nf.gif
c:\program files\garena\Skin\Flags\ng.gif
c:\program files\garena\Skin\Flags\ni.gif
c:\program files\garena\Skin\Flags\nl.gif
c:\program files\garena\Skin\Flags\no.gif
c:\program files\garena\Skin\Flags\np.gif
c:\program files\garena\Skin\Flags\nr.gif
c:\program files\garena\Skin\Flags\nz.gif
c:\program files\garena\Skin\Flags\om.gif
c:\program files\garena\Skin\Flags\pa.gif
c:\program files\garena\Skin\Flags\pe.gif
c:\program files\garena\Skin\Flags\pf.gif
c:\program files\garena\Skin\Flags\pg.gif
c:\program files\garena\Skin\Flags\ph.gif
c:\program files\garena\Skin\Flags\pk.gif
c:\program files\garena\Skin\Flags\pl.gif
c:\program files\garena\Skin\Flags\pm.gif
c:\program files\garena\Skin\Flags\pr.gif
c:\program files\garena\Skin\Flags\ps.gif
c:\program files\garena\Skin\Flags\pt.gif
c:\program files\garena\Skin\Flags\pw.gif
c:\program files\garena\Skin\Flags\py.gif
c:\program files\garena\Skin\Flags\qa.gif
c:\program files\garena\Skin\Flags\re.gif
c:\program files\garena\Skin\Flags\ro.gif
c:\program files\garena\Skin\Flags\rs.gif
c:\program files\garena\Skin\Flags\ru.gif
c:\program files\garena\Skin\Flags\rw.gif
c:\program files\garena\Skin\Flags\sa.gif
c:\program files\garena\Skin\Flags\sb.gif
c:\program files\garena\Skin\Flags\sc.gif
c:\program files\garena\Skin\Flags\sd.gif
c:\program files\garena\Skin\Flags\se.gif
c:\program files\garena\Skin\Flags\sg.gif
c:\program files\garena\Skin\Flags\si.gif
c:\program files\garena\Skin\Flags\sk.gif
c:\program files\garena\Skin\Flags\sl.gif
c:\program files\garena\Skin\Flags\sm.gif
c:\program files\garena\Skin\Flags\sn.gif
c:\program files\garena\Skin\Flags\so.gif
c:\program files\garena\Skin\Flags\sr.gif
c:\program files\garena\Skin\Flags\st.gif
c:\program files\garena\Skin\Flags\sv.gif
c:\program files\garena\Skin\Flags\sy.gif
c:\program files\garena\Skin\Flags\sz.gif
c:\program files\garena\Skin\Flags\tc.gif
c:\program files\garena\Skin\Flags\td.gif
c:\program files\garena\Skin\Flags\tf.gif
c:\program files\garena\Skin\Flags\tg.gif
c:\program files\garena\Skin\Flags\th.gif
c:\program files\garena\Skin\Flags\tj.gif
c:\program files\garena\Skin\Flags\tm.gif
c:\program files\garena\Skin\Flags\tn.gif
c:\program files\garena\Skin\Flags\to.gif
c:\program files\garena\Skin\Flags\tp.gif
c:\program files\garena\Skin\Flags\tr.gif
c:\program files\garena\Skin\Flags\tt.gif
c:\program files\garena\Skin\Flags\tv.gif
c:\program files\garena\Skin\Flags\tw.gif
c:\program files\garena\Skin\Flags\tz.gif
c:\program files\garena\Skin\Flags\ua.gif
c:\program files\garena\Skin\Flags\ug.gif
c:\program files\garena\Skin\Flags\uk.gif
c:\program files\garena\Skin\Flags\um.gif
c:\program files\garena\Skin\Flags\us.gif
c:\program files\garena\Skin\Flags\uy.gif
c:\program files\garena\Skin\Flags\uz.gif
c:\program files\garena\Skin\Flags\va.gif
c:\program files\garena\Skin\Flags\vc.gif
c:\program files\garena\Skin\Flags\ve.gif
c:\program files\garena\Skin\Flags\vg.gif
c:\program files\garena\Skin\Flags\vi.gif
c:\program files\garena\Skin\Flags\vn.gif
c:\program files\garena\Skin\Flags\vu.gif
c:\program files\garena\Skin\Flags\ws.gif
c:\program files\garena\Skin\Flags\ye.gif
c:\program files\garena\Skin\Flags\yu.gif
c:\program files\garena\Skin\Flags\za.gif
c:\program files\garena\Skin\Flags\zm.gif
c:\program files\garena\Skin\Flags\zr.gif
c:\program files\garena\Skin\Flags\zw.gif
c:\program files\garena\Skin\garenatv.ggz
c:\program files\garena\Skin\Skin.ggz
c:\program files\garena\skin_bs\garenatv.ggz
c:\program files\garena\skin_bs\Skin.ggz
c:\program files\garena\Skins.xml
c:\program files\garena\SocketHook.dll
c:\program files\garena\sound\folder.wav
c:\program files\garena\sound\game.wav
c:\program files\garena\sound\msg.wav
c:\program files\garena\sound\nudge.wav
c:\program files\garena\sound\quit.wav
c:\program files\garena\sound\ring.wav
c:\program files\garena\sound\sysmsg.wav
c:\program files\garena\source.xml
c:\program files\garena\sqlite3.dll
c:\program files\garena\uninst.exe
c:\program files\garena\update.dat
c:\program files\garena\update.exe
c:\program files\garena\update.xml
c:\program files\garena\update2.exe
c:\program files\garena\user.xml
c:\program files\garena\user\24030858\ban.dat
c:\program files\garena\user\24030858\data.dat
c:\program files\garena\user\24030858\fps.dat
c:\program files\garena\user\24030858\recent.txt
c:\program files\garena\viwawa.cn.xml
c:\program files\garena\viwawa.en.xml
c:\program files\garena\viwawa.tw.xml
c:\program files\garena\War3Hook.dll
c:\program files\garena\web\1.cn.html
c:\program files\garena\web\1.en.html
c:\program files\garena\web\1.tw.html
c:\program files\garena\web\2.cn.html
c:\program files\garena\web\2.en.html
c:\program files\garena\web\2.tw.html
c:\program files\garena\web\3.cn.html
c:\program files\garena\web\3.en.html
c:\program files\garena\web\3.tw.html
c:\program files\garena\web\6.cn.html
c:\program files\garena\web\6.en.html
c:\program files\garena\web\6.tw.html
c:\program files\garena\web\cache\Freesky\css\foemb_2.css
c:\program files\garena\web\cache\Freesky\img\do_bg2.jpg
c:\program files\garena\web\cache\Freesky\img\do_btn.jpg
c:\program files\garena\web\cache\Freesky\img\ggbackground.jpg
c:\program files\garena\web\cache\RUpoker\css\pokerembed.css
c:\program files\garena\web\cache\RUpoker\img\bg.jpg
c:\program files\garena\web\cache\RUpoker\img\btn.jpg
c:\program files\garena\web\cache\RUpoker\img\ggbackground.jpg
c:\program files\garena\web\embed_game.jpg
c:\program files\garena\web\embed_game_cn.jpg
c:\program files\garena\web\embed_game_tw.jpg
c:\program files\garena\web\embed_garenafire_ZH.jpg
c:\program files\garena\web\embed_gfire.jpg
c:\program files\garena\web\gfire.cn.html
c:\program files\garena\web\gfire.en.html
c:\program files\garena\web\gfire.tw.html
c:\program files\garena\web\ggbackground.jpg
c:\program files\garena\web\loading.gif
c:\program files\garena\web\loading.html
c:\program files\garena\YYFileSystem.dll
c:\windows\system32\drivers\5392923.sys
c:\windows\system32\drivers\53929231.sys
c:\windows\system32\drivers\53929232.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_53929231
-------\Legacy_53929232
-------\Legacy_GARENAPENGINE
-------\Service_53929231
-------\Service_53929232
-------\Service_GarenaPEngine
-------\Legacy_setup_9.0.0.722_07.05.2010_21-25drv
-------\Service_setup_9.0.0.722_07.05.2010_21-25drv
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-09 do 2010-05-09 )))))))))))))))))))))))))))))))
.
