Prosím o kontrolu Vyřešeno

[Pornobus]

Prosím o rady...Zamrzá mi počítač s bílou obrazovkou asi na minutu.
Výpis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:37:49, on 17.5.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
D:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFCE.EXE
D:\Program Files\DAEMON Tools Lite\DTLite.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Opera\opera.exe
D:\Program Files\Webteh\BSplayer\bsplayer.exe
D:\Program Files\Mumble\mumble.exe
D:\Program Files\Heroes of Newerth\hon.exe
D:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qip.ru/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by QIP.ru
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101008172500\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101008172500\ICQToolBar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UpdateReminder] D:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [EA Core] "D:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU "C:\Windows\TEMP\E_S5A5A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [FlashGetBHO] "D:\Program Files\FlashGet Network\FlashGet 3\mxhelper.exe"
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Windows System Controler] c:\windows\smss.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-12221914-3933522934-587034535-1000\..\Run: [EA Core] "D:\Program Files\Electronic Arts\EADM\Core.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-12221914-3933522934-587034535-1000\..\Run: [FlashGetBHO] "D:\Program Files\FlashGet Network\FlashGet 3\mxhelper.exe" (User '?')
O4 - HKUS\S-1-5-21-12221914-3933522934-587034535-1000\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe (User '?')
O4 - HKUS\S-1-5-21-12221914-3933522934-587034535-1000\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe (User '?')
O4 - HKUS\S-1-5-21-12221914-3933522934-587034535-1000\..\Run: [Windows System Controler] c:\windows\smss.exe (User '?')
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\uzivatel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\uzivatel\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP\qip.exe (HKCU)
O15 - Trusted Zone: http://software.kuaiche.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11574 bytes

[Reklama]

[Žbeky]

Odinstaluj:
BS.Player ControlBar
DAEMON Tools Toolbar
free-downloads.net Toolbar
ICQToolBar

Fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qip.ru/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by QIP.ru
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101008172500\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101008172500\ICQToolBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UpdateReminder] D:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Windows System Controler] c:\windows\smss.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-21-12221914-3933522934-587034535-1000\..\Run: [Windows System Controler] c:\windows\smss.exe (User '?')
O15 - Trusted Zone: http://software.kuaiche.com

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Pornobus]

Když zapnu ATF cleaner, položku "select all found" tam nemám, pouze "select all" a nějaké další...a nahoře tam jak je opera a mozila tak ani na jedno nejde kliknout (je to celé šedé)

[Žbeky]

Tak vyčisti jen co půjde

[Pornobus]

Tak sem vkládám obsah toho uloženého souboru. Snad jsem všechno udělal správně.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6598

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

17.5.2011 18:43:29
mbam-log-2011-05-17 (18-43-16).txt

Typ kontroly: Rychlý test
Testované objekty: 149427
Uplynulý čas: 4 minut, 45 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 6
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 4
Infikované soubory: 29

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\FLV Direct Player (Adware.FLVPlayer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Direct Player (Adware.FLVPlayer) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Agent) -> Value: NVIDIA driver monitor -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\program files\flv direct player (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\Skin (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\Skin\directflv (Adware.BHO.FL) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player (Adware.FLVPlayer) -> No action taken.

Infikované soubory:
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\fejocaso.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\poowoukit.exe (Trojan.Agent) -> No action taken.
c:\Users\uzivatel\AppData\Local\Temp\nshD4F.tmp\downloads\19214343.ex_ (Adware.FLVPlayer) -> No action taken.
c:\Users\uzivatel\AppData\Local\Temp\nsq8D08.tmp\downloads\19112609.ex_ (Adware.FLVPlayer) -> No action taken.
c:\Windows\Temp\bhm06hfn6.txt (Trojan.Small) -> No action taken.
c:\Windows\Temp\snke.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\HMHYQ9KC\final[1] (Trojan.Oficla) -> No action taken.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\XP5GAJZM\check[1] (Trojan.Agent) -> No action taken.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\XP5GAJZM\iconush1[1] (Trojan.Agent) -> No action taken.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\Z8GWUCEW\check[1] (Trojan.Agent) -> No action taken.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\Z8GWUCEW\check[2] (Trojan.Agent) -> No action taken.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\Z8GWUCEW\iconush1[1] (Trojan.Agent) -> No action taken.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\Z8GWUCEW\iconush1[2] (Trojan.Agent) -> No action taken.
c:\Windows\wibrf.jpg (Malware.Trace) -> No action taken.
c:\Windows\wiybr.png (Malware.Trace) -> No action taken.
c:\program files\flv direct player\downloading.swf (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\flvplayer.exe (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\player.swf (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\preload.swf (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\uninstall.exe (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\Skin\directflv\Button.bmp (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\Skin\directflv\Logo.bmp (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\Skin\directflv\skin.xml (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\Skin\directflv\sysclosebutton.bmp (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\Skin\directflv\sysmaxbutton.bmp (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\Skin\directflv\sysminbutton.bmp (Adware.BHO.FL) -> No action taken.
c:\program files\flv direct player\Skin\directflv\Window.bmp (Adware.BHO.FL) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\flv direct player.lnk (Adware.FLVPlayer) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\uninstall flv direct player.lnk (Adware.FLVPlayer) -> No action taken.

[jaro3]

Jen záskok:

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[Pornobus]

Zatím pouze první část, taď se vrhnu na druhou.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6598

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

17.5.2011 20:27:44
mbam-log-2011-05-17 (20-27-44).txt

Typ kontroly: Rychlý test
Testované objekty: 149750
Uplynulý čas: 5 minut, 5 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 6
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 4
Infikované soubory: 26

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Agent) -> Value: NVIDIA driver monitor -> Quarantined and deleted successfully.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\program files\flv direct player (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\Skin (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\Skin\directflv (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player (Adware.FLVPlayer) -> Quarantined and deleted successfully.

Infikované soubory:
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\fejocaso.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\poowoukit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\uzivatel\AppData\Local\Temp\nshD4F.tmp\downloads\19214343.ex_ (Adware.FLVPlayer) -> Quarantined and deleted successfully.
c:\Users\uzivatel\AppData\Local\Temp\nsq8D08.tmp\downloads\19112609.ex_ (Adware.FLVPlayer) -> Quarantined and deleted successfully.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\HMHYQ9KC\final[1] (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\XP5GAJZM\check[1] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\XP5GAJZM\iconush1[1] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\Z8GWUCEW\check[1] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\Z8GWUCEW\check[2] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\Z8GWUCEW\iconush1[1] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\uzivatel\local settings\temporary internet files\Content.IE5\Z8GWUCEW\iconush1[2] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\wibrf.jpg (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\wiybr.png (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\flv direct player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\flvplayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\Skin\directflv\Button.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\Skin\directflv\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\Skin\directflv\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\Skin\directflv\sysclosebutton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\Skin\directflv\sysmaxbutton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\Skin\directflv\sysminbutton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\Skin\directflv\Window.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\uninstall flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.

