přehazující se ikony na ploše + pomalý internet

[Scaveng3]

mam problem, ze sem mi zacaly samovolne prehazovat ikony na plose a mam zancne spomaleny internet... to druhy mozna neni virem ale zda se mi to divny... tady je log




Logfile of HijackThis v1.99.1
Scan saved at 17:08:04, on 8.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\Honza\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 74.222.2.129 l2authd.lineage2.com
O1 - Hosts: 74.222.2.129 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Get-Torrent BHO - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Honza\Nabídka Start\Programy\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Honza\Nabídka Start\Programy\Absolute Poker\Absolute Poker.lnk (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (file missing)
O21 - SSODL: hstsys - {FB6EA168-BB1B-4DD8-96ED-E8BBB7DC02ED} - C:\WINDOWS\hstsys.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - Unknown owner - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files\PostgreSQL\8.3\data\ (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[Scaveng3]

ComboFix 10-02-08.09 - Honza 10.02.2010 21:18:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.260 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honza\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 100210-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\SystemDefender
c:\windows\dat.txt
c:\windows\nmcuninstall.exe
c:\windows\rs.txt
c:\windows\system32\Data
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SIntf16.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.

2010-02-07 11:27 . 2010-02-07 11:27 -------- d-----w- c:\program files\FireFly Studios
2010-01-15 14:23 . 2010-01-15 14:24 -------- d-----w- c:\program files\ParadisePoker

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 20:27 . 2009-09-20 12:49 -------- d-----w- c:\program files\ICQ6.5
2010-02-10 19:25 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-02-10 19:25 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-02-10 13:15 . 2008-08-03 15:12 -------- d-----w- c:\program files\Steam
2010-02-07 11:27 . 2007-10-11 16:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-29 12:12 . 2007-12-07 16:53 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-29 12:11 . 2007-12-07 16:53 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-27 15:08 . 2007-10-12 19:50 -------- d-----w- c:\program files\Warcraft III
2010-01-26 17:49 . 2009-04-18 11:26 -------- d-----w- c:\program files\PokerStars
2010-01-15 19:05 . 2009-05-21 18:32 -------- d-----w- c:\program files\Full Tilt Poker
2010-01-05 09:58 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-27 14:07 . 2009-12-27 14:07 -------- d-----w- c:\program files\Smallvideosoft
2009-12-26 08:40 . 2009-12-26 08:38 -------- d-----w- c:\program files\YouTube Video Downloader
2009-11-28 11:12 . 2009-11-28 11:12 227 ----a-w- c:\windows\PowerReg.dat
2009-11-21 16:46 . 2004-08-18 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-02-23 19:20 . 2009-02-23 19:20 31098648 ----a-w- c:\program files\setupcze.exe
2003-03-12 04:16 . 2008-02-10 10:32 307200 ----a-w- c:\program files\internet explorer\plugins\djvu0407.dll
2003-03-12 04:16 . 2008-02-10 10:32 303104 ----a-w- c:\program files\internet explorer\plugins\djvu0409.dll
2003-03-12 04:16 . 2008-02-10 10:32 311296 ----a-w- c:\program files\internet explorer\plugins\djvu040c.dll
2003-03-12 04:16 . 2008-02-10 10:32 299008 ----a-w- c:\program files\internet explorer\plugins\djvu0411.dll
2003-03-12 04:16 . 2008-02-10 10:32 303104 ----a-w- c:\program files\internet explorer\plugins\djvu0412.dll
2003-03-12 04:16 . 2008-02-10 10:32 290816 ----a-w- c:\program files\internet explorer\plugins\djvu0804.dll
2003-03-12 04:15 . 2008-02-10 10:32 122880 ----a-w- c:\program files\internet explorer\plugins\DjVuCntl.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-11-01 20:13 . 2009-11-01 20:13 80 --sh--r- c:\windows\system32\E65A0F17E1.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freeze700\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:port 6112
"6881:TCP"= 6881:TCP:port 6881
"6999:TCP"= 6999:TCP:port 6999
"57258:TCP"= 57258:TCP:utorrent

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13.4.2008 16:24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.4.2008 16:24 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [20.9.2009 13:51 222968]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.10.2007 20:27 685816]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19.9.2008 2:03 65536]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Honza\LOCALS~1\Temp\MFX453.tmp --> c:\docume~1\Honza\LOCALS~1\Temp\MFX453.tmp [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [7.5.2009 17:59 223128]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\affwvf8p.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
SSODL-hstsys-{FB6EA168-BB1B-4DD8-96ED-E8BBB7DC02ED} - c:\windows\hstsys.dll
Notify-LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AddRemove-MobMap_is1 - c:\program files\World of Warcaft\Interface\AddOns\MobMapUpdater\unins000.exe
AddRemove-eqoozelogo - c:\docume~1\Honza\DATAAP~1\AIMOKA~1\darttrayball.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 21:36
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Honza\LOCALS~1\Temp\MFX453.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-10 21:40:12
ComboFix-quarantined-files.txt 2010-02-10 20:40

Před spuštěním: Volných bajtů: 23 822 811 136
Po spuštění: Volných bajtů: 26 254 602 240

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - EC91BFBD1900C9AB3672407A4E499FA8

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\E65A0F17E1.dll
c:\docume~1\Honza\LOCALS~1\Temp\MFX453.tmp

Folder::
c:\program files\AskBarDis
c:\program files\Garena

Driver::
GarenaPEngine

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Scaveng3]

ok, udelal jsem to, tady je log

mimochodem ty ikony uz se prestaly prehazovat zda se me, ale internet je porad strasne pomalej...