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\TxR\AppData\Local\temp
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\systemprofile\AppData\Local\temp
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\RegBack\AppData\Local\temp
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\Journal\AppData\Local\temp
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\Host\AppData\Local\temp
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-08 08:36 . 2010-05-08 08:36 -------- d-----w- c:\program files\Algodoo Phun Edition
2010-05-07 20:03 . 2010-05-08 21:04 -------- d-----w- c:\programdata\Kaspersky Lab
2010-05-05 18:59 . 2010-05-05 18:59 -------- d-----w- c:\users\Host\AppData\Roaming\skypePM
2010-05-05 18:57 . 2010-05-05 20:35 -------- d-----w- c:\users\Host\AppData\Roaming\Skype
2010-05-04 12:48 . 2010-05-04 12:48 -------- d-----w- c:\users\Host\AppData\Roaming\Creative
2010-04-20 21:04 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-16 16:36 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 16:36 . 2010-04-16 16:36 -------- d-----w- c:\programdata\Malwarebytes
2010-04-16 16:36 . 2010-04-16 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-16 16:36 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-16 16:21 . 2010-04-16 16:22 -------- d-----w- c:\program files\Unlocker
2010-04-16 12:07 . 2010-04-16 12:10 -------- d-----w- C:\rsit
2010-04-15 13:12 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 13:12 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 13:11 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 13:11 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 13:11 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 12:34 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 12:34 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 12:34 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 12:34 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 13:37 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 13:37 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 18:19 . 2008-01-21 06:46 639248 ----a-w- c:\windows\system32\perfh005.dat
2010-05-09 18:19 . 2008-01-21 06:46 135978 ----a-w- c:\windows\system32\perfc005.dat
2010-05-09 18:13 . 2009-02-11 10:25 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-09 17:41 . 2009-04-18 11:57 -------- d-----w- c:\programdata\Google Updater
2010-05-08 06:43 . 2009-02-26 20:33 -------- d-----w- c:\program files\Google
2010-05-07 23:05 . 2010-01-28 18:29 -------- d-----w- c:\program files\Steam
2010-05-01 08:22 . 2009-05-01 16:42 -------- d-----w- c:\program files\Common Files\Steam
2010-04-16 01:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 01:07 . 2008-04-22 01:34 -------- d-----w- c:\programdata\Microsoft Help
2010-04-09 17:49 . 2010-04-09 17:49 -------- d-----w- c:\program files\Samsung
2010-04-09 17:49 . 2008-04-22 00:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 17:07 . 2009-04-18 15:21 -------- d-----w- c:\program files\Safari
2010-04-09 17:01 . 2010-04-09 17:01 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-09 13:45 . 2009-04-16 17:19 -------- d-----w- c:\program files\Opera
2010-04-09 13:39 . 2009-02-13 21:53 -------- d-----w- c:\program files\CCleaner
2010-04-09 13:29 . 2010-01-19 13:18 -------- d-----w- c:\program files\ICQ7.0
2010-03-27 11:32 . 2009-07-10 11:35 1356 ----a-w- c:\users\Host\AppData\Local\d3d9caps.dat
2010-03-21 22:12 . 2010-03-21 22:12 -------- d-----w- c:\program files\Ghostgum
2010-03-21 20:53 . 2010-03-21 20:53 286720 ----a-w- c:\windows\system32\swb_uninst.exe
2010-03-21 20:53 . 2010-03-21 20:53 -------- d-----w- c:\program files\AVKanalyzer
2010-03-02 12:53 . 2010-03-02 12:09 796672 ----a-w- c:\windows\GPInstall.exe
2010-02-24 08:16 . 2010-03-01 20:44 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 07:56 . 2009-03-29 15:04 107304 ----a-w- c:\users\Host\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 12:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 12:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 12:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 12:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 23:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 23:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 23:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\steam\steam.exe" [2010-04-27 1238352]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-03-02 349568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"PLFSet"="c:\windows\PLFSet.dll" [2007-12-14 45056]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-12-09 58112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
c:\users\Host\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
c:\users\Petr Pot…źek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
G-Recorder.lnk - c:\program files\G-Recorder\G-Recorder.exe [2009-12-17 2183168]
setup_9.0.0.722_07.05.2010_21-25.lnk - c:\users\Petr Pot…źek\Desktop\Virus Removal Tool\setup_9.0.0.722_07.05.2010_21-25\startup.exe [2010-5-7 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-2-11 1216512]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-22 535336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Petr Potůček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Typle.lnk]
path=c:\users\Petr Potůček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Typle.lnk
backup=c:\windows\pss\Typle.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Petr Potůček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Petr Potůček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectTray]
2006-09-20 15:44 126976 ----a-w- c:\program files\Genius\TVGo DVB-T02Q MCE\DetectTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-17 12:54 133104 ----atw- c:\users\Petr Potůček\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-03-28 12:39 133368 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
2006-03-02 09:54 290816 ----a-w- c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
2007-12-25 13:53 548864 ----a-r- c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
