Prosím o kontrolu logu SDFix
Napsal: 21 úno 2008 13:50
Můžete někdo prosím skontrolovat log s SDFix děkuji řeším problém s načítáním windows a v logech se nevyznám díky.
SDFix: Version 1.144
Run by Administrator on źt 21.02.2008 at 13:36
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Checking Files:
Trojan Files Found:
C:\WINDOWS\regedit.com - Deleted
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 13:41:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:6d,47,0d,12,27,29,f2,ec,99,27,b4,b7,69,95,48,cc,6a,5f,48,5c,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,68,d2,a6,01,84,04,54,88,09,b4,c8,c4,8a,59,a5,46,..
"khjeh"=hex:b4,e0,85,6d,74,ac,e8,ab,8f,57,b8,2a,0c,a8,1f,4a,42,d5,4d,4e,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,04,8e,60,96,78,34,1e,09,ee,9a,43,5e,0b,29,d6,2e,21,3f,f6,c2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:92,de,81,1c,a4,79,96,0a,7c,fd,2e,2f,b0,ec,fc,bd,18,2b,46,42,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,68,d2,a6,01,84,04,54,88,09,b4,c8,c4,8a,59,a5,46,..
"khjeh"=hex:ba,94,fa,37,87,23,8b,89,0d,c0,a0,0d,f5,12,74,e9,cc,90,af,e9,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5f,34,51,f7,c8,2b,02,51,04,63,e2,f4,cd,10,28,e3,7e,98,56,5f,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:69,3f,17,98,2e,a4,de,83,ea,c2,09,73,6c,10,81,d5,82,cf,a1,5c,fd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:92,de,81,1c,a4,79,96,0a,7c,fd,2e,2f,b0,ec,fc,bd,18,2b,46,42,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,68,d2,a6,01,84,04,54,88,09,b4,c8,c4,8a,59,a5,46,..
"khjeh"=hex:ba,94,fa,37,87,23,8b,89,0d,c0,a0,0d,f5,12,74,e9,cc,90,af,e9,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5f,34,51,f7,c8,2b,02,51,04,63,e2,f4,cd,10,28,e3,7e,98,56,5f,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:69,3f,17,98,2e,a4,de,83,ea,c2,09,73,6c,10,81,d5,82,cf,a1,5c,fd,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\f\1e]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,80,3c,00,00,00,00,00,c4,4d,eb,ac,7e,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\YUCache\\f\1e]
"SlowInfoCache"=hex:a4,42,3c,00,00,00,00,00,4c,94,33,c4,93,46,e3,40,56,4a,94,b3,93,..
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="66A421F12091FCB14E21DEAEE263AF33B28230F20F0793C0F0E8029BAE032B14027DB3FC6EC4C94F3A999FC30CD60617687EFE59999B7AD0BC1B1060891C61DA7E629541936573E299AFA34264F99C4BF1423AB31BCC84978F3FB2A61D53DE7394CA7D3DB6A192C4092DAC02071AAB4DEF8751D1C529245BAFA028D5D118F2104FB49413116AF3AE795EF17DA2C89C01D70EA8285C837EC9398EA0FC9D1F1FC50F1F7B087173173E30959FD27A5C8A2F7396194EB7726F731ADDC14A905E9C0E8611C0063AB731FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555FEBC9E127BECC74CA9C6AECB7A5D1407D10A0DD7267A27317032F251F7899AE1071C9F98093927A2E22A9D8A4FF3A1BFD9ADF29E4A19D02D90A17ADB0F5A5475CAB2CB2D5FED0E62CA982B7A580EA2884C3E1792A74B879C00B75CEB5CAA21119D8FBBAFBD17F2148CD91F153323D84B1023E51145975E6C0DA033CB235515A3DB435CF6BE040744AB835961F51636CDF0164EEA5116A6C26FDD213A484702CD44B2A1CD2118422F0F003C5757E0F10BA02845E59B757BF6BEC04BE855840461771700F248CA5EC6828B2F60348D8831323A413B99F4B6927A71587D79227569FDFCF01B3BA5D82F35391ADE8C3E37229E833E97E3EBF857816DF613864B7A22C044726BA4C9F4443B6EEE26032782F4C28FBC9BB74227381C8356B571BDF57A0E248580536A37910B659E7EE01030F45F3C3FDC7576E8DA71D6AB6A54CA111999233168B94E6BD902AB9FA390554D9F173DCD632319AA1D0FDF2F246D5B3AD4789E7E26EFD01F125C22ECC52366A6A77397F32D69CF9C8DE7E99ECE1EE6A2BB26C7F93031E02463BF0086084C48D174E1A7C12B9352B1EF509439C7EC7DBD0D0022B5F2D903102CB34EEC046393259FB01D4A4215EF24BB815545E004C0C63D4909C8CCEFCC3FFD226A28C4E4F4BA779577A5CB0009EE9C99F18A61306739F428A6CB90976A4D1DDB06C2CA71ABF17F2810EF14101352F01A075502E4BA571226FC5D069D9A9E059329CA094B8B6FED6612C75C9F97514E67847771369A262433601C676F32D661602AD2E8DAFD192C2FF9D05AB133367A4BAEC35060F7EDEFA17AB1E32216E294BEB9F1C62DFE9ADAC71C34B6E9180CF2F21B94B63E593CECA5C6451EEAC3EEB38DD74370701FE2CAD69F1B8D908A23E371B845AE5459E2C8DB97052EA4496D098F5B64AB7A03A503EA7E38F115648F34B9C4B7B3C6257664C210A21F4F4A9612ECEDF8B0C1E0D8BDF3863DE506912AFA2754503A610150D2BA2A546E8B7EE000318CA62A6187386AC55CE16699160D0175CE762790C18D5D8C31531124AF0D38CA0999399BD543AA1AF6E15CA7051BC8C7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\f\1e]
"Inno Setup: Setup Version"="5.1.11"
"Inno Setup: App Path"="C:\Program Files\Image Grabber II"
"InstallLocation"="C:\Program Files\Image Grabber II\"
"Inno Setup: Icon Group"="Image Grabber II"
"Inno Setup: User"="petr"
"DisplayName"="\x010ce\x161tina do programu Image Grabber II"
"UninstallString"=""C:\Program Files\Image Grabber II\unins000.exe""
"QuietUninstallString"=""C:\Program Files\Image Grabber II\unins000.exe" /SILENT"
"Publisher"="Boris Dancin"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"InstallDate"="20080129"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"D:\\Hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="D:\\Hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"D:\\Hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="D:\\Hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"D:\\Hry\\CoD4\\iw3mp.exe"="D:\\Hry\\CoD4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\\Hry\\divoké vlny\\System\\surfsupgame.exe"="D:\\Hry\\divoké vlny\\System\\surfsupgame.exe:*:Enabled:Divoké vlny"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 11 Jan 2008 24 ..SH. --- "C:\WINDOWS\SAABB3E63.tmp"
Tue 7 Feb 2006 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Thu 26 Jan 2006 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Thu 24 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
Finished!
SDFix: Version 1.144
Run by Administrator on źt 21.02.2008 at 13:36
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Checking Files:
Trojan Files Found:
C:\WINDOWS\regedit.com - Deleted
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 13:41:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:6d,47,0d,12,27,29,f2,ec,99,27,b4,b7,69,95,48,cc,6a,5f,48,5c,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,68,d2,a6,01,84,04,54,88,09,b4,c8,c4,8a,59,a5,46,..
"khjeh"=hex:b4,e0,85,6d,74,ac,e8,ab,8f,57,b8,2a,0c,a8,1f,4a,42,d5,4d,4e,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,04,8e,60,96,78,34,1e,09,ee,9a,43,5e,0b,29,d6,2e,21,3f,f6,c2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:92,de,81,1c,a4,79,96,0a,7c,fd,2e,2f,b0,ec,fc,bd,18,2b,46,42,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,68,d2,a6,01,84,04,54,88,09,b4,c8,c4,8a,59,a5,46,..
"khjeh"=hex:ba,94,fa,37,87,23,8b,89,0d,c0,a0,0d,f5,12,74,e9,cc,90,af,e9,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5f,34,51,f7,c8,2b,02,51,04,63,e2,f4,cd,10,28,e3,7e,98,56,5f,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:69,3f,17,98,2e,a4,de,83,ea,c2,09,73,6c,10,81,d5,82,cf,a1,5c,fd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:92,de,81,1c,a4,79,96,0a,7c,fd,2e,2f,b0,ec,fc,bd,18,2b,46,42,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,68,d2,a6,01,84,04,54,88,09,b4,c8,c4,8a,59,a5,46,..
"khjeh"=hex:ba,94,fa,37,87,23,8b,89,0d,c0,a0,0d,f5,12,74,e9,cc,90,af,e9,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5f,34,51,f7,c8,2b,02,51,04,63,e2,f4,cd,10,28,e3,7e,98,56,5f,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:69,3f,17,98,2e,a4,de,83,ea,c2,09,73,6c,10,81,d5,82,cf,a1,5c,fd,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\f\1e]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,80,3c,00,00,00,00,00,c4,4d,eb,ac,7e,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\YUCache\\f\1e]
"SlowInfoCache"=hex:a4,42,3c,00,00,00,00,00,4c,94,33,c4,93,46,e3,40,56,4a,94,b3,93,..
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="66A421F12091FCB14E21DEAEE263AF33B28230F20F0793C0F0E8029BAE032B14027DB3FC6EC4C94F3A999FC30CD60617687EFE59999B7AD0BC1B1060891C61DA7E629541936573E299AFA34264F99C4BF1423AB31BCC84978F3FB2A61D53DE7394CA7D3DB6A192C4092DAC02071AAB4DEF8751D1C529245BAFA028D5D118F2104FB49413116AF3AE795EF17DA2C89C01D70EA8285C837EC9398EA0FC9D1F1FC50F1F7B087173173E30959FD27A5C8A2F7396194EB7726F731ADDC14A905E9C0E8611C0063AB731FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555FEBC9E127BECC74CA9C6AECB7A5D1407D10A0DD7267A27317032F251F7899AE1071C9F98093927A2E22A9D8A4FF3A1BFD9ADF29E4A19D02D90A17ADB0F5A5475CAB2CB2D5FED0E62CA982B7A580EA2884C3E1792A74B879C00B75CEB5CAA21119D8FBBAFBD17F2148CD91F153323D84B1023E51145975E6C0DA033CB235515A3DB435CF6BE040744AB835961F51636CDF0164EEA5116A6C26FDD213A484702CD44B2A1CD2118422F0F003C5757E0F10BA02845E59B757BF6BEC04BE855840461771700F248CA5EC6828B2F60348D8831323A413B99F4B6927A71587D79227569FDFCF01B3BA5D82F35391ADE8C3E37229E833E97E3EBF857816DF613864B7A22C044726BA4C9F4443B6EEE26032782F4C28FBC9BB74227381C8356B571BDF57A0E248580536A37910B659E7EE01030F45F3C3FDC7576E8DA71D6AB6A54CA111999233168B94E6BD902AB9FA390554D9F173DCD632319AA1D0FDF2F246D5B3AD4789E7E26EFD01F125C22ECC52366A6A77397F32D69CF9C8DE7E99ECE1EE6A2BB26C7F93031E02463BF0086084C48D174E1A7C12B9352B1EF509439C7EC7DBD0D0022B5F2D903102CB34EEC046393259FB01D4A4215EF24BB815545E004C0C63D4909C8CCEFCC3FFD226A28C4E4F4BA779577A5CB0009EE9C99F18A61306739F428A6CB90976A4D1DDB06C2CA71ABF17F2810EF14101352F01A075502E4BA571226FC5D069D9A9E059329CA094B8B6FED6612C75C9F97514E67847771369A262433601C676F32D661602AD2E8DAFD192C2FF9D05AB133367A4BAEC35060F7EDEFA17AB1E32216E294BEB9F1C62DFE9ADAC71C34B6E9180CF2F21B94B63E593CECA5C6451EEAC3EEB38DD74370701FE2CAD69F1B8D908A23E371B845AE5459E2C8DB97052EA4496D098F5B64AB7A03A503EA7E38F115648F34B9C4B7B3C6257664C210A21F4F4A9612ECEDF8B0C1E0D8BDF3863DE506912AFA2754503A610150D2BA2A546E8B7EE000318CA62A6187386AC55CE16699160D0175CE762790C18D5D8C31531124AF0D38CA0999399BD543AA1AF6E15CA7051BC8C7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\f\1e]
"Inno Setup: Setup Version"="5.1.11"
"Inno Setup: App Path"="C:\Program Files\Image Grabber II"
"InstallLocation"="C:\Program Files\Image Grabber II\"
"Inno Setup: Icon Group"="Image Grabber II"
"Inno Setup: User"="petr"
"DisplayName"="\x010ce\x161tina do programu Image Grabber II"
"UninstallString"=""C:\Program Files\Image Grabber II\unins000.exe""
"QuietUninstallString"=""C:\Program Files\Image Grabber II\unins000.exe" /SILENT"
"Publisher"="Boris Dancin"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"InstallDate"="20080129"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"D:\\Hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="D:\\Hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"D:\\Hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="D:\\Hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"D:\\Hry\\CoD4\\iw3mp.exe"="D:\\Hry\\CoD4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\\Hry\\divoké vlny\\System\\surfsupgame.exe"="D:\\Hry\\divoké vlny\\System\\surfsupgame.exe:*:Enabled:Divoké vlny"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 11 Jan 2008 24 ..SH. --- "C:\WINDOWS\SAABB3E63.tmp"
Tue 7 Feb 2006 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Thu 26 Jan 2006 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Thu 24 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
Finished!
řešíš to už někde na fóru?
já nevím a myslel sem že si najdeš sekci a budeš to řešit s někým,kdo má nějakej tušák 