[Pornobus]

a druhá část...jenom se chci ujistit...po zapnutí combofixu mi pípl počítač a chvilku před skončením se restartoval...je to tak správně?


ComboFix 11-05-16.04 - uzivatel 17.05.2011 20:41:23.1.4 - x86
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\mX_uc-OPTjwz7p-
c:\users\uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\P6KgR-91
c:\users\uzivatel\AppData\Roaming\CmI1eJ1FIL.txt
c:\windows\system32\drivers\bqcj.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_sclhvpqq
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-17 do 2011-05-17 )))))))))))))))))))))))))))))))
.
.
2011-05-17 18:47 . 2011-05-17 18:49 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2011-05-17 18:47 . 2011-05-17 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-17 17:17 . 2011-05-17 17:17 -------- d-----w- c:\users\uzivatel\AppData\Local\Adobe
2011-05-17 16:28 . 2011-05-17 16:28 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Malwarebytes
2011-05-17 16:28 . 2011-05-17 16:28 -------- d-----w- c:\programdata\Malwarebytes
2011-05-17 16:28 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-17 16:28 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-17 15:49 . 2011-05-17 15:49 -------- d-----w- c:\program files\CCleaner
2011-05-17 14:39 . 2011-05-17 14:39 388096 ----a-r- c:\users\uzivatel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-17 12:49 . 2009-03-26 23:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2011-05-16 22:18 . 2011-05-16 22:18 1 ----a-w- c:\windows\system32\SI.bin
2011-05-15 19:59 . 2011-05-15 19:59 376320 ----a-r- c:\users\uzivatel\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
2011-05-15 19:58 . 2011-05-15 19:58 -------- d-sh--w- c:\programdata\SecuROM
2011-05-14 22:22 . 2011-05-14 22:23 -------- d-----w- c:\programdata\TorrentEasy
2011-05-10 14:57 . 2011-05-10 14:58 -------- d-----w- c:\programdata\Skype Extras
2011-05-10 14:57 . 2011-05-10 14:57 -------- d-----w- c:\program files\Common Files\Skype
2011-05-10 14:56 . 2011-05-10 14:57 -------- d-----r- c:\program files\Skype
2011-05-01 11:47 . 2011-05-01 11:47 -------- d-----w- c:\program files\Common Files\Java
2011-04-28 18:03 . 2011-04-28 18:00 298104 ----a-w- c:\windows\system32\imon.dll
2011-04-28 18:03 . 2011-04-28 18:00 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2011-04-28 18:03 . 2011-04-28 18:00 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 15:09 . 2011-03-20 15:09 138536 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-20 15:09 . 2011-03-20 14:23 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-20 15:09 . 2011-03-20 15:09 270408 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-20 15:09 . 2011-03-20 14:23 270408 ----a-w- c:\windows\system32\PnkBstrB.exe
.
.
------- Sigcheck -------
.
[-] 2008-01-21 . FAC61CB43CD53066E79B1E3D4E378E7E . 56376 . . [6.0.6000.16386] . . c:\windows\System32\drivers\AGP440.sys
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[7] 2006-11-02 . EF23439CDD587F64C2C1B8825CEAD7D8 . 53864 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-03-13 3046808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Adobe Photo Downloader"="d:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 67488]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2011-04-28 949376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-17 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 14:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 14:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-12221914-3933522934-587034535-1000]
"EnableNotificationsRef"=dword:00000001
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 GarenaPEngine;GarenaPEngine;c:\users\uzivatel\AppData\Local\Temp\KGPBF98.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-02-16 21176]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-21 691696]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2011-04-28 15424]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-30 809296]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - IPNAT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 22:50]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 22:50]
.
2011-05-17 c:\windows\Tasks\User_Feed_Synchronization-{2DFDBB8A-503D-4C8C-A609-C532552EB561}.job
- c:\windows\system32\msfeedssync.exe [2010-12-18 04:25]
.
.
------- Doplňkový sken -------
.
IE: Download all by FlashGet3 - c:\users\uzivatel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\uzivatel\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - d:\program files\ICQ7.1\ICQ.exe
LSP: c:\windows\system32\imon.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-EA Core - d:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-FlashGetBHO - d:\program files\FlashGet Network\FlashGet 3\mxhelper.exe
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-B991B020-2968-11D8-AF23-444553540000_is1 - d:\program files\FreeMind\unins000.exe
AddRemove-Blip Blop - d:\program files\Blip Blop\uninstall.exe
AddRemove-EA Download Manager - d:\program files\Electronic Arts\EADM\EADMUninstall.exe
AddRemove-FlashGet 3.3 - d:\program files\FlashGet Network\FlashGet 3\uninst.exe
AddRemove-Tarzan Action Game - d:\progra~1\DISNEY~1\TARZAN~1\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-17 20:52
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\uzivatel\AppData\Local\Temp\KGPBF98.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-12221914-3933522934-587034535-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:63,d8,7a,d3,36,c6,33,94,d7,f1,80,7f,c3,db,57,e2,8b,93,cb,76,d1,b6,c1,
db,73,60,06,44,4a,a8,cc,2f,95,30,d8,ce,1a,d4,7b,1b,3f,82,66,7f,6d,4f,63,31,\
"??"=hex:93,81,7c,eb,6d,aa,17,17,2f,c9,c9,11,4c,96,38,7b
.
[HKEY_USERS\S-1-5-21-12221914-3933522934-587034535-1000\Software\SecuROM\License information*]
"datasecu"=hex:78,b1,ff,f7,61,03,e4,02,c1,3f,07,17,22,9b,3f,68,41,d7,c6,0e,5c,
02,58,a0,6a,71,5a,98,fd,cc,20,9b,b7,ab,6d,2b,aa,f7,4b,b6,30,7d,cb,4e,9f,3c,\
"rkeysecu"=hex:03,89,7a,4c,52,7f,2f,aa,05,3c,ae,46,27,34,f0,46
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3916)
d:\program files\Logitech\SetPoint\GameHook.dll
d:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
d:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
d:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2011-05-17 20:56:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-17 18:56
.
Před spuštěním: Volných bajtů: 38 164 578 304
Po spuštění: Volných bajtů: 39 337 754 624
.
- - End Of File - - BE41299C2699AC9330AAC93F261B800B

[memphisto]

Je to ok

Opět vypni rezidentní ochrany antiviru a firewallu a dále:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=-
"EnableUIADesktopToggle"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-12221914-3933522934-587034535-1000]
"EnableNotificationsRef"=dword:00000000

File::
c:\windows\system32\DRIVERS\Lbd.sys
c:\users\uzivatel\AppData\Local\Temp\KGPBF98.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
d:\program files\Garena

Driver::
Lbd
GarenaPEngine
GGSAFERDriver

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Pornobus]

Tak tady je výpis.