ComboFix 10-02-08.09 - Honza 10.02.2010 22:10:16.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.179 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honza\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Honza\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 100210-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\system32\E65A0F17E1.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\00394188.bin
c:\program files\AskBarDis\bar\Cache\0039439B.bin
c:\program files\AskBarDis\bar\Cache\0039459F.bin
c:\program files\AskBarDis\bar\Cache\00394800.bin
c:\program files\AskBarDis\bar\Cache\00394987.bin
c:\program files\AskBarDis\bar\Cache\00D7A283
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\PopSwatter\History\notallow
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\Garena
c:\program files\Garena\AESocket.dll
c:\program files\Garena\area.xml
c:\program files\Garena\atl71.dll
c:\program files\Garena\avatar\2758743.gif
c:\program files\Garena\avatar\3143697.gif
c:\program files\Garena\avatar\3465842.gif
c:\program files\Garena\avatar\3493963.gif
c:\program files\Garena\avatar\5147445.gif
c:\program files\Garena\avatar\5310953.gif
c:\program files\Garena\avatar\5363923.gif
c:\program files\Garena\avatar\5704095.gif
c:\program files\Garena\avatar\5708418.gif
c:\program files\Garena\avatar\6281142.gif
c:\program files\Garena\avatar\7821309.gif
c:\program files\Garena\avatar\7857195.gif
c:\program files\Garena\avatar\8230077.gif
c:\program files\Garena\avatar\9318733.gif
c:\program files\Garena\avatar\boy.swf
c:\program files\Garena\avatar\boy_s.swf
c:\program files\Garena\avatar\girl.swf
c:\program files\Garena\avatar\girl_s.swf
c:\program files\Garena\avatar\unknown.swf
c:\program files\Garena\avatar\unknown_s.swf
c:\program files\Garena\Cache\1661665_s.swf
c:\program files\Garena\Cache\2676648.swf
c:\program files\Garena\Cache\2676648_s.swf
c:\program files\Garena\Cache\3410287.swf
c:\program files\Garena\Cache\3410287_s.swf
c:\program files\Garena\Cache\4828309.swf
c:\program files\Garena\Cache\4828309_s.swf
c:\program files\Garena\Cache\5870482.swf
c:\program files\Garena\Cache\5870482_s.swf
c:\program files\Garena\Cache\6488187_s.swf
c:\program files\Garena\Cache\6937433_s.swf
c:\program files\Garena\Cache\8347000.swf
c:\program files\Garena\Cache\8347000_s.swf
c:\program files\Garena\Cache\8920535_s.swf
c:\program files\Garena\Cache\9375515_s.swf
c:\program files\Garena\Cache\9648709.swf
c:\program files\Garena\Cache\9648709_s.swf
c:\program files\Garena\Clan\1.bmp
c:\program files\Garena\Clan\2.bmp
c:\program files\Garena\Clan\3.bmp
c:\program files\Garena\Clan\4.bmp
c:\program files\Garena\Clan\5.bmp
c:\program files\Garena\Clan\6.bmp
c:\program files\Garena\Clan\7.bmp
c:\program files\Garena\Clan\8.bmp
c:\program files\Garena\Clan\9.bmp
c:\program files\Garena\client.db
c:\program files\Garena\clients.dat
c:\program files\Garena\clients2.dat
c:\program files\Garena\CommonLib.dll
c:\program files\Garena\CONFIG.INI
c:\program files\Garena\config\bs.br.xml
c:\program files\Garena\config\bs.cn.xml
c:\program files\Garena\config\bs.en.xml
c:\program files\Garena\config\bs.id.xml
c:\program files\Garena\config\bs.pp.xml
c:\program files\Garena\config\bs.ru.xml
c:\program files\Garena\config\bs.sd.xml
c:\program files\Garena\config\bs.sp.xml
c:\program files\Garena\config\bs.th.xml
c:\program files\Garena\config\bs.tw.xml
c:\program files\Garena\config\bs.vn.xml
c:\program files\Garena\config\loccn.xml
c:\program files\Garena\config\locen.xml
c:\program files\Garena\config\lockr.xml
c:\program files\Garena\config\loctw.xml
c:\program files\Garena\config\locvn.xml
c:\program files\Garena\CrashReporter.exe
c:\program files\Garena\cs.db
c:\program files\Garena\CS15Hook.dll
c:\program files\Garena\DataConvert.exe
c:\program files\Garena\deps\vww.gzp
c:\program files\Garena\deps\webgame.gga
c:\program files\Garena\dlls\CTSys.dll
c:\program files\Garena\dlls\flags.dll
c:\program files\Garena\dlls\FPSHelper.dll
c:\program files\Garena\dlls\GFireMan.dll
c:\program files\Garena\dlls\IPvR.dll
c:\program files\Garena\dlls\PEngine.dll
c:\program files\Garena\dlls\PluginLanguage.dll
c:\program files\Garena\dlls\Sca.dll
c:\program files\Garena\dlls\WC3J.dll
c:\program files\Garena\downloads\GarenaSkin.dll
c:\program files\Garena\downloads\SkinMagicU.dll
c:\program files\Garena\EmoIcons.ini
c:\program files\Garena\EmoIcons\1.gif
c:\program files\Garena\EmoIcons\10.gif
c:\program files\Garena\EmoIcons\11.gif
c:\program files\Garena\EmoIcons\12.gif
c:\program files\Garena\EmoIcons\13.gif
c:\program files\Garena\EmoIcons\14.gif
c:\program files\Garena\EmoIcons\15.gif
c:\program files\Garena\EmoIcons\16.gif
c:\program files\Garena\EmoIcons\17.gif
c:\program files\Garena\EmoIcons\18.gif
c:\program files\Garena\EmoIcons\19.gif
c:\program files\Garena\EmoIcons\2.gif
c:\program files\Garena\EmoIcons\20.gif
c:\program files\Garena\EmoIcons\21.gif
c:\program files\Garena\EmoIcons\22.gif
c:\program files\Garena\EmoIcons\23.gif
c:\program files\Garena\EmoIcons\24.gif
c:\program files\Garena\EmoIcons\25.gif
c:\program files\Garena\EmoIcons\26.gif
c:\program files\Garena\EmoIcons\27.gif
c:\program files\Garena\EmoIcons\28.gif
c:\program files\Garena\EmoIcons\29.gif
c:\program files\Garena\EmoIcons\3.gif
c:\program files\Garena\EmoIcons\30.gif
c:\program files\Garena\EmoIcons\31.gif
c:\program files\Garena\EmoIcons\32.gif
c:\program files\Garena\EmoIcons\33.gif
c:\program files\Garena\EmoIcons\34.gif
c:\program files\Garena\EmoIcons\35.gif
c:\program files\Garena\EmoIcons\36.gif
c:\program files\Garena\EmoIcons\37.gif
c:\program files\Garena\EmoIcons\38.gif
c:\program files\Garena\EmoIcons\39.gif
c:\program files\Garena\EmoIcons\4.gif
c:\program files\Garena\EmoIcons\40.gif
c:\program files\Garena\EmoIcons\41.gif
c:\program files\Garena\EmoIcons\42.gif
c:\program files\Garena\EmoIcons\43.gif
c:\program files\Garena\EmoIcons\44.gif
c:\program files\Garena\EmoIcons\45.gif
c:\program files\Garena\EmoIcons\46.gif
c:\program files\Garena\EmoIcons\47.gif
c:\program files\Garena\EmoIcons\48.gif
c:\program files\Garena\EmoIcons\49.gif
c:\program files\Garena\EmoIcons\5.gif
c:\program files\Garena\EmoIcons\50.gif
c:\program files\Garena\EmoIcons\51.gif
c:\program files\Garena\EmoIcons\52.gif
c:\program files\Garena\EmoIcons\53.gif
c:\program files\Garena\EmoIcons\54.gif
c:\program files\Garena\EmoIcons\6.gif
c:\program files\Garena\EmoIcons\7.gif
c:\program files\Garena\EmoIcons\8.gif
c:\program files\Garena\EmoIcons\9.gif
c:\program files\Garena\EmoIcons\EmoIcons.ini
c:\program files\Garena\face\1.bmp
c:\program files\Garena\face\1_m.bmp
c:\program files\Garena\face\10.bmp
c:\program files\Garena\face\10_m.bmp
c:\program files\Garena\face\11.bmp
c:\program files\Garena\face\11_m.bmp
c:\program files\Garena\face\12.bmp
c:\program files\Garena\face\12_m.bmp
c:\program files\Garena\face\13.bmp
c:\program files\Garena\face\13_m.bmp
c:\program files\Garena\face\14.bmp
c:\program files\Garena\face\14_m.bmp
c:\program files\Garena\face\15.bmp
c:\program files\Garena\face\15_m.bmp
c:\program files\Garena\face\16.bmp
c:\program files\Garena\face\16_m.bmp
c:\program files\Garena\face\17.bmp
c:\program files\Garena\face\17_m.bmp
c:\program files\Garena\face\18.bmp
c:\program files\Garena\face\18_m.bmp
c:\program files\Garena\face\19.bmp
c:\program files\Garena\face\19_m.bmp
c:\program files\Garena\face\2.bmp
c:\program files\Garena\face\2_m.bmp
c:\program files\Garena\face\20.bmp
c:\program files\Garena\face\20_m.bmp
c:\program files\Garena\face\21.bmp
c:\program files\Garena\face\21_m.bmp
c:\program files\Garena\face\22.bmp
c:\program files\Garena\face\22_m.bmp
c:\program files\Garena\face\23.bmp
c:\program files\Garena\face\23_m.bmp
c:\program files\Garena\face\24.bmp
c:\program files\Garena\face\24_m.bmp
c:\program files\Garena\face\3.bmp
c:\program files\Garena\face\3_m.bmp
c:\program files\Garena\face\4.bmp
c:\program files\Garena\face\4_m.bmp
c:\program files\Garena\face\5.bmp
c:\program files\Garena\face\5_m.bmp
c:\program files\Garena\face\6.bmp
c:\program files\Garena\face\6_m.bmp
c:\program files\Garena\face\7.bmp
c:\program files\Garena\face\7_m.bmp
c:\program files\Garena\face\8.bmp
c:\program files\Garena\face\8_m.bmp
c:\program files\Garena\face\9.bmp
c:\program files\Garena\face\9_m.bmp
c:\program files\Garena\face\face.ini
c:\program files\Garena\files\files.ggz
c:\program files\Garena\FPSHook.dll
c:\program files\Garena\Gamecn.dat
c:\program files\Garena\GameConfig.xml
c:\program files\Garena\Gameen.dat
c:\program files\Garena\games.xml
c:\program files\Garena\Gametw.dat
c:\program files\Garena\Gamevn.dat
c:\program files\Garena\Garena.exe
c:\program files\Garena\Garena.RPT
c:\program files\Garena\GarenaSkin.dll
c:\program files\Garena\GarenaSkin1.dll
c:\program files\Garena\GarenaTV.xml
c:\program files\Garena\GarenaTV\0.bmp
c:\program files\Garena\GarenaTV\1.bmp
c:\program files\Garena\GarenaTV\2.bmp
c:\program files\Garena\GarenaTV\3.bmp
c:\program files\Garena\GarenaTV\4.bmp
c:\program files\Garena\GarenaTV\5.bmp
c:\program files\Garena\GarenaTV\6.bmp
c:\program files\Garena\GarenaTV\cn.ggz
c:\program files\Garena\GarenaTV\cn_s.ggz
c:\program files\Garena\GarenaTV\en.ggz
c:\program files\Garena\GarenaTV\en_s.ggz
c:\program files\Garena\GarenaTV\id_s.ggz
c:\program files\Garena\GarenaTV\tw.ggz
c:\program files\Garena\GarenaTV\tw_s.ggz
c:\program files\Garena\GarenaTV_UI.dll
c:\program files\Garena\GarenaTVHook.dll
c:\program files\Garena\gfilter.dll
c:\program files\Garena\GGclient.exe
c:\program files\Garena\GGclient.exe.manifest
c:\program files\Garena\GGICON.ico
c:\program files\Garena\ggLoader.dll
c:\program files\Garena\ggsocket.dll
c:\program files\Garena\GGTV Skin\GG-Gaming.bmp
c:\program files\Garena\GGTV Skin\GGTVrecorder.bmp
c:\program files\Garena\GGTV Skin\incup.bmp
c:\program files\Garena\GGTV Skin\nglone.bmp
c:\program files\Garena\GGTV Skin\other tournaments.bmp
c:\program files\Garena\GGTV Skin\replays.net.bmp
c:\program files\Garena\GGTV Skin\TCG.bmp
c:\program files\Garena\GGTV Skin\wc3l.bmp
c:\program files\Garena\GGTV.INI
c:\program files\Garena\GGTVHook.dll
c:\program files\Garena\Gn.ggz
c:\program files\Garena\gs.dat
c:\program files\Garena\hc.xml
c:\program files\Garena\ImageOle.dll
c:\program files\Garena\Inject.dll
c:\program files\Garena\ipc.dll
c:\program files\Garena\L4DSocket.dll
c:\program files\Garena\Ladder\GGCMPQ.zip
c:\program files\Garena\Ladder\TFT.xml
c:\program files\Garena\Ladder\TFT.zip
c:\program files\Garena\Ladder\TFTMap.zip
c:\program files\Garena\langs.xml
c:\program files\Garena\Languages\FPSGame.dll.cn
c:\program files\Garena\Languages\FPSGame.dll.en
c:\program files\Garena\Languages\FPSGame.dll.tw
c:\program files\Garena\Languages\Garena.exe.br
c:\program files\Garena\Languages\Garena.exe.br.ggz
c:\program files\Garena\Languages\Garena.exe.cn
c:\program files\Garena\Languages\Garena.exe.cn.ggz
c:\program files\Garena\Languages\Garena.exe.en
c:\program files\Garena\Languages\Garena.exe.id
c:\program files\Garena\Languages\Garena.exe.pp
c:\program files\Garena\Languages\Garena.exe.ru
c:\program files\Garena\Languages\Garena.exe.ru.ggz
c:\program files\Garena\Languages\Garena.exe.sd
c:\program files\Garena\Languages\Garena.exe.sp
c:\program files\Garena\Languages\Garena.exe.sp.ggz
c:\program files\Garena\Languages\Garena.exe.th
c:\program files\Garena\Languages\Garena.exe.th.ggz
c:\program files\Garena\Languages\Garena.exe.tw
c:\program files\Garena\Languages\Garena.exe.tw.ggz
c:\program files\Garena\Languages\Garena.exe.vn
c:\program files\Garena\Languages\Garena.exe.vn.ggz
c:\program files\Garena\Languages\GarenaTV_UI.dll.cn
c:\program files\Garena\Languages\GarenaTV_UI.dll.en
c:\program files\Garena\Languages\GarenaTV_UI.dll.id
c:\program files\Garena\Languages\GarenaTV_UI.dll.tw
c:\program files\Garena\Languages\GGclient.exe.br
c:\program files\Garena\Languages\GGclient.exe.br.ggz
c:\program files\Garena\Languages\GGclient.exe.cn
c:\program files\Garena\Languages\GGclient.exe.cn.ggz
c:\program files\Garena\Languages\GGclient.exe.ru
c:\program files\Garena\Languages\GGclient.exe.ru.ggz
c:\program files\Garena\Languages\GGclient.exe.sp
c:\program files\Garena\Languages\GGclient.exe.sp.ggz
c:\program files\Garena\Languages\GGclient.exe.th
c:\program files\Garena\Languages\GGclient.exe.th.ggz
c:\program files\Garena\Languages\GGclient.exe.tw
c:\program files\Garena\Languages\GGclient.exe.tw.ggz
c:\program files\Garena\Languages\GGclient.exe.vn
c:\program files\Garena\Languages\GGclient.exe.vn.ggz
c:\program files\Garena\Languages\languages.glf
c:\program files\Garena\Languages\update.exe.cn
c:\program files\Garena\Languages\update.exe.en
c:\program files\Garena\Languages\update.exe.tw
c:\program files\Garena\Languages\update2.exe.cn
c:\program files\Garena\Languages\update2.exe.tw
c:\program files\Garena\Languages\WC3Ass.dll.cn
c:\program files\Garena\Languages\WC3Ass.dll.en
c:\program files\Garena\Languages\WC3Ass.dll.tw
c:\program files\Garena\Languages\WC3Ass.dll.vn
c:\program files\Garena\Languages\WC3Ladder.dll.cn
c:\program files\Garena\Languages\WC3Ladder.dll.en
c:\program files\Garena\Languages\WC3Ladder.dll.tw
c:\program files\Garena\layout\BlackShotView.layout
c:\program files\Garena\layout\layout.ggz
c:\program files\Garena\league.db
c:\program files\Garena\leagueCN.db
c:\program files\Garena\leagueEN.db
c:\program files\Garena\leagues.xml
c:\program files\Garena\leagueTW.db
c:\program files\Garena\lib\BlackShot.dll
c:\program files\Garena\lib\common\Language.dll
c:\program files\Garena\lib\exchndl.dll
c:\program files\Garena\lib\GarenaRoomSystem.dll
c:\program files\Garena\lib\GarenaWebService.dll
c:\program files\Garena\lib\HttpLayer.dll
c:\program files\Garena\lib\Language.dll
c:\program files\Garena\lib\Layout.dll
c:\program files\Garena\lib\LibPlugin.ggz
c:\program files\Garena\lib\LoadSwf.dll
c:\program files\Garena\lib\MessagePumpLib.dll
c:\program files\Garena\lib\NetworkLayer.dll
c:\program files\Garena\lib\PKCS.dll
c:\program files\Garena\lib\RSA.dll
c:\program files\Garena\lib\WebCache.dll
c:\program files\Garena\mdata.ggz
c:\program files\Garena\mfc80u.dll
c:\program files\Garena\Microsoft.VC80.CRT.manifest
c:\program files\Garena\Microsoft.VC80.MFC.manifest
c:\program files\Garena\msvcp80.dll
c:\program files\Garena\msvcr80.dll
c:\program files\Garena\PluginKernel.dll
c:\program files\Garena\plugins\Game\GarenaTVRecorder.dll
c:\program files\Garena\plugins\Game\WC3Ass.dll
c:\program files\Garena\plugins\Game\WC3Ladder.dll
c:\program files\Garena\plugins\Game\WC3VC.dll
c:\program files\Garena\plugins\MPQWriter.dll
c:\program files\Garena\plugins\Plugins.ggz
c:\program files\Garena\plugins\UI\AdPlugin.dll
c:\program files\Garena\plugins\UI\AdPlugin\close_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\close_rollover.bmp
c:\program files\Garena\plugins\UI\AdPlugin\down_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\down_rollover.bmp
c:\program files\Garena\plugins\UI\AdPlugin\skinmsn.bmp
c:\program files\Garena\plugins\UI\AdPlugin\up_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\up_rollover.bmp
c:\program files\Garena\plugins\UI\AvoidCrackPlugin.dll
c:\program files\Garena\plugins\UI\BlackShotPlugin.dll
c:\program files\Garena\plugins\UI\CafeLogin.dll
c:\program files\Garena\plugins\UI\FavListUIPlugin.dll
c:\program files\Garena\plugins\UI\FPSGame.dll
c:\program files\Garena\plugins\UI\GarenaTV.dll
c:\program files\Garena\plugins\UI\GarenaTVRecUI.dll
c:\program files\Garena\plugins\UI\GEngine.dll
c:\program files\Garena\plugins\UI\Chenyx.dll
c:\program files\Garena\plugins\UI\ManagePlugin.dll
c:\program files\Garena\plugins\UI\StatPlugin.dll
c:\program files\Garena\plugins\UI\ViwawaPlugin.dll
c:\program files\Garena\plugins\UI\WebGameUI.dll
c:\program files\Garena\plugins\UI\zDep.dll
c:\program files\Garena\plugins\UI\zzzPlugin.dll
c:\program files\Garena\plugins\WelcomePlugin.dll
c:\program files\Garena\proxy.dll
c:\program files\Garena\RecConfig.xml
c:\program files\Garena\roomCN.dat
c:\program files\Garena\roomEN.dat
c:\program files\Garena\roomsCN.db
c:\program files\Garena\roomsEN.db
c:\program files\Garena\roomsTW.db
c:\program files\Garena\roomTW.dat
c:\program files\Garena\server.xml
c:\program files\Garena\servers.ini
c:\program files\Garena\shop\items\1.gif
c:\program files\Garena\shop\items\100.gif
c:\program files\Garena\shop\items\105.gif
c:\program files\Garena\shop\items\150.gif
c:\program files\Garena\shop\items\151.gif
c:\program files\Garena\shop\items\2.gif
c:\program files\Garena\shop\items\200.gif
c:\program files\Garena\shop\items\201.gif
c:\program files\Garena\shop\items\202.gif
c:\program files\Garena\shop\items\203.gif
c:\program files\Garena\shop\items\204.gif
c:\program files\Garena\shop\items\205.gif
c:\program files\Garena\shop\items\206.gif
c:\program files\Garena\shop\items\21.gif
c:\program files\Garena\shop\items\22.gif
c:\program files\Garena\shop\items\23.gif
c:\program files\Garena\shop\items\24.gif
c:\program files\Garena\shop\items\3.gif
c:\program files\Garena\shop\items\300.gif
c:\program files\Garena\shop\items\301.gif
c:\program files\Garena\shop\items\302.gif
c:\program files\Garena\shop\items\303.gif
c:\program files\Garena\shop\items\304.gif
c:\program files\Garena\shop\items\305.gif
c:\program files\Garena\shop\items\306.gif
c:\program files\Garena\shop\items\307.gif
c:\program files\Garena\shop\items\308.gif
c:\program files\Garena\shop\items\309.gif
c:\program files\Garena\shop\items\310.gif
c:\program files\Garena\shop\items\311.gif
c:\program files\Garena\shop\items\312.gif
c:\program files\Garena\shop\items\313.gif
c:\program files\Garena\shop\items\4.gif
c:\program files\Garena\shop\items\40.gif
c:\program files\Garena\shop\items\60.gif
c:\program files\Garena\shop\items\61.gif
c:\program files\Garena\shop\items\62.gif
c:\program files\Garena\shop\items\63.gif
c:\program files\Garena\shop\items\64.gif
c:\program files\Garena\shop\items\65.gif
c:\program files\Garena\shop\items\66.gif
c:\program files\Garena\shop\items\67.gif
c:\program files\Garena\shop\items\68.gif
c:\program files\Garena\shop\items\69.gif
c:\program files\Garena\shop\items\70.gif
c:\program files\Garena\shop\items\8.gif
c:\program files\Garena\Skin\back.bmp
c:\program files\Garena\Skin\ban.bmp
c:\program files\Garena\Skin\Flags\-.gif
c:\program files\Garena\Skin\Flags\ad.gif
c:\program files\Garena\Skin\Flags\ae.gif
c:\program files\Garena\Skin\Flags\af.gif
c:\program files\Garena\Skin\Flags\ag.gif
c:\program files\Garena\Skin\Flags\ai.gif
c:\program files\Garena\Skin\Flags\al.gif
c:\program files\Garena\Skin\Flags\am.gif
c:\program files\Garena\Skin\Flags\an.gif
c:\program files\Garena\Skin\Flags\ao.gif
c:\program files\Garena\Skin\Flags\aq.gif
c:\program files\Garena\Skin\Flags\ar.gif
c:\program files\Garena\Skin\Flags\as.gif
c:\program files\Garena\Skin\Flags\at.gif
c:\program files\Garena\Skin\Flags\au.gif
c:\program files\Garena\Skin\Flags\aw.gif
c:\program files\Garena\Skin\Flags\az.gif
c:\program files\Garena\Skin\Flags\ba.gif
c:\program files\Garena\Skin\Flags\bb.gif
c:\program files\Garena\Skin\Flags\bd.gif
c:\program files\Garena\Skin\Flags\be.gif
c:\program files\Garena\Skin\Flags\bf.gif
c:\program files\Garena\Skin\Flags\bg.gif
c:\program files\Garena\Skin\Flags\bh.gif
c:\program files\Garena\Skin\Flags\bi.gif
c:\program files\Garena\Skin\Flags\bj.gif
c:\program files\Garena\Skin\Flags\bm.gif
c:\program files\Garena\Skin\Flags\bn.gif
c:\program files\Garena\Skin\Flags\bo.gif
c:\program files\Garena\Skin\Flags\br.gif
c:\program files\Garena\Skin\Flags\bs.gif
c:\program files\Garena\Skin\Flags\bt.gif
c:\program files\Garena\Skin\Flags\bv.gif
c:\program files\Garena\Skin\Flags\bw.gif
c:\program files\Garena\Skin\Flags\by.gif
c:\program files\Garena\Skin\Flags\bz.gif
c:\program files\Garena\Skin\Flags\ca.gif
c:\program files\Garena\Skin\Flags\cd.gif
c:\program files\Garena\Skin\Flags\cf.gif
c:\program files\Garena\Skin\Flags\cg.gif
c:\program files\Garena\Skin\Flags\ci.gif
c:\program files\Garena\Skin\Flags\ck.gif
c:\program files\Garena\Skin\Flags\cl.gif
c:\program files\Garena\Skin\Flags\cm.gif
c:\program files\Garena\Skin\Flags\cn.gif
c:\program files\Garena\Skin\Flags\co.gif
c:\program files\Garena\Skin\Flags\country.dat
c:\program files\Garena\Skin\Flags\cr.gif
c:\program files\Garena\Skin\Flags\cu.gif
c:\program files\Garena\Skin\Flags\cv.gif
c:\program files\Garena\Skin\Flags\cy.gif
c:\program files\Garena\Skin\Flags\cz.gif
c:\program files\Garena\Skin\Flags\de.gif
c:\program files\Garena\Skin\Flags\dj.gif
c:\program files\Garena\Skin\Flags\dk.gif
c:\program files\Garena\Skin\Flags\dm.gif
c:\program files\Garena\Skin\Flags\do.gif
c:\program files\Garena\Skin\Flags\dz.gif
c:\program files\Garena\Skin\Flags\ec.gif
c:\program files\Garena\Skin\Flags\ee.gif
c:\program files\Garena\Skin\Flags\eg.gif
c:\program files\Garena\Skin\Flags\er.gif
c:\program files\Garena\Skin\Flags\es.gif
c:\program files\Garena\Skin\Flags\et.gif
c:\program files\Garena\Skin\Flags\eu.gif
c:\program files\Garena\Skin\Flags\fi.gif
c:\program files\Garena\Skin\Flags\fj.gif
c:\program files\Garena\Skin\Flags\fk.gif
c:\program files\Garena\Skin\Flags\fm.gif
c:\program files\Garena\Skin\Flags\fo.gif
c:\program files\Garena\Skin\Flags\fr.gif
c:\program files\Garena\Skin\Flags\fx.gif
c:\program files\Garena\Skin\Flags\ga.gif
c:\program files\Garena\Skin\Flags\gb.gif
c:\program files\Garena\Skin\Flags\gd.gif
c:\program files\Garena\Skin\Flags\ge.gif
c:\program files\Garena\Skin\Flags\gh.gif
c:\program files\Garena\Skin\Flags\gi.gif
c:\program files\Garena\Skin\Flags\gl.gif
c:\program files\Garena\Skin\Flags\gm.gif
c:\program files\Garena\Skin\Flags\gn.gif
c:\program files\Garena\Skin\Flags\gp.gif
c:\program files\Garena\Skin\Flags\gq.gif
c:\program files\Garena\Skin\Flags\gr.gif
c:\program files\Garena\Skin\Flags\gt.gif
c:\program files\Garena\Skin\Flags\gu.gif
c:\program files\Garena\Skin\Flags\gw.gif
c:\program files\Garena\Skin\Flags\gy.gif
c:\program files\Garena\Skin\Flags\hk.gif
c:\program files\Garena\Skin\Flags\hm.gif
c:\program files\Garena\Skin\Flags\hn.gif
c:\program files\Garena\Skin\Flags\hr.gif
c:\program files\Garena\Skin\Flags\ht.gif
c:\program files\Garena\Skin\Flags\hu.gif
c:\program files\Garena\Skin\Flags\ch.gif
c:\program files\Garena\Skin\Flags\id.gif
c:\program files\Garena\Skin\Flags\ie.gif
c:\program files\Garena\Skin\Flags\il.gif
c:\program files\Garena\Skin\Flags\im.gif
c:\program files\Garena\Skin\Flags\in.gif
c:\program files\Garena\Skin\Flags\io.gif
c:\program files\Garena\Skin\Flags\iq.gif
c:\program files\Garena\Skin\Flags\ir.gif
c:\program files\Garena\Skin\Flags\is.gif
c:\program files\Garena\Skin\Flags\it.gif
c:\program files\Garena\Skin\Flags\je.gif
c:\program files\Garena\Skin\Flags\jm.gif
c:\program files\Garena\Skin\Flags\jo.gif
c:\program files\Garena\Skin\Flags\jp.gif
c:\program files\Garena\Skin\Flags\ke.gif
c:\program files\Garena\Skin\Flags\kg.gif
c:\program files\Garena\Skin\Flags\kh.gif
c:\program files\Garena\Skin\Flags\ki.gif
c:\program files\Garena\Skin\Flags\km.gif
c:\program files\Garena\Skin\Flags\kn.gif
c:\program files\Garena\Skin\Flags\kp.gif
c:\program files\Garena\Skin\Flags\kr.gif
c:\program files\Garena\Skin\Flags\kw.gif
c:\program files\Garena\Skin\Flags\ky.gif
c:\program files\Garena\Skin\Flags\kz.gif
c:\program files\Garena\Skin\Flags\la.gif
c:\program files\Garena\Skin\Flags\lb.gif
c:\program files\Garena\Skin\Flags\lc.gif
c:\program files\Garena\Skin\Flags\li.gif
c:\program files\Garena\Skin\Flags\lk.gif
c:\program files\Garena\Skin\Flags\lr.gif
c:\program files\Garena\Skin\Flags\ls.gif
c:\program files\Garena\Skin\Flags\lt.gif
c:\program files\Garena\Skin\Flags\lu.gif
c:\program files\Garena\Skin\Flags\lv.gif
c:\program files\Garena\Skin\Flags\ly.gif
c:\program files\Garena\Skin\Flags\ma.gif
c:\program files\Garena\Skin\Flags\mc.gif
c:\program files\Garena\Skin\Flags\md.gif
c:\program files\Garena\Skin\Flags\me.gif
c:\program files\Garena\Skin\Flags\mg.gif
c:\program files\Garena\Skin\Flags\mh.gif
c:\program files\Garena\Skin\Flags\mk.gif
c:\program files\Garena\Skin\Flags\ml.gif
c:\program files\Garena\Skin\Flags\mm.gif
c:\program files\Garena\Skin\Flags\mn.gif
c:\program files\Garena\Skin\Flags\mo.gif
c:\program files\Garena\Skin\Flags\mp.gif
c:\program files\Garena\Skin\Flags\mq.gif
c:\program files\Garena\Skin\Flags\mr.gif
c:\program files\Garena\Skin\Flags\ms.gif
c:\program files\Garena\Skin\Flags\mt.gif
c:\program files\Garena\Skin\Flags\mu.gif
c:\program files\Garena\Skin\Flags\mv.gif
c:\program files\Garena\Skin\Flags\mw.gif
c:\program files\Garena\Skin\Flags\mx.gif
c:\program files\Garena\Skin\Flags\my.gif
c:\program files\Garena\Skin\Flags\mz.gif
c:\program files\Garena\Skin\Flags\na.gif
c:\program files\Garena\Skin\Flags\nc.gif
c:\program files\Garena\Skin\Flags\ne.gif
c:\program files\Garena\Skin\Flags\nf.gif
c:\program files\Garena\Skin\Flags\ng.gif
c:\program files\Garena\Skin\Flags\ni.gif
c:\program files\Garena\Skin\Flags\nl.gif
c:\program files\Garena\Skin\Flags\no.gif
c:\program files\Garena\Skin\Flags\np.gif
c:\program files\Garena\Skin\Flags\nr.gif
c:\program files\Garena\Skin\Flags\nz.gif
c:\program files\Garena\Skin\Flags\om.gif
c:\program files\Garena\Skin\Flags\pa.gif
c:\program files\Garena\Skin\Flags\pe.gif
c:\program files\Garena\Skin\Flags\pf.gif
c:\program files\Garena\Skin\Flags\pg.gif
c:\program files\Garena\Skin\Flags\ph.gif
c:\program files\Garena\Skin\Flags\pk.gif
c:\program files\Garena\Skin\Flags\pl.gif
c:\program files\Garena\Skin\Flags\pm.gif
c:\program files\Garena\Skin\Flags\pr.gif
c:\program files\Garena\Skin\Flags\ps.gif
c:\program files\Garena\Skin\Flags\pt.gif
c:\program files\Garena\Skin\Flags\pw.gif
c:\program files\Garena\Skin\Flags\py.gif
c:\program files\Garena\Skin\Flags\qa.gif
c:\program files\Garena\Skin\Flags\re.gif
c:\program files\Garena\Skin\Flags\ro.gif
c:\program files\Garena\Skin\Flags\rs.gif
c:\program files\Garena\Skin\Flags\ru.gif
c:\program files\Garena\Skin\Flags\rw.gif
c:\program files\Garena\Skin\Flags\sa.gif
c:\program files\Garena\Skin\Flags\sb.gif
c:\program files\Garena\Skin\Flags\sc.gif
c:\program files\Garena\Skin\Flags\sd.gif
c:\program files\Garena\Skin\Flags\se.gif
c:\program files\Garena\Skin\Flags\sg.gif
c:\program files\Garena\Skin\Flags\si.gif
c:\program files\Garena\Skin\Flags\sk.gif
c:\program files\Garena\Skin\Flags\sl.gif
c:\program files\Garena\Skin\Flags\sm.gif
c:\program files\Garena\Skin\Flags\sn.gif
c:\program files\Garena\Skin\Flags\so.gif
c:\program files\Garena\Skin\Flags\sr.gif
c:\program files\Garena\Skin\Flags\st.gif
c:\program files\Garena\Skin\Flags\sv.gif
c:\program files\Garena\Skin\Flags\sy.gif
c:\program files\Garena\Skin\Flags\sz.gif
c:\program files\Garena\Skin\Flags\tc.gif
c:\program files\Garena\Skin\Flags\td.gif
c:\program files\Garena\Skin\Flags\tf.gif
c:\program files\Garena\Skin\Flags\tg.gif
c:\program files\Garena\Skin\Flags\th.gif
c:\program files\Garena\Skin\Flags\tj.gif
c:\program files\Garena\Skin\Flags\tm.gif
c:\program files\Garena\Skin\Flags\tn.gif
c:\program files\Garena\Skin\Flags\to.gif
c:\program files\Garena\Skin\Flags\tp.gif
c:\program files\Garena\Skin\Flags\tr.gif
c:\program files\Garena\Skin\Flags\tt.gif
c:\program files\Garena\Skin\Flags\tv.gif
c:\program files\Garena\Skin\Flags\tw.gif
c:\program files\Garena\Skin\Flags\tz.gif
c:\program files\Garena\Skin\Flags\ua.gif
c:\program files\Garena\Skin\Flags\ug.gif
c:\program files\Garena\Skin\Flags\uk.gif
c:\program files\Garena\Skin\Flags\um.gif
c:\program files\Garena\Skin\Flags\us.gif
c:\program files\Garena\Skin\Flags\uy.gif
c:\program files\Garena\Skin\Flags\uz.gif
c:\program files\Garena\Skin\Flags\va.gif
c:\program files\Garena\Skin\Flags\vc.gif
c:\program files\Garena\Skin\Flags\ve.gif
c:\program files\Garena\Skin\Flags\vg.gif
c:\program files\Garena\Skin\Flags\vi.gif
c:\program files\Garena\Skin\Flags\vn.gif
c:\program files\Garena\Skin\Flags\vu.gif
c:\program files\Garena\Skin\Flags\ws.gif
c:\program files\Garena\Skin\Flags\ye.gif
c:\program files\Garena\Skin\Flags\yu.gif
c:\program files\Garena\Skin\Flags\za.gif
c:\program files\Garena\Skin\Flags\zm.gif
c:\program files\Garena\Skin\Flags\zr.gif
c:\program files\Garena\Skin\Flags\zw.gif
c:\program files\Garena\Skin\folder.bmp
c:\program files\Garena\Skin\folder_light.bmp
c:\program files\Garena\Skin\folder_pressed.bmp
c:\program files\Garena\Skin\garenatv.ggz
c:\program files\Garena\Skin\gg.smf
c:\program files\Garena\Skin\GG_design.smf
c:\program files\Garena\Skin\Logo.bmp
c:\program files\Garena\Skin\mail.bmp
c:\program files\Garena\Skin\outbar_lab.bmp
c:\program files\Garena\Skin\radar.gif
c:\program files\Garena\Skin\scrolldown.bmp
c:\program files\Garena\Skin\scrolldown_pressed.bmp
c:\program files\Garena\Skin\scrollup.bmp
c:\program files\Garena\Skin\scrollup_pressed.bmp
c:\program files\Garena\Skin\server.xml
c:\program files\Garena\Skin\Skin.ggz
c:\program files\Garena\Skin\skin.ini
c:\program files\Garena\Skin\Skin.xml
c:\program files\Garena\Skin\splitter_h.bmp
c:\program files\Garena\Skin\splitter_v.bmp
c:\program files\Garena\skin_bs\garenatv.ggz
c:\program files\Garena\skin_bs\Skin.ggz
c:\program files\Garena\SkinMagicU.dll
c:\program files\Garena\Skins.xml
c:\program files\Garena\SocketHook.dll
c:\program files\Garena\sound\folder.wav
c:\program files\Garena\sound\game.wav
c:\program files\Garena\sound\msg.wav
c:\program files\Garena\sound\nudge.wav
c:\program files\Garena\sound\quit.wav
c:\program files\Garena\sound\ring.wav
c:\program files\Garena\sound\sysmsg.wav
c:\program files\Garena\source.xml
c:\program files\Garena\sporder.dll
c:\program files\Garena\SQLITE.DLL
c:\program files\Garena\sqlite3.dll
c:\program files\Garena\support.url
c:\program files\Garena\update.dat
c:\program files\Garena\Update.exe
c:\program files\Garena\update.xml
c:\program files\Garena\update2.exe
c:\program files\Garena\user.xml
c:\program files\Garena\user\2758743\1.u
c:\program files\Garena\user\2758743\ban.dat
c:\program files\Garena\user\2758743\banlist.db
c:\program files\Garena\user\2758743\buddy.db
c:\program files\Garena\user\2758743\category.db
c:\program files\Garena\user\2758743\data.dat
c:\program files\Garena\user\2758743\fps.dat
c:\program files\Garena\user\2758743\message.db
c:\program files\Garena\user\2758743\recent.txt
c:\program files\Garena\user\2758743\system.xml
c:\program files\Garena\user\2758743\usersetting.ini
c:\program files\Garena\user\5310953\ban.dat
c:\program files\Garena\user\5310953\data.dat
c:\program files\Garena\user\5310953\fps.dat
c:\program files\Garena\user\5310953\recent.txt
c:\program files\Garena\viwawa.cn.xml
c:\program files\Garena\viwawa.en.xml
c:\program files\Garena\viwawa.tw.xml
c:\program files\Garena\War3Hook.dll
c:\program files\Garena\web\1.cn.html
c:\program files\Garena\web\1.en.html
c:\program files\Garena\web\1.tw.html
c:\program files\Garena\web\2.cn.html
c:\program files\Garena\web\2.en.html
c:\program files\Garena\web\2.tw.html
c:\program files\Garena\web\3.cn.html
c:\program files\Garena\web\3.en.html
c:\program files\Garena\web\3.tw.html
c:\program files\Garena\web\6.cn.html
c:\program files\Garena\web\6.en.html
c:\program files\Garena\web\6.tw.html
c:\program files\Garena\web\cache\Freesky\css\foemb_2.css
c:\program files\Garena\web\cache\Freesky\img\do_bg2.jpg
c:\program files\Garena\web\cache\Freesky\img\do_btn.jpg
c:\program files\Garena\web\cache\Freesky\img\ggbackground.jpg
c:\program files\Garena\web\cache\RUpoker\css\pokerembed.css
c:\program files\Garena\web\cache\RUpoker\img\bg.jpg
c:\program files\Garena\web\cache\RUpoker\img\btn.jpg
c:\program files\Garena\web\cache\RUpoker\img\ggbackground.jpg
c:\program files\Garena\web\embed_game.jpg
c:\program files\Garena\web\embed_game_cn.jpg
c:\program files\Garena\web\embed_game_tw.jpg
c:\program files\Garena\web\embed_garenafire_ZH.jpg
c:\program files\Garena\web\embed_gfire.jpg
c:\program files\Garena\web\gfire.cn.html
c:\program files\Garena\web\gfire.en.html
c:\program files\Garena\web\gfire.tw.html
c:\program files\Garena\web\ggbackground.jpg
c:\program files\Garena\web\loading.gif
c:\program files\Garena\web\loading.html
c:\program files\Garena\YYFileSystem.dll
c:\windows\system32\E65A0F17E1.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.

2010-02-07 11:27 . 2010-02-07 11:27 -------- d-----w- c:\program files\FireFly Studios
2010-01-15 14:23 . 2010-01-15 14:24 -------- d-----w- c:\program files\ParadisePoker

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 21:23 . 2008-08-03 15:12 -------- d-----w- c:\program files\Steam
2010-02-10 20:41 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-02-10 20:41 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-02-10 20:27 . 2009-09-20 12:49 -------- d-----w- c:\program files\ICQ6.5
2010-02-07 11:27 . 2007-10-11 16:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-29 12:12 . 2007-12-07 16:53 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-29 12:11 . 2007-12-07 16:53 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-27 15:08 . 2007-10-12 19:50 -------- d-----w- c:\program files\Warcraft III
2010-01-26 17:49 . 2009-04-18 11:26 -------- d-----w- c:\program files\PokerStars
2010-01-15 19:05 . 2009-05-21 18:32 -------- d-----w- c:\program files\Full Tilt Poker
2010-01-05 09:58 . 2004-08-18 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-27 14:07 . 2009-12-27 14:07 -------- d-----w- c:\program files\Smallvideosoft
2009-12-26 08:40 . 2009-12-26 08:38 -------- d-----w- c:\program files\YouTube Video Downloader
2009-11-28 11:12 . 2009-11-28 11:12 227 ----a-w- c:\windows\PowerReg.dat
2009-11-21 16:46 . 2004-08-18 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-02-23 19:20 . 2009-02-23 19:20 31098648 ----a-w- c:\program files\setupcze.exe
2003-03-12 04:16 . 2008-02-10 10:32 307200 ----a-w- c:\program files\internet explorer\plugins\djvu0407.dll
2003-03-12 04:16 . 2008-02-10 10:32 303104 ----a-w- c:\program files\internet explorer\plugins\djvu0409.dll
2003-03-12 04:16 . 2008-02-10 10:32 311296 ----a-w- c:\program files\internet explorer\plugins\djvu040c.dll
2003-03-12 04:16 . 2008-02-10 10:32 299008 ----a-w- c:\program files\internet explorer\plugins\djvu0411.dll
2003-03-12 04:16 . 2008-02-10 10:32 303104 ----a-w- c:\program files\internet explorer\plugins\djvu0412.dll
2003-03-12 04:16 . 2008-02-10 10:32 290816 ----a-w- c:\program files\internet explorer\plugins\djvu0804.dll
2003-03-12 04:15 . 2008-02-10 10:32 122880 ----a-w- c:\program files\internet explorer\plugins\DjVuCntl.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freeze700\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:port 6112
"6881:TCP"= 6881:TCP:port 6881
"6999:TCP"= 6999:TCP:port 6999
"57258:TCP"= 57258:TCP:utorrent

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.10.2007 20:27 685816]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13.4.2008 16:24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.4.2008 16:24 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [20.9.2009 13:51 222968]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19.9.2008 2:03 65536]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [7.5.2009 17:59 223128]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\affwvf8p.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 22:23
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x823D91E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8579fc3
\Driver\ACPI -> ACPI.sys @ 0xf83eacb8
\Driver\atapi -> 0x823d91e8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
NDIS: Broadcom NetXtreme Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xf829bba0
PacketIndicateHandler -> NDIS.sys @ 0xf82a8b21
SendHandler -> NDIS.sys @ 0xf828687b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\ICQ6Toolbar\ICQToolBar.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\Rundll32.exe
c:\windows\AGRSMMSG.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-02-10 22:30:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-10 21:30
ComboFix2.txt 2010-02-10 20:40

Před spuštěním: Volných bajtů: 26 286 616 576
Po spuštění: Volných bajtů: 26 157 944 832

- - End Of File - - 895C00D6E87B1D01DDEAE7D9C19CF92B

[Scaveng3]

prosim o pomoc ikony uz se neprehazuji ale internet je ted nehorazne pomalej, download mam asi 1 kB, to uz asi nebude providerem...

[Rudy]

Udělejte sken MBR: http://www2.gmer.net/mbr/mbr.exe a dejte log.

[Scaveng3]

kdyz tu vec spustim tak se na vterinku objevi cerny okno a ulozi se mi tady tohle:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

to je ono?

[Rudy]

Ano a je to také v pořádku. Budeme muset ještě provést kontrolu na rootkit. Udělejte sken IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte logy Process a KernelModule.

[Scaveng3]

začíná to být čím dál horší, ikony se opět přeházely a na internetu mi jenom posranej google nabíha půl hodiny... tady jsou logy

Process:

System Idle Process
System
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Documents and Settings\Honza\Plocha\IceSword122en\IceSword.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe



Kernel Module:

\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sptd.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
isapnp.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\P17.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\ctoss2k.sys
\SystemRoot\system32\DRIVERS\ctsfm2k.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\L8042mou.Sys
\SystemRoot\system32\DRIVERS\LMouKE.Sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\L8042Kbd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\System32\Drivers\aalxp3p6.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\LUsbFilt.Sys
\SystemRoot\System32\Drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\aswFsBlk.sys
\SystemRoot\system32\DRIVERS\nwlnkipx.sys
\SystemRoot\system32\DRIVERS\nwlnknb.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwlnkspx.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
\Program Files\DAEMON Tools\daemon.dll

[Rudy]

Nevidím nic nebezpečného, rootkit v PC nemáte. Co ikony přehazuje, opravdu nemohu říci. ještě zkuste sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .