PC-HELP.CZ

Mám problém se samovolným vypínáním notebooku při hraní her.
------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:38, on 15.2.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18565)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program files\P4G\BatteryLife.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Users\Lisak\Desktop\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Lisak\Desktop\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Users\Lisak\AppData\Local\Temp\Rar$EX00.997\HWMonitor.exe
C:\Program Files\QIP Infium\infium.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Lisak\Downloads\hijackthis.exe
C:\Windows\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2786678
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Lisak\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Users\Lisak\Desktop\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Lisak\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Users\Lisak\Desktop\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ocs_SM] C:\Users\Lisak\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AVP] "C:\Users\Lisak\Desktop\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Windows\TEMP\E_SF4B1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Users\Lisak\Desktop\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lisak\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lisak\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Users\Lisak\Desktop\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Users\Lisak\Desktop\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Users\Lisak\Desktop\KASPER~1\KASPER~1\mzvkbd3.dll,C:\Users\Lisak\Desktop\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Users\Lisak\Desktop\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Anti-Virus 7.0\avp .exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\Lisak\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11561 bytes

Tak tomu říkám bordel

odinstaluj:
DVDVideoSoftTB Toolbar
uTorrent Toolbar
Conduit Engine
BS.Player ControlBar
DAEMON Tools Toolbar

v logu fixni:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2786678
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Lisak\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Lisak\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

dej start - spustit - services.msc najdi a ukonči/zakaž tyto služby:
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe (file missing)
O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Anti-Virus 7.0\avp .exe (file missing)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5772

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

16.2.2011 12:27:33
mbam-log-2011-02-16 (12-27-22).txt

Typ kontroly: Rychlý test
Testované objekty: 141496
Uplynulý čas: 5 minut, 21 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\D9Q071WKGS (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\YNO00BFRKM (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\Lisak\downloads\ventrilo-2.1.4-windows-i386.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Tasks\{66ba574b-1e11-49b8-909c-8cc9e0e8e015}.job (Trojan.Downloader) -> No action taken.

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5772

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

16.2.2011 12:39:09
mbam-log-2011-02-16 (12-39-09).txt

Typ kontroly: Rychlý test
Testované objekty: 141394
Uplynulý čas: 2 minut, 51 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\D9Q071WKGS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YNO00BFRKM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\Lisak\downloads\ventrilo-2.1.4-windows-i386.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{66ba574b-1e11-49b8-909c-8cc9e0e8e015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

----------------------------------------------------------------------------------------

ComboFix 11-02-15.04 - Lisak 16.02.2011 12:53:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3070.2010 [GMT 1:00]
Spuštěný z: c:\users\Lisak\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-16 do 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-16 11:08 . 2011-02-16 11:08 -------- d-----w- c:\users\Lisak\AppData\Roaming\Malwarebytes
2011-02-16 11:08 . 2011-02-16 11:08 -------- d-----w- c:\programdata\Malwarebytes
2011-02-16 11:08 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-16 11:08 . 2011-02-16 11:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-16 11:08 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-16 10:12 . 2011-02-16 10:12 -------- d-----w- c:\users\Lisak\DoctorWeb
2011-02-15 20:44 . 2011-02-15 20:44 -------- d-----w- c:\program files\Lavalys
2011-02-15 13:41 . 2011-02-15 13:41 -------- d-----w- c:\program files\KaM - The Peasants Rebellion
2011-02-15 13:37 . 2011-02-15 13:37 241 ----a-w- c:\users\Lisak\SR.vbs
2011-02-15 09:19 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D10DAF9-85F2-4C41-AE61-88B1391B9DB9}\mpengine.dll
2011-02-14 19:01 . 2011-02-14 19:02 -------- d-----w- c:\programdata\Tages
2011-02-14 18:54 . 2011-02-14 18:54 -------- d-----w- c:\programdata\Media Center Programs
2011-02-14 18:54 . 2011-02-14 18:54 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-02-14 18:54 . 2011-02-14 18:54 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-02-14 18:47 . 2011-02-14 18:47 -------- d-----w- c:\program files\Ubisoft
2011-02-12 00:00 . 2011-02-12 00:00 -------- d-----w- c:\program files\NVIDIA Corporation
2011-02-11 23:59 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-02-11 23:59 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-02-11 23:59 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-02-11 23:59 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-02-11 23:59 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-02-11 23:59 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-02-11 23:59 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-02-11 23:59 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-02-11 23:59 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-02-11 23:59 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-02-11 23:59 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-02-11 23:59 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-02-11 23:47 . 2011-02-11 23:47 -------- d-----w- c:\program files\2K Games
2011-02-06 22:44 . 2011-02-06 22:44 52736 ----a-w- c:\windows\ipuninst.exe
2011-02-06 22:40 . 2011-02-15 13:42 -------- d-----w- c:\program files\Fallout2
2011-01-27 06:55 . 2011-01-27 06:55 -------- d--h--w- c:\programdata\CanonBJ
2011-01-27 06:55 . 2006-11-02 09:46 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
2011-01-25 14:12 . 2011-01-25 14:13 -------- d-----w- c:\users\Lisak\KBCertifikat
2011-01-25 13:19 . 2011-01-25 14:13 -------- d-----w- c:\users\Lisak\kbpki
2011-01-25 13:18 . 2011-01-25 13:18 -------- d-----w- c:\windows\Sun
2011-01-25 13:18 . 2011-01-25 13:18 -------- d-----w- c:\program files\Common Files\Java
2011-01-25 13:17 . 2011-01-25 13:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-25 13:17 . 2011-01-25 13:17 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-25 13:17 . 2011-01-25 13:17 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 14:57 . 2011-01-12 12:28 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 12:28 1169408 ----a-w- c:\windows\system32\sdclt.exe
2009-08-31 16:55 . 2010-01-19 11:35 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

Kód: Vybrat vše

<pre>
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\AmIcoSingLun\amicosinglun .exe
c:\program files\ASUS\ATK Hotkey\hcontroluser .exe
c:\program files\ASUS\ATK Media\dmedia .exe
c:\program files\ASUS\ATKOSD2\atkosd2 .exe
c:\program files\ASUS\Splendid\acmon .exe
c:\program files\ASUS\Wireless Console 3\wcourier .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\CyberLink\LabelPrint\MUITransfer\muistartmenu .exe
c:\program files\CyberLink\Power2Go\clmlsvc .exe
c:\program files\CyberLink\Power2Go\MUITransfer\muistartmenu .exe
c:\program files\DAEMON Tools Lite\dtlite .exe
c:\program files\Elantech\etdctrl .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Realtek\Audio\HDA\rthdvcpl .exe
c:\program files\Skype\Phone\skype .exe
c:\program files\Steam\steam .exe
c:\windows\asscrpro .exe
</pre>

