Prosím o kontrolu logu Vyřešeno

[Nekac1]

Garenu už moc nepoužívám

Log z ComboFixu (doufám že jsem udělal vše správně):
ComboFix 10-12-12.03 - ADMIN 13.12.2010 15:53:41.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1257 [GMT 1:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ADMIN\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\docume~1\ADMIN\LOCALS~1\Temp\GUP1BB4.tmp"
"c:\windows\IFinst27.exe"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfc009.dat"
"c:\windows\UNWISE.EXE"
"d:\hry\Kopie - Ragnarok Online\npkycryp.sys"
"d:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IFinst27.exe
c:\windows\system32\perfc005.dat
c:\windows\UNWISE.EXE
c:\windows\wpe pro.INI

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-13 do 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-12 16:29 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-12 16:29 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-12 16:29 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-12 16:29 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-12 16:29 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-12 16:29 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-12 16:29 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-12 16:28 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-12 16:28 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-12 16:28 . 2010-12-12 16:29 -------- d-----w- c:\program files\Avast5
2010-12-12 16:28 . 2010-12-12 16:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-12 16:26 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-12-12 16:26 . 2010-12-12 16:26 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-12-12 12:57 . 2010-12-12 12:57 -------- d-----w- c:\documents and settings\ADMIN\Data aplikací\Malwarebytes
2010-12-12 12:57 . 2010-12-12 12:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-12 12:57 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-12 12:57 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-12 12:01 . 2010-12-12 12:01 -------- d-----w- c:\documents and settings\ADMIN\DoctorWeb
2010-12-12 11:49 . 2010-12-12 11:49 388096 ----a-r- c:\documents and settings\ADMIN\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-12 09:31 . 2010-12-12 09:31 -------- d-----w- C:\audio
2010-12-04 18:15 . 2010-12-04 18:15 -------- d-----w- c:\documents and settings\ADMIN\Data aplikací\TortoiseSVN
2010-11-27 18:12 . 2010-11-27 18:12 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-11-17 12:02 . 2010-07-09 12:18 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2002-09-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-23 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-04-15 16:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-04-15 16:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaPlatformMan"="c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe" [2010-03-30 701440]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-10 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"boincmgr"="d:\program files\BOINC\Core\boincmgr.exe" [2009-11-06 4793088]
"boinctray"="d:\program files\BOINC\Core\boinctray.exe" [2009-11-06 58112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"VMware hqtray"="d:\program files\VMware Player\hqtray.exe" [2010-01-22 64048]
"ABBYY Screenshot Reader Retail"="d:\program files\ABBYY Screenshot Reader\ScreenShotReader.exe" [2008-10-16 959776]
"TrueImageMonitor.exe"="d:\program files\Acronis True Image 2010\TrueImageMonitor.exe" [2009-11-26 5129128]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe" [2009-11-26 361976]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"avast5"="c:\program files\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\ADMIN\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\XAMPP\\mysql\\bin\\mysqld.exe"=
"d:\\Program Files\\XAMPP\\apache\\bin\\apache.exe"=
"d:\\Program Files\\Pidgin\\pidgin.exe"=
"d:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"d:\\Hry\\Warcraft III\\Warcraft III.exe"=
"d:\\Hry\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Hry\\Ragnarok Online\\reexe.exe"=
"d:\\Hry\\Tony Hawk's Underground 2\\Game\\THUG2.exe"=
"d:\\Hry\\Age of Mythology\\aom.exe"=
"d:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"d:\\Hry\\Dune 2000\\DUNE2000.DAT"=
"d:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Free SMTP Server\\localsrv.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Hry\\Unreal Tournament\\UnrealTournament\\System\\UnrealTournament.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"d:\\Hry\\Warcraft III\\lancraft.exe"=
"d:\\Program Files\\BOINC\\Core\\boinc.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Hry\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"d:\\Program Files\\VMware Player\\vmware-authd.exe"=
"d:\\Hry\\Diablo II\\Diablo II.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"6121:TCP"= 6121:TCP:char-server_sql.exe
"6900:TCP"= 6900:TCP:login-server_sql.exe
"5121:TCP"= 5121:TCP:map-server_sql.exe
"6112:TCP"= 6112:TCP:Wc3Port
"3724:TCP"= 3724:TCP:WoW
"6110:TCP"= 6110:TCP:Warcraft
"57894:TCP"= 57894:TCP:Pando Media Booster
"57894:UDP"= 57894:UDP:Pando Media Booster
"4000:TCP"= 4000:TCP:Diablo 2
"56977:TCP"= 56977:TCP:Pando Media Booster
"56977:UDP"= 56977:UDP:Pando Media Booster
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [21.11.2008 16:47 40464]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.11.2008 14:22 721904]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [9.9.2010 19:36 911680]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.12.2010 17:29 165584]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [9.9.2010 19:36 2480048]
R2 Apache2.2;Apache2.2;d:\program files\XAMPP\apache\bin\apache.exe [14.6.2008 18:02 17408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.12.2010 17:29 17744]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [18.12.2008 22:25 941784]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [17.11.2010 13:02 20328]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22.1.2010 20:57 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22.1.2010 20:00 563760]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [9.9.2010 19:36 160288]
S2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;d:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [16.10.2008 16:18 759072]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.7.2010 21:10 136176]
S2 MySQL-nt;MySQL-nt;"d:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="d:\program files\MySQL\MySQL Server 5.0\my.ini" MySQL-nt --> d:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMIN\LOCALS~1\Temp\GUP1BB4.tmp --> c:\docume~1\ADMIN\LOCALS~1\Temp\GUP1BB4.tmp [?]
S3 npkycryp;npkycryp;\??\d:\hry\Kopie - Ragnarok Online\npkycryp.sys --> d:\hry\Kopie - Ragnarok Online\npkycryp.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 SaiK0621;SaiK0621;c:\windows\system32\drivers\SaiK0621.sys [22.10.2008 15:09 106496]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [3.8.2010 15:25 26112]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.1.2008 10:12 25088]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [10.4.2010 21:29 23480]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 18:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 20:10]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 20:10]