2007-06-26 18:26 2058752 ----a-w- d:\zábava\Programy\yodm3D\Yodm3D.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9c,f4,ac,cb,c8,fc,c9,01
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R2 gupdate1c9c01d987a940;Služba Google Update (gupdate1c9c01d987a940);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R3 btnetBUs;IVT Bluetooth Bus Service for BtNic;c:\windows\system32\Drivers\btnetBus.sys [2008-10-22 29832]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-04-17 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-04-17 79360]
R3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [2009-04-17 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-04-17 79360]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\zábava\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 EC168BDA;TVGo DVB-T02Q MCE;c:\windows\system32\DRIVERS\EC168BDA.sys [2006-09-25 38400]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-04-10 20480]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-18 721904]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-03 1029456]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-05-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:00]
2010-05-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 11:57]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 11:58]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 11:58]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1860964676-2034717189-1328423215-1003Core.job
- c:\users\Host\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 18:59]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1860964676-2034717189-1328423215-1003UA.job
- c:\users\Host\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 18:59]
2010-05-09 c:\windows\Tasks\User_Feed_Synchronization-{F16BC65A-19BE-4A32-B7F4-AD087B0EEFBC}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\Flash Saver\save.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Přizpůsobit Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout Star Downloaderem - c:\program files\Star Downloader\sdie.htm
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Zobrazit originál
Trusted Zone: im-history.com
FF - ProfilePath - c:\users\Petr Potůček\AppData\Roaming\Mozilla\Firefox\Profiles\6k0lzcqg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Garena - c:\program files\Garena\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 20:24
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85B14BA0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8adc6d24
\Driver\ACPI -> acpi.sys @ 0x8069bd68
\Driver\atapi -> 0x874f31d0
\Driver\iaStor -> 0x85b14ba0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1860964676-2034717189-1328423215-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cd,05,1a,52,81,27,07,9e,b4,e4,f8,d4,3a,5f,75,b8,cb,4a,9e,1b,fa,ec,f3,
77,74,9b,ee,ef,a5,52,d9,d1,62,e9,6c,76,86,de,e1,48,0b,9a,b5,74,74,96,79,b7,\
"??"=hex:ce,4a,71,db,ea,06,4e,4f,aa,b0,c9,b0,56,87,f8,4a
[HKEY_USERS\S-1-5-21-1860964676-2034717189-1328423215-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,30,6e,66,e1,99,7b,a4,d4,c5,b7,c6,ec,be,d5,35,31,b7,a1,51,ea,
52,f7,6b,5d,bf,08,6c,ae,ed,d7,ed,fd,99,60,c2,18,d7,0a,7b,6e,34,a3,67,54,40,\
"rkeysecu"=hex:d3,f5,ee,d6,db,01,99,a2,47,8d,cb,ce,c0,68,a5,42
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5716)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscape.dll
c:\program files\Genius\TVGo DVB-T02Q MCE\Filter\mlcom.ax
c:\program files\Genius\TVGo DVB-T02Q MCE\Filter\mpeg2dmx.ax
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-05-09 20:30:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-09 18:30
ComboFix2.txt 2010-05-08 21:02
Před spuštěním: Volných bajtů: 27 234 701 312
Po spuštění: Volných bajtů: 26 933 125 120
- - End Of File - - 6841836BC9D029F0D4B84E7062EA5CB9
Nahr nˇ probŘhlo ŁspŘçnŘ
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3069.2119 [GMT 2:00]
Spuštěný z: c:\users\Petr Potůček\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr Potůček\Desktop\CFScript.txt
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
file zipped: c:\windows\system32\drivers\5392923.sys
file zipped: c:\windows\system32\drivers\53929231.sys
file zipped: c:\windows\system32\drivers\53929232.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\garena
c:\program files\garena\AESocket.dll
c:\program files\garena\atl71.dll
c:\program files\garena\Avatar\boy.swf
c:\program files\garena\Avatar\boy_s.swf
c:\program files\garena\Avatar\girl.swf
c:\program files\garena\Avatar\girl_s.swf
c:\program files\garena\Avatar\unknown.swf
c:\program files\garena\Avatar\unknown_s.swf
c:\program files\garena\Cache\8920535_s.swf
c:\program files\garena\clients2.dat
c:\program files\garena\CommonLib.dll
c:\program files\garena\config\bs.br.xml
c:\program files\garena\config\bs.cn.xml
c:\program files\garena\config\bs.en.xml
c:\program files\garena\config\bs.id.xml
c:\program files\garena\config\bs.pp.xml
c:\program files\garena\config\bs.ru.xml
c:\program files\garena\config\bs.sd.xml
c:\program files\garena\config\bs.sp.xml
c:\program files\garena\config\bs.th.xml
c:\program files\garena\config\bs.tw.xml
c:\program files\garena\config\bs.vn.xml
c:\program files\garena\config\loccn.xml
c:\program files\garena\config\locen.xml
c:\program files\garena\config\lockr.xml
c:\program files\garena\config\loctw.xml
c:\program files\garena\config\locvn.xml
c:\program files\garena\CS15Hook.dll
c:\program files\garena\deps\vww.gzp
c:\program files\garena\deps\webgame.gga
c:\program files\garena\dlls\CTSys.dll
c:\program files\garena\dlls\flags.dll
c:\program files\garena\dlls\FPSHelper.dll
c:\program files\garena\dlls\GFireMan.dll
c:\program files\garena\dlls\IPvR.dll
c:\program files\garena\dlls\PEngine.dll
c:\program files\garena\dlls\PluginLanguage.dll
c:\program files\garena\dlls\Sca.dll
c:\program files\garena\dlls\WC3J.dll
c:\program files\garena\files\files.ggz
c:\program files\garena\FPSHook.dll
c:\program files\garena\Gamecn.dat