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ocs_SM"="c:\users\Lisak\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-01-13 106496]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024]
"AVP"="c:\users\Lisak\Desktop\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-19 340520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168]
FancyStart daemon.lnk - c:\windows\Installer\{A9FEB6D7-9C52-49FC-B956-7AB275B78890}\_5598CE641C54B66A23693F.exe [2009-8-26 12862]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\users\Lisak\Desktop\KASPER~1\KASPER~1\mzvkbd3.dll c:\users\Lisak\Desktop\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2140670843-1361837041-3371738261-1000]
"EnableNotificationsRef"=dword:00000003

R2 avp ;avp ;c:\program files\Kaspersky Anti-Virus 7.0\avp .exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Lisak\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010-01-13 40960]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-03-07 6656]
R3 GarenaPEngine;GarenaPEngine;c:\users\Lisak\AppData\Local\Temp\LSZ47AD.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-03 436792]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-04-07 70880]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-04-01 233128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2011-02-15 c:\windows\Tasks\User_Feed_Synchronization-{21968E96-2AA3-45FB-9885-10DBB5A13086}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Lisak\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Lisak\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT27866 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-HijackThis - c:\users\Lisak\Downloads\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 13:00
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Lisak\AppData\Local\Temp\LSZ47AD.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3932)
c:\windows\system32\btmmhook.dll
.
Celkový čas: 2011-02-16 13:02:17
ComboFix-quarantined-files.txt 2011-02-16 12:02

Před spuštěním: Volných bajtů: 50 836 008 960
Po spuštění: Volných bajtů: 50 654 515 200

Current=1 Default=1 Failed=0 LastKnownGood=50 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50
- - End Of File - - D0F32403525E819383451DAFD6D5381B

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=-
"EnableUIADesktopToggle"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]

Driver::
GarenaPEngine
GGSAFERDriver

Folder::
c:\program files\Garena

File::
c:\users\Lisak\AppData\Local\Temp\LSZ47AD.tmp

Firefox::
FF - ProfilePath - c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT27866 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

ComboFix 11-02-15.04 - Lisak 16.02.2011 15:59:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3070.1997 [GMT 1:00]
Spuštěný z: c:\users\Lisak\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Lisak\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\users\Lisak\AppData\Local\Temp\LSZ47AD.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Garena
c:\program files\Garena\AESocket.dll
c:\program files\Garena\ArmyGreen\armygreen_thumbnail.bmp
c:\program files\Garena\ArmyGreen\armygreen_thumbnail_select.bmp
c:\program files\Garena\ArmyGreen\garenatv.ggz
c:\program files\Garena\ArmyGreen\Skin.ggz
c:\program files\Garena\atl71.dll
c:\program files\Garena\Avatar\boy.swf
c:\program files\Garena\Avatar\boy_s.swf
c:\program files\Garena\Avatar\girl.swf
c:\program files\Garena\Avatar\girl_s.swf
c:\program files\Garena\Avatar\unknown.swf
c:\program files\Garena\Avatar\unknown_s.swf
c:\program files\Garena\BlackShotLauncher\launcher.exe
c:\program files\Garena\BlackShotLauncher\modules\l_background.jpg
c:\program files\Garena\BlackShotLauncher\modules\l_loading.html
c:\program files\Garena\BlackShotLauncher\Skin\background.bmp
c:\program files\Garena\BlackShotLauncher\Skin\Header.bmp
c:\program files\Garena\BlackShotLauncher\Skin\images.xml
c:\program files\Garena\BlackShotLauncher\Skin\mouseout.bmp
c:\program files\Garena\BlackShotLauncher\Skin\mouseover.bmp
c:\program files\Garena\BlackShotLauncher\Skin\ProgressBarBgH.bmp
c:\program files\Garena\BlackShotLauncher\Skin\ProgressBarBgV.bmp
c:\program files\Garena\BlackShotLauncher\Skin\ProgressBarH.bmp
c:\program files\Garena\BlackShotLauncher\Skin\ProgressBarV.bmp
c:\program files\Garena\BlackShotLauncher\Skin\ui.xml
c:\program files\Garena\BlackShotLauncher\UpdateMove.exe
c:\program files\Garena\BlackShotLauncher\UpdateMove1.exe
c:\program files\Garena\BlackShotLauncher\XMLSkin.dll
c:\program files\Garena\Cache\23142703_s.swf
c:\program files\Garena\Cache\4202047_s.swf
c:\program files\Garena\Cache\4304482_s.swf
c:\program files\Garena\clients2.dat
c:\program files\Garena\CommonLib.dll
c:\program files\Garena\config\bs.br.xml
c:\program files\Garena\config\bs.cn.xml
c:\program files\Garena\config\bs.en.xml
c:\program files\Garena\config\bs.id.xml
c:\program files\Garena\config\bs.pp.xml
c:\program files\Garena\config\bs.ru.xml
c:\program files\Garena\config\bs.sd.xml
c:\program files\Garena\config\bs.sp.xml
c:\program files\Garena\config\bs.th.xml
c:\program files\Garena\config\bs.tw.xml
c:\program files\Garena\config\bs.vn.xml
c:\program files\Garena\config\loccn.xml
c:\program files\Garena\config\locen.xml
c:\program files\Garena\config\lockr.xml
c:\program files\Garena\config\loctw.xml
c:\program files\Garena\config\locvn.xml
c:\program files\Garena\CrashSender.exe
c:\program files\Garena\Crystal\crystal_thumbnail.bmp
c:\program files\Garena\Crystal\crystal_thumbnail_select.bmp
c:\program files\Garena\Crystal\garenatv.ggz
c:\program files\Garena\Crystal\Skin.ggz
c:\program files\Garena\CS15Hook.dll
c:\program files\Garena\deps\olgame.gga
c:\program files\Garena\deps\vww.gzp
c:\program files\Garena\deps\webgame.gga
c:\program files\Garena\dlls\CTSys.dll
c:\program files\Garena\dlls\flags.dll
c:\program files\Garena\dlls\FPSHelper.dll
c:\program files\Garena\dlls\GFireMan.dll
c:\program files\Garena\dlls\IPvR.dll
c:\program files\Garena\dlls\PEngine.dll
c:\program files\Garena\dlls\PluginLanguage.dll
c:\program files\Garena\dlls\Sca.dll
c:\program files\Garena\dlls\WC3J.dll
c:\program files\Garena\files\files.ggz
c:\program files\Garena\FPSHook.dll
c:\program files\Garena\Gamecn.dat
c:\program files\Garena\GameConfig.xml
c:\program files\Garena\Gameen.dat
c:\program files\Garena\Gametw.dat
c:\program files\Garena\Gamevn.dat
c:\program files\Garena\Garena.dmp
c:\program files\Garena\Garena.exe
c:\program files\Garena\garena.log
c:\program files\Garena\GarenaSkin.dll
c:\program files\Garena\GarenaSkin1.dll
c:\program files\Garena\GarenaSkin2.dll
c:\program files\Garena\GarenaTV.xml
c:\program files\Garena\GarenaTV\0.bmp
c:\program files\Garena\GarenaTV\1.bmp
c:\program files\Garena\GarenaTV\2.bmp
c:\program files\Garena\GarenaTV\3.bmp
c:\program files\Garena\GarenaTV\4.bmp
c:\program files\Garena\GarenaTV\5.bmp
c:\program files\Garena\GarenaTV\6.bmp
c:\program files\Garena\GarenaTV\cn.ggz
c:\program files\Garena\GarenaTV\cn_s.ggz
c:\program files\Garena\GarenaTV\en.ggz
c:\program files\Garena\GarenaTV\en_s.ggz
c:\program files\Garena\GarenaTV\id_s.ggz
c:\program files\Garena\GarenaTV\Thumbs.db
c:\program files\Garena\GarenaTV\tw.ggz
c:\program files\Garena\GarenaTV\tw_s.ggz
c:\program files\Garena\GarenaTV_UI.dll
c:\program files\Garena\GarenaTVHook.dll
c:\program files\Garena\GGICON.ico
c:\program files\Garena\Gn.ggz
c:\program files\Garena\hc.xml
c:\program files\Garena\Inject.dll
c:\program files\Garena\L4DSocket.dll
c:\program files\Garena\langs.xml
c:\program files\Garena\Languages\CrashSender\br.xml
c:\program files\Garena\Languages\CrashSender\cn.xml
c:\program files\Garena\Languages\CrashSender\kr.xml
c:\program files\Garena\Languages\CrashSender\kz.xml
c:\program files\Garena\Languages\CrashSender\ru.xml
c:\program files\Garena\Languages\CrashSender\sp.xml
c:\program files\Garena\Languages\CrashSender\tw.xml
c:\program files\Garena\Languages\CrashSender\vn.xml
c:\program files\Garena\Languages\FPSGame.dll.cn
c:\program files\Garena\Languages\FPSGame.dll.en
c:\program files\Garena\Languages\FPSGame.dll.tw
c:\program files\Garena\Languages\GarenaTV_UI.dll.cn
c:\program files\Garena\Languages\GarenaTV_UI.dll.en
c:\program files\Garena\Languages\GarenaTV_UI.dll.id
c:\program files\Garena\Languages\GarenaTV_UI.dll.tw
c:\program files\Garena\Languages\languages.glf
c:\program files\Garena\Languages\OLGame.dll.en
c:\program files\Garena\Languages\OLGame.dll.vn
c:\program files\Garena\Languages\update.exe.cn
c:\program files\Garena\Languages\update.exe.tw
c:\program files\Garena\Languages\update2.exe.cn
c:\program files\Garena\Languages\update2.exe.tw
c:\program files\Garena\Languages\WC3Ass.dll.br
c:\program files\Garena\Languages\WC3Ass.dll.cn
c:\program files\Garena\Languages\WC3Ass.dll.en
c:\program files\Garena\Languages\WC3Ass.dll.kr
c:\program files\Garena\Languages\WC3Ass.dll.kz
c:\program files\Garena\Languages\WC3Ass.dll.ru
c:\program files\Garena\Languages\WC3Ass.dll.sp
c:\program files\Garena\Languages\WC3Ass.dll.tw
c:\program files\Garena\Languages\WC3Ass.dll.vn
c:\program files\Garena\Languages\WC3Ladder.dll.cn
c:\program files\Garena\Languages\WC3Ladder.dll.en
c:\program files\Garena\Languages\WC3Ladder.dll.tw
c:\program files\Garena\lib\common\Language.dll
c:\program files\Garena\lib\GarenaRoomSystem.dll
c:\program files\Garena\lib\GarenaWebService.dll
c:\program files\Garena\lib\HttpLayer.dll
c:\program files\Garena\lib\LibPlugin.ggz
c:\program files\Garena\lib\LoadSwf.dll
c:\program files\Garena\lib\MessagePumpLib.dll
c:\program files\Garena\lib\NetworkLayer.dll
c:\program files\Garena\lib\PKCS.dll
c:\program files\Garena\lib\RSA.dll
c:\program files\Garena\lib\SkinFontHelper.dll
c:\program files\Garena\lib\WebCache.dll
c:\program files\Garena\mdata.ggz