2009-06-21 c:\windows\Tasks\StartTurnaje.job
- d:\vit\BoincObsluha\StartTurnaje.bat [2009-06-11 05:07]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
LSP: d:\program files\VMware Player\vsocklib.dll
TCP: {C38E8514-5955-4DB2-A1CB-879DBBAE15E0} = 212.71.150.2,212.71.146.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\cpp0nar4.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Mp3 Codec - c:\windows\UNWISE.EXE
AddRemove-Raganrok Renewal - c:\windows\IFinst27.exe
AddRemove-Ragnarok Online - c:\windows\IFinst27.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 15:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="D:/Program Files/XAMPP/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ADMIN\LOCALS~1\Temp\GUP1BB4.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="D:/Program Files/XAMPP/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL-nt]
"ImagePath"="\"d:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"d:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL-nt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-12-13 16:01:03
ComboFix-quarantined-files.txt 2010-12-13 15:00
ComboFix2.txt 2010-12-12 17:03
ComboFix3.txt 2009-11-12 19:59

Před spuštěním: Volných bajtů: 29 442 695 168
Po spuštění: Volných bajtů: 29 422 968 832

- - End Of File - - 22F2C8A6166E107D8EFF3454D5792AE1

[Reklama]

[Nekac1]

Ještě odkaz na virus total - http://www.virustotal.com/file-scan/rep ... 1292252844

[memphisto]

Tak ještě:

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

SecCenter:
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

Driver::
MySQL-nt
GarenaPEngine
npkycryp

Folder::
d:\Program Files\Garena


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Nekac1]

Log z ComboFixu:

ComboFix 10-12-12.03 - ADMIN 13.12.2010 17:16:25.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1349 [GMT 1:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ADMIN\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\program files\Garena
d:\program files\Garena\AESocket.dll
d:\program files\Garena\atl71.dll
d:\program files\Garena\Avatar\boy.swf
d:\program files\Garena\Avatar\boy_s.swf
d:\program files\Garena\Avatar\girl.swf
d:\program files\Garena\Avatar\girl_s.swf
d:\program files\Garena\Avatar\unknown.swf
d:\program files\Garena\Avatar\unknown_s.swf
d:\program files\Garena\clients.dat
d:\program files\Garena\clients2.dat
d:\program files\Garena\CommonLib.dll
d:\program files\Garena\config\bs.br.xml
d:\program files\Garena\config\bs.cn.xml
d:\program files\Garena\config\bs.en.xml
d:\program files\Garena\config\bs.id.xml
d:\program files\Garena\config\bs.pp.xml
d:\program files\Garena\config\bs.ru.xml
d:\program files\Garena\config\bs.sd.xml
d:\program files\Garena\config\bs.sp.xml
d:\program files\Garena\config\bs.th.xml
d:\program files\Garena\config\bs.tw.xml
d:\program files\Garena\config\bs.vn.xml
d:\program files\Garena\config\loccn.xml
d:\program files\Garena\config\locen.xml
d:\program files\Garena\config\lockr.xml
d:\program files\Garena\config\loctw.xml
d:\program files\Garena\config\locvn.xml
d:\program files\Garena\CS15Hook.dll
d:\program files\Garena\deps\olgame.gga
d:\program files\Garena\deps\vww.gzp
d:\program files\Garena\deps\webgame.gga
d:\program files\Garena\dlls\CTSys.dll
d:\program files\Garena\dlls\flags.dll
d:\program files\Garena\dlls\FPSHelper.dll
d:\program files\Garena\dlls\GFireMan.dll
d:\program files\Garena\dlls\IPvR.dll
d:\program files\Garena\dlls\PEngine.dll
d:\program files\Garena\dlls\PluginLanguage.dll
d:\program files\Garena\dlls\Sca.dll
d:\program files\Garena\dlls\WC3J.dll
d:\program files\Garena\downloads\ArmyGreen\armygreen_thumbnail.bmp
d:\program files\Garena\downloads\ArmyGreen\armygreen_thumbnail_select.bmp
d:\program files\Garena\downloads\ArmyGreen\garenatv.ggz
d:\program files\Garena\downloads\ArmyGreen\Skin.ggz
d:\program files\Garena\downloads\BlackShotLauncher\Skin\Header.bmp
d:\program files\Garena\downloads\BlackShotLauncher\Skin\ProgressBarBgH.bmp
d:\program files\Garena\downloads\BlackShotLauncher\Skin\ProgressBarBgV.bmp
d:\program files\Garena\downloads\BlackShotLauncher\Skin\ProgressBarH.bmp
d:\program files\Garena\downloads\BlackShotLauncher\Skin\ProgressBarV.bmp
d:\program files\Garena\files\files.ggz
d:\program files\Garena\FPSHook.dll
d:\program files\Garena\Gamecn.dat
d:\program files\Garena\GameConfig.xml
d:\program files\Garena\Gameen.dat
d:\program files\Garena\Gametw.dat
d:\program files\Garena\Gamevn.dat
d:\program files\Garena\Garena.exe
d:\program files\Garena\GarenaSkin.dll
d:\program files\Garena\GarenaSkin1.dll
d:\program files\Garena\GarenaSkin2.dll
d:\program files\Garena\GarenaTV.xml
d:\program files\Garena\GarenaTV\0.bmp
d:\program files\Garena\GarenaTV\1.bmp
d:\program files\Garena\GarenaTV\2.bmp
d:\program files\Garena\GarenaTV\3.bmp
d:\program files\Garena\GarenaTV\4.bmp
d:\program files\Garena\GarenaTV\5.bmp
d:\program files\Garena\GarenaTV\6.bmp
d:\program files\Garena\GarenaTV\cn.ggz
d:\program files\Garena\GarenaTV\cn_s.ggz
d:\program files\Garena\GarenaTV\en.ggz
d:\program files\Garena\GarenaTV\en_s.ggz
d:\program files\Garena\GarenaTV\id_s.ggz
d:\program files\Garena\GarenaTV\Thumbs.db
d:\program files\Garena\GarenaTV\tw.ggz
d:\program files\Garena\GarenaTV\tw_s.ggz
d:\program files\Garena\GarenaTV_UI.dll
d:\program files\Garena\GarenaTVHook.dll
d:\program files\Garena\GGICON.ico
d:\program files\Garena\Gn.ggz
d:\program files\Garena\gs.dat
d:\program files\Garena\hc.xml
d:\program files\Garena\Inject.dll
d:\program files\Garena\L4DSocket.dll
d:\program files\Garena\langs.xml
d:\program files\Garena\Languages\FPSGame.dll.cn
d:\program files\Garena\Languages\FPSGame.dll.en
d:\program files\Garena\Languages\FPSGame.dll.tw
d:\program files\Garena\Languages\Garena.exe.br
d:\program files\Garena\Languages\Garena.exe.cn
d:\program files\Garena\Languages\Garena.exe.en
d:\program files\Garena\Languages\Garena.exe.id
d:\program files\Garena\Languages\Garena.exe.ru
d:\program files\Garena\Languages\Garena.exe.sp
d:\program files\Garena\Languages\Garena.exe.th
d:\program files\Garena\Languages\Garena.exe.tw
d:\program files\Garena\Languages\Garena.exe.vn
d:\program files\Garena\Languages\GarenaTV_UI.dll.cn
d:\program files\Garena\Languages\GarenaTV_UI.dll.en
d:\program files\Garena\Languages\GarenaTV_UI.dll.id
d:\program files\Garena\Languages\GarenaTV_UI.dll.tw
d:\program files\Garena\Languages\languages.glf
d:\program files\Garena\Languages\OLGame.dll.en
d:\program files\Garena\Languages\OLGame.dll.vn
d:\program files\Garena\Languages\update.exe.cn
d:\program files\Garena\Languages\update.exe.tw
d:\program files\Garena\Languages\update2.exe.cn
d:\program files\Garena\Languages\update2.exe.tw
d:\program files\Garena\Languages\WC3Ass.dll.br
d:\program files\Garena\Languages\WC3Ass.dll.cn
d:\program files\Garena\Languages\WC3Ass.dll.en
d:\program files\Garena\Languages\WC3Ass.dll.kr
d:\program files\Garena\Languages\WC3Ass.dll.kz
d:\program files\Garena\Languages\WC3Ass.dll.ru
d:\program files\Garena\Languages\WC3Ass.dll.sp
d:\program files\Garena\Languages\WC3Ass.dll.tw
d:\program files\Garena\Languages\WC3Ass.dll.vn
d:\program files\Garena\Languages\WC3Ladder.dll.cn
d:\program files\Garena\Languages\WC3Ladder.dll.en
d:\program files\Garena\Languages\WC3Ladder.dll.tw
d:\program files\Garena\layout\BlackShotView.layout
d:\program files\Garena\layout\layout.ggz
d:\program files\Garena\lib\BlackShot.dll
d:\program files\Garena\lib\common\Language.dll
d:\program files\Garena\lib\GarenaRoomSystem.dll
d:\program files\Garena\lib\GarenaWebService.dll
d:\program files\Garena\lib\HttpLayer.dll
d:\program files\Garena\lib\Layout.dll
d:\program files\Garena\lib\LibPlugin.ggz
d:\program files\Garena\lib\LoadSwf.dll
d:\program files\Garena\lib\MessagePumpLib.dll
d:\program files\Garena\lib\NetworkLayer.dll
d:\program files\Garena\lib\PKCS.dll
d:\program files\Garena\lib\RSA.dll
d:\program files\Garena\lib\WebCache.dll
d:\program files\Garena\mdata.ggz
d:\program files\Garena\newgame.ggz
d:\program files\Garena\onlinegame.ggz
d:\program files\Garena\PluginKernel.dll
d:\program files\Garena\plugins\Game\GarenaTVRecorder.dll
d:\program files\Garena\plugins\Game\WC3Ass.dll
d:\program files\Garena\plugins\Game\WC3Ladder.dll
d:\program files\Garena\plugins\Game\WC3VC.dll
d:\program files\Garena\plugins\Plugins.ggz
d:\program files\Garena\plugins\UI\AdPlugin.dll
d:\program files\Garena\plugins\UI\AdPlugin\close_rollout.bmp
d:\program files\Garena\plugins\UI\AdPlugin\close_rollover.bmp
d:\program files\Garena\plugins\UI\AdPlugin\down_rollout.bmp
d:\program files\Garena\plugins\UI\AdPlugin\down_rollover.bmp
d:\program files\Garena\plugins\UI\AdPlugin\skinmsn.bmp
d:\program files\Garena\plugins\UI\AdPlugin\up_rollout.bmp
d:\program files\Garena\plugins\UI\AdPlugin\up_rollover.bmp
d:\program files\Garena\plugins\UI\AvoidCrackPlugin.dll
d:\program files\Garena\plugins\UI\BlackShotPlugin.dll
d:\program files\Garena\plugins\UI\CafeLogin.dll
d:\program files\Garena\plugins\UI\FavListUIPlugin.dll
d:\program files\Garena\plugins\UI\FPSGame.dll
d:\program files\Garena\plugins\UI\GarenaTV.dll
d:\program files\Garena\plugins\UI\GarenaTVRecUI.dll
d:\program files\Garena\plugins\UI\GEngine.dll
d:\program files\Garena\plugins\UI\Chenyx.dll
d:\program files\Garena\plugins\UI\ManagePlugin.dll
d:\program files\Garena\plugins\UI\OLGame.dll
d:\program files\Garena\plugins\UI\StatPlugin.dll
d:\program files\Garena\plugins\UI\ViwawaPlugin.dll
d:\program files\Garena\plugins\UI\WebGameUI.dll
d:\program files\Garena\plugins\UI\zDep.dll
d:\program files\Garena\plugins\UI\zzzPlugin.dll
d:\program files\Garena\RecConfig.xml
d:\program files\Garena\roomCN.dat
d:\program files\Garena\roomEN.dat
d:\program files\Garena\roomTW.dat
d:\program files\Garena\server.xml
d:\program files\Garena\shop\items\1.gif
d:\program files\Garena\shop\items\100.gif
d:\program files\Garena\shop\items\105.gif
d:\program files\Garena\shop\items\150.gif
d:\program files\Garena\shop\items\151.gif
d:\program files\Garena\shop\items\2.gif
d:\program files\Garena\shop\items\200.gif
d:\program files\Garena\shop\items\201.gif
d:\program files\Garena\shop\items\202.gif