ComboFix 11-05-17.01 - uzivatel 17.05.2011 22:39:45.2.4 - x86
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\uzivatel\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\users\uzivatel\AppData\Local\Temp\KGPBF98.tmp"
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
d:\program files\Garena
d:\program files\Garena\AESocket.dll
d:\program files\Garena\ArmyGreen\armygreen_thumbnail.bmp
d:\program files\Garena\ArmyGreen\armygreen_thumbnail_select.bmp
d:\program files\Garena\ArmyGreen\garenatv.ggz
d:\program files\Garena\ArmyGreen\Skin.ggz
d:\program files\Garena\atl71.dll
d:\program files\Garena\Avatar\boy.swf
d:\program files\Garena\Avatar\boy_s.swf
d:\program files\Garena\Avatar\girl.swf
d:\program files\Garena\Avatar\girl_s.swf
d:\program files\Garena\Avatar\unknown.swf
d:\program files\Garena\Avatar\unknown_s.swf
d:\program files\Garena\BlackShotLauncher\launcher.exe
d:\program files\Garena\BlackShotLauncher\modules\l_background.jpg
d:\program files\Garena\BlackShotLauncher\modules\l_loading.html
d:\program files\Garena\BlackShotLauncher\Skin\background.bmp
d:\program files\Garena\BlackShotLauncher\Skin\Header.bmp
d:\program files\Garena\BlackShotLauncher\Skin\images.xml
d:\program files\Garena\BlackShotLauncher\Skin\mouseout.bmp
d:\program files\Garena\BlackShotLauncher\Skin\mouseover.bmp
d:\program files\Garena\BlackShotLauncher\Skin\ProgressBarBgH.bmp
d:\program files\Garena\BlackShotLauncher\Skin\ProgressBarBgV.bmp
d:\program files\Garena\BlackShotLauncher\Skin\ProgressBarH.bmp
d:\program files\Garena\BlackShotLauncher\Skin\ProgressBarV.bmp
d:\program files\Garena\BlackShotLauncher\Skin\ui.xml
d:\program files\Garena\BlackShotLauncher\UpdateMove.exe
d:\program files\Garena\BlackShotLauncher\UpdateMove1.exe
d:\program files\Garena\BlackShotLauncher\XMLSkin.dll
d:\program files\Garena\clients.dat
d:\program files\Garena\clients2.dat
d:\program files\Garena\CommonLib.dll
d:\program files\Garena\config\bs.br.xml
d:\program files\Garena\config\bs.cn.xml
d:\program files\Garena\config\bs.en.xml
d:\program files\Garena\config\bs.id.xml
d:\program files\Garena\config\bs.pp.xml
d:\program files\Garena\config\bs.ru.xml
d:\program files\Garena\config\bs.sd.xml
d:\program files\Garena\config\bs.sp.xml
d:\program files\Garena\config\bs.th.xml
d:\program files\Garena\config\bs.tw.xml
d:\program files\Garena\config\bs.vn.xml
d:\program files\Garena\config\loccn.xml
d:\program files\Garena\config\locen.xml
d:\program files\Garena\config\lockr.xml
d:\program files\Garena\config\loctw.xml
d:\program files\Garena\config\locvn.xml
d:\program files\Garena\CrashSender.exe
d:\program files\Garena\Crystal\crystal_thumbnail.bmp
d:\program files\Garena\Crystal\crystal_thumbnail_select.bmp
d:\program files\Garena\Crystal\garenatv.ggz
d:\program files\Garena\Crystal\Skin.ggz
d:\program files\Garena\CS15Hook.dll
d:\program files\Garena\deps\olgame.gga
d:\program files\Garena\deps\vww.gzp
d:\program files\Garena\deps\webgame.gga
d:\program files\Garena\dlls\CTSys.dll
d:\program files\Garena\dlls\flags.dll
d:\program files\Garena\dlls\FPSHelper.dll
d:\program files\Garena\dlls\GFireMan.dll
d:\program files\Garena\dlls\IPvR.dll
d:\program files\Garena\dlls\PEngine.dll
d:\program files\Garena\dlls\PluginLanguage.dll
d:\program files\Garena\dlls\Sca.dll
d:\program files\Garena\dlls\WC3J.dll
d:\program files\Garena\files\files.ggz
d:\program files\Garena\FPSHook.dll
d:\program files\Garena\Gamecn.dat
d:\program files\Garena\GameConfig.xml
d:\program files\Garena\Gameen.dat
d:\program files\Garena\Gametw.dat
d:\program files\Garena\Gamevn.dat
d:\program files\Garena\Garena.dat
d:\program files\Garena\Garena.dmp
d:\program files\Garena\Garena.exe
d:\program files\Garena\garena.log
d:\program files\Garena\GarenaSkin.dll
d:\program files\Garena\GarenaSkin1.dll
d:\program files\Garena\GarenaSkin2.dll
d:\program files\Garena\GarenaTV.xml
d:\program files\Garena\GarenaTV\0.bmp
d:\program files\Garena\GarenaTV\1.bmp
d:\program files\Garena\GarenaTV\2.bmp
d:\program files\Garena\GarenaTV\3.bmp
d:\program files\Garena\GarenaTV\4.bmp
d:\program files\Garena\GarenaTV\5.bmp
d:\program files\Garena\GarenaTV\6.bmp
d:\program files\Garena\GarenaTV\cn.ggz
d:\program files\Garena\GarenaTV\cn_s.ggz
d:\program files\Garena\GarenaTV\en.ggz
d:\program files\Garena\GarenaTV\en_s.ggz
d:\program files\Garena\GarenaTV\id_s.ggz
d:\program files\Garena\GarenaTV\Thumbs.db
d:\program files\Garena\GarenaTV\tw.ggz
d:\program files\Garena\GarenaTV\tw_s.ggz
d:\program files\Garena\GarenaTV_UI.dll
d:\program files\Garena\GarenaTVHook.dll
d:\program files\Garena\GGICON.ico
d:\program files\Garena\ggsec.dll
d:\program files\Garena\Gn.ggz
d:\program files\Garena\gs.dat
d:\program files\Garena\hc.xml
d:\program files\Garena\Inject.dll
d:\program files\Garena\L4DSocket.dll
d:\program files\Garena\langs.xml
d:\program files\Garena\Languages\CrashSender\br.xml
d:\program files\Garena\Languages\CrashSender\cn.xml
d:\program files\Garena\Languages\CrashSender\kr.xml
d:\program files\Garena\Languages\CrashSender\kz.xml
d:\program files\Garena\Languages\CrashSender\ru.xml
d:\program files\Garena\Languages\CrashSender\sp.xml
d:\program files\Garena\Languages\CrashSender\tw.xml
d:\program files\Garena\Languages\CrashSender\vn.xml
d:\program files\Garena\Languages\FPSGame.dll.cn
d:\program files\Garena\Languages\FPSGame.dll.en