c:\program files\Garena\newgame.ggz
c:\program files\Garena\onlinegame.ggz
c:\program files\Garena\PluginKernel.dll
c:\program files\Garena\plugins\Game\GarenaTVRecorder.dll
c:\program files\Garena\plugins\Game\WC3Ass.dll
c:\program files\Garena\plugins\Game\WC3Ladder.dll
c:\program files\Garena\plugins\Game\WC3VC.dll
c:\program files\Garena\plugins\Plugins.ggz
c:\program files\Garena\plugins\UI\AdPlugin.dll
c:\program files\Garena\plugins\UI\AdPlugin\close_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\close_rollover.bmp
c:\program files\Garena\plugins\UI\AdPlugin\down_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\down_rollover.bmp
c:\program files\Garena\plugins\UI\AdPlugin\skinmsn.bmp
c:\program files\Garena\plugins\UI\AdPlugin\up_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\up_rollover.bmp
c:\program files\Garena\plugins\UI\AvoidCrackPlugin.dll
c:\program files\Garena\plugins\UI\BlackShotPlugin.dll
c:\program files\Garena\plugins\UI\CafeLogin.dll
c:\program files\Garena\plugins\UI\FPSGame.dll
c:\program files\Garena\plugins\UI\GarenaTV.dll
c:\program files\Garena\plugins\UI\GarenaTVRecUI.dll
c:\program files\Garena\plugins\UI\GEngine.dll
c:\program files\Garena\plugins\UI\M3GoUI.dll
c:\program files\Garena\plugins\UI\OLGame.dll
c:\program files\Garena\plugins\UI\Plazasafe.dll
c:\program files\Garena\plugins\UI\safeapi.dll
c:\program files\Garena\plugins\UI\StatPlugin.dll
c:\program files\Garena\plugins\UI\WebGameUI.dll
c:\program files\Garena\RecConfig.xml
c:\program files\Garena\roomCN.dat
c:\program files\Garena\roomEN.dat
c:\program files\Garena\roomTW.dat
c:\program files\Garena\server.xml
c:\program files\Garena\shop\items\1.gif
c:\program files\Garena\shop\items\100.gif
c:\program files\Garena\shop\items\105.gif
c:\program files\Garena\shop\items\150.gif
c:\program files\Garena\shop\items\151.gif
c:\program files\Garena\shop\items\2.gif
c:\program files\Garena\shop\items\200.gif
c:\program files\Garena\shop\items\201.gif
c:\program files\Garena\shop\items\202.gif
c:\program files\Garena\shop\items\203.gif
c:\program files\Garena\shop\items\204.gif
c:\program files\Garena\shop\items\205.gif
c:\program files\Garena\shop\items\206.gif
c:\program files\Garena\shop\items\21.gif
c:\program files\Garena\shop\items\22.gif
c:\program files\Garena\shop\items\23.gif
c:\program files\Garena\shop\items\24.gif
c:\program files\Garena\shop\items\3.gif
c:\program files\Garena\shop\items\300.gif
c:\program files\Garena\shop\items\301.gif
c:\program files\Garena\shop\items\302.gif
c:\program files\Garena\shop\items\303.gif
c:\program files\Garena\shop\items\304.gif
c:\program files\Garena\shop\items\305.gif
c:\program files\Garena\shop\items\306.gif
c:\program files\Garena\shop\items\307.gif
c:\program files\Garena\shop\items\308.gif
c:\program files\Garena\shop\items\309.gif
c:\program files\Garena\shop\items\310.gif
c:\program files\Garena\shop\items\311.gif
c:\program files\Garena\shop\items\312.gif
c:\program files\Garena\shop\items\313.gif
c:\program files\Garena\shop\items\4.gif
c:\program files\Garena\shop\items\40.gif
c:\program files\Garena\shop\items\60.gif
c:\program files\Garena\shop\items\61.gif
c:\program files\Garena\shop\items\62.gif
c:\program files\Garena\shop\items\63.gif
c:\program files\Garena\shop\items\64.gif
c:\program files\Garena\shop\items\65.gif
c:\program files\Garena\shop\items\66.gif
c:\program files\Garena\shop\items\67.gif
c:\program files\Garena\shop\items\68.gif
c:\program files\Garena\shop\items\69.gif
c:\program files\Garena\shop\items\70.gif
c:\program files\Garena\shop\items\8.gif
c:\program files\Garena\shop\items\Thumbs.db
c:\program files\Garena\Skin\Flags\-.gif
c:\program files\Garena\Skin\Flags\ad.gif
c:\program files\Garena\Skin\Flags\ae.gif
c:\program files\Garena\Skin\Flags\af.gif
c:\program files\Garena\Skin\Flags\ag.gif
c:\program files\Garena\Skin\Flags\ai.gif
c:\program files\Garena\Skin\Flags\al.gif
c:\program files\Garena\Skin\Flags\am.gif
c:\program files\Garena\Skin\Flags\an.gif
c:\program files\Garena\Skin\Flags\ao.gif
c:\program files\Garena\Skin\Flags\aq.gif
c:\program files\Garena\Skin\Flags\ar.gif
c:\program files\Garena\Skin\Flags\as.gif
c:\program files\Garena\Skin\Flags\at.gif
c:\program files\Garena\Skin\Flags\au.gif
c:\program files\Garena\Skin\Flags\aw.gif
c:\program files\Garena\Skin\Flags\az.gif
c:\program files\Garena\Skin\Flags\ba.gif
c:\program files\Garena\Skin\Flags\bb.gif
c:\program files\Garena\Skin\Flags\bd.gif
c:\program files\Garena\Skin\Flags\be.gif
c:\program files\Garena\Skin\Flags\bf.gif
c:\program files\Garena\Skin\Flags\bg.gif
c:\program files\Garena\Skin\Flags\bh.gif
c:\program files\Garena\Skin\Flags\bi.gif
c:\program files\Garena\Skin\Flags\bj.gif
c:\program files\Garena\Skin\Flags\bm.gif
c:\program files\Garena\Skin\Flags\bn.gif
c:\program files\Garena\Skin\Flags\bo.gif
c:\program files\Garena\Skin\Flags\br.gif
c:\program files\Garena\Skin\Flags\bs.gif
c:\program files\Garena\Skin\Flags\bt.gif
c:\program files\Garena\Skin\Flags\bv.gif
c:\program files\Garena\Skin\Flags\bw.gif
c:\program files\Garena\Skin\Flags\by.gif
c:\program files\Garena\Skin\Flags\bz.gif
c:\program files\Garena\Skin\Flags\ca.gif
c:\program files\Garena\Skin\Flags\cd.gif
c:\program files\Garena\Skin\Flags\cf.gif
c:\program files\Garena\Skin\Flags\cg.gif
c:\program files\Garena\Skin\Flags\ci.gif
c:\program files\Garena\Skin\Flags\ck.gif
c:\program files\Garena\Skin\Flags\cl.gif
c:\program files\Garena\Skin\Flags\cm.gif
c:\program files\Garena\Skin\Flags\cn.gif
c:\program files\Garena\Skin\Flags\co.gif
c:\program files\Garena\Skin\Flags\cr.gif
c:\program files\Garena\Skin\Flags\cu.gif
c:\program files\Garena\Skin\Flags\cv.gif
c:\program files\Garena\Skin\Flags\cy.gif
c:\program files\Garena\Skin\Flags\cz.gif
c:\program files\Garena\Skin\Flags\de.gif
c:\program files\Garena\Skin\Flags\dj.gif
c:\program files\Garena\Skin\Flags\dk.gif
c:\program files\Garena\Skin\Flags\dm.gif
c:\program files\Garena\Skin\Flags\do.gif
c:\program files\Garena\Skin\Flags\dz.gif
c:\program files\Garena\Skin\Flags\ec.gif
c:\program files\Garena\Skin\Flags\ee.gif
c:\program files\Garena\Skin\Flags\eg.gif
c:\program files\Garena\Skin\Flags\er.gif
c:\program files\Garena\Skin\Flags\es.gif
c:\program files\Garena\Skin\Flags\et.gif
c:\program files\Garena\Skin\Flags\eu.gif
c:\program files\Garena\Skin\Flags\fi.gif
c:\program files\Garena\Skin\Flags\fj.gif
c:\program files\Garena\Skin\Flags\fk.gif
c:\program files\Garena\Skin\Flags\fm.gif
c:\program files\Garena\Skin\Flags\fo.gif
c:\program files\Garena\Skin\Flags\fr.gif
c:\program files\Garena\Skin\Flags\fx.gif
c:\program files\Garena\Skin\Flags\ga.gif
c:\program files\Garena\Skin\Flags\gb.gif
c:\program files\Garena\Skin\Flags\gd.gif
c:\program files\Garena\Skin\Flags\ge.gif
c:\program files\Garena\Skin\Flags\gh.gif
c:\program files\Garena\Skin\Flags\gi.gif
c:\program files\Garena\Skin\Flags\gl.gif
c:\program files\Garena\Skin\Flags\gm.gif
c:\program files\Garena\Skin\Flags\gn.gif
c:\program files\Garena\Skin\Flags\gp.gif
c:\program files\Garena\Skin\Flags\gq.gif
c:\program files\Garena\Skin\Flags\gr.gif