c:\program files\garena\GameConfig.xml
c:\program files\garena\Gameen.dat
c:\program files\garena\Gametw.dat
c:\program files\garena\Gamevn.dat
c:\program files\garena\Garena.exe
c:\program files\garena\GarenaSkin.dll
c:\program files\garena\GarenaSkin1.dll
c:\program files\garena\GarenaTV.xml
c:\program files\garena\GarenaTV\0.bmp
c:\program files\garena\GarenaTV\1.bmp
c:\program files\garena\GarenaTV\2.bmp
c:\program files\garena\GarenaTV\3.bmp
c:\program files\garena\GarenaTV\4.bmp
c:\program files\garena\GarenaTV\5.bmp
c:\program files\garena\GarenaTV\6.bmp
c:\program files\garena\GarenaTV\cn.ggz
c:\program files\garena\GarenaTV\cn_s.ggz
c:\program files\garena\GarenaTV\en.ggz
c:\program files\garena\GarenaTV\en_s.ggz
c:\program files\garena\GarenaTV\id_s.ggz
c:\program files\garena\GarenaTV\tw.ggz
c:\program files\garena\GarenaTV\tw_s.ggz
c:\program files\garena\GarenaTV_UI.dll
c:\program files\garena\GarenaTVHook.dll
c:\program files\garena\GGICON.ico
c:\program files\garena\Gn.ggz
c:\program files\garena\gs.dat
c:\program files\garena\hc.xml
c:\program files\garena\Inject.dll
c:\program files\garena\L4DSocket.dll
c:\program files\garena\langs.xml
c:\program files\garena\Languages\FPSGame.dll.cn
c:\program files\garena\Languages\FPSGame.dll.en
c:\program files\garena\Languages\FPSGame.dll.tw
c:\program files\garena\Languages\Garena.exe.br
c:\program files\garena\Languages\Garena.exe.cn
c:\program files\garena\Languages\Garena.exe.en
c:\program files\garena\Languages\Garena.exe.id
c:\program files\garena\Languages\Garena.exe.ru
c:\program files\garena\Languages\Garena.exe.sp
c:\program files\garena\Languages\Garena.exe.th
c:\program files\garena\Languages\Garena.exe.tw
c:\program files\garena\Languages\Garena.exe.vn
c:\program files\garena\Languages\GarenaTV_UI.dll.cn
c:\program files\garena\Languages\GarenaTV_UI.dll.en
c:\program files\garena\Languages\GarenaTV_UI.dll.id
c:\program files\garena\Languages\GarenaTV_UI.dll.tw
c:\program files\garena\Languages\languages.glf
c:\program files\garena\Languages\update.exe.cn
c:\program files\garena\Languages\update.exe.tw
c:\program files\garena\Languages\update2.exe.cn
c:\program files\garena\Languages\update2.exe.tw
c:\program files\garena\Languages\WC3Ass.dll.cn
c:\program files\garena\Languages\WC3Ass.dll.en
c:\program files\garena\Languages\WC3Ass.dll.tw
c:\program files\garena\Languages\WC3Ass.dll.vn
c:\program files\garena\Languages\WC3Ladder.dll.cn
c:\program files\garena\Languages\WC3Ladder.dll.en
c:\program files\garena\Languages\WC3Ladder.dll.tw
c:\program files\garena\layout\BlackShotView.layout
c:\program files\garena\layout\layout.ggz
c:\program files\garena\lib\BlackShot.dll
c:\program files\garena\lib\common\Language.dll
c:\program files\garena\lib\GarenaRoomSystem.dll
c:\program files\garena\lib\GarenaWebService.dll
c:\program files\garena\lib\HttpLayer.dll
c:\program files\garena\lib\Layout.dll
c:\program files\garena\lib\LibPlugin.ggz
c:\program files\garena\lib\LoadSwf.dll
c:\program files\garena\lib\MessagePumpLib.dll
c:\program files\garena\lib\NetworkLayer.dll
c:\program files\garena\lib\PKCS.dll
c:\program files\garena\lib\RSA.dll
c:\program files\garena\lib\WebCache.dll
c:\program files\garena\mdata.ggz
c:\program files\garena\PluginKernel.dll
c:\program files\garena\plugins\Game\GarenaTVRecorder.dll
c:\program files\garena\plugins\Game\WC3Ass.dll
c:\program files\garena\plugins\Game\WC3Ladder.dll
c:\program files\garena\plugins\Game\WC3VC.dll
c:\program files\garena\plugins\Plugins.ggz
c:\program files\garena\plugins\UI\AdPlugin.dll
c:\program files\garena\plugins\UI\AdPlugin\close_rollout.bmp
c:\program files\garena\plugins\UI\AdPlugin\close_rollover.bmp
c:\program files\garena\plugins\UI\AdPlugin\down_rollout.bmp
c:\program files\garena\plugins\UI\AdPlugin\down_rollover.bmp
c:\program files\garena\plugins\UI\AdPlugin\skinmsn.bmp
c:\program files\garena\plugins\UI\AdPlugin\up_rollout.bmp
c:\program files\garena\plugins\UI\AdPlugin\up_rollover.bmp
c:\program files\garena\plugins\UI\AvoidCrackPlugin.dll
c:\program files\garena\plugins\UI\BlackShotPlugin.dll
c:\program files\garena\plugins\UI\CafeLogin.dll
c:\program files\garena\plugins\UI\FavListUIPlugin.dll
c:\program files\garena\plugins\UI\FPSGame.dll
c:\program files\garena\plugins\UI\GarenaTV.dll
c:\program files\garena\plugins\UI\GarenaTVRecUI.dll
c:\program files\garena\plugins\UI\GEngine.dll
c:\program files\garena\plugins\UI\Chenyx.dll
c:\program files\garena\plugins\UI\ManagePlugin.dll
c:\program files\garena\plugins\UI\StatPlugin.dll
c:\program files\garena\plugins\UI\ViwawaPlugin.dll
c:\program files\garena\plugins\UI\WebGameUI.dll
c:\program files\garena\plugins\UI\zDep.dll
c:\program files\garena\plugins\UI\zzzPlugin.dll
c:\program files\garena\RecConfig.xml
c:\program files\garena\Roomcn.dat
c:\program files\garena\Roomen.dat
c:\program files\garena\Roomtw.dat
c:\program files\garena\server.xml
c:\program files\garena\shop\items\1.gif
c:\program files\garena\shop\items\100.gif
c:\program files\garena\shop\items\105.gif
c:\program files\garena\shop\items\150.gif
c:\program files\garena\shop\items\151.gif
c:\program files\garena\shop\items\2.gif
c:\program files\garena\shop\items\200.gif
c:\program files\garena\shop\items\201.gif
c:\program files\garena\shop\items\202.gif
c:\program files\garena\shop\items\203.gif
c:\program files\garena\shop\items\204.gif
c:\program files\garena\shop\items\205.gif
c:\program files\garena\shop\items\206.gif
c:\program files\garena\shop\items\21.gif
c:\program files\garena\shop\items\22.gif
c:\program files\garena\shop\items\23.gif
c:\program files\garena\shop\items\24.gif
c:\program files\garena\shop\items\3.gif
c:\program files\garena\shop\items\300.gif
c:\program files\garena\shop\items\301.gif
c:\program files\garena\shop\items\302.gif
c:\program files\garena\shop\items\303.gif
c:\program files\garena\shop\items\304.gif
c:\program files\garena\shop\items\305.gif
c:\program files\garena\shop\items\306.gif
c:\program files\garena\shop\items\307.gif
c:\program files\garena\shop\items\308.gif
c:\program files\garena\shop\items\309.gif
c:\program files\garena\shop\items\310.gif
c:\program files\garena\shop\items\311.gif
c:\program files\garena\shop\items\312.gif
c:\program files\garena\shop\items\313.gif
c:\program files\garena\shop\items\4.gif
c:\program files\garena\shop\items\40.gif
c:\program files\garena\shop\items\60.gif
c:\program files\garena\shop\items\61.gif
c:\program files\garena\shop\items\62.gif
c:\program files\garena\shop\items\63.gif
c:\program files\garena\shop\items\64.gif
c:\program files\garena\shop\items\65.gif
c:\program files\garena\shop\items\66.gif
c:\program files\garena\shop\items\67.gif
c:\program files\garena\shop\items\68.gif
c:\program files\garena\shop\items\69.gif
c:\program files\garena\shop\items\70.gif
c:\program files\garena\shop\items\8.gif
c:\program files\garena\Skin\Flags\-.gif
c:\program files\garena\Skin\Flags\ad.gif
c:\program files\garena\Skin\Flags\ae.gif
c:\program files\garena\Skin\Flags\af.gif
c:\program files\garena\Skin\Flags\ag.gif
c:\program files\garena\Skin\Flags\ai.gif
c:\program files\garena\Skin\Flags\al.gif
c:\program files\garena\Skin\Flags\am.gif
c:\program files\garena\Skin\Flags\an.gif
c:\program files\garena\Skin\Flags\ao.gif
c:\program files\garena\Skin\Flags\aq.gif
c:\program files\garena\Skin\Flags\ar.gif
c:\program files\garena\Skin\Flags\as.gif
c:\program files\garena\Skin\Flags\at.gif
c:\program files\garena\Skin\Flags\au.gif
c:\program files\garena\Skin\Flags\aw.gif
c:\program files\garena\Skin\Flags\az.gif
c:\program files\garena\Skin\Flags\ba.gif
c:\program files\garena\Skin\Flags\bb.gif
c:\program files\garena\Skin\Flags\bd.gif
c:\program files\garena\Skin\Flags\be.gif
c:\program files\garena\Skin\Flags\bf.gif
c:\program files\garena\Skin\Flags\bg.gif
c:\program files\garena\Skin\Flags\bh.gif
c:\program files\garena\Skin\Flags\bi.gif
c:\program files\garena\Skin\Flags\bj.gif
c:\program files\garena\Skin\Flags\bm.gif
c:\program files\garena\Skin\Flags\bn.gif
c:\program files\garena\Skin\Flags\bo.gif
c:\program files\garena\Skin\Flags\br.gif
c:\program files\garena\Skin\Flags\bs.gif
c:\program files\garena\Skin\Flags\bt.gif
c:\program files\garena\Skin\Flags\bv.gif
c:\program files\garena\Skin\Flags\bw.gif
c:\program files\garena\Skin\Flags\by.gif
c:\program files\garena\Skin\Flags\bz.gif
c:\program files\garena\Skin\Flags\ca.gif
c:\program files\garena\Skin\Flags\cd.gif
c:\program files\garena\Skin\Flags\cf.gif
c:\program files\garena\Skin\Flags\cg.gif
c:\program files\garena\Skin\Flags\ci.gif
c:\program files\garena\Skin\Flags\ck.gif
c:\program files\garena\Skin\Flags\cl.gif
c:\program files\garena\Skin\Flags\cm.gif
c:\program files\garena\Skin\Flags\cn.gif
c:\program files\garena\Skin\Flags\co.gif
c:\program files\garena\Skin\Flags\cr.gif
c:\program files\garena\Skin\Flags\cu.gif
c:\program files\garena\Skin\Flags\cv.gif
c:\program files\garena\Skin\Flags\cy.gif
c:\program files\garena\Skin\Flags\cz.gif
c:\program files\garena\Skin\Flags\de.gif
c:\program files\garena\Skin\Flags\dj.gif
c:\program files\garena\Skin\Flags\dk.gif
c:\program files\garena\Skin\Flags\dm.gif
c:\program files\garena\Skin\Flags\do.gif
c:\program files\garena\Skin\Flags\dz.gif
c:\program files\garena\Skin\Flags\ec.gif
c:\program files\garena\Skin\Flags\ee.gif
c:\program files\garena\Skin\Flags\eg.gif
c:\program files\garena\Skin\Flags\er.gif
c:\program files\garena\Skin\Flags\es.gif
c:\program files\garena\Skin\Flags\et.gif
c:\program files\garena\Skin\Flags\eu.gif
c:\program files\garena\Skin\Flags\fi.gif
c:\program files\garena\Skin\Flags\fj.gif
c:\program files\garena\Skin\Flags\fk.gif
c:\program files\garena\Skin\Flags\fm.gif
c:\program files\garena\Skin\Flags\fo.gif
c:\program files\garena\Skin\Flags\fr.gif
c:\program files\garena\Skin\Flags\fx.gif
c:\program files\garena\Skin\Flags\ga.gif
c:\program files\garena\Skin\Flags\gb.gif
c:\program files\garena\Skin\Flags\gd.gif
c:\program files\garena\Skin\Flags\ge.gif
c:\program files\garena\Skin\Flags\gh.gif
c:\program files\garena\Skin\Flags\gi.gif
c:\program files\garena\Skin\Flags\gl.gif
c:\program files\garena\Skin\Flags\gm.gif
c:\program files\garena\Skin\Flags\gn.gif
c:\program files\garena\Skin\Flags\gp.gif
c:\program files\garena\Skin\Flags\gq.gif
c:\program files\garena\Skin\Flags\gr.gif
c:\program files\garena\Skin\Flags\gt.gif
c:\program files\garena\Skin\Flags\gu.gif
c:\program files\garena\Skin\Flags\gw.gif
c:\program files\garena\Skin\Flags\gy.gif
c:\program files\garena\Skin\Flags\hk.gif
c:\program files\garena\Skin\Flags\hm.gif
c:\program files\garena\Skin\Flags\hn.gif
c:\program files\garena\Skin\Flags\hr.gif
c:\program files\garena\Skin\Flags\ht.gif
c:\program files\garena\Skin\Flags\hu.gif
c:\program files\garena\Skin\Flags\ch.gif
c:\program files\garena\Skin\Flags\id.gif
c:\program files\garena\Skin\Flags\ie.gif
c:\program files\garena\Skin\Flags\il.gif
c:\program files\garena\Skin\Flags\im.gif
c:\program files\garena\Skin\Flags\in.gif
c:\program files\garena\Skin\Flags\io.gif
c:\program files\garena\Skin\Flags\iq.gif
c:\program files\garena\Skin\Flags\ir.gif
c:\program files\garena\Skin\Flags\is.gif
c:\program files\garena\Skin\Flags\it.gif
c:\program files\garena\Skin\Flags\je.gif
c:\program files\garena\Skin\Flags\jm.gif
c:\program files\garena\Skin\Flags\jo.gif
c:\program files\garena\Skin\Flags\jp.gif
c:\program files\garena\Skin\Flags\ke.gif
c:\program files\garena\Skin\Flags\kg.gif
c:\program files\garena\Skin\Flags\kh.gif
c:\program files\garena\Skin\Flags\ki.gif
c:\program files\garena\Skin\Flags\km.gif
c:\program files\garena\Skin\Flags\kn.gif
c:\program files\garena\Skin\Flags\kp.gif
c:\program files\garena\Skin\Flags\kr.gif
c:\program files\garena\Skin\Flags\kw.gif
c:\program files\garena\Skin\Flags\ky.gif
c:\program files\garena\Skin\Flags\kz.gif
c:\program files\garena\Skin\Flags\la.gif
c:\program files\garena\Skin\Flags\lb.gif
c:\program files\garena\Skin\Flags\lc.gif
c:\program files\garena\Skin\Flags\li.gif
c:\program files\garena\Skin\Flags\lk.gif
c:\program files\garena\Skin\Flags\lr.gif
c:\program files\garena\Skin\Flags\ls.gif
c:\program files\garena\Skin\Flags\lt.gif
c:\program files\garena\Skin\Flags\lu.gif
c:\program files\garena\Skin\Flags\lv.gif
c:\program files\garena\Skin\Flags\ly.gif
c:\program files\garena\Skin\Flags\ma.gif
c:\program files\garena\Skin\Flags\mc.gif
c:\program files\garena\Skin\Flags\md.gif
c:\program files\garena\Skin\Flags\me.gif
c:\program files\garena\Skin\Flags\mg.gif
c:\program files\garena\Skin\Flags\mh.gif
c:\program files\garena\Skin\Flags\mk.gif
c:\program files\garena\Skin\Flags\ml.gif
c:\program files\garena\Skin\Flags\mm.gif
c:\program files\garena\Skin\Flags\mn.gif
c:\program files\garena\Skin\Flags\mo.gif
c:\program files\garena\Skin\Flags\mp.gif
c:\program files\garena\Skin\Flags\mq.gif
c:\program files\garena\Skin\Flags\mr.gif
c:\program files\garena\Skin\Flags\ms.gif
c:\program files\garena\Skin\Flags\mt.gif
c:\program files\garena\Skin\Flags\mu.gif
c:\program files\garena\Skin\Flags\mv.gif
c:\program files\garena\Skin\Flags\mw.gif
c:\program files\garena\Skin\Flags\mx.gif
c:\program files\garena\Skin\Flags\my.gif
c:\program files\garena\Skin\Flags\mz.gif
c:\program files\garena\Skin\Flags\na.gif
c:\program files\garena\Skin\Flags\nc.gif
c:\program files\garena\Skin\Flags\ne.gif
c:\program files\garena\Skin\Flags\nf.gif
c:\program files\garena\Skin\Flags\ng.gif
c:\program files\garena\Skin\Flags\ni.gif
c:\program files\garena\Skin\Flags\nl.gif
c:\program files\garena\Skin\Flags\no.gif
c:\program files\garena\Skin\Flags\np.gif
c:\program files\garena\Skin\Flags\nr.gif
c:\program files\garena\Skin\Flags\nz.gif
c:\program files\garena\Skin\Flags\om.gif
c:\program files\garena\Skin\Flags\pa.gif
c:\program files\garena\Skin\Flags\pe.gif
c:\program files\garena\Skin\Flags\pf.gif
c:\program files\garena\Skin\Flags\pg.gif
c:\program files\garena\Skin\Flags\ph.gif
c:\program files\garena\Skin\Flags\pk.gif
c:\program files\garena\Skin\Flags\pl.gif
c:\program files\garena\Skin\Flags\pm.gif
c:\program files\garena\Skin\Flags\pr.gif
c:\program files\garena\Skin\Flags\ps.gif
c:\program files\garena\Skin\Flags\pt.gif
c:\program files\garena\Skin\Flags\pw.gif
c:\program files\garena\Skin\Flags\py.gif
c:\program files\garena\Skin\Flags\qa.gif
c:\program files\garena\Skin\Flags\re.gif
c:\program files\garena\Skin\Flags\ro.gif
c:\program files\garena\Skin\Flags\rs.gif
c:\program files\garena\Skin\Flags\ru.gif
c:\program files\garena\Skin\Flags\rw.gif
c:\program files\garena\Skin\Flags\sa.gif
c:\program files\garena\Skin\Flags\sb.gif
c:\program files\garena\Skin\Flags\sc.gif
c:\program files\garena\Skin\Flags\sd.gif
c:\program files\garena\Skin\Flags\se.gif
c:\program files\garena\Skin\Flags\sg.gif
c:\program files\garena\Skin\Flags\si.gif
c:\program files\garena\Skin\Flags\sk.gif
c:\program files\garena\Skin\Flags\sl.gif
c:\program files\garena\Skin\Flags\sm.gif
c:\program files\garena\Skin\Flags\sn.gif
c:\program files\garena\Skin\Flags\so.gif
c:\program files\garena\Skin\Flags\sr.gif
c:\program files\garena\Skin\Flags\st.gif
c:\program files\garena\Skin\Flags\sv.gif
c:\program files\garena\Skin\Flags\sy.gif
c:\program files\garena\Skin\Flags\sz.gif
c:\program files\garena\Skin\Flags\tc.gif
c:\program files\garena\Skin\Flags\td.gif
c:\program files\garena\Skin\Flags\tf.gif
c:\program files\garena\Skin\Flags\tg.gif
c:\program files\garena\Skin\Flags\th.gif
c:\program files\garena\Skin\Flags\tj.gif
c:\program files\garena\Skin\Flags\tm.gif
c:\program files\garena\Skin\Flags\tn.gif
c:\program files\garena\Skin\Flags\to.gif
c:\program files\garena\Skin\Flags\tp.gif
c:\program files\garena\Skin\Flags\tr.gif
c:\program files\garena\Skin\Flags\tt.gif
c:\program files\garena\Skin\Flags\tv.gif
c:\program files\garena\Skin\Flags\tw.gif
c:\program files\garena\Skin\Flags\tz.gif
c:\program files\garena\Skin\Flags\ua.gif
c:\program files\garena\Skin\Flags\ug.gif
c:\program files\garena\Skin\Flags\uk.gif
c:\program files\garena\Skin\Flags\um.gif
c:\program files\garena\Skin\Flags\us.gif
c:\program files\garena\Skin\Flags\uy.gif
c:\program files\garena\Skin\Flags\uz.gif
c:\program files\garena\Skin\Flags\va.gif
c:\program files\garena\Skin\Flags\vc.gif
c:\program files\garena\Skin\Flags\ve.gif
c:\program files\garena\Skin\Flags\vg.gif
c:\program files\garena\Skin\Flags\vi.gif
c:\program files\garena\Skin\Flags\vn.gif
c:\program files\garena\Skin\Flags\vu.gif
c:\program files\garena\Skin\Flags\ws.gif
c:\program files\garena\Skin\Flags\ye.gif
c:\program files\garena\Skin\Flags\yu.gif
c:\program files\garena\Skin\Flags\za.gif
c:\program files\garena\Skin\Flags\zm.gif
c:\program files\garena\Skin\Flags\zr.gif
c:\program files\garena\Skin\Flags\zw.gif
c:\program files\garena\Skin\garenatv.ggz
c:\program files\garena\Skin\Skin.ggz
c:\program files\garena\skin_bs\garenatv.ggz
c:\program files\garena\skin_bs\Skin.ggz
c:\program files\garena\Skins.xml
c:\program files\garena\SocketHook.dll
c:\program files\garena\sound\folder.wav
c:\program files\garena\sound\game.wav
c:\program files\garena\sound\msg.wav
c:\program files\garena\sound\nudge.wav
c:\program files\garena\sound\quit.wav
c:\program files\garena\sound\ring.wav
c:\program files\garena\sound\sysmsg.wav
c:\program files\garena\source.xml
c:\program files\garena\sqlite3.dll
c:\program files\garena\uninst.exe
c:\program files\garena\update.dat
c:\program files\garena\update.exe
c:\program files\garena\update.xml
c:\program files\garena\update2.exe
c:\program files\garena\user.xml
c:\program files\garena\user\24030858\ban.dat
c:\program files\garena\user\24030858\data.dat
c:\program files\garena\user\24030858\fps.dat
c:\program files\garena\user\24030858\recent.txt
c:\program files\garena\viwawa.cn.xml
c:\program files\garena\viwawa.en.xml
c:\program files\garena\viwawa.tw.xml
c:\program files\garena\War3Hook.dll
c:\program files\garena\web\1.cn.html
c:\program files\garena\web\1.en.html
c:\program files\garena\web\1.tw.html
c:\program files\garena\web\2.cn.html
c:\program files\garena\web\2.en.html
c:\program files\garena\web\2.tw.html
c:\program files\garena\web\3.cn.html
c:\program files\garena\web\3.en.html
c:\program files\garena\web\3.tw.html
c:\program files\garena\web\6.cn.html
c:\program files\garena\web\6.en.html
c:\program files\garena\web\6.tw.html
c:\program files\garena\web\cache\Freesky\css\foemb_2.css
c:\program files\garena\web\cache\Freesky\img\do_bg2.jpg
c:\program files\garena\web\cache\Freesky\img\do_btn.jpg
c:\program files\garena\web\cache\Freesky\img\ggbackground.jpg
c:\program files\garena\web\cache\RUpoker\css\pokerembed.css
c:\program files\garena\web\cache\RUpoker\img\bg.jpg
c:\program files\garena\web\cache\RUpoker\img\btn.jpg
c:\program files\garena\web\cache\RUpoker\img\ggbackground.jpg
c:\program files\garena\web\embed_game.jpg
c:\program files\garena\web\embed_game_cn.jpg
c:\program files\garena\web\embed_game_tw.jpg
c:\program files\garena\web\embed_garenafire_ZH.jpg
c:\program files\garena\web\embed_gfire.jpg
c:\program files\garena\web\gfire.cn.html
c:\program files\garena\web\gfire.en.html
c:\program files\garena\web\gfire.tw.html
c:\program files\garena\web\ggbackground.jpg
c:\program files\garena\web\loading.gif
c:\program files\garena\web\loading.html
c:\program files\garena\YYFileSystem.dll
c:\windows\system32\drivers\5392923.sys
c:\windows\system32\drivers\53929231.sys
c:\windows\system32\drivers\53929232.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_53929231
-------\Legacy_53929232
-------\Legacy_GARENAPENGINE
-------\Service_53929231
-------\Service_53929232
-------\Service_GarenaPEngine
-------\Legacy_setup_9.0.0.722_07.05.2010_21-25drv
-------\Service_setup_9.0.0.722_07.05.2010_21-25drv
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-09 do 2010-05-09 )))))))))))))))))))))))))))))))
.
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\TxR\AppData\Local\temp
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\systemprofile\AppData\Local\temp
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\RegBack\AppData\Local\temp
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\Journal\AppData\Local\temp
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\Host\AppData\Local\temp
2010-05-09 18:12 . 2010-05-09 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-08 08:36 . 2010-05-08 08:36 -------- d-----w- c:\program files\Algodoo Phun Edition
2010-05-07 20:03 . 2010-05-08 21:04 -------- d-----w- c:\programdata\Kaspersky Lab
2010-05-05 18:59 . 2010-05-05 18:59 -------- d-----w- c:\users\Host\AppData\Roaming\skypePM
2010-05-05 18:57 . 2010-05-05 20:35 -------- d-----w- c:\users\Host\AppData\Roaming\Skype
2010-05-04 12:48 . 2010-05-04 12:48 -------- d-----w- c:\users\Host\AppData\Roaming\Creative
2010-04-20 21:04 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-16 16:36 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 16:36 . 2010-04-16 16:36 -------- d-----w- c:\programdata\Malwarebytes
2010-04-16 16:36 . 2010-04-16 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-16 16:36 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-16 16:21 . 2010-04-16 16:22 -------- d-----w- c:\program files\Unlocker
2010-04-16 12:07 . 2010-04-16 12:10 -------- d-----w- C:\rsit
2010-04-15 13:12 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 13:12 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 13:11 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 13:11 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 13:11 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 12:34 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 12:34 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 12:34 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 12:34 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 13:37 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 13:37 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 18:19 . 2008-01-21 06:46 639248 ----a-w- c:\windows\system32\perfh005.dat
2010-05-09 18:19 . 2008-01-21 06:46 135978 ----a-w- c:\windows\system32\perfc005.dat
2010-05-09 18:13 . 2009-02-11 10:25 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-09 17:41 . 2009-04-18 11:57 -------- d-----w- c:\programdata\Google Updater
2010-05-08 06:43 . 2009-02-26 20:33 -------- d-----w- c:\program files\Google
2010-05-07 23:05 . 2010-01-28 18:29 -------- d-----w- c:\program files\Steam
2010-05-01 08:22 . 2009-05-01 16:42 -------- d-----w- c:\program files\Common Files\Steam
2010-04-16 01:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 01:07 . 2008-04-22 01:34 -------- d-----w- c:\programdata\Microsoft Help
2010-04-09 17:49 . 2010-04-09 17:49 -------- d-----w- c:\program files\Samsung
2010-04-09 17:49 . 2008-04-22 00:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 17:07 . 2009-04-18 15:21 -------- d-----w- c:\program files\Safari
2010-04-09 17:01 . 2010-04-09 17:01 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-09 13:45 . 2009-04-16 17:19 -------- d-----w- c:\program files\Opera
2010-04-09 13:39 . 2009-02-13 21:53 -------- d-----w- c:\program files\CCleaner
2010-04-09 13:29 . 2010-01-19 13:18 -------- d-----w- c:\program files\ICQ7.0
2010-03-27 11:32 . 2009-07-10 11:35 1356 ----a-w- c:\users\Host\AppData\Local\d3d9caps.dat
2010-03-21 22:12 . 2010-03-21 22:12 -------- d-----w- c:\program files\Ghostgum
2010-03-21 20:53 . 2010-03-21 20:53 286720 ----a-w- c:\windows\system32\swb_uninst.exe
2010-03-21 20:53 . 2010-03-21 20:53 -------- d-----w- c:\program files\AVKanalyzer
2010-03-02 12:53 . 2010-03-02 12:09 796672 ----a-w- c:\windows\GPInstall.exe
2010-02-24 08:16 . 2010-03-01 20:44 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 07:56 . 2009-03-29 15:04 107304 ----a-w- c:\users\Host\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 12:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 12:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 12:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 12:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 23:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 23:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 23:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\steam\steam.exe" [2010-04-27 1238352]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-03-02 349568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"PLFSet"="c:\windows\PLFSet.dll" [2007-12-14 45056]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-12-09 58112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
c:\users\Host\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
c:\users\Petr Pot…źek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
G-Recorder.lnk - c:\program files\G-Recorder\G-Recorder.exe [2009-12-17 2183168]
setup_9.0.0.722_07.05.2010_21-25.lnk - c:\users\Petr Pot…źek\Desktop\Virus Removal Tool\setup_9.0.0.722_07.05.2010_21-25\startup.exe [2010-5-7 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-2-11 1216512]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-22 535336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Petr Potůček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Typle.lnk]
path=c:\users\Petr Potůček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Typle.lnk
backup=c:\windows\pss\Typle.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Petr Potůček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Petr Potůček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectTray]
2006-09-20 15:44 126976 ----a-w- c:\program files\Genius\TVGo DVB-T02Q MCE\DetectTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-17 12:54 133104 ----atw- c:\users\Petr Potůček\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-03-28 12:39 133368 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
2006-03-02 09:54 290816 ----a-w- c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
2007-12-25 13:53 548864 ----a-r- c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
2007-06-26 18:26 2058752 ----a-w- d:\zábava\Programy\yodm3D\Yodm3D.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9c,f4,ac,cb,c8,fc,c9,01
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R2 gupdate1c9c01d987a940;Služba Google Update (gupdate1c9c01d987a940);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R3 btnetBUs;IVT Bluetooth Bus Service for BtNic;c:\windows\system32\Drivers\btnetBus.sys [2008-10-22 29832]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-04-17 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-04-17 79360]
R3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [2009-04-17 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-04-17 79360]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\zábava\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 EC168BDA;TVGo DVB-T02Q MCE;c:\windows\system32\DRIVERS\EC168BDA.sys [2006-09-25 38400]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-04-10 20480]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-18 721904]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-03 1029456]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-05-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:00]
2010-05-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 11:57]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 11:58]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 11:58]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1860964676-2034717189-1328423215-1003Core.job
- c:\users\Host\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 18:59]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1860964676-2034717189-1328423215-1003UA.job
- c:\users\Host\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 18:59]
2010-05-09 c:\windows\Tasks\User_Feed_Synchronization-{F16BC65A-19BE-4A32-B7F4-AD087B0EEFBC}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\Flash Saver\save.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Přizpůsobit Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout Star Downloaderem - c:\program files\Star Downloader\sdie.htm
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Zobrazit originál
Trusted Zone: im-history.com
FF - ProfilePath - c:\users\Petr Potůček\AppData\Roaming\Mozilla\Firefox\Profiles\6k0lzcqg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Garena - c:\program files\Garena\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 20:24
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85B14BA0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8adc6d24
\Driver\ACPI -> acpi.sys @ 0x8069bd68
\Driver\atapi -> 0x874f31d0
\Driver\iaStor -> 0x85b14ba0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1860964676-2034717189-1328423215-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cd,05,1a,52,81,27,07,9e,b4,e4,f8,d4,3a,5f,75,b8,cb,4a,9e,1b,fa,ec,f3,
77,74,9b,ee,ef,a5,52,d9,d1,62,e9,6c,76,86,de,e1,48,0b,9a,b5,74,74,96,79,b7,\
"??"=hex:ce,4a,71,db,ea,06,4e,4f,aa,b0,c9,b0,56,87,f8,4a
[HKEY_USERS\S-1-5-21-1860964676-2034717189-1328423215-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,30,6e,66,e1,99,7b,a4,d4,c5,b7,c6,ec,be,d5,35,31,b7,a1,51,ea,
52,f7,6b,5d,bf,08,6c,ae,ed,d7,ed,fd,99,60,c2,18,d7,0a,7b,6e,34,a3,67,54,40,\
"rkeysecu"=hex:d3,f5,ee,d6,db,01,99,a2,47,8d,cb,ce,c0,68,a5,42
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5716)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscape.dll
c:\program files\Genius\TVGo DVB-T02Q MCE\Filter\mlcom.ax
c:\program files\Genius\TVGo DVB-T02Q MCE\Filter\mpeg2dmx.ax
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-05-09 20:30:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-09 18:30
ComboFix2.txt 2010-05-08 21:02
Před spuštěním: Volných bajtů: 27 234 701 312
Po spuštění: Volných bajtů: 26 933 125 120
- - End Of File - - 6841836BC9D029F0D4B84E7062EA5CB9
Nahr nˇ probŘhlo ŁspŘçnŘ
Re: Kontrola logu
Napsal: 09 kvě 2010 20:43
Smazáno, zbytek logu vypadá čistý. Změnilo se něco?
Re: Kontrola logu
Napsal: 09 kvě 2010 20:57
Ne, explorer.exe jede na 51 procent 
, jen mi teď ve správci jede mnohem méně procesů.
, jen mi teď ve správci jede mnohem méně procesů.Re: Kontrola logu
Napsal: 09 kvě 2010 21:58
Start>spustit>(napsat) msconfig>OK. Vypněte vše, co nepotřebujete.