d:\program files\Garena\shop\items\203.gif
d:\program files\Garena\shop\items\204.gif
d:\program files\Garena\shop\items\205.gif
d:\program files\Garena\shop\items\206.gif
d:\program files\Garena\shop\items\21.gif
d:\program files\Garena\shop\items\22.gif
d:\program files\Garena\shop\items\23.gif
d:\program files\Garena\shop\items\24.gif
d:\program files\Garena\shop\items\3.gif
d:\program files\Garena\shop\items\300.gif
d:\program files\Garena\shop\items\301.gif
d:\program files\Garena\shop\items\302.gif
d:\program files\Garena\shop\items\303.gif
d:\program files\Garena\shop\items\304.gif
d:\program files\Garena\shop\items\305.gif
d:\program files\Garena\shop\items\306.gif
d:\program files\Garena\shop\items\307.gif
d:\program files\Garena\shop\items\308.gif
d:\program files\Garena\shop\items\309.gif
d:\program files\Garena\shop\items\310.gif
d:\program files\Garena\shop\items\311.gif
d:\program files\Garena\shop\items\312.gif
d:\program files\Garena\shop\items\313.gif
d:\program files\Garena\shop\items\4.gif
d:\program files\Garena\shop\items\40.gif
d:\program files\Garena\shop\items\60.gif
d:\program files\Garena\shop\items\61.gif
d:\program files\Garena\shop\items\62.gif
d:\program files\Garena\shop\items\63.gif
d:\program files\Garena\shop\items\64.gif
d:\program files\Garena\shop\items\65.gif
d:\program files\Garena\shop\items\66.gif
d:\program files\Garena\shop\items\67.gif
d:\program files\Garena\shop\items\68.gif
d:\program files\Garena\shop\items\69.gif
d:\program files\Garena\shop\items\70.gif
d:\program files\Garena\shop\items\8.gif
d:\program files\Garena\shop\items\Thumbs.db
d:\program files\Garena\Skin\Flags\-.gif
d:\program files\Garena\Skin\Flags\ad.gif
d:\program files\Garena\Skin\Flags\ae.gif
d:\program files\Garena\Skin\Flags\af.gif
d:\program files\Garena\Skin\Flags\ag.gif
d:\program files\Garena\Skin\Flags\ai.gif
d:\program files\Garena\Skin\Flags\al.gif
d:\program files\Garena\Skin\Flags\am.gif
d:\program files\Garena\Skin\Flags\an.gif
d:\program files\Garena\Skin\Flags\ao.gif
d:\program files\Garena\Skin\Flags\aq.gif
d:\program files\Garena\Skin\Flags\ar.gif
d:\program files\Garena\Skin\Flags\as.gif
d:\program files\Garena\Skin\Flags\at.gif
d:\program files\Garena\Skin\Flags\au.gif
d:\program files\Garena\Skin\Flags\aw.gif
d:\program files\Garena\Skin\Flags\az.gif
d:\program files\Garena\Skin\Flags\ba.gif
d:\program files\Garena\Skin\Flags\bb.gif
d:\program files\Garena\Skin\Flags\bd.gif
d:\program files\Garena\Skin\Flags\be.gif
d:\program files\Garena\Skin\Flags\bf.gif
d:\program files\Garena\Skin\Flags\bg.gif
d:\program files\Garena\Skin\Flags\bh.gif
d:\program files\Garena\Skin\Flags\bi.gif
d:\program files\Garena\Skin\Flags\bj.gif
d:\program files\Garena\Skin\Flags\bm.gif
d:\program files\Garena\Skin\Flags\bn.gif
d:\program files\Garena\Skin\Flags\bo.gif
d:\program files\Garena\Skin\Flags\br.gif
d:\program files\Garena\Skin\Flags\bs.gif
d:\program files\Garena\Skin\Flags\bt.gif
d:\program files\Garena\Skin\Flags\bv.gif
d:\program files\Garena\Skin\Flags\bw.gif
d:\program files\Garena\Skin\Flags\by.gif
d:\program files\Garena\Skin\Flags\bz.gif
d:\program files\Garena\Skin\Flags\ca.gif
d:\program files\Garena\Skin\Flags\cd.gif
d:\program files\Garena\Skin\Flags\cf.gif
d:\program files\Garena\Skin\Flags\cg.gif
d:\program files\Garena\Skin\Flags\ci.gif
d:\program files\Garena\Skin\Flags\ck.gif
d:\program files\Garena\Skin\Flags\cl.gif
d:\program files\Garena\Skin\Flags\cm.gif
d:\program files\Garena\Skin\Flags\cn.gif
d:\program files\Garena\Skin\Flags\co.gif
d:\program files\Garena\Skin\Flags\cr.gif
d:\program files\Garena\Skin\Flags\cu.gif
d:\program files\Garena\Skin\Flags\cv.gif
d:\program files\Garena\Skin\Flags\cy.gif
d:\program files\Garena\Skin\Flags\cz.gif
d:\program files\Garena\Skin\Flags\de.gif
d:\program files\Garena\Skin\Flags\dj.gif
d:\program files\Garena\Skin\Flags\dk.gif
d:\program files\Garena\Skin\Flags\dm.gif
d:\program files\Garena\Skin\Flags\do.gif
d:\program files\Garena\Skin\Flags\dz.gif
d:\program files\Garena\Skin\Flags\ec.gif
d:\program files\Garena\Skin\Flags\ee.gif
d:\program files\Garena\Skin\Flags\eg.gif
d:\program files\Garena\Skin\Flags\er.gif
d:\program files\Garena\Skin\Flags\es.gif
d:\program files\Garena\Skin\Flags\et.gif
d:\program files\Garena\Skin\Flags\eu.gif
d:\program files\Garena\Skin\Flags\fi.gif
d:\program files\Garena\Skin\Flags\fj.gif
d:\program files\Garena\Skin\Flags\fk.gif
d:\program files\Garena\Skin\Flags\fm.gif
d:\program files\Garena\Skin\Flags\fo.gif
d:\program files\Garena\Skin\Flags\fr.gif
d:\program files\Garena\Skin\Flags\fx.gif
d:\program files\Garena\Skin\Flags\ga.gif
d:\program files\Garena\Skin\Flags\gb.gif
d:\program files\Garena\Skin\Flags\gd.gif
d:\program files\Garena\Skin\Flags\ge.gif
d:\program files\Garena\Skin\Flags\gh.gif
d:\program files\Garena\Skin\Flags\gi.gif
d:\program files\Garena\Skin\Flags\gl.gif
d:\program files\Garena\Skin\Flags\gm.gif
d:\program files\Garena\Skin\Flags\gn.gif
d:\program files\Garena\Skin\Flags\gp.gif
d:\program files\Garena\Skin\Flags\gq.gif
d:\program files\Garena\Skin\Flags\gr.gif
d:\program files\Garena\Skin\Flags\gt.gif
d:\program files\Garena\Skin\Flags\gu.gif
d:\program files\Garena\Skin\Flags\gw.gif
d:\program files\Garena\Skin\Flags\gy.gif
d:\program files\Garena\Skin\Flags\hk.gif
d:\program files\Garena\Skin\Flags\hm.gif
d:\program files\Garena\Skin\Flags\hn.gif
d:\program files\Garena\Skin\Flags\hr.gif
d:\program files\Garena\Skin\Flags\ht.gif
d:\program files\Garena\Skin\Flags\hu.gif
d:\program files\Garena\Skin\Flags\ch.gif
d:\program files\Garena\Skin\Flags\id.gif
d:\program files\Garena\Skin\Flags\ie.gif
d:\program files\Garena\Skin\Flags\il.gif
d:\program files\Garena\Skin\Flags\im.gif
d:\program files\Garena\Skin\Flags\in.gif
d:\program files\Garena\Skin\Flags\io.gif
d:\program files\Garena\Skin\Flags\iq.gif
d:\program files\Garena\Skin\Flags\ir.gif
d:\program files\Garena\Skin\Flags\is.gif
d:\program files\Garena\Skin\Flags\it.gif
d:\program files\Garena\Skin\Flags\je.gif
d:\program files\Garena\Skin\Flags\jm.gif
d:\program files\Garena\Skin\Flags\jo.gif
d:\program files\Garena\Skin\Flags\jp.gif
d:\program files\Garena\Skin\Flags\ke.gif
d:\program files\Garena\Skin\Flags\kg.gif
d:\program files\Garena\Skin\Flags\kh.gif
d:\program files\Garena\Skin\Flags\ki.gif
d:\program files\Garena\Skin\Flags\km.gif
d:\program files\Garena\Skin\Flags\kn.gif
d:\program files\Garena\Skin\Flags\kp.gif
d:\program files\Garena\Skin\Flags\kr.gif
d:\program files\Garena\Skin\Flags\kw.gif
d:\program files\Garena\Skin\Flags\ky.gif
d:\program files\Garena\Skin\Flags\kz.gif
d:\program files\Garena\Skin\Flags\la.gif
d:\program files\Garena\Skin\Flags\lb.gif
d:\program files\Garena\Skin\Flags\lc.gif
d:\program files\Garena\Skin\Flags\li.gif
d:\program files\Garena\Skin\Flags\lk.gif
d:\program files\Garena\Skin\Flags\lr.gif
d:\program files\Garena\Skin\Flags\ls.gif
d:\program files\Garena\Skin\Flags\lt.gif
d:\program files\Garena\Skin\Flags\lu.gif
d:\program files\Garena\Skin\Flags\lv.gif
d:\program files\Garena\Skin\Flags\ly.gif
d:\program files\Garena\Skin\Flags\ma.gif
d:\program files\Garena\Skin\Flags\mc.gif
d:\program files\Garena\Skin\Flags\md.gif
d:\program files\Garena\Skin\Flags\me.gif
d:\program files\Garena\Skin\Flags\mg.gif
d:\program files\Garena\Skin\Flags\mh.gif
d:\program files\Garena\Skin\Flags\mk.gif
d:\program files\Garena\Skin\Flags\ml.gif
d:\program files\Garena\Skin\Flags\mm.gif
d:\program files\Garena\Skin\Flags\mn.gif
d:\program files\Garena\Skin\Flags\mo.gif
d:\program files\Garena\Skin\Flags\mp.gif
d:\program files\Garena\Skin\Flags\mq.gif
d:\program files\Garena\Skin\Flags\mr.gif
d:\program files\Garena\Skin\Flags\ms.gif
d:\program files\Garena\Skin\Flags\mt.gif
d:\program files\Garena\Skin\Flags\mu.gif
d:\program files\Garena\Skin\Flags\mv.gif
d:\program files\Garena\Skin\Flags\mw.gif
d:\program files\Garena\Skin\Flags\mx.gif
d:\program files\Garena\Skin\Flags\my.gif
d:\program files\Garena\Skin\Flags\mz.gif
d:\program files\Garena\Skin\Flags\na.gif
d:\program files\Garena\Skin\Flags\nc.gif
d:\program files\Garena\Skin\Flags\ne.gif
d:\program files\Garena\Skin\Flags\nf.gif
d:\program files\Garena\Skin\Flags\ng.gif
d:\program files\Garena\Skin\Flags\ni.gif
d:\program files\Garena\Skin\Flags\nl.gif
d:\program files\Garena\Skin\Flags\no.gif
d:\program files\Garena\Skin\Flags\np.gif
d:\program files\Garena\Skin\Flags\nr.gif
d:\program files\Garena\Skin\Flags\nz.gif
d:\program files\Garena\Skin\Flags\om.gif
d:\program files\Garena\Skin\Flags\pa.gif
d:\program files\Garena\Skin\Flags\pe.gif
d:\program files\Garena\Skin\Flags\pf.gif
d:\program files\Garena\Skin\Flags\pg.gif
d:\program files\Garena\Skin\Flags\ph.gif
d:\program files\Garena\Skin\Flags\pk.gif
d:\program files\Garena\Skin\Flags\pl.gif
d:\program files\Garena\Skin\Flags\pm.gif
d:\program files\Garena\Skin\Flags\pr.gif
d:\program files\Garena\Skin\Flags\ps.gif
d:\program files\Garena\Skin\Flags\pt.gif
d:\program files\Garena\Skin\Flags\pw.gif
d:\program files\Garena\Skin\Flags\py.gif
d:\program files\Garena\Skin\Flags\qa.gif
d:\program files\Garena\Skin\Flags\re.gif
d:\program files\Garena\Skin\Flags\ro.gif
d:\program files\Garena\Skin\Flags\rs.gif
d:\program files\Garena\Skin\Flags\ru.gif
d:\program files\Garena\Skin\Flags\rw.gif
d:\program files\Garena\Skin\Flags\sa.gif
d:\program files\Garena\Skin\Flags\sb.gif
d:\program files\Garena\Skin\Flags\sc.gif
d:\program files\Garena\Skin\Flags\sd.gif
d:\program files\Garena\Skin\Flags\se.gif
d:\program files\Garena\Skin\Flags\sg.gif
d:\program files\Garena\Skin\Flags\si.gif
d:\program files\Garena\Skin\Flags\sk.gif
d:\program files\Garena\Skin\Flags\sl.gif
d:\program files\Garena\Skin\Flags\sm.gif
d:\program files\Garena\Skin\Flags\sn.gif
d:\program files\Garena\Skin\Flags\so.gif
d:\program files\Garena\Skin\Flags\sr.gif
d:\program files\Garena\Skin\Flags\st.gif
d:\program files\Garena\Skin\Flags\sv.gif
d:\program files\Garena\Skin\Flags\sy.gif
d:\program files\Garena\Skin\Flags\sz.gif
d:\program files\Garena\Skin\Flags\tc.gif
d:\program files\Garena\Skin\Flags\td.gif
d:\program files\Garena\Skin\Flags\tf.gif
d:\program files\Garena\Skin\Flags\tg.gif
d:\program files\Garena\Skin\Flags\th.gif
d:\program files\Garena\Skin\Flags\Thumbs.db
d:\program files\Garena\Skin\Flags\tj.gif
d:\program files\Garena\Skin\Flags\tm.gif
d:\program files\Garena\Skin\Flags\tn.gif
d:\program files\Garena\Skin\Flags\to.gif
d:\program files\Garena\Skin\Flags\tp.gif
d:\program files\Garena\Skin\Flags\tr.gif
d:\program files\Garena\Skin\Flags\tt.gif
d:\program files\Garena\Skin\Flags\tv.gif
d:\program files\Garena\Skin\Flags\tw.gif
d:\program files\Garena\Skin\Flags\tz.gif
d:\program files\Garena\Skin\Flags\ua.gif
d:\program files\Garena\Skin\Flags\ug.gif
d:\program files\Garena\Skin\Flags\uk.gif
d:\program files\Garena\Skin\Flags\um.gif
d:\program files\Garena\Skin\Flags\us.gif
d:\program files\Garena\Skin\Flags\uy.gif
d:\program files\Garena\Skin\Flags\uz.gif
d:\program files\Garena\Skin\Flags\va.gif
d:\program files\Garena\Skin\Flags\vc.gif
d:\program files\Garena\Skin\Flags\ve.gif
d:\program files\Garena\Skin\Flags\vg.gif
d:\program files\Garena\Skin\Flags\vi.gif
d:\program files\Garena\Skin\Flags\vn.gif
d:\program files\Garena\Skin\Flags\vu.gif
d:\program files\Garena\Skin\Flags\ws.gif
d:\program files\Garena\Skin\Flags\ye.gif
d:\program files\Garena\Skin\Flags\yu.gif
d:\program files\Garena\Skin\Flags\za.gif
d:\program files\Garena\Skin\Flags\zm.gif
d:\program files\Garena\Skin\Flags\zr.gif
d:\program files\Garena\Skin\Flags\zw.gif
d:\program files\Garena\Skin\garenatv.ggz
d:\program files\Garena\Skin\red_thumbnail.bmp
d:\program files\Garena\Skin\red_thumbnail_select.bmp
d:\program files\Garena\Skin\Skin.ggz
d:\program files\Garena\Skin\SkinSwitcher\skinselect_Logo.bmp
d:\program files\Garena\Skin\SkinSwitcher\skinselect_main_bg.bmp
d:\program files\Garena\Skin\SkinSwitcher\skinselect_ok_btn.bmp
d:\program files\Garena\Skin\SkinSwitcher\skinselect_thumbnail_bg.bmp
d:\program files\Garena\skin_bs\garenatv.ggz
d:\program files\Garena\skin_bs\Skin.ggz
d:\program files\Garena\SkinBlack\black_thumbnail.bmp
d:\program files\Garena\SkinBlack\black_thumbnail_select.bmp
d:\program files\Garena\SkinBlack\garenatv.ggz
d:\program files\Garena\SkinBlack\Skin.ggz
d:\program files\Garena\Skins.xml
d:\program files\Garena\slotmachine.ggz
d:\program files\Garena\SocketHook.dll
d:\program files\Garena\sound\folder.wav
d:\program files\Garena\sound\game.wav
d:\program files\Garena\sound\msg.wav
d:\program files\Garena\sound\nudge.wav
d:\program files\Garena\sound\quit.wav
d:\program files\Garena\sound\ring.wav
d:\program files\Garena\sound\sysmsg.wav
d:\program files\Garena\source.xml
d:\program files\Garena\sqlite3.dll
d:\program files\Garena\uninst.exe
d:\program files\Garena\update.dat
d:\program files\Garena\Update.exe
d:\program files\Garena\update.xml
d:\program files\Garena\update2.exe
d:\program files\Garena\user.xml
d:\program files\Garena\user\16624595\ban.dat
d:\program files\Garena\user\16624595\data.dat
d:\program files\Garena\user\16624595\fps.dat
d:\program files\Garena\user\16624595\recent.txt
d:\program files\Garena\viwawa.cn.xml
d:\program files\Garena\viwawa.en.xml
d:\program files\Garena\viwawa.tw.xml
d:\program files\Garena\War3Hook.dll
d:\program files\Garena\web\1.cn.html
d:\program files\Garena\web\1.en.html
d:\program files\Garena\web\1.tw.html
d:\program files\Garena\web\2.cn.html
d:\program files\Garena\web\2.en.html
d:\program files\Garena\web\2.tw.html
d:\program files\Garena\web\3.cn.html
d:\program files\Garena\web\3.en.html
d:\program files\Garena\web\3.tw.html
d:\program files\Garena\web\6.cn.html
d:\program files\Garena\web\6.en.html
d:\program files\Garena\web\6.tw.html
d:\program files\Garena\web\cache\Freesky\css\foemb_2.css
d:\program files\Garena\web\cache\Freesky\img\do_bg2.jpg
d:\program files\Garena\web\cache\Freesky\img\do_btn.jpg
d:\program files\Garena\web\cache\Freesky\img\ggbackground.jpg
d:\program files\Garena\web\cache\ROM\config\css\screen.css
d:\program files\Garena\web\cache\ROM\config\images\bgd_body.gif
d:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_hevertical.gif
d:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_vertical.gif
d:\program files\Garena\web\cache\ROM\config\images\bgd_footer.gif
d:\program files\Garena\web\cache\ROM\config\images\bgd_html.gif
d:\program files\Garena\web\cache\ROM\config\images\header.jpg
d:\program files\Garena\web\cache\ROM\config\images\ico_bullet.gif
d:\program files\Garena\web\cache\ROM\config\images\visu_download.jpg
d:\program files\Garena\web\cache\ROM\config\images\visu_line.gif
d:\program files\Garena\web\cache\ROM\config\images\visu_logo-garena.gif
d:\program files\Garena\web\cache\ROM\config\images\visu_run.gif
d:\program files\Garena\web\cache\ROM\config\images\visu_setting.gif
d:\program files\Garena\web\cache\ROM\css\screen.css
d:\program files\Garena\web\cache\ROM\images\bgd_body.jpg
d:\program files\Garena\web\cache\ROM\images\bgd_html.gif
d:\program files\Garena\web\cache\ROM\images\bgd_news.gif
d:\program files\Garena\web\cache\ROM\images\btn_forum_n.gif
d:\program files\Garena\web\cache\ROM\images\btn_forum_o.gif
d:\program files\Garena\web\cache\ROM\images\btn_support_n.gif
d:\program files\Garena\web\cache\ROM\images\btn_support_o.gif
d:\program files\Garena\web\cache\ROM\images\btn_webiste_n.gif
d:\program files\Garena\web\cache\ROM\images\btn_webiste_o.gif
d:\program files\Garena\web\cache\ROM\images\ico-01.gif
d:\program files\Garena\web\cache\ROM\images\slogan_rom.jpg
d:\program files\Garena\web\cache\ROM\images\topupbanner.jpg
d:\program files\Garena\web\cache\ROM\images\visu_banner.gif
d:\program files\Garena\web\cache\ROM\images\visu_banner_01.gif
d:\program files\Garena\web\cache\ROM\images\visu_forum.gif
d:\program files\Garena\web\cache\ROM\images\visu_garena.gif
d:\program files\Garena\web\cache\RUpoker\css\pokerembed.css
d:\program files\Garena\web\cache\RUpoker\img\bg.jpg
d:\program files\Garena\web\cache\RUpoker\img\btn.jpg
d:\program files\Garena\web\cache\RUpoker\img\ggbackground.jpg
d:\program files\Garena\web\embed_game.jpg
d:\program files\Garena\web\embed_game_cn.jpg
d:\program files\Garena\web\embed_game_tw.jpg
d:\program files\Garena\web\embed_garenafire_ZH.jpg
d:\program files\Garena\web\embed_gfire.jpg
d:\program files\Garena\web\gfire.cn.html
d:\program files\Garena\web\gfire.en.html
d:\program files\Garena\web\gfire.tw.html
d:\program files\Garena\web\ggbackground.jpg
d:\program files\Garena\web\loading.gif
d:\program files\Garena\web\loading.html
d:\program files\Garena\web\Thumbs.db
d:\program files\Garena\YYFileSystem.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Legacy_MYSQL-NT
-------\Service_GarenaPEngine
-------\Service_MySQL-nt
-------\Service_npkycryp


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-13 do 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-12 16:29 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-12 16:29 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-12 16:29 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-12 16:29 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-12 16:29 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-12 16:29 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-12 16:29 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-12 16:28 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-12 16:28 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-12 16:28 . 2010-12-12 16:29 -------- d-----w- c:\program files\Avast5
2010-12-12 16:28 . 2010-12-12 16:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-12 16:26 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-12-12 16:26 . 2010-12-12 16:26 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-12-12 12:57 . 2010-12-12 12:57 -------- d-----w- c:\documents and settings\ADMIN\Data aplikací\Malwarebytes
2010-12-12 12:57 . 2010-12-12 12:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-12 12:57 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-12 12:57 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-12 12:01 . 2010-12-12 12:01 -------- d-----w- c:\documents and settings\ADMIN\DoctorWeb
2010-12-12 11:49 . 2010-12-12 11:49 388096 ----a-r- c:\documents and settings\ADMIN\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-12 09:31 . 2010-12-12 09:31 -------- d-----w- C:\audio
2010-12-04 18:15 . 2010-12-04 18:15 -------- d-----w- c:\documents and settings\ADMIN\Data aplikací\TortoiseSVN
2010-11-27 18:12 . 2010-11-27 18:12 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-11-17 12:02 . 2010-07-09 12:18 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2002-09-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-23 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-04-15 16:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-04-15 16:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((( SnapShot_2010-12-12_17.00.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-13 16:25 . 2010-12-13 16:25 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaPlatformMan"="c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe" [2010-03-30 701440]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-10 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"boincmgr"="d:\program files\BOINC\Core\boincmgr.exe" [2009-11-06 4793088]
"boinctray"="d:\program files\BOINC\Core\boinctray.exe" [2009-11-06 58112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"VMware hqtray"="d:\program files\VMware Player\hqtray.exe" [2010-01-22 64048]
"ABBYY Screenshot Reader Retail"="d:\program files\ABBYY Screenshot Reader\ScreenShotReader.exe" [2008-10-16 959776]
"TrueImageMonitor.exe"="d:\program files\Acronis True Image 2010\TrueImageMonitor.exe" [2009-11-26 5129128]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe" [2009-11-26 361976]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"avast5"="c:\program files\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\ADMIN\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\XAMPP\\mysql\\bin\\mysqld.exe"=
"d:\\Program Files\\XAMPP\\apache\\bin\\apache.exe"=
"d:\\Program Files\\Pidgin\\pidgin.exe"=
"d:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"d:\\Hry\\Warcraft III\\Warcraft III.exe"=
"d:\\Hry\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Hry\\Ragnarok Online\\reexe.exe"=
"d:\\Hry\\Tony Hawk's Underground 2\\Game\\THUG2.exe"=
"d:\\Hry\\Age of Mythology\\aom.exe"=
"d:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"d:\\Hry\\Dune 2000\\DUNE2000.DAT"=
"c:\\Program Files\\Free SMTP Server\\localsrv.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Hry\\Unreal Tournament\\UnrealTournament\\System\\UnrealTournament.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"d:\\Hry\\Warcraft III\\lancraft.exe"=
"d:\\Program Files\\BOINC\\Core\\boinc.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Hry\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"d:\\Program Files\\VMware Player\\vmware-authd.exe"=
"d:\\Hry\\Diablo II\\Diablo II.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"6121:TCP"= 6121:TCP:char-server_sql.exe
"6900:TCP"= 6900:TCP:login-server_sql.exe
"5121:TCP"= 5121:TCP:map-server_sql.exe
"6112:TCP"= 6112:TCP:Wc3Port
"3724:TCP"= 3724:TCP:WoW
"6110:TCP"= 6110:TCP:Warcraft
"57894:TCP"= 57894:TCP:Pando Media Booster
"57894:UDP"= 57894:UDP:Pando Media Booster
"4000:TCP"= 4000:TCP:Diablo 2
"56977:TCP"= 56977:TCP:Pando Media Booster
"56977:UDP"= 56977:UDP:Pando Media Booster
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [21.11.2008 16:47 40464]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.11.2008 14:22 721904]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [9.9.2010 19:36 911680]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.12.2010 17:29 165584]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [9.9.2010 19:36 2480048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.12.2010 17:29 17744]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [18.12.2008 22:25 941784]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [17.11.2010 13:02 20328]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22.1.2010 20:57 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22.1.2010 20:00 563760]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [9.9.2010 19:36 160288]
S2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;d:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [16.10.2008 16:18 759072]
S2 Apache2.2;Apache2.2;d:\program files\XAMPP\apache\bin\apache.exe [14.6.2008 18:02 17408]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.7.2010 21:10 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 SaiK0621;SaiK0621;c:\windows\system32\drivers\SaiK0621.sys [22.10.2008 15:09 106496]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [3.8.2010 15:25 26112]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.1.2008 10:12 25088]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [10.4.2010 21:29 23480]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 18:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 20:10]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 20:10]

2009-06-21 c:\windows\Tasks\StartTurnaje.job
- d:\vit\BoincObsluha\StartTurnaje.bat [2009-06-11 05:07]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
LSP: d:\program files\VMware Player\vsocklib.dll
TCP: {C38E8514-5955-4DB2-A1CB-879DBBAE15E0} = 212.71.150.2,212.71.146.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\cpp0nar4.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Garena - d:\program files\Garena\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 17:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="D:/Program Files/XAMPP/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="D:/Program Files/XAMPP/mysql/bin/mysqld-nt.exe"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2632)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
d:\program files\TortoiseSVN\bin\TortoiseStub.dll
d:\program files\TortoiseSVN\bin\TortoiseSVN.dll
d:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\progra~1\ArcSoft\PHOTOI~1\share\pihook.dll
d:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
d:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
d:\program files\xampp\filezillaftp\filezillaserver.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\msdtc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\mqsvc.exe
d:\program files\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
d:\program files\BOINC\Core\boinc.exe
d:\program files\BOINC\Data\projects\www.primaboinca.com\primaboinca_7.02_windows_intelx86.exe
d:\program files\BOINC\Data\projects\www.primaboinca.com\primaboinca_7.02_windows_intelx86.exe
d:\program files\BOINC\Data\projects\qcn.stanford.edu_sensor\qcn_6.32_windows_intelx86__nci.exe
d:\program files\BOINC\Data\projects\wuprop.boinc-af.org\data_collect_1.42_windows_intelx86__nci.exe
.
**************************************************************************
.
Celkový čas: 2010-12-13 17:29:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-13 16:29
ComboFix2.txt 2010-12-13 15:01
ComboFix3.txt 2010-12-12 17:03
ComboFix4.txt 2009-11-12 19:59

Před spuštěním: Volných bajtů: 29 468 311 552
Po spuštění: Volných bajtů: 29 342 978 048

- - End Of File - - A0DF7E6EC0DA6189D8EB778721C065FA

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+HJT

Jak se chová PC?

[Nekac1]

Log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:47, on 13.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\windows\system32\Ati2evxx.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\windows\system32\spoolsv.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\rundll32.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
D:\Program Files\BOINC\Core\boincmgr.exe
D:\Program Files\BOINC\Core\boinctray.exe
D:\Program Files\VMware Player\hqtray.exe
D:\Program Files\Acronis True Image 2010\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Avast5\avastUI.exe
C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe
C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
D:\Program Files\xampp\filezillaftp\filezillaserver.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\windows\system32\vmnat.exe
C:\windows\system32\mqsvc.exe
D:\Program Files\VMware Player\vmware-authd.exe
C:\windows\system32\vmnetdhcp.exe
C:\windows\system32\mqtgsvc.exe
D:\Program Files\BOINC\Core\boinc.exe
D:\Program Files\BOINC\Data\projects\www.primaboinca.com\primaboinca_7.02_windows_intelx86.exe
D:\Program Files\BOINC\Data\projects\www.primaboinca.com\primaboinca_7.02_windows_intelx86.exe
D:\Program Files\BOINC\Data\projects\qcn.stanford.edu_sensor\qcn_6.32_windows_intelx86__nci.exe
D:\Program Files\BOINC\Data\projects\wuprop.boinc-af.org\data_collect_1.42_windows_intelx86__nci.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
D:\Program Files\Pidgin\pidgin.exe
C:\windows\system32\ctfmon.exe
D:\Program Files\xampp\apache\bin\apache.exe
D:\Program Files\xampp\apache\bin\apache.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\HiJackThis\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [boincmgr] "D:\Program Files\BOINC\Core\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "D:\Program Files\BOINC\Core\boinctray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [VMware hqtray] "D:\Program Files\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis True Image 2010\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Služba Acronis Scheduler2] "C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [JavaPlatformMan] C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: d:\program files\vmware player\vsocklib.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kliber.cz
O17 - HKLM\Software\..\Telephony: DomainName = kliber.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{C38E8514-5955-4DB2-A1CB-879DBBAE15E0}: NameServer = 212.71.150.2,212.71.146.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kliber.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kliber.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ABBYY (BIT Software) - D:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Program Files\xampp\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\Program Files\xampp\filezillaftp\filezillaserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySql - Unknown owner - D:/Program Files/XAMPP/mysql/bin/mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware Player\vmware-ufad.exe
O23 - Service: Ventrilo - Unknown owner - D:\Program Files\Ventrilo Server\ventrilo_svc.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe

--
End of file - 11505 bytes


PC jsem těmi programy vyčistil, uvolnilo se mi nějaké místo a Pc je o poznání rychlejší.

[memphisto]

fixni:
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

dej start - spustit - services.msc - najdi a ukonči/zakaž tuto službu:
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)

Z mé strany vše. Pokud nejsou problémy, tak můžeš téma označit za vyřešené kliknutím na zelenou fajku

[Nekac1]

Fixnuto, zakázáno a označeno za vyřešené. Děkuji.