c:\program files\Garena\Skin\Flags\gt.gif
c:\program files\Garena\Skin\Flags\gu.gif
c:\program files\Garena\Skin\Flags\gw.gif
c:\program files\Garena\Skin\Flags\gy.gif
c:\program files\Garena\Skin\Flags\hk.gif
c:\program files\Garena\Skin\Flags\hm.gif
c:\program files\Garena\Skin\Flags\hn.gif
c:\program files\Garena\Skin\Flags\hr.gif
c:\program files\Garena\Skin\Flags\ht.gif
c:\program files\Garena\Skin\Flags\hu.gif
c:\program files\Garena\Skin\Flags\ch.gif
c:\program files\Garena\Skin\Flags\id.gif
c:\program files\Garena\Skin\Flags\ie.gif
c:\program files\Garena\Skin\Flags\il.gif
c:\program files\Garena\Skin\Flags\im.gif
c:\program files\Garena\Skin\Flags\in.gif
c:\program files\Garena\Skin\Flags\io.gif
c:\program files\Garena\Skin\Flags\iq.gif
c:\program files\Garena\Skin\Flags\ir.gif
c:\program files\Garena\Skin\Flags\is.gif
c:\program files\Garena\Skin\Flags\it.gif
c:\program files\Garena\Skin\Flags\je.gif
c:\program files\Garena\Skin\Flags\jm.gif
c:\program files\Garena\Skin\Flags\jo.gif
c:\program files\Garena\Skin\Flags\jp.gif
c:\program files\Garena\Skin\Flags\ke.gif
c:\program files\Garena\Skin\Flags\kg.gif
c:\program files\Garena\Skin\Flags\kh.gif
c:\program files\Garena\Skin\Flags\ki.gif
c:\program files\Garena\Skin\Flags\km.gif
c:\program files\Garena\Skin\Flags\kn.gif
c:\program files\Garena\Skin\Flags\kp.gif
c:\program files\Garena\Skin\Flags\kr.gif
c:\program files\Garena\Skin\Flags\kw.gif
c:\program files\Garena\Skin\Flags\ky.gif
c:\program files\Garena\Skin\Flags\kz.gif
c:\program files\Garena\Skin\Flags\la.gif
c:\program files\Garena\Skin\Flags\lb.gif
c:\program files\Garena\Skin\Flags\lc.gif
c:\program files\Garena\Skin\Flags\li.gif
c:\program files\Garena\Skin\Flags\lk.gif
c:\program files\Garena\Skin\Flags\lr.gif
c:\program files\Garena\Skin\Flags\ls.gif
c:\program files\Garena\Skin\Flags\lt.gif
c:\program files\Garena\Skin\Flags\lu.gif
c:\program files\Garena\Skin\Flags\lv.gif
c:\program files\Garena\Skin\Flags\ly.gif
c:\program files\Garena\Skin\Flags\ma.gif
c:\program files\Garena\Skin\Flags\mc.gif
c:\program files\Garena\Skin\Flags\md.gif
c:\program files\Garena\Skin\Flags\me.gif
c:\program files\Garena\Skin\Flags\mg.gif
c:\program files\Garena\Skin\Flags\mh.gif
c:\program files\Garena\Skin\Flags\mk.gif
c:\program files\Garena\Skin\Flags\ml.gif
c:\program files\Garena\Skin\Flags\mm.gif
c:\program files\Garena\Skin\Flags\mn.gif
c:\program files\Garena\Skin\Flags\mo.gif
c:\program files\Garena\Skin\Flags\mp.gif
c:\program files\Garena\Skin\Flags\mq.gif
c:\program files\Garena\Skin\Flags\mr.gif
c:\program files\Garena\Skin\Flags\ms.gif
c:\program files\Garena\Skin\Flags\mt.gif
c:\program files\Garena\Skin\Flags\mu.gif
c:\program files\Garena\Skin\Flags\mv.gif
c:\program files\Garena\Skin\Flags\mw.gif
c:\program files\Garena\Skin\Flags\mx.gif
c:\program files\Garena\Skin\Flags\my.gif
c:\program files\Garena\Skin\Flags\mz.gif
c:\program files\Garena\Skin\Flags\na.gif
c:\program files\Garena\Skin\Flags\nc.gif
c:\program files\Garena\Skin\Flags\ne.gif
c:\program files\Garena\Skin\Flags\nf.gif
c:\program files\Garena\Skin\Flags\ng.gif
c:\program files\Garena\Skin\Flags\ni.gif
c:\program files\Garena\Skin\Flags\nl.gif
c:\program files\Garena\Skin\Flags\no.gif
c:\program files\Garena\Skin\Flags\np.gif
c:\program files\Garena\Skin\Flags\nr.gif
c:\program files\Garena\Skin\Flags\nz.gif
c:\program files\Garena\Skin\Flags\om.gif
c:\program files\Garena\Skin\Flags\pa.gif
c:\program files\Garena\Skin\Flags\pe.gif
c:\program files\Garena\Skin\Flags\pf.gif
c:\program files\Garena\Skin\Flags\pg.gif
c:\program files\Garena\Skin\Flags\ph.gif
c:\program files\Garena\Skin\Flags\pk.gif
c:\program files\Garena\Skin\Flags\pl.gif
c:\program files\Garena\Skin\Flags\pm.gif
c:\program files\Garena\Skin\Flags\pr.gif
c:\program files\Garena\Skin\Flags\ps.gif
c:\program files\Garena\Skin\Flags\pt.gif
c:\program files\Garena\Skin\Flags\pw.gif
c:\program files\Garena\Skin\Flags\py.gif
c:\program files\Garena\Skin\Flags\qa.gif
c:\program files\Garena\Skin\Flags\re.gif
c:\program files\Garena\Skin\Flags\ro.gif
c:\program files\Garena\Skin\Flags\rs.gif
c:\program files\Garena\Skin\Flags\ru.gif
c:\program files\Garena\Skin\Flags\rw.gif
c:\program files\Garena\Skin\Flags\sa.gif
c:\program files\Garena\Skin\Flags\sb.gif
c:\program files\Garena\Skin\Flags\sc.gif
c:\program files\Garena\Skin\Flags\sd.gif
c:\program files\Garena\Skin\Flags\se.gif
c:\program files\Garena\Skin\Flags\sg.gif
c:\program files\Garena\Skin\Flags\si.gif
c:\program files\Garena\Skin\Flags\sk.gif
c:\program files\Garena\Skin\Flags\sl.gif
c:\program files\Garena\Skin\Flags\sm.gif
c:\program files\Garena\Skin\Flags\sn.gif
c:\program files\Garena\Skin\Flags\so.gif
c:\program files\Garena\Skin\Flags\sr.gif
c:\program files\Garena\Skin\Flags\st.gif
c:\program files\Garena\Skin\Flags\sv.gif
c:\program files\Garena\Skin\Flags\sy.gif
c:\program files\Garena\Skin\Flags\sz.gif
c:\program files\Garena\Skin\Flags\tc.gif
c:\program files\Garena\Skin\Flags\td.gif
c:\program files\Garena\Skin\Flags\tf.gif
c:\program files\Garena\Skin\Flags\tg.gif
c:\program files\Garena\Skin\Flags\th.gif
c:\program files\Garena\Skin\Flags\Thumbs.db
c:\program files\Garena\Skin\Flags\tj.gif
c:\program files\Garena\Skin\Flags\tm.gif
c:\program files\Garena\Skin\Flags\tn.gif
c:\program files\Garena\Skin\Flags\to.gif
c:\program files\Garena\Skin\Flags\tp.gif
c:\program files\Garena\Skin\Flags\tr.gif
c:\program files\Garena\Skin\Flags\tt.gif
c:\program files\Garena\Skin\Flags\tv.gif
c:\program files\Garena\Skin\Flags\tw.gif
c:\program files\Garena\Skin\Flags\tz.gif
c:\program files\Garena\Skin\Flags\ua.gif
c:\program files\Garena\Skin\Flags\ug.gif
c:\program files\Garena\Skin\Flags\uk.gif
c:\program files\Garena\Skin\Flags\um.gif
c:\program files\Garena\Skin\Flags\us.gif
c:\program files\Garena\Skin\Flags\uy.gif
c:\program files\Garena\Skin\Flags\uz.gif
c:\program files\Garena\Skin\Flags\va.gif
c:\program files\Garena\Skin\Flags\vc.gif
c:\program files\Garena\Skin\Flags\ve.gif
c:\program files\Garena\Skin\Flags\vg.gif
c:\program files\Garena\Skin\Flags\vi.gif
c:\program files\Garena\Skin\Flags\vn.gif
c:\program files\Garena\Skin\Flags\vu.gif
c:\program files\Garena\Skin\Flags\ws.gif
c:\program files\Garena\Skin\Flags\ye.gif
c:\program files\Garena\Skin\Flags\yu.gif
c:\program files\Garena\Skin\Flags\za.gif
c:\program files\Garena\Skin\Flags\zm.gif
c:\program files\Garena\Skin\Flags\zr.gif
c:\program files\Garena\Skin\Flags\zw.gif
c:\program files\Garena\Skin\garenatv.ggz
c:\program files\Garena\Skin\red_thumbnail.bmp
c:\program files\Garena\Skin\red_thumbnail_select.bmp
c:\program files\Garena\Skin\Skin.ggz
c:\program files\Garena\Skin\SkinSwitcher\skinselect_Logo.bmp
c:\program files\Garena\Skin\SkinSwitcher\skinselect_main_bg.bmp
c:\program files\Garena\Skin\SkinSwitcher\skinselect_ok_btn.bmp
c:\program files\Garena\Skin\SkinSwitcher\skinselect_thumbnail_bg.bmp
c:\program files\Garena\Skin\Thumbs.db
c:\program files\Garena\SkinBlack\black_thumbnail.bmp
c:\program files\Garena\SkinBlack\black_thumbnail_select.bmp
c:\program files\Garena\SkinBlack\garenatv.ggz
c:\program files\Garena\SkinBlack\Skin.ggz