d:\program files\Garena\Languages\FPSGame.dll.tw
d:\program files\Garena\Languages\Garena.exe.br
d:\program files\Garena\Languages\Garena.exe.cn
d:\program files\Garena\Languages\Garena.exe.en
d:\program files\Garena\Languages\Garena.exe.id
d:\program files\Garena\Languages\Garena.exe.ru
d:\program files\Garena\Languages\Garena.exe.sp
d:\program files\Garena\Languages\Garena.exe.th
d:\program files\Garena\Languages\Garena.exe.tw
d:\program files\Garena\Languages\Garena.exe.vn
d:\program files\Garena\Languages\GarenaTV_UI.dll.cn
d:\program files\Garena\Languages\GarenaTV_UI.dll.en
d:\program files\Garena\Languages\GarenaTV_UI.dll.id
d:\program files\Garena\Languages\GarenaTV_UI.dll.tw
d:\program files\Garena\Languages\languages.glf
d:\program files\Garena\Languages\OLGame.dll.en
d:\program files\Garena\Languages\OLGame.dll.vn
d:\program files\Garena\Languages\update.exe.cn
d:\program files\Garena\Languages\update.exe.tw
d:\program files\Garena\Languages\update2.exe.cn
d:\program files\Garena\Languages\update2.exe.tw
d:\program files\Garena\Languages\WC3Ass.dll.br
d:\program files\Garena\Languages\WC3Ass.dll.cn
d:\program files\Garena\Languages\WC3Ass.dll.en
d:\program files\Garena\Languages\WC3Ass.dll.kr
d:\program files\Garena\Languages\WC3Ass.dll.kz
d:\program files\Garena\Languages\WC3Ass.dll.ru
d:\program files\Garena\Languages\WC3Ass.dll.sp
d:\program files\Garena\Languages\WC3Ass.dll.tw
d:\program files\Garena\Languages\WC3Ass.dll.vn
d:\program files\Garena\Languages\WC3Ladder.dll.cn
d:\program files\Garena\Languages\WC3Ladder.dll.en
d:\program files\Garena\Languages\WC3Ladder.dll.tw
d:\program files\Garena\layout\BlackShotView.layout
d:\program files\Garena\layout\layout.ggz
d:\program files\Garena\lib\BlackShot.dll
d:\program files\Garena\lib\common\Language.dll
d:\program files\Garena\lib\GarenaRoomSystem.dll
d:\program files\Garena\lib\GarenaWebService.dll
d:\program files\Garena\lib\HttpLayer.dll
d:\program files\Garena\lib\Layout.dll
d:\program files\Garena\lib\LibPlugin.ggz
d:\program files\Garena\lib\LoadSwf.dll
d:\program files\Garena\lib\MessagePumpLib.dll
d:\program files\Garena\lib\NetworkLayer.dll
d:\program files\Garena\lib\PKCS.dll
d:\program files\Garena\lib\RSA.dll
d:\program files\Garena\lib\SkinFontHelper.dll
d:\program files\Garena\lib\WebCache.dll
d:\program files\Garena\mdata.ggz
d:\program files\Garena\newgame.ggz
d:\program files\Garena\onlinegame.ggz
d:\program files\Garena\PluginKernel.dll
d:\program files\Garena\plugins\Game\GarenaTVRecorder.dll
d:\program files\Garena\plugins\Game\WC3Ass.dll
d:\program files\Garena\plugins\Game\WC3Ladder.dll
d:\program files\Garena\plugins\Game\WC3VC.dll
d:\program files\Garena\plugins\Plugins.ggz
d:\program files\Garena\plugins\UI\AdPlugin.dll
d:\program files\Garena\plugins\UI\AdPlugin\close_rollout.bmp
d:\program files\Garena\plugins\UI\AdPlugin\close_rollover.bmp
d:\program files\Garena\plugins\UI\AdPlugin\down_rollout.bmp
d:\program files\Garena\plugins\UI\AdPlugin\down_rollover.bmp
d:\program files\Garena\plugins\UI\AdPlugin\skinmsn.bmp
d:\program files\Garena\plugins\UI\AdPlugin\up_rollout.bmp
d:\program files\Garena\plugins\UI\AdPlugin\up_rollover.bmp
d:\program files\Garena\plugins\UI\AvoidCrackPlugin.dll
d:\program files\Garena\plugins\UI\BlackShotPlugin.dll
d:\program files\Garena\plugins\UI\CafeLogin.dll
d:\program files\Garena\plugins\UI\FavListUIPlugin.dll
d:\program files\Garena\plugins\UI\FPSGame.dll
d:\program files\Garena\plugins\UI\GarenaTV.dll
d:\program files\Garena\plugins\UI\GarenaTVRecUI.dll
d:\program files\Garena\plugins\UI\GEngine.dll
d:\program files\Garena\plugins\UI\Chenyx.dll
d:\program files\Garena\plugins\UI\LOLPlugin.dll
d:\program files\Garena\plugins\UI\M3GoUI.dll
d:\program files\Garena\plugins\UI\ManagePlugin.dll
d:\program files\Garena\plugins\UI\OLGame.dll
d:\program files\Garena\plugins\UI\Plazasafe.dll
d:\program files\Garena\plugins\UI\safeapi.dll
d:\program files\Garena\plugins\UI\StatPlugin.dll
d:\program files\Garena\plugins\UI\ViwawaPlugin.dll
d:\program files\Garena\plugins\UI\WebGameUI.dll
d:\program files\Garena\plugins\UI\zDep.dll
d:\program files\Garena\plugins\UI\zzzPlugin.dll
d:\program files\Garena\RecConfig.xml
d:\program files\Garena\roomCN.dat
d:\program files\Garena\roomEN.dat
d:\program files\Garena\roomTW.dat
d:\program files\Garena\safeapi.dll
d:\program files\Garena\server.xml
d:\program files\Garena\shop\items\1.gif
d:\program files\Garena\shop\items\100.gif
d:\program files\Garena\shop\items\105.gif
d:\program files\Garena\shop\items\150.gif
d:\program files\Garena\shop\items\151.gif
d:\program files\Garena\shop\items\2.gif
d:\program files\Garena\shop\items\200.gif
d:\program files\Garena\shop\items\201.gif
d:\program files\Garena\shop\items\202.gif
d:\program files\Garena\shop\items\203.gif
d:\program files\Garena\shop\items\204.gif
d:\program files\Garena\shop\items\205.gif
d:\program files\Garena\shop\items\206.gif
d:\program files\Garena\shop\items\21.gif
d:\program files\Garena\shop\items\22.gif
d:\program files\Garena\shop\items\23.gif
d:\program files\Garena\shop\items\24.gif
d:\program files\Garena\shop\items\3.gif
d:\program files\Garena\shop\items\300.gif
d:\program files\Garena\shop\items\301.gif
d:\program files\Garena\shop\items\302.gif
d:\program files\Garena\shop\items\303.gif
d:\program files\Garena\shop\items\304.gif
d:\program files\Garena\shop\items\305.gif
d:\program files\Garena\shop\items\306.gif
d:\program files\Garena\shop\items\307.gif
d:\program files\Garena\shop\items\308.gif
d:\program files\Garena\shop\items\309.gif
d:\program files\Garena\shop\items\310.gif
d:\program files\Garena\shop\items\311.gif
d:\program files\Garena\shop\items\312.gif
d:\program files\Garena\shop\items\313.gif
d:\program files\Garena\shop\items\4.gif
d:\program files\Garena\shop\items\40.gif
d:\program files\Garena\shop\items\60.gif
d:\program files\Garena\shop\items\61.gif
d:\program files\Garena\shop\items\62.gif
d:\program files\Garena\shop\items\63.gif
d:\program files\Garena\shop\items\64.gif
d:\program files\Garena\shop\items\65.gif
d:\program files\Garena\shop\items\66.gif
d:\program files\Garena\shop\items\67.gif
d:\program files\Garena\shop\items\68.gif
d:\program files\Garena\shop\items\69.gif
d:\program files\Garena\shop\items\70.gif
d:\program files\Garena\shop\items\8.gif
d:\program files\Garena\shop\items\Thumbs.db
d:\program files\Garena\Skin\Flags\-.gif
d:\program files\Garena\Skin\Flags\ad.gif
d:\program files\Garena\Skin\Flags\ae.gif
d:\program files\Garena\Skin\Flags\af.gif
d:\program files\Garena\Skin\Flags\ag.gif
d:\program files\Garena\Skin\Flags\ai.gif
d:\program files\Garena\Skin\Flags\al.gif
d:\program files\Garena\Skin\Flags\am.gif
d:\program files\Garena\Skin\Flags\an.gif
d:\program files\Garena\Skin\Flags\ao.gif
d:\program files\Garena\Skin\Flags\aq.gif
d:\program files\Garena\Skin\Flags\ar.gif
d:\program files\Garena\Skin\Flags\as.gif
d:\program files\Garena\Skin\Flags\at.gif
d:\program files\Garena\Skin\Flags\au.gif
d:\program files\Garena\Skin\Flags\aw.gif
d:\program files\Garena\Skin\Flags\az.gif
d:\program files\Garena\Skin\Flags\ba.gif
d:\program files\Garena\Skin\Flags\bb.gif
d:\program files\Garena\Skin\Flags\bd.gif
d:\program files\Garena\Skin\Flags\be.gif
d:\program files\Garena\Skin\Flags\bf.gif
d:\program files\Garena\Skin\Flags\bg.gif
d:\program files\Garena\Skin\Flags\bh.gif
d:\program files\Garena\Skin\Flags\bi.gif
d:\program files\Garena\Skin\Flags\bj.gif
d:\program files\Garena\Skin\Flags\bm.gif
d:\program files\Garena\Skin\Flags\bn.gif
d:\program files\Garena\Skin\Flags\bo.gif
d:\program files\Garena\Skin\Flags\br.gif
d:\program files\Garena\Skin\Flags\bs.gif
d:\program files\Garena\Skin\Flags\bt.gif
d:\program files\Garena\Skin\Flags\bv.gif
d:\program files\Garena\Skin\Flags\bw.gif
d:\program files\Garena\Skin\Flags\by.gif
d:\program files\Garena\Skin\Flags\bz.gif
d:\program files\Garena\Skin\Flags\ca.gif
d:\program files\Garena\Skin\Flags\cd.gif
d:\program files\Garena\Skin\Flags\cf.gif
d:\program files\Garena\Skin\Flags\cg.gif
d:\program files\Garena\Skin\Flags\ci.gif
d:\program files\Garena\Skin\Flags\ck.gif
d:\program files\Garena\Skin\Flags\cl.gif
d:\program files\Garena\Skin\Flags\cm.gif
d:\program files\Garena\Skin\Flags\cn.gif
d:\program files\Garena\Skin\Flags\co.gif
d:\program files\Garena\Skin\Flags\cr.gif
d:\program files\Garena\Skin\Flags\cu.gif
d:\program files\Garena\Skin\Flags\cv.gif
d:\program files\Garena\Skin\Flags\cy.gif
d:\program files\Garena\Skin\Flags\cz.gif
d:\program files\Garena\Skin\Flags\de.gif
d:\program files\Garena\Skin\Flags\dj.gif
d:\program files\Garena\Skin\Flags\dk.gif
d:\program files\Garena\Skin\Flags\dm.gif
d:\program files\Garena\Skin\Flags\do.gif
d:\program files\Garena\Skin\Flags\dz.gif
d:\program files\Garena\Skin\Flags\ec.gif
d:\program files\Garena\Skin\Flags\ee.gif
d:\program files\Garena\Skin\Flags\eg.gif
d:\program files\Garena\Skin\Flags\er.gif
d:\program files\Garena\Skin\Flags\es.gif
d:\program files\Garena\Skin\Flags\et.gif
d:\program files\Garena\Skin\Flags\eu.gif
d:\program files\Garena\Skin\Flags\fi.gif
d:\program files\Garena\Skin\Flags\fj.gif
d:\program files\Garena\Skin\Flags\fk.gif
d:\program files\Garena\Skin\Flags\fm.gif
d:\program files\Garena\Skin\Flags\fo.gif
d:\program files\Garena\Skin\Flags\fr.gif
d:\program files\Garena\Skin\Flags\fx.gif
d:\program files\Garena\Skin\Flags\ga.gif
d:\program files\Garena\Skin\Flags\gb.gif
d:\program files\Garena\Skin\Flags\gd.gif
d:\program files\Garena\Skin\Flags\ge.gif
d:\program files\Garena\Skin\Flags\gh.gif
d:\program files\Garena\Skin\Flags\gi.gif
d:\program files\Garena\Skin\Flags\gl.gif
d:\program files\Garena\Skin\Flags\gm.gif
d:\program files\Garena\Skin\Flags\gn.gif
d:\program files\Garena\Skin\Flags\gp.gif
d:\program files\Garena\Skin\Flags\gq.gif
d:\program files\Garena\Skin\Flags\gr.gif
d:\program files\Garena\Skin\Flags\gt.gif
d:\program files\Garena\Skin\Flags\gu.gif
d:\program files\Garena\Skin\Flags\gw.gif
d:\program files\Garena\Skin\Flags\gy.gif
d:\program files\Garena\Skin\Flags\hk.gif
d:\program files\Garena\Skin\Flags\hm.gif
d:\program files\Garena\Skin\Flags\hn.gif
d:\program files\Garena\Skin\Flags\hr.gif
d:\program files\Garena\Skin\Flags\ht.gif
d:\program files\Garena\Skin\Flags\hu.gif
d:\program files\Garena\Skin\Flags\ch.gif
d:\program files\Garena\Skin\Flags\id.gif
d:\program files\Garena\Skin\Flags\ie.gif
d:\program files\Garena\Skin\Flags\il.gif
d:\program files\Garena\Skin\Flags\im.gif
d:\program files\Garena\Skin\Flags\in.gif
d:\program files\Garena\Skin\Flags\io.gif
d:\program files\Garena\Skin\Flags\iq.gif
d:\program files\Garena\Skin\Flags\ir.gif
d:\program files\Garena\Skin\Flags\is.gif
d:\program files\Garena\Skin\Flags\it.gif
d:\program files\Garena\Skin\Flags\je.gif
d:\program files\Garena\Skin\Flags\jm.gif
d:\program files\Garena\Skin\Flags\jo.gif
d:\program files\Garena\Skin\Flags\jp.gif
d:\program files\Garena\Skin\Flags\ke.gif
d:\program files\Garena\Skin\Flags\kg.gif
d:\program files\Garena\Skin\Flags\kh.gif
d:\program files\Garena\Skin\Flags\ki.gif
d:\program files\Garena\Skin\Flags\km.gif
d:\program files\Garena\Skin\Flags\kn.gif
d:\program files\Garena\Skin\Flags\kp.gif
d:\program files\Garena\Skin\Flags\kr.gif
d:\program files\Garena\Skin\Flags\kw.gif
d:\program files\Garena\Skin\Flags\ky.gif
d:\program files\Garena\Skin\Flags\kz.gif
d:\program files\Garena\Skin\Flags\la.gif
d:\program files\Garena\Skin\Flags\lb.gif
d:\program files\Garena\Skin\Flags\lc.gif
d:\program files\Garena\Skin\Flags\li.gif
d:\program files\Garena\Skin\Flags\lk.gif
d:\program files\Garena\Skin\Flags\lr.gif
d:\program files\Garena\Skin\Flags\ls.gif
d:\program files\Garena\Skin\Flags\lt.gif
d:\program files\Garena\Skin\Flags\lu.gif
d:\program files\Garena\Skin\Flags\lv.gif
d:\program files\Garena\Skin\Flags\ly.gif
d:\program files\Garena\Skin\Flags\ma.gif
d:\program files\Garena\Skin\Flags\mc.gif
d:\program files\Garena\Skin\Flags\md.gif
d:\program files\Garena\Skin\Flags\me.gif
d:\program files\Garena\Skin\Flags\mg.gif
d:\program files\Garena\Skin\Flags\mh.gif
d:\program files\Garena\Skin\Flags\mk.gif
d:\program files\Garena\Skin\Flags\ml.gif
d:\program files\Garena\Skin\Flags\mm.gif
d:\program files\Garena\Skin\Flags\mn.gif
d:\program files\Garena\Skin\Flags\mo.gif
d:\program files\Garena\Skin\Flags\mp.gif
d:\program files\Garena\Skin\Flags\mq.gif
d:\program files\Garena\Skin\Flags\mr.gif
d:\program files\Garena\Skin\Flags\ms.gif
d:\program files\Garena\Skin\Flags\mt.gif
d:\program files\Garena\Skin\Flags\mu.gif
d:\program files\Garena\Skin\Flags\mv.gif
d:\program files\Garena\Skin\Flags\mw.gif
d:\program files\Garena\Skin\Flags\mx.gif
d:\program files\Garena\Skin\Flags\my.gif
d:\program files\Garena\Skin\Flags\mz.gif
d:\program files\Garena\Skin\Flags\na.gif
d:\program files\Garena\Skin\Flags\nc.gif
d:\program files\Garena\Skin\Flags\ne.gif
d:\program files\Garena\Skin\Flags\nf.gif
d:\program files\Garena\Skin\Flags\ng.gif
d:\program files\Garena\Skin\Flags\ni.gif
d:\program files\Garena\Skin\Flags\nl.gif
d:\program files\Garena\Skin\Flags\no.gif
d:\program files\Garena\Skin\Flags\np.gif
d:\program files\Garena\Skin\Flags\nr.gif
d:\program files\Garena\Skin\Flags\nz.gif
d:\program files\Garena\Skin\Flags\om.gif
d:\program files\Garena\Skin\Flags\pa.gif
d:\program files\Garena\Skin\Flags\pe.gif
d:\program files\Garena\Skin\Flags\pf.gif
d:\program files\Garena\Skin\Flags\pg.gif
d:\program files\Garena\Skin\Flags\ph.gif
d:\program files\Garena\Skin\Flags\pk.gif
d:\program files\Garena\Skin\Flags\pl.gif
d:\program files\Garena\Skin\Flags\pm.gif
d:\program files\Garena\Skin\Flags\pr.gif
d:\program files\Garena\Skin\Flags\ps.gif
d:\program files\Garena\Skin\Flags\pt.gif
d:\program files\Garena\Skin\Flags\pw.gif
d:\program files\Garena\Skin\Flags\py.gif
d:\program files\Garena\Skin\Flags\qa.gif
d:\program files\Garena\Skin\Flags\re.gif
d:\program files\Garena\Skin\Flags\ro.gif
d:\program files\Garena\Skin\Flags\rs.gif
d:\program files\Garena\Skin\Flags\ru.gif
d:\program files\Garena\Skin\Flags\rw.gif
d:\program files\Garena\Skin\Flags\sa.gif
d:\program files\Garena\Skin\Flags\sb.gif
d:\program files\Garena\Skin\Flags\sc.gif
d:\program files\Garena\Skin\Flags\sd.gif
d:\program files\Garena\Skin\Flags\se.gif
d:\program files\Garena\Skin\Flags\sg.gif
d:\program files\Garena\Skin\Flags\si.gif
d:\program files\Garena\Skin\Flags\sk.gif
d:\program files\Garena\Skin\Flags\sl.gif
d:\program files\Garena\Skin\Flags\sm.gif
d:\program files\Garena\Skin\Flags\sn.gif
d:\program files\Garena\Skin\Flags\so.gif
d:\program files\Garena\Skin\Flags\sr.gif
d:\program files\Garena\Skin\Flags\st.gif
d:\program files\Garena\Skin\Flags\sv.gif
d:\program files\Garena\Skin\Flags\sy.gif
d:\program files\Garena\Skin\Flags\sz.gif
d:\program files\Garena\Skin\Flags\tc.gif
d:\program files\Garena\Skin\Flags\td.gif
d:\program files\Garena\Skin\Flags\tf.gif
d:\program files\Garena\Skin\Flags\tg.gif
d:\program files\Garena\Skin\Flags\th.gif
d:\program files\Garena\Skin\Flags\Thumbs.db
d:\program files\Garena\Skin\Flags\tj.gif
d:\program files\Garena\Skin\Flags\tm.gif
d:\program files\Garena\Skin\Flags\tn.gif
d:\program files\Garena\Skin\Flags\to.gif
d:\program files\Garena\Skin\Flags\tp.gif
d:\program files\Garena\Skin\Flags\tr.gif
d:\program files\Garena\Skin\Flags\tt.gif
d:\program files\Garena\Skin\Flags\tv.gif
d:\program files\Garena\Skin\Flags\tw.gif
d:\program files\Garena\Skin\Flags\tz.gif
d:\program files\Garena\Skin\Flags\ua.gif
d:\program files\Garena\Skin\Flags\ug.gif
d:\program files\Garena\Skin\Flags\uk.gif
d:\program files\Garena\Skin\Flags\um.gif
d:\program files\Garena\Skin\Flags\us.gif
d:\program files\Garena\Skin\Flags\uy.gif
d:\program files\Garena\Skin\Flags\uz.gif
d:\program files\Garena\Skin\Flags\va.gif
d:\program files\Garena\Skin\Flags\vc.gif
d:\program files\Garena\Skin\Flags\ve.gif
d:\program files\Garena\Skin\Flags\vg.gif
d:\program files\Garena\Skin\Flags\vi.gif
d:\program files\Garena\Skin\Flags\vn.gif
d:\program files\Garena\Skin\Flags\vu.gif
d:\program files\Garena\Skin\Flags\ws.gif
d:\program files\Garena\Skin\Flags\ye.gif
d:\program files\Garena\Skin\Flags\yu.gif
d:\program files\Garena\Skin\Flags\za.gif
d:\program files\Garena\Skin\Flags\zm.gif
d:\program files\Garena\Skin\Flags\zr.gif
d:\program files\Garena\Skin\Flags\zw.gif
d:\program files\Garena\Skin\garenatv.ggz
d:\program files\Garena\Skin\red_thumbnail.bmp
d:\program files\Garena\Skin\red_thumbnail_select.bmp
d:\program files\Garena\Skin\Skin.ggz
d:\program files\Garena\Skin\SkinSwitcher\skinselect_Logo.bmp
d:\program files\Garena\Skin\SkinSwitcher\skinselect_main_bg.bmp
d:\program files\Garena\Skin\SkinSwitcher\skinselect_ok_btn.bmp
d:\program files\Garena\Skin\SkinSwitcher\skinselect_thumbnail_bg.bmp
d:\program files\Garena\skin_bs\garenatv.ggz
d:\program files\Garena\skin_bs\Skin.ggz
d:\program files\Garena\SkinBlack\black_thumbnail.bmp
d:\program files\Garena\SkinBlack\black_thumbnail_select.bmp
d:\program files\Garena\SkinBlack\garenatv.ggz
d:\program files\Garena\SkinBlack\Skin.ggz
d:\program files\Garena\Skins.xml
d:\program files\Garena\slotmachine.ggz
d:\program files\Garena\SocketHook.dll
d:\program files\Garena\sound\folder.wav
d:\program files\Garena\sound\game.wav
d:\program files\Garena\sound\msg.wav
d:\program files\Garena\sound\nudge.wav
d:\program files\Garena\sound\quit.wav
d:\program files\Garena\sound\ring.wav
d:\program files\Garena\sound\sysmsg.wav
d:\program files\Garena\source.xml
d:\program files\Garena\sqlite3.dll
d:\program files\Garena\uninst.exe
d:\program files\Garena\update.dat
d:\program files\Garena\Update.exe
d:\program files\Garena\update.xml
d:\program files\Garena\update2.exe
d:\program files\Garena\user.xml
d:\program files\Garena\user\10593929\ban.dat
d:\program files\Garena\user\10593929\data.dat
d:\program files\Garena\user\10593929\fps.dat
d:\program files\Garena\user\10593929\recent.txt
d:\program files\Garena\user\10593929\system.xml
d:\program files\Garena\viwawa.cn.xml
d:\program files\Garena\viwawa.en.xml
d:\program files\Garena\viwawa.tw.xml
d:\program files\Garena\War3Hook.dll
d:\program files\Garena\web\1.cn.html
d:\program files\Garena\web\1.en.html
d:\program files\Garena\web\1.tw.html
d:\program files\Garena\web\2.cn.html
d:\program files\Garena\web\2.en.html
d:\program files\Garena\web\2.tw.html
d:\program files\Garena\web\3.cn.html
d:\program files\Garena\web\3.en.html
d:\program files\Garena\web\3.tw.html
d:\program files\Garena\web\6.cn.html
d:\program files\Garena\web\6.en.html
d:\program files\Garena\web\6.tw.html
d:\program files\Garena\web\cache\Freesky\css\foemb_2.css
d:\program files\Garena\web\cache\Freesky\Freesky.html
d:\program files\Garena\web\cache\Freesky\img\do_bg2.jpg
d:\program files\Garena\web\cache\Freesky\img\do_btn.jpg
d:\program files\Garena\web\cache\Freesky\img\ggbackground.jpg
d:\program files\Garena\web\cache\ROM\config\css\screen.css
d:\program files\Garena\web\cache\ROM\config\images\bgd_body.gif
d:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_hevertical.gif
d:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_vertical.gif
d:\program files\Garena\web\cache\ROM\config\images\bgd_footer.gif
d:\program files\Garena\web\cache\ROM\config\images\bgd_html.gif
d:\program files\Garena\web\cache\ROM\config\images\header.jpg
d:\program files\Garena\web\cache\ROM\config\images\ico_bullet.gif
d:\program files\Garena\web\cache\ROM\config\images\visu_download.jpg
d:\program files\Garena\web\cache\ROM\config\images\visu_line.gif
d:\program files\Garena\web\cache\ROM\config\images\visu_logo-garena.gif
d:\program files\Garena\web\cache\ROM\config\images\visu_run.gif
d:\program files\Garena\web\cache\ROM\config\images\visu_setting.gif
d:\program files\Garena\web\cache\ROM\css\screen.css
d:\program files\Garena\web\cache\ROM\images\bgd_body.jpg
d:\program files\Garena\web\cache\ROM\images\bgd_html.gif
d:\program files\Garena\web\cache\ROM\images\bgd_news.gif
d:\program files\Garena\web\cache\ROM\images\btn_forum_n.gif
d:\program files\Garena\web\cache\ROM\images\btn_forum_o.gif
d:\program files\Garena\web\cache\ROM\images\btn_support_n.gif
d:\program files\Garena\web\cache\ROM\images\btn_support_o.gif
d:\program files\Garena\web\cache\ROM\images\btn_webiste_n.gif
d:\program files\Garena\web\cache\ROM\images\btn_webiste_o.gif
d:\program files\Garena\web\cache\ROM\images\ico-01.gif
d:\program files\Garena\web\cache\ROM\images\slogan_rom.jpg
d:\program files\Garena\web\cache\ROM\images\topupbanner.jpg
d:\program files\Garena\web\cache\ROM\images\visu_banner.gif
d:\program files\Garena\web\cache\ROM\images\visu_banner_01.gif
d:\program files\Garena\web\cache\ROM\images\visu_forum.gif
d:\program files\Garena\web\cache\ROM\images\visu_garena.gif
d:\program files\Garena\web\cache\RUpoker\css\pokerembed.css
d:\program files\Garena\web\cache\RUpoker\img\bg.jpg
d:\program files\Garena\web\cache\RUpoker\img\btn.jpg
d:\program files\Garena\web\cache\RUpoker\img\ggbackground.jpg
d:\program files\Garena\web\embed_game.jpg
d:\program files\Garena\web\embed_game_cn.jpg
d:\program files\Garena\web\embed_game_tw.jpg
d:\program files\Garena\web\embed_garenafire_ZH.jpg
d:\program files\Garena\web\embed_gfire.jpg
d:\program files\Garena\web\gfire.cn.html
d:\program files\Garena\web\gfire.en.html
d:\program files\Garena\web\gfire.tw.html
d:\program files\Garena\web\ggbackground.jpg
d:\program files\Garena\web\loading.gif
d:\program files\Garena\web\loading.html
d:\program files\Garena\web\Thumbs.db
d:\program files\Garena\YYFileSystem.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GGSAFERDRIVER
-------\Legacy_LBD
-------\Service_GarenaPEngine
-------\Service_GGSAFERDriver
-------\Service_Lbd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-17 do 2011-05-17 )))))))))))))))))))))))))))))))
.
.
2011-05-17 20:47 . 2011-05-17 21:18 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2011-05-17 20:47 . 2011-05-17 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-17 19:01 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10E914E5-6E6E-45BC-A5B2-22134159B553}\mpengine.dll
2011-05-17 17:17 . 2011-05-17 17:17 -------- d-----w- c:\users\uzivatel\AppData\Local\Adobe
2011-05-17 16:28 . 2011-05-17 16:28 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Malwarebytes
2011-05-17 16:28 . 2011-05-17 16:28 -------- d-----w- c:\programdata\Malwarebytes
2011-05-17 16:28 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-17 16:28 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-17 15:49 . 2011-05-17 15:49 -------- d-----w- c:\program files\CCleaner
2011-05-17 14:39 . 2011-05-17 14:39 388096 ----a-r- c:\users\uzivatel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-17 12:49 . 2009-03-26 23:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2011-05-16 22:18 . 2011-05-16 22:18 1 ----a-w- c:\windows\system32\SI.bin
2011-05-15 19:59 . 2011-05-15 19:59 376320 ----a-r- c:\users\uzivatel\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
2011-05-15 19:58 . 2011-05-15 19:58 -------- d-sh--w- c:\programdata\SecuROM
2011-05-14 22:22 . 2011-05-14 22:23 -------- d-----w- c:\programdata\TorrentEasy
2011-05-10 14:57 . 2011-05-10 14:58 -------- d-----w- c:\programdata\Skype Extras
2011-05-10 14:57 . 2011-05-10 14:57 -------- d-----w- c:\program files\Common Files\Skype
2011-05-10 14:56 . 2011-05-10 14:57 -------- d-----r- c:\program files\Skype
2011-05-01 11:47 . 2011-05-01 11:47 -------- d-----w- c:\program files\Common Files\Java
2011-04-28 18:03 . 2011-04-28 18:00 298104 ----a-w- c:\windows\system32\imon.dll
2011-04-28 18:03 . 2011-04-28 18:00 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2011-04-28 18:03 . 2011-04-28 18:00 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 15:09 . 2011-03-20 15:09 138536 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-20 15:09 . 2011-03-20 14:23 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-20 15:09 . 2011-03-20 15:09 270408 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-20 15:09 . 2011-03-20 14:23 270408 ----a-w- c:\windows\system32\PnkBstrB.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-03-13 3046808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Adobe Photo Downloader"="d:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 67488]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2011-04-28 949376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-17 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 14:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 14:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-12221914-3933522934-587034535-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-02-16 21176]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-21 691696]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2011-04-28 15424]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-30 809296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-17 c:\windows\Tasks\User_Feed_Synchronization-{2DFDBB8A-503D-4C8C-A609-C532552EB561}.job
- c:\windows\system32\msfeedssync.exe [2010-12-18 04:25]
.
.
------- Doplňkový sken -------
.
IE: Download all by FlashGet3 - c:\users\uzivatel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\uzivatel\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - d:\program files\ICQ7.1\ICQ.exe
LSP: c:\windows\system32\imon.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Garena - d:\program files\Garena\uninst.exe
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-12221914-3933522934-587034535-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:63,d8,7a,d3,36,c6,33,94,d7,f1,80,7f,c3,db,57,e2,8b,93,cb,76,d1,b6,c1,
db,73,60,06,44,4a,a8,cc,2f,95,30,d8,ce,1a,d4,7b,1b,3f,82,66,7f,6d,4f,63,31,\
"??"=hex:93,81,7c,eb,6d,aa,17,17,2f,c9,c9,11,4c,96,38,7b
.
[HKEY_USERS\S-1-5-21-12221914-3933522934-587034535-1000\Software\SecuROM\License information*]
"datasecu"=hex:78,b1,ff,f7,61,03,e4,02,c1,3f,07,17,22,9b,3f,68,41,d7,c6,0e,5c,
02,58,a0,6a,71,5a,98,fd,cc,20,9b,b7,ab,6d,2b,aa,f7,4b,b6,30,7d,cb,4e,9f,3c,\
"rkeysecu"=hex:03,89,7a,4c,52,7f,2f,aa,05,3c,ae,46,27,34,f0,46
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4004)
d:\program files\Logitech\SetPoint\GameHook.dll
d:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
d:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
d:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Celkový čas: 2011-05-17 23:27:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-17 21:27
ComboFix2.txt 2011-05-17 18:56
.
Před spuštěním: Volných bajtů: 35 511 353 344
Po spuštění: Volných bajtů: 32 798 949 376
.
- - End Of File - - A1572D66B9917AABD5BBCBEDB8A9425A

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


Jak se chová PC?

+HJT

[Pornobus]

Pokud mám noda, mám ho také deaktivovat?...a ještě jak to přesně udělat, abych si tam něco nepoškodil?