jak se zbavit Autorun.inf ?

Zpráva

Raoul Duke · #1 Příspěvek od **Raoul Duke** » 03 srp 2011 16:12

Potřebuju poradit jak se zbavit autorun.inf a spousty podivných *.exe a *.pif souborů který se mi objevují na všech jednotkách .

Prolezl jsem spoustu stránek, našel pár návodů jak ho smazat ale ta mrcha autorun.inf se vždy objeví znova a nejspíš začne vytvářet i ty další soubory.
Microsoft security essentials ty autoruny smaže, ale se stejným výsledkem jako já - za chvíli jsou tam znova.

Taky už mi funguje jen nouzový režim.

Předem velký díky za každou dobrou radu

.

Ještě přikládám log:

Kód: Vybrat vše

ComboFix 11-08-03.02 - Aleš 03.08.2011  16:00:13.6.4 - x64 NETWORK
Microsoft® Windows Vista™ Business   6.0.6002.2.1250.420.1029.18.4094.3267 [GMT 2:00]
Spuštěný z: d:\download\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
 * Vytvořen nový Bod Obnovení
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\huukj.pif
E:\pybr.pif
J:\fnvp.pif
.
---- Předchozí spuštění -------
.
C:\abft.pif
C:\ajbg.exe
C:\ajfk.pif
C:\ajsu.pif
C:\akpdb.pif
C:\assllm.pif
C:\axck.exe
C:\bavkk.pif
C:\bhms.exe
C:\bhujq.pif
C:\bjskkd.exe
C:\bncdd.exe
C:\bomre.pif
C:\bpgkf.pif
C:\btxm.exe
C:\cafj.exe
C:\caqnav.pif
C:\cdcg.exe
C:\cflmf.exe
C:\cfqh.pif
C:\cjip.pif
C:\ckquxl.pif
C:\cmwh.pif
C:\coat.exe
C:\cpqqy.exe
C:\cpqv.exe
C:\cqmmq.exe
C:\cuiy.pif
C:\cwceko.pif
C:\dbst.pif
C:\dmie.exe
C:\dmtu.pif
C:\dprnp.exe
C:\dqtne.pif
C:\dqxjb.exe
C:\dsgmrq.exe
C:\dsxw.pif
C:\dvkhh.pif
C:\dwehaq.pif
C:\dwun.pif
C:\ecwt.pif
C:\edvpak.pif
C:\egen.exe
C:\eiat.pif
C:\eiuqy.pif
C:\ejduov.pif
C:\emostp.pif
C:\emrs.pif
C:\epil.pif
C:\esrta.pif
C:\etjpw.pif
C:\euou.exe
C:\ewwalp.pif
C:\exlyq.pif
C:\eyif.exe
C:\eyjy.pif
C:\eynf.pif
C:\fcyai.pif
C:\fdkx.pif
C:\fedr.exe
C:\fewho.pif
C:\fhqhy.pif
C:\fjlpw.exe
C:\fkms.exe
C:\flqtk.pif
C:\flrv.exe
C:\fmdg.exe
C:\fsjn.exe
C:\fumcgr.pif
C:\furvw.pif
C:\fvcov.pif
C:\fvhqh.pif
C:\gjgj.exe
C:\gjqv.exe
C:\gjyx.exe
C:\gxkob.pif
C:\haga.exe
C:\huukj.pif
C:\hxbw.exe
C:\chcy.exe
C:\ibtr.exe
C:\iddy.exe
C:\iqjqhd.pif
C:\irkda.pif
C:\irpu.pif
C:\isym.exe
C:\jaqyx.pif
C:\jenb.exe
C:\joyg.exe
C:\jwsxv.pif
C:\jydfk.pif
C:\kaero.pif
C:\kdcjsh.exe
C:\keyq.exe
C:\kfqfjt.exe
C:\kfsa.pif
C:\kghx.pif
C:\kgts.exe
C:\kgyhyh.exe
C:\kkbe.exe
C:\kkxvtw.exe
C:\kqmf.exe
C:\krxp.pif
C:\lgasl.pif
C:\ljhtnq.pif
C:\llky.pif
C:\lqptbh.exe
C:\lsuy.pif
C:\lvpw.pif
C:\mdpyb.pif
C:\mdse.pif
C:\miyrsb.pif
C:\mjifaj.pif
C:\mnker.pif
C:\mrwow.pif
C:\mylq.pif
C:\nbxo.exe
C:\nddxv.exe
C:\ndeb.exe
C:\neeb.exe
C:\nglvh.pif
C:\ngud.pif
C:\nipiq.pif
C:\njrmgo.pif
C:\nmmrqc.pif
C:\nswrqb.pif
C:\ntqp.pif
C:\ocqnn.pif
C:\odre.exe
C:\oerdpk.pif
C:\ofdxhj.pif
C:\ojsqa.pif
C:\olvpmj.pif
C:\oomd.exe
C:\opyi.exe
C:\oqha.exe
C:\oqiod.pif
C:\owjwal.pif
C:\oxoc.exe
C:\pcoiga.pif
C:\pecv.exe
C:\ppqc.pif
C:\pvbmee.pif
C:\pvkin.pif
C:\pytn.exe
C:\qakigq.pif
C:\qeerwn.pif
C:\qekl.exe
C:\qfig.exe
C:\qfky.exe
C:\qkfly.pif
C:\qmawc.pif
C:\qmnur.pif
C:\quoe.exe
C:\radc.pif
C:\rcuc.exe
C:\rcvnb.exe
C:\rerao.pif
C:\rfyry.exe
C:\rgsnp.pif
C:\rkkunt.pif
C:\rors.pif
C:\rosl.exe
C:\rqck.pif
C:\rttj.pif
C:\rvamkv.pif
C:\rxji.pif
C:\sffkq.pif
C:\sfwip.pif
C:\sgsl.exe
C:\shfgw.exe
C:\sidvl.pif
C:\sjhdf.pif
C:\slunxp.pif
C:\spugpn.pif
C:\srgsbh.exe
C:\srrhb.exe
C:\sttdj.pif
C:\swmya.pif
C:\tblqp.pif
C:\tbque.pif
C:\tedkqt.pif
C:\tlct.exe
C:\tmgw.pif
C:\tmtnrw.pif
C:\tqkuh.pif
C:\tqvgjl.exe
C:\tsapoq.pif
C:\tsxy.pif
C:\tvxfdm.pif
C:\txoa.pif
C:\tyfj.exe
C:\udifx.pif
C:\uemy.exe
C:\ufnnna.pif
C:\ugaci.pif
C:\uobori.pif
C:\urclh.pif
c:\users\ALE~1\AppData\Local\Temp\sfamcc00001.dll
c:\users\ALE~1\AppData\Local\Temp\sfareca00001.dll
c:\users\Aleš\AppData\Local\Temp\sfamcc00001.dll
c:\users\Aleš\AppData\Local\Temp\sfareca00001.dll
C:\usthax.pif
C:\vcnk.exe
C:\vhof.pif
C:\viartk.pif
C:\vipw.exe
C:\vmls.pif
C:\vmovf.pif
C:\vowrv.pif
C:\vrqj.pif
C:\vwxmpi.pif
C:\vxgs.exe
C:\vycndd.pif
C:\vyhn.pif
C:\wagg.pif
C:\wbffky.exe
C:\wcfpp.exe
C:\wcvxt.pif
C:\wddo.exe
C:\wfqxcv.pif
C:\wfvjuh.pif
C:\wgoq.pif
c:\windows\iun6002.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
C:\wlvwrd.pif
C:\wnfeqa.pif
C:\wurs.exe
C:\wwihf.pif
C:\xdxiyf.pif
C:\xgbn.pif
C:\xgmjx.exe
C:\xjinr.pif
C:\xjtcjh.exe
C:\xogj.exe
C:\xpjj.pif
C:\xqdlc.pif
C:\xtkfmk.pif
C:\xtlbng.exe
C:\xtthgc.exe
C:\ycly.pif
C:\ycmu.pif
C:\ycpsiq.pif
C:\ydnj.pif
C:\yfjn.exe
C:\ykycis.pif
C:\ypybeh.pif
C:\ytdp.exe
C:\yuxbtb.pif
C:\yxmk.pif
D:\abeciw.pif
D:\acvn.exe
D:\adeh.exe
D:\ahligq.pif
D:\akbey.pif
D:\akct.exe
D:\amahj.pif
D:\bavv.exe
D:\bbfe.exe
D:\bcrj.pif
D:\bdihh.pif
D:\bhxo.exe
D:\bhxpc.pif
D:\bkrbe.pif
D:\blylyh.pif
D:\boths.pif
D:\bvms.exe
D:\bxss.pif
D:\cbjq.pif
D:\cduqa.pif
D:\cent.exe
D:\cfwksu.pif
D:\cgdk.exe
D:\cgqra.pif
D:\ckon.exe
D:\clfje.pif
D:\cmdu.exe
D:\cnbsln.pif
D:\cnwpa.pif
D:\cuse.exe
D:\cvll.pif
D:\cwep.pif
D:\cyjw.exe
D:\cymbh.pif
D:\cymr.exe
D:\dbgnt.pif
D:\dbhf.exe
D:\ddoqb.pif
D:\ddxmr.pif
D:\dhpjrn.exe
D:\dhte.exe
D:\digfqh.pif
D:\disp.pif
D:\dkbg.exe
D:\dlla.exe
D:\dmnl.pif
D:\dnun.exe
D:\dsxumn.pif
D:\dtbms.pif
D:\dydeak.pif
D:\ebhjrw.pif
D:\eicp.pif
D:\eiobr.pif
D:\ejbqn.pif
D:\ekgchm.pif
D:\elxul.pif
D:\epxe.exe
D:\eqjyip.pif
D:\eqpu.exe
D:\evug.exe
D:\fcpwh.exe
D:\ffknx.pif
D:\fklneb.pif
D:\fmdpyw.pif
D:\frrsc.exe
D:\fwxpp.pif
D:\gcis.pif
D:\gdklkd.pif
D:\gjnqv.exe
D:\gkmx.exe
D:\gnxo.exe
D:\govda.pif
D:\gscfb.exe
D:\gugi.pif
D:\gvci.pif
D:\gxcpcc.pif
D:\gxql.exe
D:\hbjpmy.exe
D:\hclrlk.exe
D:\hekkl.pif
D:\hivk.pif
D:\hkpdt.pif
D:\hrhptf.exe
D:\hspx.exe
D:\huit.exe
D:\hwjtm.exe
D:\hxmml.exe
D:\hxtl.pif
D:\chlwq.pif
D:\idbrm.pif
D:\iehiv.pif
D:\ihsu.exe
D:\imnwpo.pif
D:\ipgj.pif
D:\iveg.exe
D:\iwmqfl.pif
D:\jayucv.pif
D:\jdcyfg.exe
D:\jepy.pif
D:\jeyv.exe
D:\jgqwy.pif
D:\jics.exe
D:\jjpmdw.exe
D:\jmwngt.exe
D:\juvlxi.pif
D:\jvvyv.pif
D:\jwbgtj.exe
D:\jyad.pif
D:\jyws.exe
D:\kcncbl.exe
D:\ketdy.pif
D:\kfdb.pif
D:\kfmgkb.exe
D:\kgbj.exe
D:\kiexub.pif
D:\kjhbji.pif
D:\knuk.pif
D:\kobd.pif
D:\kppejs.pif
D:\kqmrm.exe
D:\kqne.exe
D:\krhhh.exe
D:\ksyhd.exe
D:\ktprb.pif
D:\kxxdrx.exe
D:\kymui.pif
D:\lbrvr.exe
D:\lcus.pif
D:\ldyoju.pif
D:\lilf.pif
D:\ljkw.pif
D:\lkpg.pif
D:\lnsv.exe
D:\locebt.pif
D:\lpjw.exe
D:\lppjj.exe
D:\lsbbl.pif
D:\ltbh.exe
D:\lvak.exe
D:\mect.exe
D:\mgrt.pif
D:\mgxwd.pif
D:\mhcry.exe
D:\migf.pif
D:\mtnlhl.exe
D:\muicmq.pif
D:\myhk.exe
D:\ncrk.exe
D:\nffnqx.pif
D:\nfsj.exe
D:\njyy.exe
D:\nmdyat.pif
D:\nmqs.pif
D:\nmyp.exe
D:\npeglu.pif
D:\nqap.pif
D:\nrvqvl.pif
D:\nscymr.pif
D:\ntahn.pif
D:\nvsxjb.pif
D:\nykcp.exe
D:\oftm.exe
D:\ojwi.exe
D:\omij.pif
D:\oslkgh.pif
D:\osmkiu.pif
D:\ovha.pif
D:\ovjp.pif
D:\ovqc.pif
D:\owuf.exe
D:\pdhx.exe
D:\pdtdy.exe
D:\pgsckl.pif
D:\pkwywl.pif
D:\plyaa.pif
D:\pnhvy.pif
D:\pntyf.exe
d:\programy\Steam\Steam.exe
D:\prxgg.exe
D:\psif.pif
D:\pwjbn.pif
D:\pxkh.exe
D:\pxygm.pif
D:\qduw.pif
D:\qgvwfx.exe
D:\qqjfrj.pif
D:\qslrvp.pif
D:\qxoirp.pif
D:\rabba.pif
D:\raey.pif
D:\rcwu.exe
D:\rghmj.pif
D:\rglo.exe
D:\riixp.pif
D:\rlex.pif
D:\rlxrwf.pif
D:\rqllpa.pif
D:\rwhng.pif
D:\scsya.pif
D:\siqy.exe
D:\sjgr.exe
D:\sjhssh.pif
D:\sjix.exe
D:\smvhgb.exe
D:\spgpp.exe
D:\sucvx.pif
D:\svxmem.pif
D:\taje.exe
D:\tbrd.exe
D:\tjantq.pif
D:\tlovfd.pif
D:\tnebho.pif
D:\tryqsp.exe
D:\udpir.pif
D:\ufdbvm.pif
D:\ukrn.exe
D:\unhnqo.pif
D:\unuajb.pif
D:\uoajq.pif
D:\uobiq.pif
D:\uowqo.pif
D:\vcghxu.pif
D:\vhbo.pif
D:\vhywn.pif
D:\vnxtge.pif
D:\vobjfe.pif
D:\vomktt.pif
D:\vsce.exe
D:\vujaiy.pif
D:\vwdtx.pif
D:\vxhws.exe
D:\wbfg.exe
D:\wbpljf.pif
D:\wiixa.pif
D:\wlny.exe
D:\wlvock.pif
D:\wmva.exe
D:\wnkv.exe
D:\wqubpm.pif
D:\wvof.exe
D:\wwgjv.pif
D:\wxpvjx.pif
D:\wxwni.pif
D:\wyxgqw.exe
D:\xdmv.exe
D:\xfwwq.exe
D:\xobd.exe
D:\xsbpsg.exe
D:\xxhnyt.exe
D:\xyms.exe
D:\yanhyx.pif
D:\ybld.pif
D:\yblmf.pif
D:\ybxtqh.exe
D:\yctgq.exe
D:\yhvx.exe
D:\yjwqd.exe
D:\ykshsh.pif
D:\ytosu.pif
D:\yufmkg.pif
D:\ywcyg.pif
D:\ywqvd.pif
D:\yynle.pif
E:\ahsht.pif
E:\alrs.exe
E:\anny.exe
E:\avbnjp.pif
E:\avrrp.pif
E:\aygps.pif
E:\bbju.exe
E:\bcouur.pif
E:\bieu.pif
E:\bkqre.pif
E:\bkvh.exe
E:\blrytj.exe
E:\bmjh.pif
E:\bnsmr.pif
E:\bocb.exe
E:\bpxrv.exe
E:\btxat.pif
E:\bvwxp.pif
E:\cacqqx.pif
E:\cajroe.pif
E:\ccav.pif
E:\cfcb.exe
E:\cmug.exe
E:\ctbg.exe
E:\cumy.exe
E:\dbcrfb.exe
E:\dbip.pif
E:\dbna.pif
E:\debwib.pif
E:\djdbi.pif
E:\dkxv.pif
E:\doff.exe
E:\dvfmt.exe
E:\dwjwpq.exe
E:\dxtm.pif
E:\dymjkd.exe
E:\emap.pif
E:\emhvxj.pif
E:\eniqj.pif
E:\esmm.exe
E:\esvmba.pif
E:\eujx.exe
E:\excl.exe
E:\eysf.pif
E:\fbtw.pif
E:\fdpsq.exe
E:\ffil.pif
E:\ffplj.exe
E:\fksm.pif
E:\fohn.pif
E:\fqrx.pif
E:\ftok.pif
E:\fwhlv.pif
E:\gdhrf.pif
E:\gghekn.pif
E:\gmttm.exe
E:\gtbj.exe
E:\gtttwh.pif
E:\gwaeb.pif
E:\hclof.pif
E:\hehtvx.pif
E:\hrnjyc.exe
E:\hvtxj.pif
E:\hvyh.exe
E:\ibsa.exe
E:\iekv.exe
E:\ifcgn.pif
E:\imuv.exe
E:\iqoe.pif
E:\jcdhl.exe
E:\jdhpv.pif
E:\jfoj.exe
E:\jhbq.exe
E:\jjvkpk.exe
E:\jmgxtb.exe
E:\jolnam.pif
E:\jrjj.pif
E:\kbnji.pif
E:\kcqf.pif
E:\kgoq.exe
E:\khkfnu.pif
E:\kqft.exe
E:\kqspy.exe
E:\ktwld.exe
E:\kvxd.exe
E:\lasd.pif
E:\lmtk.pif
E:\lpne.exe
E:\lqcyy.pif
E:\lqvdg.exe
E:\mdcj.exe
E:\medc.exe
E:\mfaork.pif
E:\mfch.exe
E:\mowux.pif
E:\mrtbc.pif
E:\muxdau.pif
E:\mwrlp.exe
E:\mwvd.exe
E:\nfgtrw.pif
E:\nksn.pif
E:\nlkmc.pif
E:\nohn.exe
E:\nvgy.pif
E:\nvjk.pif
E:\nxod.exe
E:\oayvnn.pif
E:\occs.exe
E:\oceidd.pif
E:\offl.exe
E:\oinr.exe
E:\oowb.exe
E:\opxi.exe
E:\oucx.pif
E:\oxwd.exe
E:\pdpl.exe
E:\pethj.pif
E:\piry.pif
E:\pmdxjn.exe
E:\pxcv.exe
E:\pxhw.pif
E:\pybr.pif
E:\qbmip.pif
E:\qdjjuj.pif
E:\qgne.exe
E:\qjhr.pif
E:\qkctq.exe
E:\qlpuh.pif
E:\qogkhx.pif
E:\qpjccw.pif
E:\qyoq.exe
E:\rcol.pif
E:\rimtfp.pif
E:\rngv.exe
E:\rnod.exe
E:\rpgv.pif
E:\rpmn.exe
E:\rqfhr.exe
E:\rspu.pif
E:\scxi.pif
E:\sebe.pif
E:\sfcv.pif
E:\sgtptp.pif
E:\skxqdt.pif
E:\srdq.pif
E:\ssmo.exe
E:\stql.exe
E:\sutqyk.pif
E:\swlcc.pif
E:\talmxe.pif
E:\tdui.exe
E:\tifgc.pif
E:\tjtnn.pif
E:\tsrq.pif
E:\tsxa.pif
E:\twcw.pif
E:\tylmc.pif
E:\ugrt.exe
E:\uidi.exe
E:\unhese.pif
E:\unkm.pif
E:\urmb.pif
E:\uryub.pif
E:\uyql.exe
E:\vbtas.pif
E:\vdshwt.exe
E:\vfqw.exe
E:\vhim.pif
E:\viky.pif
E:\vngqbg.exe
E:\vpatyd.pif
E:\vrkvg.pif
E:\vtkndn.pif
E:\vwxlv.pif
E:\wbof.pif
E:\wcgp.exe
E:\wedv.exe
E:\whfo.exe
E:\wifn.pif
E:\xctyyx.pif
E:\xmdqri.pif
E:\xrph.exe
E:\xwtn.exe
E:\xxis.pif
E:\yccsj.pif
E:\yfassn.pif
E:\yxst.pif
I:\aajrxo.pif
I:\abhc.exe
I:\bhaxoy.pif
I:\bhcqc.pif
I:\bilg.pif
I:\catl.exe
I:\cjcqde.pif
I:\cjvk.pif
I:\claa.exe
I:\cmmc.exe
I:\cpxd.pif
I:\csvhc.pif
I:\cthc.exe
I:\dagy.exe
I:\dbju.pif
I:\diapbb.pif
I:\djyxl.pif
I:\draccs.pif
I:\ebqq.exe
I:\ecjj.pif
I:\ekfa.exe
I:\emav.pif
I:\endtg.pif
I:\esox.exe
I:\fcbrmn.pif
I:\fcio.pif
I:\ffvle.pif
I:\fjdjc.pif
I:\fqfv.exe
I:\fxkgon.pif
I:\gaco.pif
I:\geayr.pif
I:\gepl.exe
I:\gjot.exe
I:\gjxa.exe
I:\gnai.pif
I:\gwcrvk.exe
I:\harai.pif
I:\hcjk.exe
I:\hdknm.exe
I:\hmou.exe
I:\hqxrxe.pif
I:\httg.exe
I:\hyjfeb.pif
I:\ibtqo.pif
I:\ifron.pif
I:\ilqgq.pif
I:\inlhqg.pif
I:\ioigx.pif
I:\jddjn.pif
I:\jhcbav.pif
I:\jpeo.exe
I:\jpxgpx.exe
I:\jwbnce.pif
I:\kaiohf.pif
I:\kdap.pif
I:\kdmp.exe
I:\kftb.pif
I:\koiv.exe
I:\kolh.pif
I:\kpkqsq.pif
I:\krpdsu.pif
I:\lackq.pif
I:\lbwd.pif
I:\lejy.exe
I:\lpuy.pif
I:\ltku.exe
I:\ltys.pif
I:\lxkrkl.exe
I:\mnbwti.pif
I:\mngten.pif
I:\mpvvbx.pif
I:\mrdt.exe
I:\nndny.pif
I:\npjxq.pif
I:\nsvk.exe
I:\ntgm.pif
I:\nxhkw.exe
I:\oioyjc.pif
I:\pavp.exe
I:\pccv.exe
I:\pcquco.pif
I:\pdkj.pif
I:\pdqx.exe
I:\phnc.pif
I:\piamp.pif
I:\pjmhjb.exe
I:\pmkrow.pif
I:\pmyyc.exe
I:\qhlotc.pif
I:\qmvpf.exe
I:\qxmqhm.exe
I:\rffwq.pif
I:\rgnf.pif
I:\rtpl.exe
I:\rtsk.pif
I:\rxxwpb.pif
I:\ryqrjt.pif
I:\scomvl.pif
I:\sjkexx.pif
I:\skyt.exe
I:\sqpp.exe
I:\tbepqw.pif
I:\tbvcql.exe
I:\tcmqff.pif
I:\tfhskd.exe
I:\tfpy.pif
I:\tglul.pif
I:\tiqgh.pif
I:\tpjgp.pif
I:\ucrqjb.pif
I:\ufarbe.pif
I:\ufui.pif
I:\ugka.pif
I:\ugkd.exe
I:\uins.exe
I:\utsja.pif
I:\uwdf.exe
I:\vfqd.pif
I:\vmpwq.exe
I:\vnilbc.pif
I:\vykpry.pif
I:\vywfeg.pif
I:\wbpvqc.exe
I:\wftbq.pif
I:\wnim.pif
I:\wqbo.pif
I:\wrii.exe
I:\wyysrl.pif
I:\xantlj.pif
I:\xdyv.pif
I:\xfkd.pif
I:\xuik.exe
I:\ybig.exe
I:\yebm.pif
I:\ygdkow.pif
I:\ygtj.exe
I:\yhgs.exe
I:\yjhi.pif
I:\ywiv.exe
J:\fnvp.pif
J:\jgyvwt.pif
J:\olfk.pif
J:\pbdpgt.pif
J:\vpntbb.exe
K:\adpp.exe
K:\akppne.pif
K:\amlk.pif
K:\autorun.inf
K:\bcjuo.pif
K:\bncn.pif
K:\bvlv.exe
K:\cjsm.exe
K:\cmymym.pif
K:\cstyd.pif
K:\csyix.pif
K:\cxcuy.pif
K:\dcrsd.exe
K:\dpojb.pif
K:\eqmf.pif
K:\evgj.pif
K:\ewjcn.pif
K:\fftmkb.exe
K:\flqu.pif
K:\fqvj.exe
K:\frph.pif
K:\gbfw.pif
K:\gcili.pif
K:\gfkxr.exe
K:\gfrcnb.exe
K:\ggyuj.pif
K:\gijuvc.pif
K:\gqpkp.exe
K:\gwvcl.pif
K:\hblagr.pif
K:\hieu.pif
K:\ilxaw.pif
K:\ipnqgp.pif
K:\islh.exe
K:\iwwr.pif
K:\jhlvgn.exe
K:\jlulww.pif
K:\jsod.exe
K:\jwdb.pif
K:\kcyo.exe
K:\kdni.pif
K:\kwtft.pif
K:\lgtqyj.exe
K:\lhrdh.pif
K:\lvjyq.exe
K:\mchmwf.exe
K:\mifaf.pif
K:\mtkp.pif
K:\mxpdeq.pif
K:\nkjoph.pif
K:\nkkkb.pif
K:\nvwdl.exe
K:\oald.exe
K:\oikw.exe
K:\olxk.exe
K:\onmw.exe
K:\ouyd.pif
K:\papfg.pif
K:\qatqc.pif
K:\qlbmxk.exe
K:\rhdo.exe
K:\rjhfn.pif
K:\rjqr.exe
K:\rsxl.exe
K:\rtjjpr.exe
K:\rtwgf.pif
K:\rybn.pif
K:\skkpx.pif
K:\sspthj.exe
K:\tasvdw.pif
K:\tfsl.exe
K:\tmvcrh.exe
K:\tvvg.pif
K:\ubagq.pif
K:\ukqnp.pif
K:\vcnq.exe
K:\vcqka.pif
K:\vroes.pif
K:\vthkaj.pif
K:\whpt.pif
K:\wkty.pif
K:\xetu.exe
K:\xgvjxp.pif
K:\xpok.pif
K:\ybgm.exe
K:\yfcx.pif
K:\yfovil.pif
K:\yhdgu.pif
K:\ypsmf.exe
K:\ystb.exe
R:\liiqad.pif
.
----- Souboroví replikátoři -----
.
C:\acltqk.exe
C:\adega.exe
C:\ahhlf.exe
C:\ajbg.exe
C:\akvifv.exe
C:\awcxre.exe
C:\bbolyn.exe
C:\bhms.exe
C:\bitesn.exe
C:\bjskkd.exe
C:\bncdd.exe
C:\bpjeb.exe
C:\btqruy.exe
C:\cafj.exe
C:\cbqapk.exe
C:\cdcg.exe
C:\ckapvu.exe
C:\coat.exe
C:\cokijo.exe
C:\cpqqy.exe
C:\cpqv.exe
C:\cqmmq.exe
C:\cvsuv.exe
C:\dfaja.exe
C:\dmie.exe
C:\dnodlm.exe
C:\dqxjb.exe
C:\dsgmrq.exe
C:\egen.exe
C:\elfyan.exe
C:\eveaxy.exe
C:\eyif.exe
C:\fedr.exe
C:\fjlpw.exe
C:\fkms.exe
C:\flrv.exe
C:\fmdg.exe
C:\fsjn.exe
C:\fvjeu.exe
C:\fwtous.exe
C:\gjgj.exe
C:\gjqv.exe
C:\gjyx.exe
C:\glpud.exe
C:\gvhab.exe
C:\haga.exe
C:\hxbw.exe
C:\chcy.exe
C:\ibtr.exe
C:\icmwoq.exe
C:\iddy.exe
C:\illgj.exe
C:\isym.exe
C:\jbqsap.exe
C:\jenb.exe
C:\jfoapn.exe
C:\jgkeis.exe
C:\joyg.exe
C:\jxcnu.exe
C:\kcoha.exe
C:\kdcjsh.exe
C:\keyq.exe
C:\kfqfjt.exe
C:\kgts.exe
C:\kgyhyh.exe
C:\khlfo.exe
C:\kkbe.exe
C:\kkxvtw.exe
C:\kljlca.exe
C:\kpyeu.exe
C:\kqmf.exe
C:\kuseh.exe
C:\lqptbh.exe
C:\lvojcr.exe
C:\mqifg.exe
C:\nahfh.exe
C:\nbxo.exe
C:\nddxv.exe
C:\ndeb.exe
C:\nmfax.exe
C:\nsxdi.exe
C:\odre.exe
C:\ofvbfw.exe
C:\oomd.exe
C:\opyi.exe
C:\oqha.exe
C:\oxoc.exe
C:\pbpur.exe
C:\pecv.exe
C:\pqhaoc.exe
C:\psowjy.exe
C:\pxeffq.exe
C:\pytn.exe
C:\qekhv.exe
C:\qekl.exe
C:\qfig.exe
C:\qfky.exe
C:\qndgaq.exe
C:\qphxai.exe
C:\quoe.exe
C:\qxcvaa.exe
C:\rajxqf.exe
C:\rcuc.exe
C:\rcvnb.exe
C:\rfhai.exe
C:\rfyry.exe
C:\rociuf.exe
C:\rosl.exe
C:\rujtbl.exe
C:\sgsl.exe
C:\shfgw.exe
C:\sjcqu.exe
C:\sqounb.exe
C:\srgsbh.exe
C:\srrhb.exe
C:\tgevw.exe
C:\tlct.exe
C:\tmkkli.exe
C:\tqvgjl.exe
C:\txapfd.exe
C:\tyalnv.exe
C:\tyfj.exe
C:\uaoiu.exe
C:\uemy.exe
C:\ueqlgt.exe
C:\uiried.exe
C:\uktuss.exe
C:\uonblj.exe
C:\upiip.exe
C:\upsjmh.exe
C:\uwfbgx.exe
C:\vcneuo.exe
C:\vcnk.exe
C:\vipw.exe
C:\vucjj.exe
C:\vxgs.exe
C:\watumb.exe
C:\wbffky.exe
C:\wcfpp.exe
C:\wddo.exe
C:\wdiik.exe
C:\wurs.exe
C:\xgmjx.exe
C:\xjtcjh.exe
C:\xjumxr.exe
C:\xkjvcu.exe
C:\xogj.exe
C:\xtlbng.exe
C:\xtthgc.exe
C:\yfjn.exe
C:\yjtxo.exe
C:\ypwdes.exe
C:\yqiso.exe
C:\ytdp.exe
D:\aalbus.exe
D:\acvn.exe
D:\adeh.exe
D:\afpayf.exe
D:\agltg.exe
D:\agmpp.exe
D:\ahrthr.exe
D:\aknvq.exe
D:\akrmm.exe
D:\alvcw.exe
D:\autxh.exe
D:\awnyng.exe
D:\bavv.exe
D:\bbfe.exe
D:\bhxo.exe
D:\bvms.exe
D:\cent.exe
D:\cgdk.exe
D:\ckon.exe
D:\cmdu.exe
D:\cqlyob.exe
D:\cuse.exe
D:\cyjw.exe
D:\cymr.exe
D:\dajish.exe
D:\dbhf.exe
D:\dhpjrn.exe
D:\dhqfe.exe
D:\dhte.exe
D:\dkbg.exe
D:\dlla.exe
D:\dlmba.exe
D:\dmliq.exe
D:\dnun.exe
D:\dpgej.exe
D:\drjuwp.exe
D:\dwoxo.exe
D:\ebwxdd.exe
D:\ehfxw.exe
D:\eibajk.exe
D:\eihnl.exe
D:\epxe.exe
D:\eqpu.exe
D:\etlfur.exe
D:\evug.exe
D:\fcpwh.exe
D:\fioid.exe
D:\flqqu.exe
D:\frlpar.exe
D:\frrsc.exe
D:\gauwbn.exe
D:\gjnqv.exe
D:\gkmx.exe
D:\gnxo.exe
D:\gscfb.exe
D:\gxql.exe
D:\gxseas.exe
D:\hbjpmy.exe
D:\hcmey.exe
D:\hdnrgu.exe
D:\hhilbj.exe
D:\hrhptf.exe
D:\hspx.exe
D:\huit.exe
D:\huprr.exe
D:\hwjtm.exe
D:\hxmml.exe
D:\iekli.exe
D:\ihsu.exe
D:\ikjiu.exe
D:\inpkc.exe
D:\iomjxr.exe
D:\iqxmos.exe
D:\iveg.exe
D:\ixewnp.exe
D:\jdcyfg.exe
D:\jeyv.exe
D:\jics.exe
D:\jjpmdw.exe
D:\jmwngt.exe
D:\jobifw.exe
D:\jwbgtj.exe
D:\jwgafc.exe
D:\jxxji.exe
D:\jyws.exe
D:\karfhe.exe
D:\kcncbl.exe
D:\kfmgkb.exe
D:\kgbj.exe
D:\kodggo.exe
D:\kovric.exe
D:\kqmrm.exe
D:\kqne.exe
D:\krhhh.exe
D:\krsjug.exe
D:\ksyhd.exe
D:\kungs.exe
D:\kxxdrx.exe
D:\lbrvr.exe
D:\ldsqa.exe
D:\liwkt.exe
D:\lnsv.exe
D:\lpjw.exe
D:\lppjj.exe
D:\ltbh.exe
D:\lvak.exe
D:\maghwf.exe
D:\mect.exe
D:\mepcc.exe
D:\mhcry.exe
D:\mrdfan.exe
D:\mtnlhl.exe
D:\mulux.exe
D:\myhk.exe
D:\nciww.exe
D:\ncrk.exe
D:\ndhkvu.exe
D:\nfsj.exe
D:\njyy.exe
D:\nmyp.exe
D:\nptduy.exe
D:\nykcp.exe
D:\oavogs.exe
D:\odwvqr.exe
D:\oftm.exe
D:\ojwi.exe
D:\oufqp.exe
D:\owuf.exe
D:\oymipt.exe
D:\pdhx.exe
D:\pdtdy.exe
D:\pgsto.exe
D:\pjcmfo.exe
D:\pntyf.exe
D:\prxgg.exe
D:\ptyou.exe
D:\pxkh.exe
D:\pyynuq.exe
D:\qboex.exe
D:\qgvwfx.exe
D:\qhepct.exe
D:\rbtal.exe
D:\rcwu.exe
D:\rglo.exe
D:\rsuph.exe
D:\salslt.exe
D:\siqy.exe
D:\sjgr.exe
D:\sjix.exe
D:\smvhgb.exe
D:\spgpp.exe
D:\sqqeak.exe
D:\syuehs.exe
D:\taje.exe
D:\tbrd.exe
D:\tpedq.exe
D:\tryqsp.exe
D:\tsgogo.exe
D:\txhbee.exe
D:\ugdjry.exe
D:\uhfxr.exe
D:\uiksh.exe
D:\ujfgc.exe
D:\ukrn.exe
D:\unouj.exe
D:\untvdx.exe
D:\uqwmsd.exe
D:\uwyab.exe
D:\vghoia.exe
D:\vhmas.exe
D:\vsce.exe
D:\vxhws.exe
D:\vypwpi.exe
D:\wapua.exe
D:\wbfg.exe
D:\weasho.exe
D:\wlny.exe
D:\wmva.exe
D:\wnkv.exe
D:\wusgvg.exe
D:\wvof.exe
D:\wyxgqw.exe
D:\xbpuke.exe
D:\xdmv.exe
D:\xfwwq.exe
D:\xobd.exe
D:\xsbpsg.exe
D:\xxhnyt.exe
D:\xyms.exe
D:\yaxtk.exe
D:\ybxtqh.exe
D:\yctgq.exe
D:\yhvx.exe
D:\yjwqd.exe
D:\ypsod.exe
D:\yrrac.exe
E:\adyuw.exe
E:\ajbpp.exe
E:\alrs.exe
E:\anny.exe
E:\babtb.exe
E:\bbju.exe
E:\beimtl.exe
E:\bhxgo.exe
E:\bimmno.exe
E:\bkvh.exe
E:\blrytj.exe
E:\bocb.exe
E:\bpxrv.exe
E:\bvbtdt.exe
E:\bymli.exe
E:\catdm.exe
E:\cfcb.exe
E:\clbhto.exe
E:\cmug.exe
E:\ctbg.exe
E:\cumy.exe
E:\cyuaef.exe
E:\dbcrfb.exe
E:\dkoejc.exe
E:\dmged.exe
E:\doff.exe
E:\duuaua.exe
E:\dvfmt.exe
E:\dwjwpq.exe
E:\dymjkd.exe
E:\educs.exe
E:\eetjoo.exe
E:\eggvp.exe
E:\eiaiv.exe
E:\eiwqfh.exe
E:\esmm.exe
E:\eujx.exe
E:\excl.exe
E:\eyiuv.exe
E:\fdpsq.exe
E:\ffplj.exe
E:\fjikk.exe
E:\fowvgi.exe
E:\fuvqf.exe
E:\gderwe.exe
E:\gmttm.exe
E:\grgkaf.exe
E:\grsmot.exe
E:\gtbj.exe
E:\hbfayb.exe
E:\hctot.exe
E:\hefgyd.exe
E:\hrnjyc.exe
E:\huayn.exe
E:\hylroi.exe
E:\ibsa.exe
E:\iekv.exe
E:\ifdnn.exe
E:\ikfrql.exe
E:\imuv.exe
E:\inllh.exe
E:\iohao.exe
E:\iytfn.exe
E:\jcdhl.exe
E:\jexqnm.exe
E:\jhbq.exe
E:\jjvkpk.exe
E:\jmgxtb.exe
E:\jquncb.exe
E:\kaxife.exe
E:\kevup.exe
E:\kgoq.exe
E:\kqft.exe
E:\kqspy.exe
E:\ktwld.exe
E:\kvxd.exe
E:\kxocch.exe
E:\lopod.exe
E:\lpne.exe
E:\lqvdg.exe
E:\lvnan.exe
E:\mdcj.exe
E:\medc.exe
E:\mfch.exe
E:\mwrlp.exe
E:\mwvd.exe
E:\nohn.exe
E:\nxod.exe
E:\oaeqpc.exe
E:\obobs.exe
E:\occs.exe
E:\offl.exe
E:\oinr.exe
E:\oowb.exe
E:\oxwd.exe
E:\pdpl.exe
E:\pegmk.exe
E:\pexkxn.exe
E:\pmdxjn.exe
E:\pxcv.exe
E:\qgne.exe
E:\qkctq.exe
E:\qyoq.exe
E:\rngv.exe
E:\rnod.exe
E:\rpmn.exe
E:\rqfhr.exe
E:\soypdp.exe
E:\sqtsoy.exe
E:\ssmo.exe
E:\ssujo.exe
E:\stql.exe
E:\svfif.exe
E:\tdgila.exe
E:\tdhqu.exe
E:\tdui.exe
E:\tlujp.exe
E:\uenivd.exe
E:\ugrt.exe
E:\uidi.exe
E:\utoaw.exe
E:\uyql.exe
E:\vdshwt.exe
E:\vfqw.exe
E:\vngqbg.exe
E:\vqhkke.exe
E:\vtahc.exe
E:\wcgp.exe
E:\wedv.exe
E:\whfo.exe
E:\whhphe.exe
E:\winogx.exe
E:\witch.exe
E:\wjcedj.exe
E:\wjdfay.exe
E:\wsvnku.exe
E:\xjijh.exe
E:\xqdvo.exe
E:\xtquy.exe
E:\xuthq.exe
E:\xwtn.exe
E:\xxxamd.exe
E:\ygxes.exe
E:\yjcaa.exe
E:\yusknx.exe
I:\aaikh.exe
I:\abhc.exe
I:\adqda.exe
I:\aogjw.exe
I:\awjwf.exe
I:\axhokt.exe
I:\ayjvra.exe
I:\bqavq.exe
I:\catl.exe
I:\claa.exe
I:\cmmc.exe
I:\cthc.exe
I:\cvudh.exe
I:\dagy.exe
I:\dpywas.exe
I:\ebqq.exe
I:\efbljq.exe
I:\ekfa.exe
I:\ektlo.exe
I:\eqpypc.exe
I:\esox.exe
I:\fqfv.exe
I:\fwiik.exe
I:\gepl.exe
I:\gjot.exe
I:\gjxa.exe
I:\hcjk.exe
I:\hdknm.exe
I:\hkboop.exe
I:\hmou.exe
I:\hohqu.exe
I:\httg.exe
I:\idall.exe
I:\igmiek.exe
I:\ijjxf.exe
I:\ikwsaq.exe
I:\iowufx.exe
I:\iubwp.exe
I:\iyixwt.exe
I:\jivjbi.exe
I:\jpeo.exe
I:\jpxgpx.exe
I:\kdmp.exe
I:\kkemr.exe
I:\koiv.exe
I:\lejy.exe
I:\lmpfyo.exe
I:\ltku.exe
I:\lxkrkl.exe
I:\mdfcin.exe
I:\mnaldp.exe
I:\mrdt.exe
I:\nehrli.exe
I:\nkhow.exe
I:\nkjiuw.exe
I:\nsvk.exe
I:\nxhkw.exe
I:\oitagr.exe
I:\okcnxw.exe
I:\pdqx.exe
I:\pjmhjb.exe
I:\pmyyc.exe
I:\prwoep.exe
I:\pyjag.exe
I:\qigcnp.exe
I:\qmvpf.exe
I:\qnyirh.exe
I:\qxmqhm.exe
I:\rniqr.exe
I:\rtpl.exe
I:\rxipj.exe
I:\seqck.exe
I:\skyt.exe
I:\slgmyo.exe
I:\snxae.exe
I:\sqpp.exe
I:\tbvcql.exe
I:\tfhskd.exe
I:\tnfmdi.exe
I:\ugkd.exe
I:\uins.exe
I:\ukgsdh.exe
I:\ulxku.exe
I:\uwdf.exe
I:\vgewl.exe
I:\vllyxe.exe
I:\vmpwq.exe
I:\wbpvqc.exe
I:\wrii.exe
I:\xfjti.exe
I:\xuguu.exe
I:\xuik.exe
I:\ybig.exe
I:\ygtj.exe
I:\yhgs.exe
I:\yhpcip.exe
I:\ywiv.exe
K:\angmpb.exe
K:\aohvsq.exe
K:\bcgahm.exe
K:\bvlv.exe
K:\cjsm.exe
K:\cvkoal.exe
K:\fftmkb.exe
K:\fhjvgi.exe
K:\fxydo.exe
K:\gfkxr.exe
K:\iiakcp.exe
K:\jsod.exe
K:\jwqdu.exe
K:\kcyo.exe
K:\lgtqyj.exe
K:\lqkwac.exe
K:\lvjyq.exe
K:\mepry.exe
K:\mchmwf.exe
K:\nfsjag.exe
K:\nvwdl.exe
K:\ohnuq.exe
K:\olxk.exe
K:\omrafm.exe
K:\onmw.exe
K:\piaruy.exe
K:\poqva.exe
K:\qlbmxk.exe
K:\roycbi.exe
K:\rsxl.exe
K:\rtjjpr.exe .. failed to delete 
K:\sspthj.exe
K:\tfsl.exe
K:\tlisce.exe
K:\tmvcrh.exe
K:\uqokv.exe
K:\vcnq.exe
K:\vigtr.exe
K:\xetu.exe
K:\ybgm.exe
K:\yhtte.exe
K:\ynixu.exe
K:\yvwovf.exe
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2011-07-03 do 2011-08-03  )))))))))))))))))))))))))))))))
.
.
2011-08-03 14:04 . 2011-08-03 14:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-03 13:18 . 2011-08-03 13:18	103140	--sh--r-	C:\uwgsjs.exe
2011-08-03 13:18 . 2011-08-03 13:18	103140	--sh--r-	C:\jctidx.exe
2011-08-03 13:14 . 2011-07-13 04:53	8578896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC7AAA84-AC5B-46A1-9B8A-AB95025F4837}\mpengine.dll
2011-08-03 13:04 . 2011-08-03 13:04	--------	d-----w-	c:\program files (x86)\Enigma Software Group
2011-08-03 12:50 . 2011-08-03 12:50	--------	d-----w-	c:\users\Aleš\AppData\Local\ESET
2011-08-03 12:43 . 2011-08-03 12:43	--------	d-----w-	c:\program files (x86)\ESET
2011-08-03 01:50 . 2011-08-03 01:50	103140	--sh--r-	C:\ehiyvc.exe
2011-08-03 01:31 . 2011-05-28 11:33	80256	----a-w-	c:\windows\SysWow64\ezGOSvc.dll
2011-08-03 01:31 . 2011-05-28 11:33	718208	----a-w-	c:\windows\SysWow64\ezGOSvcApp.exe
2011-08-03 01:01 . 2011-08-03 01:01	388096	----a-r-	c:\users\Aleš\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-03 00:51 . 2010-05-13 16:34	14232	----a-w-	c:\windows\SysWow64\sh4native.exe
2011-08-03 00:45 . 2011-08-03 12:55	--------	d-----w-	c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2011-08-03 00:37 . 2011-08-03 12:55	--------	d-----w-	C:\sh4ldr
2011-08-03 00:37 . 2011-08-03 00:37	--------	d-----w-	c:\program files\Enigma Software Group
2011-08-03 00:37 . 2011-08-03 00:45	--------	d-----w-	c:\windows\8AE3EC14EAF84064958AC340C66EDD44.TMP
2011-08-02 22:53 . 2011-08-02 22:53	--------	d-----w-	C:\GvTemp
2011-08-02 22:28 . 2011-08-02 22:28	106224	----a-w-	c:\windows\system32\drivers\GRD.sys
2011-08-02 22:27 . 2011-08-02 22:27	40392	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2011-08-02 22:27 . 2011-08-02 22:25	15880	----a-w-	c:\windows\SysWow64\lsdelete.exe
2011-08-02 22:27 . 2011-08-02 22:27	85960	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2011-08-02 22:27 . 2011-08-02 22:27	48584	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2011-08-02 22:26 . 2011-08-02 22:48	--------	d-----w-	c:\programdata\G DATA
2011-08-02 22:26 . 2011-08-02 22:39	--------	d-----w-	c:\program files (x86)\Common Files\G Data
2011-08-02 22:12 . 2011-08-02 22:12	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-08-02 17:56 . 2011-08-02 17:56	1073297	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{4049BC41-9F4B-424B-8419-55DEDAF9FCEB}-P10 Movie Player.exe
2011-08-02 17:56 . 2011-08-02 17:56	1246812	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B22D3084-7EFD-443D-8D90-D4A81470DF77}-GAME_START.EXE
2011-08-02 17:56 . 2011-08-02 17:56	107520	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{C24267EB-ED5D-4386-AE79-3C502CCF0523}-_uninst.exe
2011-08-02 17:56 . 2011-08-02 17:56	1073297	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{78FA7D6F-E114-4425-951A-06EB2C8B8DBD}-P10 MOVIE PLAYER.EXE
2011-08-02 17:55 . 2011-08-02 17:55	1246812	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{9FB55E9E-0D65-4B33-9A5B-3C7F88FAF5F8}-GAME_START.EXE
2011-08-02 17:55 . 2011-08-02 17:55	107520	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{F9779F9D-7277-4C82-AC5C-B3990B459F81}-_uninst.exe
2011-08-02 17:55 . 2011-08-02 17:55	1073297	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{3416C796-EC0D-4F7A-970E-A9CDFE94D65D}-P10 MOVIE PLAYER.EXE
2011-08-02 17:55 . 2011-08-02 17:55	1246812	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{BD829782-E3B1-4221-8965-186114F9FFB3}-GAME_START.EXE
2011-08-02 17:55 . 2011-08-02 17:55	107520	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{4391593B-8133-4919-AB47-98307EEABBFC}-_UNINST.EXE
2011-08-02 17:55 . 2011-08-02 17:55	1073297	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{FFE126D4-996F-45B9-946A-54C5D6F037DE}-P10 Movie Player.exe
2011-08-02 17:55 . 2011-08-02 17:55	1073297	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{261A30D7-D8FE-46AA-82C0-185067D8FF36}-P10 MOVIE PLAYER.EXE
2011-08-02 17:55 . 2011-08-02 17:55	107520	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{2B2C64A0-F4CB-423F-9788-F8BC56EADEC1}-_UNINST.EXE
2011-08-02 17:55 . 2011-08-02 17:55	1073297	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{8133B3B4-9211-4F0F-8C18-A6870F4B5FC1}-P10 MOVIE PLAYER.EXE
2011-08-02 17:55 . 2011-08-02 17:55	1246812	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{97AEB2FF-8C82-4F1A-BCE7-62D7C5955BAA}-game_start.exe
2011-08-02 17:55 . 2011-08-02 17:55	1246812	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{A9FEA6DD-A7B0-4DDC-8C0F-1B46D142E7FF}-GAME_START.EXE
2011-08-02 17:54 . 2011-08-02 17:54	1246812	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{52DC0077-497A-43D1-AC86-4E64F8FD27C0}-game_start.exe
2011-08-02 17:54 . 2011-08-02 17:54	1246812	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6C30A0D4-9B90-4821-9DD0-343C96B47B2B}-GAME_START.EXE
2011-08-02 17:54 . 2011-08-02 17:54	1073297	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{FC7BB1D6-D004-43B8-BFE9-92F66E87016C}-P10 Movie Player.exe
2011-08-02 17:54 . 2011-08-02 17:54	1246812	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{D295B376-F8FC-4A77-9BEF-5F70A897F91A}-game_start.exe
2011-08-02 17:54 . 2011-08-02 17:54	107520	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B87FD297-D6F0-4D55-9714-977AA660CF6D}-_UNINST.EXE
2011-08-02 17:53 . 2011-08-02 17:53	1246812	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1B8FA52D-4EBB-4A24-9731-1B8001D7E746}-GAME_START.EXE
2011-08-02 17:53 . 2011-08-02 17:53	107520	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{A2322F55-A836-4A63-9BBD-59EB87CA5DC4}-_uninst.exe
2011-08-02 17:53 . 2011-08-02 17:53	1073297	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{FB944B1F-35FF-4EC2-9373-C1A1AF867089}-P10 Movie Player.exe
2011-08-02 17:52 . 2011-08-02 17:52	1246812	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{50F028C0-E02F-405A-B970-DF28DDFD2445}-GAME_START.EXE
2011-08-02 17:52 . 2011-08-02 17:52	107520	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{F6AD2CE1-AEB0-47E6-807C-80FB78DAAE83}-_UNINST.EXE
2011-08-02 17:52 . 2011-08-02 17:52	1073297	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{87249E58-0012-4391-B4AD-8C94A4B5C616}-P10 Movie Player.exe
2011-07-26 19:53 . 2011-07-26 19:53	--------	d-----w-	c:\users\Aleš\AppData\Local\EA Games
2011-07-26 00:22 . 2011-07-26 00:22	--------	d-----w-	c:\users\Aleš\AppData\Local\Futuremark_Corporation
2011-07-23 08:45 . 2011-08-02 23:19	--------	d-----w-	c:\users\UpdatusUser
2011-07-23 08:44 . 2011-05-25 06:09	739432	----a-w-	c:\windows\system32\easyupdatusapiu64.dll
2011-07-19 18:28 . 2011-07-19 18:28	--------	d-----w-	c:\users\Aleš\AppData\Local\DOSBox
2011-07-13 09:38 . 2011-06-02 13:50	2764288	----a-w-	c:\windows\system32\win32k.sys
2011-07-13 09:38 . 2011-04-21 14:17	695296	----a-w-	c:\windows\system32\drivers\bthport.sys
2011-07-13 09:38 . 2009-06-17 10:37	35328	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 09:38 . 2011-04-20 16:03	451072	----a-w-	c:\windows\system32\winsrv.dll
2011-07-13 09:38 . 2011-04-20 15:58	85504	----a-w-	c:\windows\system32\csrsrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 01:01 . 2011-08-03 01:01	388096	----a-r-	c:\users\Aleš\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-03 01:01 . 2011-08-03 01:01	388096	----a-r-	c:\users\Aleš\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-13 04:53 . 2010-04-13 10:35	8578896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-28 09:56 . 2011-05-19 08:52	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 06:09 . 2010-10-16 12:13	1016936	----a-w-	c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2010-10-16 12:13	61544	----a-w-	c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2010-10-16 12:13	3040872	----a-w-	c:\windows\system32\nvsvc64.dll
2011-05-25 06:09 . 2010-10-16 12:13	117864	----a-w-	c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2010-10-16 12:13	6300776	----a-w-	c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2010-12-13 15:58	15223912	----a-w-	c:\windows\system32\nvd3dumx.dll
2011-05-25 06:09 . 2010-12-13 15:58	11992680	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2011-05-25 06:09 . 2010-12-13 15:57	2335848	----a-w-	c:\windows\SysWow64\nvapi.dll
2011-05-25 06:09 . 2010-12-13 15:53	2644584	----a-w-	c:\windows\system32\nvapi64.dll
2011-05-20 20:35 . 2011-05-20 20:35	304744	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2011-05-14 12:34 . 2011-05-14 12:34	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-05-14 12:34 . 2011-05-14 12:34	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="d:\programy\Free Download Manager\fdm.exe" [2008-01-22 2449455]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"uTorrent"="d:\programy\uTorrent\uTorrent.exe" [2011-03-24 399736]
"Skype"="d:\programy\Skype\Phone\Skype.exe" [2011-01-26 15106952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 99328]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Aleç\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - d:\programy\SpeedFan\speedfan.exe [2009-11-25 4009592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE OC_GURU.lnk - d:\programy\GIGABYTE\GIGABYTE OC_GURU\OC_GURU.exe [2011-6-27 9883648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};d:\programy\CyberLink\PowerDVD8\PowerDVD8\000.fcl [2008-10-07 32240]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe [2008-01-19 27648]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R3 cpuz130;cpuz130;c:\users\ALE~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezGOSvc
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Office Excel - d:\programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://d:\programy\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://d:\programy\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://d:\programy\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://d:\programy\Free Download Manager\dlall.htm
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 83.240.0.214 83.240.0.215
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Aleš\AppData\Roaming\Mozilla\Firefox\Profiles\su3gsz8e.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programy\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\programy\CyberLink\PowerDVD8\PowerDVD8\000.fcl"
.

Raoul Duke · #2 Příspěvek od **Raoul Duke** » 03 srp 2011 16:13

pokračování:

Kód: Vybrat vše

--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-714342631-3113501502-3883659254-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-714342631-3113501502-3883659254-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (S-1-5-21-714342631-3113501502-3883659254-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\SecuROM\License information*]
"datasecu"=hex:8a,25,db,7f,c1,e2,dc,af,9a,0c,2a,ce,91,15,44,94,1a,49,b7,e6,05,
   a9,7c,5b,26,2b,d1,08,a7,8c,fc,c5,e3,8f,2f,e8,d1,b0,b9,d4,f7,4e,a4,4b,3e,ef,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-08-03  16:05:36
ComboFix-quarantined-files.txt  2011-08-03 14:05
.
Před spuštěním: 2 233 548 800
Po spuštění: 1 964 634 112
.
- - End Of File - - C596047E55096780426B5E34CB764396

#3 Příspěvek od **motji** » 03 srp 2011 18:06

Hezký večer

Nedávejte prosím logy do code, špatně se to čte, díky

Zapojte do pc všechny usb klíče, flashky...co používáte

Použijte USB fix
http://www.viry.cz/forum/viewtopic.php?f=24&t=102308

Před stažením vypněte rezidentní štít antiviru, má na Usbfix falešnou detekci
-spusťte
-klikněte na volbu deletion , potvrdte enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt

Raoul Duke · #4 Příspěvek od **Raoul Duke** » 04 srp 2011 23:21

#5 Příspěvek od **motji** » 05 srp 2011 08:18

Odkryl jste si skryté a systémové soubory?
Zkusíme to domáznout přes combofix nebo radši něco jiného..vyberte si

. Já tam ještě pár souborů vidím.

Tuto složku znáte?
C:\sh4ldr

Jeden z těch souborů mi prosím otestujte na www.virustotal.com. Ať zjistíme, co je zač a který antivir ho detekuje.
Odkaz na stránku pak vložte zde. Já tu budu večer.

Raoul Duke · #6 Příspěvek od **Raoul Duke** » 06 srp 2011 13:20

Posunul jsem se kousek dál. Kvůli práci jsem na chvíly pustil druhý systém (XP) ten sice fungoval ale není v něm žádný antivir takže se ty potvory mohli vyblbnout a výsledek je že mě netbox odpojil od internetu protože můj počítač rozesílal spamy. Kvůli tomu jsem nemohl zkusit prověřit ten soubor.

Nakonec jsem se vrátil k vistě, tu se mi podařilo tak nějak pročistit a nakonec fuguje v normálním režimu.
UsbFixem jsem asi vyřešil ty autoruny, ale nějaký balast je v počítači stále.

Když otevřu správce úloh - procesy, tak některé spuštěné aplikace - vypadá to že náhodné (s příponou .exe) - které normálně nic nedělají (download manager, něco od zvukovky nebo utilita od grafiky a podobně) vytěžují procesor na 25%, po jejich ukončení začne procesor vytěžovat nějaká jiná (v normálním stavu nic nedělající) a hned vyskočí okno firewalu s dotazem oblokovat/odblokavat aplikaci (zřejmně se snaží dostat na internet).
Takže to vypadá že neřád který se u mě uhnízdil se nějak "nabaluje" na spuštěné aplikace a když může na internet, začne rozesílat spamy.

Microsoft Security Essentials po použití UsbFixu už autoruny nedetekuje ale objevil něco jiného:

TrojanProxy:Win32/Prarmo.F
Category: Trojan Proxy Server
file:C:\Users\ALE~1\AppData\Local\Temp\wintjus.exe->(UPX)
file:C:\Users\ALE~1\AppData\Local\Temp\winyknd.exe->(UPX)
Prověřit je na internetu se mi nepofdařilo protože je v tom otvíracím okně nemůžu najít.

Otázka teď je jak postupovat dál, čím odhalit ten balast "nabalující" se na aplikace a rozesílající spamy a jak ho odstranit?

Ještě přikládám aktuální logy z UsbFix, ComboFix a hijackthis:

############################## | UsbFix 7.014 | [Deletion]

User: Aleš (Administrator) # ALES-PC [System manufacturer P5E]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 13:42:06 | 06/08/2011
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Microsoft® Windows Vista™ Business (6.0.6002 64-Bit) # Service Pack 2
Internet Explorer 9.0.8112.16421

Windows Firewall: Enabled
RAM -> 4094 Mb
C:\ (%systemdrive%) -> Fixed drive # 39 Gb (2 Mb free - 4%) [Vista] # NTFS
D:\ -> Fixed drive # 195 Gb (40 Mb free - 20%) [data_0] # NTFS
E:\ -> Fixed drive # 1544 Gb (61 Mb free - 4%) [data_1] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> Fixed drive # 436 Gb (41 Mb free - 9%) [data_2] # NTFS
J:\ -> Fixed drive # 29 Gb (17 Mb free - 57%) [WinXP] # NTFS
K:\ -> Fixed drive # 298 Gb (128 Mb free - 43%) [WD] # NTFS

################## | Files # Infected Folders |

################## | Registry |

################## | Mountpoints2 |

################## | Listing |

[06/08/2011 - 13:45:08 | SHD ] C:\$RECYCLE.BIN
[06/08/2011 - 13:40:50 | SD ] C:\32788R22FWJFW
[05/02/2011 - 17:04:18 | A | 4608] C:\6XSourceFilter.grf
[13/12/2010 - 04:37:21 | A | 356736] C:\AnalysisLog.sr0
[03/08/2011 - 02:38:12 | A | 0] C:\autoexec.bat
[06/08/2011 - 13:23:53 | AD ] C:\Autorun.inf
[14/04/2010 - 19:59:49 | D ] C:\Boot
[10/04/2009 - 23:36:38 | RASH | 333257] C:\bootmgr
[13/04/2010 - 00:27:02 | RAS | 8192] C:\BOOTSECT.BAK
[06/08/2011 - 11:32:35 | A | 41214] C:\ComboFix.txt
[06/08/2011 - 13:40:52 | SD ] C:\ComboFix2
[06/08/2011 - 03:01:03 | D ] C:\Config.Msi
[02/11/2006 - 17:39:21 | SHD ] C:\Documents and Settings
[03/08/2011 - 15:07:34 | D ] C:\Garmin
[03/08/2011 - 00:53:12 | D ] C:\GvTemp
[12/04/2010 - 23:45:30 | D ] C:\Intel
[06/08/2011 - 13:34:36 | ASH | 4607631360] C:\pagefile.sys
[14/04/2010 - 14:19:08 | D ] C:\PerfLogs
[06/08/2011 - 11:13:49 | RD ] C:\Program Files
[06/08/2011 - 11:13:24 | RD ] C:\Program Files (x86)
[06/08/2011 - 11:14:35 | D ] C:\ProgramData
[06/08/2011 - 13:40:28 | D ] C:\Qoobox
[06/08/2011 - 11:32:19 | SHD ] C:\System Volume Information
[02/08/2011 - 23:39:48 | D ] C:\TEMP
[06/08/2011 - 13:45:08 | D ] C:\UsbFix
[06/08/2011 - 13:42:07 | A | 2379] C:\UsbFix.txt
[23/07/2011 - 10:45:57 | RD ] C:\Users
[06/08/2011 - 11:32:36 | D ] C:\Windows
[06/08/2011 - 13:45:08 | D ] D:\$RECYCLE.BIN
[06/08/2011 - 13:23:53 | AD ] D:\Autorun.inf
[02/08/2011 - 13:44:11 | RD ] D:\Dokumenty
[06/08/2011 - 13:41:33 | D ] D:\Download
[06/08/2011 - 02:49:41 | D ] D:\Download_Torrent
[28/04/2011 - 01:35:24 | D ] D:\Garmin
[02/08/2011 - 13:22:05 | D ] D:\Hry
[06/08/2011 - 01:34:42 | D ] D:\Mix
[14/07/2010 - 13:48:43 | RD ] D:\MSOCache
[06/08/2011 - 02:49:57 | D ] D:\Programy
[05/08/2011 - 23:42:01 | D ] D:\RECYCLER
[21/12/2009 - 15:28:06 | SHD ] D:\System Volume Information
[06/08/2011 - 13:45:08 | D ] E:\$RECYCLE.BIN
[13/07/2011 - 13:07:31 | D ] E:\adaptec
[06/08/2011 - 13:23:53 | AD ] E:\Autorun.inf
[06/08/2011 - 02:11:24 | D ] E:\Flac
[29/04/2011 - 02:42:53 | D ] E:\Image
[04/10/2009 - 04:16:28 | D ] E:\Install
[27/05/2011 - 15:38:05 | D ] E:\MP3
[14/03/2011 - 16:00:01 | D ] E:\MP3_____X
[31/10/2010 - 13:14:07 | D ] E:\msdownld.tmp
[03/10/2009 - 19:15:55 | RD ] E:\MSOCache
[28/07/2011 - 16:01:11 | D ] E:\Práce
[05/08/2011 - 23:42:01 | D ] E:\RECYCLER
[21/12/2009 - 15:28:06 | SHD ] E:\System Volume Information
[17/10/2010 - 02:49:17 | D ] E:\Video
[04/10/2009 - 00:12:52 | D ] E:\Záloha
[06/08/2011 - 13:45:08 | D ] I:\$RECYCLE.BIN
[29/05/2011 - 23:54:28 | D ] I:\Any Video Converter
[06/08/2011 - 13:23:53 | AD ] I:\Autorun.inf
[05/08/2011 - 23:42:01 | D ] I:\RECYCLER
[07/04/2011 - 03:22:09 | D ] I:\Star Trek 01 - Film
[11/04/2008 - 07:26:02 | D ] I:\Star Trek 02 - Khanův Hněv
[17/02/2011 - 00:55:07 | D ] I:\Star Trek 03 - The Search for Spock
[02/01/2010 - 13:59:53 | SHD ] I:\System Volume Information
[22/12/2010 - 22:40:28 | D ] I:\Video_N
[04/05/2011 - 11:38:21 | D ] I:\_filmy pro mamku
[02/08/2011 - 13:07:14 | D ] I:\_filmy pro Péťu
[06/08/2011 - 13:45:08 | D ] J:\$RECYCLE.BIN
[20/07/2010 - 14:07:23 | D ] J:\Adaptec
[24/01/2011 - 20:12:54 | D ] J:\ApolloDVD
[20/12/2009 - 23:55:41 | A | 0] J:\AUTOEXEC.BAT
[06/08/2011 - 13:23:53 | AD ] J:\Autorun.inf
[20/12/2009 - 23:51:55 | SH | 211] J:\boot.ini
[18/08/2004 - 12:00:00 | RASH | 4952] J:\Bootfont.bin
[20/12/2009 - 23:55:41 | A | 0] J:\CONFIG.SYS
[03/08/2011 - 00:46:55 | D ] J:\Documents and Settings
[25/01/2011 - 00:53:57 | D ] J:\DVDPean Output
[25/05/2011 - 16:46:26 | D ] J:\Hry
[21/12/2009 - 13:43:49 | D ] J:\Intel
[20/12/2009 - 23:55:41 | RASH | 0] J:\IO.SYS
[20/12/2009 - 23:55:41 | RASH | 0] J:\MSDOS.SYS
[18/08/2004 - 12:00:00 | RASH | 47564] J:\NTDETECT.COM
[18/08/2004 - 12:00:00 | RASH | 250048] J:\ntldr
[19/07/2010 - 01:23:47 | D ] J:\NVIDIA
[05/08/2011 - 22:41:35 | ASH | 2145386496] J:\pagefile.sys
[19/07/2011 - 20:36:07 | RD ] J:\Program Files
[05/08/2011 - 23:42:01 | D ] J:\RECYCLER
[21/12/2009 - 01:53:22 | SHD ] J:\System Volume Information
[28/04/2011 - 00:15:19 | D ] J:\Temp
[05/08/2011 - 17:33:40 | D ] J:\WINDOWS
[06/08/2011 - 13:23:51 | D ] K:\$RECYCLE.BIN
[06/08/2011 - 13:23:53 | RASHD ] K:\Autorun.inf
[05/08/2011 - 23:42:02 | D ] K:\RECYCLER
[22/11/2010 - 12:01:59 | SHD ] K:\System Volume Information
[11/07/2011 - 02:26:11 | D ] K:\___filmy_n
[25/05/2011 - 00:07:21 | D ] K:\_____záloha

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
I:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
J:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
K:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | E.O.F |

*******************************************************************************
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:46:34, on 6.8.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\Explorer.exe
D:\Programy\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Aleš\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Aleš\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - d:\Programy\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - Global Startup: GIGABYTE OC_GURU.lnk = D:\Programy\GIGABYTE\GIGABYTE OC_GURU\OC_GURU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://d:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://d:\Programy\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://d:\Programy\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://d:\Programy\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://d:\Programy\Free Download Manager\dlall.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\Programy\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\Programy\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - d:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7105 bytes

*******************************************************************************

ComboFix 11-08-05.03 - Aleš 06.08.2011 13:47:38.10.4 - x64
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.4094.2509 [GMT 2:00]
Spuštěný z: d:\download\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-06 do 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-06 11:50 . 2011-08-06 11:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-06 11:18 . 2011-08-06 11:45 -------- d-----w- C:\UsbFix
2011-08-06 09:38 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95EDD430-F697-4D6D-8AE2-214CE1EB794A}\mpengine.dll
2011-08-06 01:00 . 2011-08-06 01:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-08-06 01:00 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-03 01:31 . 2011-05-28 11:33 80256 ----a-w- c:\windows\SysWow64\ezGOSvc.dll
2011-08-03 01:31 . 2011-05-28 11:33 718208 ----a-w- c:\windows\SysWow64\ezGOSvcApp.exe
2011-08-03 01:01 . 2011-08-03 01:01 388096 ----a-r- c:\users\Aleš\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-03 00:51 . 2010-05-13 16:34 14232 ----a-w- c:\windows\SysWow64\sh4native.exe
2011-08-03 00:45 . 2011-08-03 12:55 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2011-08-03 00:37 . 2011-08-03 00:45 -------- d-----w- c:\windows\8AE3EC14EAF84064958AC340C66EDD44.TMP
2011-08-02 22:53 . 2011-08-02 22:53 -------- d-----w- C:\GvTemp
2011-08-02 22:28 . 2011-08-02 22:28 106224 ----a-w- c:\windows\system32\drivers\GRD.sys
2011-08-02 22:27 . 2011-08-02 22:27 40392 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2011-08-02 22:27 . 2011-08-02 22:25 15880 ----a-w- c:\windows\SysWow64\lsdelete.exe
2011-08-02 22:27 . 2011-08-02 22:27 85960 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-08-02 22:27 . 2011-08-02 22:27 48584 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2011-08-02 22:26 . 2011-08-02 22:48 -------- d-----w- c:\programdata\G DATA
2011-08-02 22:26 . 2011-08-02 22:39 -------- d-----w- c:\program files (x86)\Common Files\G Data
2011-08-02 17:56 . 2011-08-02 17:56 1073297 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{4049BC41-9F4B-424B-8419-55DEDAF9FCEB}-P10 Movie Player.exe
2011-08-02 17:56 . 2011-08-02 17:56 1246812 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B22D3084-7EFD-443D-8D90-D4A81470DF77}-GAME_START.EXE
2011-08-02 17:56 . 2011-08-02 17:56 107520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{C24267EB-ED5D-4386-AE79-3C502CCF0523}-_uninst.exe
2011-08-02 17:56 . 2011-08-02 17:56 1073297 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{78FA7D6F-E114-4425-951A-06EB2C8B8DBD}-P10 MOVIE PLAYER.EXE
2011-08-02 17:55 . 2011-08-02 17:55 1246812 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{9FB55E9E-0D65-4B33-9A5B-3C7F88FAF5F8}-GAME_START.EXE
2011-08-02 17:55 . 2011-08-02 17:55 107520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{F9779F9D-7277-4C82-AC5C-B3990B459F81}-_uninst.exe
2011-08-02 17:55 . 2011-08-02 17:55 1073297 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{3416C796-EC0D-4F7A-970E-A9CDFE94D65D}-P10 MOVIE PLAYER.EXE
2011-08-02 17:55 . 2011-08-02 17:55 1246812 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{BD829782-E3B1-4221-8965-186114F9FFB3}-GAME_START.EXE
2011-08-02 17:55 . 2011-08-02 17:55 107520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{4391593B-8133-4919-AB47-98307EEABBFC}-_UNINST.EXE
2011-08-02 17:55 . 2011-08-02 17:55 1073297 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{FFE126D4-996F-45B9-946A-54C5D6F037DE}-P10 Movie Player.exe
2011-08-02 17:55 . 2011-08-02 17:55 1073297 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{261A30D7-D8FE-46AA-82C0-185067D8FF36}-P10 MOVIE PLAYER.EXE
2011-08-02 17:55 . 2011-08-02 17:55 107520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{2B2C64A0-F4CB-423F-9788-F8BC56EADEC1}-_UNINST.EXE
2011-08-02 17:55 . 2011-08-02 17:55 1073297 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{8133B3B4-9211-4F0F-8C18-A6870F4B5FC1}-P10 MOVIE PLAYER.EXE
2011-08-02 17:55 . 2011-08-02 17:55 1246812 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{97AEB2FF-8C82-4F1A-BCE7-62D7C5955BAA}-game_start.exe
2011-08-02 17:55 . 2011-08-02 17:55 1246812 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{A9FEA6DD-A7B0-4DDC-8C0F-1B46D142E7FF}-GAME_START.EXE
2011-08-02 17:54 . 2011-08-02 17:54 1246812 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{52DC0077-497A-43D1-AC86-4E64F8FD27C0}-game_start.exe
2011-08-02 17:54 . 2011-08-02 17:54 1246812 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6C30A0D4-9B90-4821-9DD0-343C96B47B2B}-GAME_START.EXE
2011-08-02 17:54 . 2011-08-02 17:54 1073297 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{FC7BB1D6-D004-43B8-BFE9-92F66E87016C}-P10 Movie Player.exe
2011-08-02 17:54 . 2011-08-02 17:54 1246812 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{D295B376-F8FC-4A77-9BEF-5F70A897F91A}-game_start.exe
2011-08-02 17:54 . 2011-08-02 17:54 107520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B87FD297-D6F0-4D55-9714-977AA660CF6D}-_UNINST.EXE
2011-08-02 17:53 . 2011-08-02 17:53 1246812 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1B8FA52D-4EBB-4A24-9731-1B8001D7E746}-GAME_START.EXE
2011-08-02 17:53 . 2011-08-02 17:53 107520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{A2322F55-A836-4A63-9BBD-59EB87CA5DC4}-_uninst.exe
2011-08-02 17:53 . 2011-08-02 17:53 1073297 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{FB944B1F-35FF-4EC2-9373-C1A1AF867089}-P10 Movie Player.exe
2011-08-02 17:52 . 2011-08-02 17:52 1246812 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{50F028C0-E02F-405A-B970-DF28DDFD2445}-GAME_START.EXE
2011-08-02 17:52 . 2011-08-02 17:52 107520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{F6AD2CE1-AEB0-47E6-807C-80FB78DAAE83}-_UNINST.EXE
2011-08-02 17:52 . 2011-08-02 17:52 1073297 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{87249E58-0012-4391-B4AD-8C94A4B5C616}-P10 Movie Player.exe
2011-07-26 19:53 . 2011-07-26 19:53 -------- d-----w- c:\users\Aleš\AppData\Local\EA Games
2011-07-26 00:22 . 2011-07-26 00:22 -------- d-----w- c:\users\Aleš\AppData\Local\Futuremark_Corporation
2011-07-23 08:45 . 2011-08-02 23:19 -------- d-----w- c:\users\UpdatusUser
2011-07-23 08:44 . 2011-05-25 06:09 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-07-19 18:28 . 2011-07-19 18:28 -------- d-----w- c:\users\Aleš\AppData\Local\DOSBox
2011-07-13 09:38 . 2011-06-02 13:50 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 09:38 . 2011-04-21 14:17 695296 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 09:38 . 2009-06-17 10:37 35328 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 09:38 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 09:38 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 01:01 . 2011-08-03 01:01 388096 ----a-r- c:\users\Aleš\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-03 01:01 . 2011-08-03 01:01 388096 ----a-r- c:\users\Aleš\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-13 04:53 . 2010-04-13 10:35 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-28 09:56 . 2011-05-19 08:52 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 06:09 . 2010-10-16 12:13 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2010-10-16 12:13 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2010-10-16 12:13 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-25 06:09 . 2010-10-16 12:13 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2010-10-16 12:13 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2010-12-13 15:58 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-25 06:09 . 2010-12-13 15:58 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-25 06:09 . 2010-12-13 15:57 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-25 06:09 . 2010-12-13 15:53 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-05-14 12:34 . 2011-05-14 12:34 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-14 12:34 . 2011-05-14 12:34 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-06_09.31.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-04-13 02:00 . 2011-08-06 09:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-13 02:00 . 2011-08-06 11:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-13 02:00 . 2011-08-06 09:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-13 02:00 . 2011-08-06 11:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-13 02:00 . 2011-08-06 09:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-13 02:00 . 2011-08-06 11:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-12 21:56 . 2011-08-06 11:36 50544 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-04-12 21:38 . 2011-08-06 11:36 13128 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-714342631-3113501502-3883659254-1000_UserData.bin
+ 2011-08-06 11:34 . 2011-08-06 11:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-06 09:21 . 2011-08-06 09:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-06 11:34 . 2011-08-06 11:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-06 09:21 . 2011-08-06 09:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-05 22:02 . 2011-08-06 09:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-08-05 22:02 . 2011-08-06 11:34 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 15:42 . 2011-08-06 11:36 101014 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2011-08-06 09:28 600802 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-08-06 11:40 600802 c:\windows\system32\perfh009.dat
- 2007-01-08 22:13 . 2011-08-06 09:28 612586 c:\windows\system32\perfh005.dat
+ 2007-01-08 22:13 . 2011-08-06 11:40 612586 c:\windows\system32\perfh005.dat
- 2006-11-02 12:46 . 2011-08-06 09:28 105716 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-08-06 11:40 105716 c:\windows\system32\perfc009.dat
- 2007-01-08 22:13 . 2011-08-06 09:28 120102 c:\windows\system32\perfc005.dat
+ 2007-01-08 22:13 . 2011-08-06 11:40 120102 c:\windows\system32\perfc005.dat
+ 2010-08-12 19:09 . 2011-08-06 11:32 447000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-12 19:09 . 2011-08-06 09:19 447000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE OC_GURU.lnk - d:\programy\GIGABYTE\GIGABYTE OC_GURU\OC_GURU.exe [2011-6-27 9883648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R3 cpuz130;cpuz130;c:\users\ALE~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};d:\programy\CyberLink\PowerDVD8\PowerDVD8\000.fcl [2008-10-07 32240]
S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe [2008-01-19 27648]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Office Excel - d:\programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://d:\programy\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://d:\programy\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://d:\programy\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://d:\programy\Free Download Manager\dlall.htm
TCP: DhcpNameServer = 83.240.0.214 83.240.0.215
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Aleš\AppData\Roaming\Mozilla\Firefox\Profiles\su3gsz8e.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programy\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\programy\CyberLink\PowerDVD8\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-714342631-3113501502-3883659254-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-714342631-3113501502-3883659254-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (S-1-5-21-714342631-3113501502-3883659254-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_USERS\S-1-5-21-714342631-3113501502-3883659254-1000\Software\SecuROM\License information*]
"datasecu"=hex:8a,25,db,7f,c1,e2,dc,af,9a,0c,2a,ce,91,15,44,94,1a,49,b7,e6,05,
a9,7c,5b,26,2b,d1,08,a7,8c,fc,c5,e3,8f,2f,e8,d1,b0,b9,d4,f7,4e,a4,4b,3e,ef,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-08-06 13:52:27
ComboFix-quarantined-files.txt 2011-08-06 11:52
ComboFix2.txt 2011-08-06 09:32
.
Před spuštěním: 1 420 054 528
Po spuštění: 1 155 280 896
.
- - End Of File - - A9AF6D1F4C00773B65E01F9CEEE7E741

Ju a za pomoc jsem fakt střašně rád

.

#7 Příspěvek od **motji** » 06 srp 2011 15:48

A nemáte ještě jeden počítač, tento zavirovaný by bylo nejlepší odpojit od internetu.
U Vás to bude trošku déle trvat, protože ten pc bude asi dost zavirovaný, ale my na tu mršku vyzrajeme

.

Tuto složku znáte?
C:\sh4ldr

Když jste firewall něco pustit na net, jak se ta aplikace jmenuje?

Smažte cache Opery/Firefoxu bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/

- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
- zatrhněte Select All a pak klikněte na Empty Selected

pozor - přijdete o všechna hesla uložená ve FF /Opere!

- Na záložce main zaškrtněte All users temp a potvrdte Empty selected

Otestujte na http://www.virustotal.com

c:\windows\SysWow64\sh4native.exe
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

VIRY.CZ

jak se zbavit Autorun.inf ?

jak se zbavit Autorun.inf ?

Re: jak se zbavit Autorun.inf ?

Re: jak se zbavit Autorun.inf ?

Re: jak se zbavit Autorun.inf ?

Re: jak se zbavit Autorun.inf ?

Re: jak se zbavit Autorun.inf ?

Re: jak se zbavit Autorun.inf ?