c:\program files\Garena\SkinBlack\Thumbs.db
c:\program files\Garena\Skins.xml
c:\program files\Garena\slotmachine.ggz
c:\program files\Garena\SocketHook.dll
c:\program files\Garena\sound\folder.wav
c:\program files\Garena\sound\game.wav
c:\program files\Garena\sound\msg.wav
c:\program files\Garena\sound\nudge.wav
c:\program files\Garena\sound\quit.wav
c:\program files\Garena\sound\ring.wav
c:\program files\Garena\sound\sysmsg.wav
c:\program files\Garena\source.xml
c:\program files\Garena\sqlite3.dll
c:\program files\Garena\uninst.exe
c:\program files\Garena\update.dat
c:\program files\Garena\update.exe
c:\program files\Garena\update2.exe
c:\program files\Garena\user.xml
c:\program files\Garena\user\32514037\ban.dat
c:\program files\Garena\user\32514037\data.dat
c:\program files\Garena\user\32514037\fps.dat
c:\program files\Garena\user\32514037\recent.txt
c:\program files\Garena\War3Hook.dll
c:\program files\Garena\web\1.cn.html
c:\program files\Garena\web\1.en.html
c:\program files\Garena\web\1.tw.html
c:\program files\Garena\web\2.cn.html
c:\program files\Garena\web\2.en.html
c:\program files\Garena\web\2.tw.html
c:\program files\Garena\web\3.cn.html
c:\program files\Garena\web\3.en.html
c:\program files\Garena\web\3.tw.html
c:\program files\Garena\web\6.cn.html
c:\program files\Garena\web\6.en.html
c:\program files\Garena\web\6.tw.html
c:\program files\Garena\web\cache\Freesky\css\foemb_2.css
c:\program files\Garena\web\cache\Freesky\img\do_bg2.jpg
c:\program files\Garena\web\cache\Freesky\img\do_btn.jpg
c:\program files\Garena\web\cache\Freesky\img\ggbackground.jpg
c:\program files\Garena\web\cache\ROM\config\css\screen.css
c:\program files\Garena\web\cache\ROM\config\images\bgd_body.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_hevertical.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_vertical.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_footer.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_html.gif
c:\program files\Garena\web\cache\ROM\config\images\header.jpg
c:\program files\Garena\web\cache\ROM\config\images\ico_bullet.gif
c:\program files\Garena\web\cache\ROM\config\images\Thumbs.db
c:\program files\Garena\web\cache\ROM\config\images\visu_download.jpg
c:\program files\Garena\web\cache\ROM\config\images\visu_line.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_logo-garena.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_run.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_setting.gif
c:\program files\Garena\web\cache\ROM\css\screen.css
c:\program files\Garena\web\cache\ROM\images\bgd_body.jpg
c:\program files\Garena\web\cache\ROM\images\bgd_html.gif
c:\program files\Garena\web\cache\ROM\images\bgd_news.gif
c:\program files\Garena\web\cache\ROM\images\btn_forum_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_forum_o.gif
c:\program files\Garena\web\cache\ROM\images\btn_support_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_support_o.gif
c:\program files\Garena\web\cache\ROM\images\btn_webiste_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_webiste_o.gif
c:\program files\Garena\web\cache\ROM\images\ico-01.gif
c:\program files\Garena\web\cache\ROM\images\slogan_rom.jpg
c:\program files\Garena\web\cache\ROM\images\Thumbs.db
c:\program files\Garena\web\cache\ROM\images\topupbanner.jpg
c:\program files\Garena\web\cache\ROM\images\visu_banner.gif
c:\program files\Garena\web\cache\ROM\images\visu_banner_01.gif
c:\program files\Garena\web\cache\ROM\images\visu_forum.gif
c:\program files\Garena\web\cache\ROM\images\visu_garena.gif
c:\program files\Garena\web\cache\RUpoker\css\pokerembed.css
c:\program files\Garena\web\cache\RUpoker\img\bg.jpg
c:\program files\Garena\web\cache\RUpoker\img\btn.jpg
c:\program files\Garena\web\cache\RUpoker\img\ggbackground.jpg
c:\program files\Garena\web\embed_game.jpg
c:\program files\Garena\web\embed_game_cn.jpg
c:\program files\Garena\web\embed_game_tw.jpg
c:\program files\Garena\web\embed_garenafire_ZH.jpg
c:\program files\Garena\web\embed_gfire.jpg
c:\program files\Garena\web\gfire.cn.html
c:\program files\Garena\web\gfire.en.html
c:\program files\Garena\web\gfire.tw.html
c:\program files\Garena\web\ggbackground.jpg
c:\program files\Garena\web\loading.gif
c:\program files\Garena\web\loading.html
c:\program files\Garena\web\Thumbs.db
c:\program files\Garena\YYFileSystem.dll
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\ConduitAutoCompleteSearch.js
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\ConduitAutoCompleteSearch.xpt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\ConduitToolbar.idl
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\ConduitToolbar.js
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\ConduitToolbar.xpt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.xpt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.xpt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults\default_radio_skin.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome.manifest
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome\dvdvideosofttb.jar
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\install.rdf
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib\xpcom.js
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF\manifest.mf
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF\zigbert.rsa
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF\zigbert.sf
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin\conduit.gif
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin\conduit.ico
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin\conduit.PNG
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin\conduit.src
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin\conduit.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\setup.ini
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\version.txt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome.manifest
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome\dvsmenuext.jar
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\install.rdf
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\license.txt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineContextMenu.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineSettings.json
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib\xpcom.js
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\setup.ini
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\defaults\engineSettings.json
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\defaults\fbAlert.js
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\DualPackage\install.rdf
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\chrome.manifest
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\install.rdf
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\lib\xpcom.js
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\META-INF\manifest.mf
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\searchplugin\conduit.src
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\setup.ini
c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\extensions\engine@conduit.com\version.txt

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Legacy_GGSAFERDRIVER
-------\Service_GarenaPEngine
-------\Service_GGSAFERDriver

((((((((((((((((((((((((( Soubory vytvořené od 2011-01-16 do 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-16 15:07 . 2011-02-16 15:10 -------- d-----w- c:\users\Lisak\AppData\Local\temp
2011-02-16 15:07 . 2011-02-16 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-16 13:05 . 2011-02-16 13:05 -------- d-----w- c:\users\Lisak\AppData\Local\Adobe
2011-02-16 11:08 . 2011-02-16 11:08 -------- d-----w- c:\users\Lisak\AppData\Roaming\Malwarebytes
2011-02-16 11:08 . 2011-02-16 11:08 -------- d-----w- c:\programdata\Malwarebytes
2011-02-16 11:08 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-16 11:08 . 2011-02-16 11:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-16 11:08 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-16 10:12 . 2011-02-16 10:12 -------- d-----w- c:\users\Lisak\DoctorWeb
2011-02-15 20:44 . 2011-02-15 20:44 -------- d-----w- c:\program files\Lavalys
2011-02-15 13:41 . 2011-02-15 13:41 -------- d-----w- c:\program files\KaM - The Peasants Rebellion
2011-02-15 13:37 . 2011-02-15 13:37 241 ----a-w- c:\users\Lisak\SR.vbs
2011-02-15 09:19 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D10DAF9-85F2-4C41-AE61-88B1391B9DB9}\mpengine.dll
2011-02-14 19:01 . 2011-02-14 19:02 -------- d-----w- c:\programdata\Tages
2011-02-14 18:54 . 2011-02-14 18:54 -------- d-----w- c:\programdata\Media Center Programs
2011-02-14 18:54 . 2011-02-14 18:54 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-02-14 18:54 . 2011-02-14 18:54 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-02-14 18:47 . 2011-02-14 18:47 -------- d-----w- c:\program files\Ubisoft
2011-02-12 00:00 . 2011-02-12 00:00 -------- d-----w- c:\program files\NVIDIA Corporation
2011-02-11 23:59 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-02-11 23:59 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-02-11 23:59 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-02-11 23:59 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-02-11 23:59 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-02-11 23:59 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-02-11 23:59 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-02-11 23:59 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-02-11 23:59 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-02-11 23:59 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-02-11 23:59 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-02-11 23:59 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-02-06 22:44 . 2011-02-06 22:44 52736 ----a-w- c:\windows\ipuninst.exe
2011-02-06 22:40 . 2011-02-15 13:42 -------- d-----w- c:\program files\Fallout2
2011-01-27 06:55 . 2011-01-27 06:55 -------- d--h--w- c:\programdata\CanonBJ
2011-01-27 06:55 . 2006-11-02 09:46 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
2011-01-25 14:12 . 2011-01-25 14:13 -------- d-----w- c:\users\Lisak\KBCertifikat
2011-01-25 13:19 . 2011-01-25 14:13 -------- d-----w- c:\users\Lisak\kbpki
2011-01-25 13:18 . 2011-01-25 13:18 -------- d-----w- c:\windows\Sun
2011-01-25 13:18 . 2011-01-25 13:18 -------- d-----w- c:\program files\Common Files\Java
2011-01-25 13:17 . 2011-01-25 13:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-25 13:17 . 2011-01-25 13:17 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-25 13:17 . 2011-01-25 13:17 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 14:57 . 2011-01-12 12:28 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 12:28 1169408 ----a-w- c:\windows\system32\sdclt.exe
2009-08-31 16:55 . 2010-01-19 11:35 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

Kód: Vybrat vše

<pre>
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\AmIcoSingLun\amicosinglun .exe
c:\program files\ASUS\ATK Hotkey\hcontroluser .exe
c:\program files\ASUS\ATK Media\dmedia .exe
c:\program files\ASUS\ATKOSD2\atkosd2 .exe
c:\program files\ASUS\Splendid\acmon .exe
c:\program files\ASUS\Wireless Console 3\wcourier .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\CyberLink\LabelPrint\MUITransfer\muistartmenu .exe
c:\program files\CyberLink\Power2Go\clmlsvc .exe
c:\program files\CyberLink\Power2Go\MUITransfer\muistartmenu .exe
c:\program files\DAEMON Tools Lite\dtlite .exe
c:\program files\Elantech\etdctrl .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Realtek\Audio\HDA\rthdvcpl .exe
c:\program files\Skype\Phone\skype .exe
c:\program files\Steam\steam .exe
c:\windows\asscrpro .exe
</pre>

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ocs_SM"="c:\users\Lisak\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-01-13 106496]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024]
"AVP"="c:\users\Lisak\Desktop\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-19 340520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168]
FancyStart daemon.lnk - c:\windows\Installer\{A9FEB6D7-9C52-49FC-B956-7AB275B78890}\_5598CE641C54B66A23693F.exe [2009-8-26 12862]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\users\Lisak\Desktop\KASPER~1\KASPER~1\mzvkbd3.dll c:\users\Lisak\Desktop\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2140670843-1361837041-3371738261-1000]
"EnableNotificationsRef"=dword:00000003

R2 avp ;avp ;c:\program files\Kaspersky Anti-Virus 7.0\avp .exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-03-07 6656]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2010-03-30 27760]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-03 436792]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Lisak\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010-01-13 40960]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-04-07 70880]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-04-01 233128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2011-02-15 c:\windows\Tasks\User_Feed_Synchronization-{21968E96-2AA3-45FB-9885-10DBB5A13086}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Lisak\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Lisak\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lisak\AppData\Roaming\Mozilla\Firefox\Profiles\0nslgyis.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Garena - c:\program files\Garena\uninst.exe

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2011-02-16 16:16:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-16 15:15
ComboFix2.txt 2011-02-16 12:02

Před spuštěním: Volných bajtů: 56 680 288 256
Po spuštění: Volných bajtů: 55 691 792 384

Current=1 Default=1 Failed=0 LastKnownGood=50 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50
- - End Of File - - 77A1B172DEBC997F4A2793DA46D36F31

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+HJT

Jak se chová PC?

Tak noťas se pořád vypíná.. :-(

Vypozoroval jsem ale zvláštní úkaz, když ho pustím ráno, kdy je tu celkem i zima, tak hra spadne po takových 3-4 minutách. Pokud to zkouším večer, kdy noťas běží celej den a už tu máme celkem teplto tak vydrží klidně 2 hodiny než se vypne - sice musím furt ukládat ale aspoň něco..

Kontrola HDD na chyby
otevři Tento počítač- pravým na disk-vlastnosti-záložka nástroje-kontrola chyb-zkontrolovat-v okně zatrhni obě políčka-klikni na spustit- tam to napíše , že kontrola bude provedena po příštím spuštění...
Restartuj PC, kontrola s opravou někdy trvá i několik hodin...

+
Stáhni si HD Tune

-nainstaluj, spusť program, klikni na záložku Error scan
Spusť Start a počkej , až skončí svojí práci. Pokud budou všechny čtverečky zelené je disk OK , pokud budou některá červená , disk odchází.

Stáhni si CrystalDiskInfo

Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

koukni se i na teploty (CrystalDiskInfo)..

- Kontrolu chyb už jsem dělal 2x, jednou jen "automaticky opravovat chyby" podruhé i s "Vyhledat a pokusit se obnovit chybné sektory".

- HD Tune - Všechna políčka byla zeleně.

----------------------------------------------------------------------------
CrystalDiskInfo 3.10.0 (C) 2008-2010 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows Vista Home Premium Edition SP1 [6.0 Build 6001] (x86)
Date : 2011/02/18 11:16:10

-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH9M-E/M SATA AHCI Controller [ATA]
- ST9500325AS
- MATSHITA DVD-RAM UJ862AS
- AB8DHV8D IDE Controller [SCSI]
+ A76ILAXO IDE Controller [SCSI]
- ULYREL 89UV45IF SCSI CdRom Device
- Iniciátor iSCSI společnosti Microsoft [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST9500325AS : 500.1 GB [0-0-0, pd1]

----------------------------------------------------------------------------
(1) ST9500325AS
----------------------------------------------------------------------------
Model : ST9500325AS
Firmware : 0002SDM1
Serial Number : 5VE41W5F
Disk Size : 500.1 GB (8.4/137.4/500.1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/300
Power On Hours : 6907 hod.
Power On Count : 798 krát
Temparature : 29 C (84 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 117 _99 __6 000009B4B17A Počet chyb čtení
03 _99 _98 __0 000000000000 Čas na roztočení ploten
04 100 100 _20 00000000031F Počet spuštění/zastavení
05 100 100 _36 000000000005 Počet přemapovaných sektorů
07 _81 _60 _30 000007C857D6 Počet chybných hledání
09 _93 _93 __0 000000001AFB Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 _20 00000000031E Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB _93 _93 __0 000000000007 Ohlášeno neopravitelných chyb
BC 100 _91 __0 00000000001F Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _71 _49 _45 00001D14001D Teplota toku vzduchu
BF 100 100 __0 000000000026 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 00000000000E Počet vypnutí disku
C1 _57 _57 __0 000000015372 Počet cyklů načítání/vymazání
C2 _29 _51 __0 000C0000001D Teplota
C3 _48 _47 __0 000009B4B17A Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
FE 100 100 __0 000000000000 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0C 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 20
020: 35 56 45 34 31 57 35 46 00 00 40 00 00 04 30 30
030: 30 32 53 44 4D 31 53 54 39 35 30 30 33 32 35 41
040: 53 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 05 06 00 00 00 48 00 48
0A0: 01 F0 00 29 34 6B 7D 09 61 23 34 69 BC 09 61 23
0B0: 40 7F 00 47 00 47 80 80 FF FE 00 00 FE 00 00 00
0C0: 00 00 00 00 00 00 00 00 60 30 3A 38 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 50 00 C5 00 19 0A B3 68
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 1E
0F0: 40 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 60 30 3A 38 60 30 3A 38 20 20 00 02 01 40
110: 01 00 50 00 3C 06 3C 0A 00 00 00 3C 00 00 00 08
120: 00 00 00 00 00 1F 02 80 00 00 00 00 00 08 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 3C 00 80 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 10 3B 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 15 18 00 00 00 00 00 00 00 00 10 10 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5B A5

------------------------------------------------------------------------

Tepltota disku 31°.

Hm , ale není to úplně OK.
C3 _48 _47 __0 000009B4B17A Počet oprav chybného čtení
Health Status : Pozor -------zkusit víc chladit disk.
07 _81 _60 _30 000007C857D6 Počet chybných hledání

Chtělo by to ještě zjistit utilitou od výrobce HDD.

Memtest:

Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.

Je třeba zkontrolovat HDD na chyby , zkusit jeho defragmentaci ..

Nebo lépe:
http://www.memtest86.com/memtest86-3.5.iso.zip
vypálit soubor .iso a nabootovat z mechaniky CD/DVD.
http://www.memtest86.com/

PC-HELP.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu