PC-HELP.CZ

Zdravím,
chtěl bych poprosit o kontrolu hjt, na pc toho moc nemám ani antivirus nebo něco takového, ale poslední dobou mám ve hrách celkem vysoké pingy a tak chci vyloučit že je to v mém pc

HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:21:53, on 31.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9370BAAC-8365-48D3-B655-EA61841021C3}: NameServer = 212.158.124.142
O20 - Winlogon Notify: AutorunsDisabled - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 3002 bytes

Log je celý??

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod



Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Fixnul sem a ano, log je celý.. ATF cleaner mi nejde stáhnout (Chyba načítání stránky)

ATF sem stáhnul odsud pokud to nevadí: http://majorgeeks.com/download.php?det=4949

anti malware:
Malwarebytes' Anti-Malware
http://www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

31.8.2011 22:21:24
mbam-log-2011-08-31 (22-21-21).txt

Typ: Rychlá kontrola
Kontrolované objekty: 146154
Uplynulý čas: 2 minut, 20 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 4
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C749E08-6B62-11E0-B6DA-075F4824019B} (Adware.GamePlayLabs) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Nevadí..

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

ComboFix 11-08-31.05 - prolimit 01.09.2011 10:55:12.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.630 [GMT 2:00]
Spuštěný z: c:\documents and settings\prolimit\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\hpe68.dll
c:\documents and settings\prolimit\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\system32\auto.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-01 do 2011-09-01 )))))))))))))))))))))))))))))))
.
.
2011-08-31 20:02 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-31 20:02 . 2011-08-31 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-31 20:02 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 19:21 . 2011-08-31 19:21 388096 ----a-r- c:\documents and settings\prolimit\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-31 19:21 . 2011-08-31 19:21 -------- d-----w- c:\program files\Trend Micro
2011-08-31 08:45 . 2011-08-31 08:45 -------- d-----w- C:\Downloads
2011-08-30 10:54 . 2011-08-31 07:21 -------- d-----w- c:\program files\PowerStrip
2011-08-30 10:52 . 2011-08-31 07:21 -------- d-----w- c:\program files\SysMetrix
2011-08-29 11:28 . 2011-08-29 11:28 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-08-29 11:27 . 2011-08-29 11:27 -------- d-----w- c:\program files\Futuremark
2011-08-26 17:46 . 2011-08-29 07:13 -------- d-----w- c:\program files\Anti-Vibrate Oscar Editor
2011-08-26 06:29 . 2011-08-26 06:31 -------- d-----w- c:\program files\Google
2011-08-20 11:48 . 2011-08-20 11:48 -------- d-----w- c:\program files\AnalogX
2011-08-19 17:40 . 2010-08-16 13:31 725064 ----a-w- c:\windows\system32\pwNative.exe
2011-08-19 17:40 . 2010-08-16 13:31 16472 ------w- c:\windows\system32\pwdrvio.sys
2011-08-19 17:40 . 2010-08-16 13:31 11104 ------w- c:\windows\system32\pwdspio.sys
2011-08-19 17:40 . 2011-08-19 17:40 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 5.2
2011-08-19 16:42 . 2011-08-26 06:33 -------- d-----w- c:\documents and settings\prolimit\Local Settings\Data aplikací\Google
2011-08-19 07:24 . 2011-08-19 07:24 -------- d-----w- c:\program files\HD Tune
2011-08-18 20:58 . 2011-08-18 20:58 -------- d-----w- c:\program files\7-Zip
2011-08-18 09:32 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-08-18 09:32 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-08-18 09:32 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-08-18 09:32 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-08-18 09:32 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-08-18 09:32 . 2011-08-18 09:32 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-08-18 09:32 . 2011-08-18 09:32 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-08-16 17:29 . 2011-08-16 17:40 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\HLSW
2011-08-16 17:29 . 2011-08-16 17:29 -------- d-s---w- c:\program files\HLSW
2011-08-14 15:53 . 2011-08-14 15:53 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\Rovio
2011-08-14 15:09 . 2011-08-14 15:09 -------- d-----w- c:\documents and settings\prolimit\.config
2011-08-14 15:09 . 2011-08-14 15:09 -------- d-----w- c:\documents and settings\prolimit\.cache
2011-08-14 15:09 . 2011-08-14 15:09 -------- d-----w- c:\documents and settings\prolimit\.local
2011-08-13 18:06 . 2011-08-13 18:26 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\Image Zone Express
2011-08-13 15:25 . 2011-08-31 08:45 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\BitComet
2011-08-13 15:25 . 2011-08-13 15:25 -------- d-----w- c:\program files\BitComet
2011-08-12 17:38 . 2011-08-13 14:43 -------- d-----w- c:\program files\Garena
2011-08-12 16:50 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2011-08-12 06:28 . 2011-08-12 06:28 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\Locktime
2011-08-12 06:26 . 2011-08-12 06:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Locktime
2011-08-10 10:34 . 2011-08-10 10:34 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-09 19:13 . 2011-08-09 19:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2011-08-09 16:47 . 2011-08-09 16:47 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\MMToolz
2011-08-09 07:57 . 2003-10-03 14:28 45056 ----a-w- c:\windows\system32\vusetup.dll
2011-08-09 07:57 . 2000-01-01 00:00 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2011-08-09 07:57 . 2000-01-01 00:00 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2011-08-09 06:44 . 1997-01-15 22:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2011-08-09 06:44 . 1997-01-15 22:00 29696 ----a-w- c:\windows\system32\VB5StKit.dll
2011-08-08 12:19 . 2011-08-08 12:19 -------- d-----w- c:\program files\Common Files\Java
2011-08-08 07:56 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-08-08 07:49 . 2011-08-08 07:49 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-08-08 07:49 . 2011-08-08 07:49 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-08-08 07:49 . 2011-08-08 07:49 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-08-08 07:43 . 2011-08-08 07:46 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-08-08 07:42 . 2008-01-09 10:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2011-08-08 07:38 . 2011-08-08 07:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avanquest
2011-08-08 07:33 . 2011-08-08 07:33 -------- d-----w- c:\documents and settings\prolimit\Local Settings\Data aplikací\Sony Ericsson
2011-08-08 07:31 . 2011-08-08 07:31 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\InstallShield
2011-08-07 09:11 . 2011-08-08 07:51 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\MyPhoneExplorer
2011-08-07 09:10 . 2011-08-07 09:11 -------- d-----w- c:\program files\MyPhoneExplorer
2011-08-05 10:14 . 2011-08-05 10:14 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\Lazy 8 Studios
2011-08-05 10:13 . 2011-08-05 10:13 -------- d-----w- c:\documents and settings\prolimit\Local Settings\Data aplikací\Lazy 8 Studios
2011-08-05 10:12 . 2011-08-05 10:12 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\Broken Rules
2011-08-04 12:07 . 2011-08-04 12:07 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\Need for Speed World
2011-08-04 10:16 . 2011-08-04 10:16 -------- d-----w- c:\documents and settings\prolimit\Local Settings\Data aplikací\Electronic_Arts_Inc
2011-08-04 10:16 . 2011-08-04 10:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Electronic Arts
2011-08-03 12:04 . 2011-08-03 12:08 -------- d-----w- c:\program files\ATITool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-29 10:44 . 2011-03-14 20:49 17488 ----a-w- c:\windows\gdrv.sys
2011-08-16 17:14 . 2011-06-02 08:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 07:34 . 2011-02-02 20:56 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-08-31 10:01 . 2011-03-22 19:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2006-05-03 16:44 61440 ----a-w- c:\windows\system32\ati2evxx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Down2Home.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Down2Home.lnk
backup=c:\windows\pss\Down2Home.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Hlavní panel ATI CATALYST.lnk
backup=c:\windows\pss\Hlavní panel ATI CATALYST.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^IDETool.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\IDETool.lnk
backup=c:\windows\pss\IDETool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^prolimit^Nabídka Start^Programy^Po spuštění^Warcraft Config.lnk]
path=c:\documents and settings\prolimit\Nabídka Start\Programy\Po spuštění\Warcraft Config.lnk
backup=c:\windows\pss\Warcraft Config.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cli]
2006-01-02 15:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dxdllreg]
2002-12-11 23:14 46592 ----a-w- c:\windows\system32\dxdllreg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2011-01-16 23:23 742944 ----a-w- c:\program files\PowerStrip\PStrip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
2011-08-01 12:44 26441568 ----a-w- c:\program files\SlimDrivers\SlimDrivers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2011-06-17 07:17 466944 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 07:27 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysMetrix]
2010-02-17 19:44 2621440 ----a-w- c:\program files\SysMetrix\SysMetrix.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CryptSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\active152\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58689:TCP"= 58689:TCP:Pando Media Booster
"58689:UDP"= 58689:UDP:Pando Media Booster
"26293:TCP"= 26293:TCP:BitComet 26293 TCP
"26293:UDP"= 26293:UDP:BitComet 26293 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.12.2010 12:06 642560]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [15.3.2011 7:45 22504]
R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [15.7.2007 4:37 27992]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [8.8.2011 9:42 27632]
S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [10.11.2006 15:08 24064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.8.2011 8:29 136176]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\prolimit\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys --> c:\docume~1\prolimit\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [?]
S3 AODDriver2;AODDriver2;\??\c:\program files\AMD\OverDrive\i386\AODDriver2.sys --> c:\program files\AMD\OverDrive\i386\AODDriver2.sys [?]
S3 atidgllk;atidgllk;\??\c:\docume~1\prolimit\LOCALS~1\Temp\Rar$EX00.078\atidgllk.sys --> c:\docume~1\prolimit\LOCALS~1\Temp\Rar$EX00.078\atidgllk.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\prolimit\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\prolimit\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8.8.2011 9:49 13224]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.8.2011 8:29 136176]
S3 MapMem;MapMem;\??\f:\mapmem.sys --> f:\mapmem.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [31.8.2011 22:02 41272]
S3 NLNdisMP;NLNdisMP; [x]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; [x]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [19.8.2011 19:40 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [19.8.2011 19:40 11104]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [8.8.2011 9:32 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [8.8.2011 9:32 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [8.8.2011 9:32 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [8.8.2011 9:32 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [8.8.2011 9:32 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [8.8.2011 9:32 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [8.8.2011 9:32 117544]
S3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [15.3.2011 7:36 1670016]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2.2.2011 22:56 12984]
S3 USBPNPA;USB PnP Sound Device Interface; [x]
S4 AODService;AODService; [x]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [15.3.2011 7:36 79360]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [8.8.2011 9:42 90112]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-24 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Scan and Repair.job
- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-02-13 16:26]
.
2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-26 06:29]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-26 06:29]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 212.158.124.142 192.168.1.1
TCP: Interfaces\{9370BAAC-8365-48D3-B655-EA61841021C3}: NameServer = 212.158.124.142
FF - ProfilePath - c:\documents and settings\prolimit\Data aplikací\Mozilla\Firefox\Profiles\j26hh4ac.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-Cm108Sound - cm108.cpl
MSConfigStartUp-EasyTuneV - c:\program files\Gigabyte\ET5\ETcall.exe
MSConfigStartUp-OscarEditor - c:\program files\Anti-Vibrate Oscar Editor\OscarEditor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-01 10:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Celkový čas: 2011-09-01 11:00:38
ComboFix-quarantined-files.txt 2011-09-01 09:00
.
Před spuštěním: Volných bajtů: 11 679 973 376
Po spuštění: Volných bajtů: 11 681 730 560
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=71M2X7 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=71M2X7-BAK
C:\wubildr.mbr = "Ubuntu"
.
- - End Of File - - 9D712880631CF742FC1078F67A54053B

up

Odinstaluj:
c:\program files\AVG\AVG PC Tuneup 2011---pokud najdeš , jinak i AVG,,

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.


//chybí Ti soubory u AMD , cpuz , proto mažu zbytečné služby , můžeš zkusit nainstalovat znovu.

CF:
ComboFix 11-08-31.05 - prolimit 01.09.2011 20:08:15.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.672 [GMT 2:00]
Spuštěný z: c:\documents and settings\prolimit\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\prolimit\Plocha\CFScript.txt
.
FILE ::
"c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Scan and Repair.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVG
c:\program files\AVG\AVG PC Tuneup 2011\Istruzioni.txt
c:\program files\AVG\AVG PC Tuneup 2011\rdboot.log
c:\program files\Garena
c:\program files\Garena\AESocket.dll
c:\program files\Garena\ArmyGreen\armygreen_thumbnail.bmp
c:\program files\Garena\ArmyGreen\armygreen_thumbnail_select.bmp
c:\program files\Garena\ArmyGreen\garenatv.ggz
c:\program files\Garena\ArmyGreen\Skin.ggz
c:\program files\Garena\atl71.dll
c:\program files\Garena\Avatar\boy.swf
c:\program files\Garena\Avatar\boy_s.swf
c:\program files\Garena\Avatar\girl.swf
c:\program files\Garena\Avatar\girl_s.swf
c:\program files\Garena\Avatar\unknown.swf
c:\program files\Garena\Avatar\unknown_s.swf
c:\program files\Garena\BlackShotLauncher\launcher.exe
c:\program files\Garena\BlackShotLauncher\modules\l_background.jpg
c:\program files\Garena\BlackShotLauncher\modules\l_loading.html
c:\program files\Garena\BlackShotLauncher\Skin\background.bmp
c:\program files\Garena\BlackShotLauncher\Skin\Header.bmp
c:\program files\Garena\BlackShotLauncher\Skin\images.xml
c:\program files\Garena\BlackShotLauncher\Skin\mouseout.bmp
c:\program files\Garena\BlackShotLauncher\Skin\mouseover.bmp
c:\program files\Garena\BlackShotLauncher\Skin\ProgressBarBgH.bmp
c:\program files\Garena\BlackShotLauncher\Skin\ProgressBarBgV.bmp
c:\program files\Garena\BlackShotLauncher\Skin\ProgressBarH.bmp
c:\program files\Garena\BlackShotLauncher\Skin\ProgressBarV.bmp
c:\program files\Garena\BlackShotLauncher\Skin\Thumbs.db
c:\program files\Garena\BlackShotLauncher\Skin\ui.xml
c:\program files\Garena\BlackShotLauncher\UpdateMove.exe
c:\program files\Garena\BlackShotLauncher\UpdateMove1.exe
c:\program files\Garena\BlackShotLauncher\XMLSkin.dll
c:\program files\Garena\clients2.dat
c:\program files\Garena\CommonLib.dll
c:\program files\Garena\config\bs.br.xml
c:\program files\Garena\config\bs.cn.xml
c:\program files\Garena\config\bs.en.xml
c:\program files\Garena\config\bs.id.xml
c:\program files\Garena\config\bs.pp.xml
c:\program files\Garena\config\bs.ru.xml
c:\program files\Garena\config\bs.sd.xml
c:\program files\Garena\config\bs.sp.xml
c:\program files\Garena\config\bs.th.xml
c:\program files\Garena\config\bs.tw.xml
c:\program files\Garena\config\bs.vn.xml
c:\program files\Garena\config\loccn.xml
c:\program files\Garena\config\locen.xml
c:\program files\Garena\config\lockr.xml
c:\program files\Garena\config\loctw.xml
c:\program files\Garena\config\locvn.xml
c:\program files\Garena\CrashSender.exe
c:\program files\Garena\CrashSender\Languages\br.xml
c:\program files\Garena\CrashSender\Languages\cn.xml
c:\program files\Garena\CrashSender\Languages\kr.xml
c:\program files\Garena\CrashSender\Languages\kz.xml
c:\program files\Garena\CrashSender\Languages\ru.xml
c:\program files\Garena\CrashSender\Languages\sp.xml
c:\program files\Garena\CrashSender\Languages\tw.xml
c:\program files\Garena\CrashSender\Languages\vn.xml
c:\program files\Garena\Crystal\crystal_thumbnail.bmp
c:\program files\Garena\Crystal\crystal_thumbnail_select.bmp
c:\program files\Garena\Crystal\garenatv.ggz
c:\program files\Garena\Crystal\Skin.ggz
c:\program files\Garena\Crystal\Thumbs.db
c:\program files\Garena\CS15Hook.dll
c:\program files\Garena\deps\olgame.gga
c:\program files\Garena\deps\vww.gzp
c:\program files\Garena\deps\webgame.gga
c:\program files\Garena\dlls\CTSys.dll
c:\program files\Garena\dlls\flags.dll
c:\program files\Garena\dlls\FPSHelper.dll
c:\program files\Garena\dlls\GFireMan.dll
c:\program files\Garena\dlls\IPvR.dll
c:\program files\Garena\dlls\PEngine.dll
c:\program files\Garena\dlls\PluginLanguage.dll
c:\program files\Garena\dlls\Sca.dll
c:\program files\Garena\dlls\WC3J.dll
c:\program files\Garena\files\files.ggz
c:\program files\Garena\FPSHook.dll
c:\program files\Garena\Gamecn.dat
c:\program files\Garena\GameConfig.xml
c:\program files\Garena\Gameen.dat
c:\program files\Garena\Gametw.dat
c:\program files\Garena\Gamevn.dat
c:\program files\Garena\Garena.dat
c:\program files\Garena\Garena.exe
c:\program files\Garena\garena.log
c:\program files\Garena\GarenaSkin.dll
c:\program files\Garena\GarenaSkin1.dll
c:\program files\Garena\GarenaSkin2.dll
c:\program files\Garena\GarenaTV.xml
c:\program files\Garena\GarenaTV\0.bmp
c:\program files\Garena\GarenaTV\1.bmp
c:\program files\Garena\GarenaTV\2.bmp
c:\program files\Garena\GarenaTV\3.bmp
c:\program files\Garena\GarenaTV\4.bmp
c:\program files\Garena\GarenaTV\5.bmp
c:\program files\Garena\GarenaTV\6.bmp
c:\program files\Garena\GarenaTV\cn.ggz
c:\program files\Garena\GarenaTV\cn_s.ggz
c:\program files\Garena\GarenaTV\en.ggz
c:\program files\Garena\GarenaTV\en_s.ggz
c:\program files\Garena\GarenaTV\id_s.ggz
c:\program files\Garena\GarenaTV\Thumbs.db
c:\program files\Garena\GarenaTV\tw.ggz
c:\program files\Garena\GarenaTV\tw_s.ggz
c:\program files\Garena\GarenaTV_UI.dll
c:\program files\Garena\GarenaTVHook.dll
c:\program files\Garena\GGICON.ico
c:\program files\Garena\ggsec.dll
c:\program files\Garena\Gn.ggz
c:\program files\Garena\hc.xml
c:\program files\Garena\Inject.dll
c:\program files\Garena\L4DSocket.dll
c:\program files\Garena\langs.xml
c:\program files\Garena\Languages\CrashSender\br.xml
c:\program files\Garena\Languages\CrashSender\cn.xml
c:\program files\Garena\Languages\CrashSender\kr.xml
c:\program files\Garena\Languages\CrashSender\kz.xml
c:\program files\Garena\Languages\CrashSender\ru.xml
c:\program files\Garena\Languages\CrashSender\sp.xml
c:\program files\Garena\Languages\CrashSender\tw.xml
c:\program files\Garena\Languages\CrashSender\vn.xml
c:\program files\Garena\Languages\FPSGame.dll.cn
c:\program files\Garena\Languages\FPSGame.dll.en
c:\program files\Garena\Languages\FPSGame.dll.tw
c:\program files\Garena\Languages\GarenaTV_UI.dll.cn
c:\program files\Garena\Languages\GarenaTV_UI.dll.en
c:\program files\Garena\Languages\GarenaTV_UI.dll.id
c:\program files\Garena\Languages\GarenaTV_UI.dll.tw
c:\program files\Garena\Languages\languages.glf
c:\program files\Garena\Languages\OLGame.dll.en
c:\program files\Garena\Languages\OLGame.dll.vn
c:\program files\Garena\Languages\update.exe.cn
c:\program files\Garena\Languages\update.exe.tw
c:\program files\Garena\Languages\update2.exe.cn
c:\program files\Garena\Languages\update2.exe.tw
c:\program files\Garena\Languages\WC3Ass.dll.br
c:\program files\Garena\Languages\WC3Ass.dll.cn
c:\program files\Garena\Languages\WC3Ass.dll.en
c:\program files\Garena\Languages\WC3Ass.dll.kr
c:\program files\Garena\Languages\WC3Ass.dll.kz
c:\program files\Garena\Languages\WC3Ass.dll.ru
c:\program files\Garena\Languages\WC3Ass.dll.sp
c:\program files\Garena\Languages\WC3Ass.dll.tw
c:\program files\Garena\Languages\WC3Ass.dll.vn
c:\program files\Garena\Languages\WC3Ladder.dll.cn
c:\program files\Garena\Languages\WC3Ladder.dll.en
c:\program files\Garena\Languages\WC3Ladder.dll.tw
c:\program files\Garena\lib\common\Language.dll
c:\program files\Garena\lib\GarenaRoomSystem.dll
c:\program files\Garena\lib\GarenaWebService.dll
c:\program files\Garena\lib\HttpLayer.dll
c:\program files\Garena\lib\LibPlugin.ggz
c:\program files\Garena\lib\LoadSwf.dll
c:\program files\Garena\lib\MessagePumpLib.dll
c:\program files\Garena\lib\NetworkLayer.dll
c:\program files\Garena\lib\PKCS.dll
c:\program files\Garena\lib\RSA.dll
c:\program files\Garena\lib\SkinFontHelper.dll
c:\program files\Garena\lib\WebCache.dll
c:\program files\Garena\mdata.ggz
c:\program files\Garena\newgame.ggz
c:\program files\Garena\onlinegame.ggz
c:\program files\Garena\PluginKernel.dll
c:\program files\Garena\plugins\Game\GarenaTVRecorder.dll
c:\program files\Garena\plugins\Game\WC3Ass.dll
c:\program files\Garena\plugins\Game\WC3Ladder.dll
c:\program files\Garena\plugins\Game\WC3VC.dll
c:\program files\Garena\plugins\Plugins.ggz
c:\program files\Garena\plugins\UI\AdPlugin.dll
c:\program files\Garena\plugins\UI\AdPlugin\close_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\close_rollover.bmp
c:\program files\Garena\plugins\UI\AdPlugin\down_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\down_rollover.bmp
c:\program files\Garena\plugins\UI\AdPlugin\skinmsn.bmp
c:\program files\Garena\plugins\UI\AdPlugin\up_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\up_rollover.bmp
c:\program files\Garena\plugins\UI\AvoidCrackPlugin.dll
c:\program files\Garena\plugins\UI\BlackShotPlugin.dll
c:\program files\Garena\plugins\UI\CafeLogin.dll
c:\program files\Garena\plugins\UI\FPSGame.dll
c:\program files\Garena\plugins\UI\GarenaTV.dll
c:\program files\Garena\plugins\UI\GarenaTVRecUI.dll
c:\program files\Garena\plugins\UI\GEngine.dll
c:\program files\Garena\plugins\UI\GKartPlugin.dll
c:\program files\Garena\plugins\UI\GoKartPlugin.dll
c:\program files\Garena\plugins\UI\HonPlugin.dll
c:\program files\Garena\plugins\UI\LOLPlugin.dll
c:\program files\Garena\plugins\UI\M3GoUI.dll
c:\program files\Garena\plugins\UI\OLGame.dll
c:\program files\Garena\plugins\UI\Plazasafe.dll
c:\program files\Garena\plugins\UI\QiXongPlugin.dll
c:\program files\Garena\plugins\UI\safeapi.dll
c:\program files\Garena\plugins\UI\StatPlugin.dll
c:\program files\Garena\plugins\UI\WebGameUI.dll
c:\program files\Garena\RecConfig.xml
c:\program files\Garena\Roomcn.dat
c:\program files\Garena\Roomen.dat
c:\program files\Garena\Roomtw.dat
c:\program files\Garena\safeapi.dll
c:\program files\Garena\server.xml
c:\program files\Garena\shop\items\1.gif
c:\program files\Garena\shop\items\100.gif
c:\program files\Garena\shop\items\105.gif
c:\program files\Garena\shop\items\150.gif
c:\program files\Garena\shop\items\151.gif
c:\program files\Garena\shop\items\2.gif
c:\program files\Garena\shop\items\200.gif
c:\program files\Garena\shop\items\201.gif
c:\program files\Garena\shop\items\202.gif
c:\program files\Garena\shop\items\203.gif
c:\program files\Garena\shop\items\204.gif
c:\program files\Garena\shop\items\205.gif
c:\program files\Garena\shop\items\206.gif
c:\program files\Garena\shop\items\21.gif
c:\program files\Garena\shop\items\22.gif
c:\program files\Garena\shop\items\23.gif
c:\program files\Garena\shop\items\24.gif
c:\program files\Garena\shop\items\3.gif
c:\program files\Garena\shop\items\300.gif
c:\program files\Garena\shop\items\301.gif
c:\program files\Garena\shop\items\302.gif
c:\program files\Garena\shop\items\303.gif
c:\program files\Garena\shop\items\304.gif
c:\program files\Garena\shop\items\305.gif
c:\program files\Garena\shop\items\306.gif
c:\program files\Garena\shop\items\307.gif
c:\program files\Garena\shop\items\308.gif
c:\program files\Garena\shop\items\309.gif
c:\program files\Garena\shop\items\310.gif
c:\program files\Garena\shop\items\311.gif
c:\program files\Garena\shop\items\312.gif
c:\program files\Garena\shop\items\313.gif
c:\program files\Garena\shop\items\4.gif
c:\program files\Garena\shop\items\40.gif
c:\program files\Garena\shop\items\60.gif
c:\program files\Garena\shop\items\61.gif
c:\program files\Garena\shop\items\62.gif
c:\program files\Garena\shop\items\63.gif
c:\program files\Garena\shop\items\64.gif
c:\program files\Garena\shop\items\65.gif
c:\program files\Garena\shop\items\66.gif
c:\program files\Garena\shop\items\67.gif
c:\program files\Garena\shop\items\68.gif
c:\program files\Garena\shop\items\69.gif
c:\program files\Garena\shop\items\70.gif
c:\program files\Garena\shop\items\8.gif
c:\program files\Garena\shop\items\Thumbs.db
c:\program files\Garena\Skin\Flags\-.gif
c:\program files\Garena\Skin\Flags\ad.gif
c:\program files\Garena\Skin\Flags\ae.gif
c:\program files\Garena\Skin\Flags\af.gif
c:\program files\Garena\Skin\Flags\ag.gif
c:\program files\Garena\Skin\Flags\ai.gif
c:\program files\Garena\Skin\Flags\al.gif
c:\program files\Garena\Skin\Flags\am.gif
c:\program files\Garena\Skin\Flags\an.gif
c:\program files\Garena\Skin\Flags\ao.gif
c:\program files\Garena\Skin\Flags\aq.gif
c:\program files\Garena\Skin\Flags\ar.gif
c:\program files\Garena\Skin\Flags\as.gif
c:\program files\Garena\Skin\Flags\at.gif
c:\program files\Garena\Skin\Flags\au.gif
c:\program files\Garena\Skin\Flags\aw.gif
c:\program files\Garena\Skin\Flags\az.gif
c:\program files\Garena\Skin\Flags\ba.gif
c:\program files\Garena\Skin\Flags\bb.gif
c:\program files\Garena\Skin\Flags\bd.gif
c:\program files\Garena\Skin\Flags\be.gif
c:\program files\Garena\Skin\Flags\bf.gif
c:\program files\Garena\Skin\Flags\bg.gif
c:\program files\Garena\Skin\Flags\bh.gif
c:\program files\Garena\Skin\Flags\bi.gif
c:\program files\Garena\Skin\Flags\bj.gif
c:\program files\Garena\Skin\Flags\bm.gif
c:\program files\Garena\Skin\Flags\bn.gif
c:\program files\Garena\Skin\Flags\bo.gif
c:\program files\Garena\Skin\Flags\br.gif
c:\program files\Garena\Skin\Flags\bs.gif
c:\program files\Garena\Skin\Flags\bt.gif
c:\program files\Garena\Skin\Flags\bv.gif
c:\program files\Garena\Skin\Flags\bw.gif
c:\program files\Garena\Skin\Flags\by.gif
c:\program files\Garena\Skin\Flags\bz.gif
c:\program files\Garena\Skin\Flags\ca.gif
c:\program files\Garena\Skin\Flags\cd.gif
c:\program files\Garena\Skin\Flags\cf.gif
c:\program files\Garena\Skin\Flags\cg.gif
c:\program files\Garena\Skin\Flags\ci.gif
c:\program files\Garena\Skin\Flags\ck.gif
c:\program files\Garena\Skin\Flags\cl.gif
c:\program files\Garena\Skin\Flags\cm.gif
c:\program files\Garena\Skin\Flags\cn.gif
c:\program files\Garena\Skin\Flags\co.gif
c:\program files\Garena\Skin\Flags\cr.gif
c:\program files\Garena\Skin\Flags\cu.gif
c:\program files\Garena\Skin\Flags\cv.gif
c:\program files\Garena\Skin\Flags\cy.gif
c:\program files\Garena\Skin\Flags\cz.gif
c:\program files\Garena\Skin\Flags\de.gif
c:\program files\Garena\Skin\Flags\dj.gif
c:\program files\Garena\Skin\Flags\dk.gif
c:\program files\Garena\Skin\Flags\dm.gif
c:\program files\Garena\Skin\Flags\do.gif
c:\program files\Garena\Skin\Flags\dz.gif
c:\program files\Garena\Skin\Flags\ec.gif
c:\program files\Garena\Skin\Flags\ee.gif
c:\program files\Garena\Skin\Flags\eg.gif
c:\program files\Garena\Skin\Flags\er.gif
c:\program files\Garena\Skin\Flags\es.gif
c:\program files\Garena\Skin\Flags\et.gif
c:\program files\Garena\Skin\Flags\eu.gif
c:\program files\Garena\Skin\Flags\fi.gif
c:\program files\Garena\Skin\Flags\fj.gif
c:\program files\Garena\Skin\Flags\fk.gif
c:\program files\Garena\Skin\Flags\fm.gif
c:\program files\Garena\Skin\Flags\fo.gif
c:\program files\Garena\Skin\Flags\fr.gif
c:\program files\Garena\Skin\Flags\fx.gif
c:\program files\Garena\Skin\Flags\ga.gif
c:\program files\Garena\Skin\Flags\gb.gif
c:\program files\Garena\Skin\Flags\gd.gif
c:\program files\Garena\Skin\Flags\ge.gif
c:\program files\Garena\Skin\Flags\gh.gif
c:\program files\Garena\Skin\Flags\gi.gif
c:\program files\Garena\Skin\Flags\gl.gif
c:\program files\Garena\Skin\Flags\gm.gif
c:\program files\Garena\Skin\Flags\gn.gif
c:\program files\Garena\Skin\Flags\gp.gif
c:\program files\Garena\Skin\Flags\gq.gif
c:\program files\Garena\Skin\Flags\gr.gif
c:\program files\Garena\Skin\Flags\gt.gif
c:\program files\Garena\Skin\Flags\gu.gif
c:\program files\Garena\Skin\Flags\gw.gif
c:\program files\Garena\Skin\Flags\gy.gif
c:\program files\Garena\Skin\Flags\hk.gif
c:\program files\Garena\Skin\Flags\hm.gif
c:\program files\Garena\Skin\Flags\hn.gif
c:\program files\Garena\Skin\Flags\hr.gif
c:\program files\Garena\Skin\Flags\ht.gif
c:\program files\Garena\Skin\Flags\hu.gif
c:\program files\Garena\Skin\Flags\ch.gif
c:\program files\Garena\Skin\Flags\id.gif
c:\program files\Garena\Skin\Flags\ie.gif
c:\program files\Garena\Skin\Flags\il.gif
c:\program files\Garena\Skin\Flags\im.gif
c:\program files\Garena\Skin\Flags\in.gif
c:\program files\Garena\Skin\Flags\io.gif
c:\program files\Garena\Skin\Flags\iq.gif
c:\program files\Garena\Skin\Flags\ir.gif
c:\program files\Garena\Skin\Flags\is.gif
c:\program files\Garena\Skin\Flags\it.gif
c:\program files\Garena\Skin\Flags\je.gif
c:\program files\Garena\Skin\Flags\jm.gif
c:\program files\Garena\Skin\Flags\jo.gif
c:\program files\Garena\Skin\Flags\jp.gif
c:\program files\Garena\Skin\Flags\ke.gif
c:\program files\Garena\Skin\Flags\kg.gif
c:\program files\Garena\Skin\Flags\kh.gif
c:\program files\Garena\Skin\Flags\ki.gif
c:\program files\Garena\Skin\Flags\km.gif
c:\program files\Garena\Skin\Flags\kn.gif
c:\program files\Garena\Skin\Flags\kp.gif
c:\program files\Garena\Skin\Flags\kr.gif
c:\program files\Garena\Skin\Flags\kw.gif
c:\program files\Garena\Skin\Flags\ky.gif
c:\program files\Garena\Skin\Flags\kz.gif
c:\program files\Garena\Skin\Flags\la.gif
c:\program files\Garena\Skin\Flags\lb.gif
c:\program files\Garena\Skin\Flags\lc.gif
c:\program files\Garena\Skin\Flags\li.gif
c:\program files\Garena\Skin\Flags\lk.gif
c:\program files\Garena\Skin\Flags\lr.gif
c:\program files\Garena\Skin\Flags\ls.gif
c:\program files\Garena\Skin\Flags\lt.gif
c:\program files\Garena\Skin\Flags\lu.gif
c:\program files\Garena\Skin\Flags\lv.gif
c:\program files\Garena\Skin\Flags\ly.gif
c:\program files\Garena\Skin\Flags\ma.gif
c:\program files\Garena\Skin\Flags\mc.gif
c:\program files\Garena\Skin\Flags\md.gif
c:\program files\Garena\Skin\Flags\me.gif
c:\program files\Garena\Skin\Flags\mg.gif
c:\program files\Garena\Skin\Flags\mh.gif
c:\program files\Garena\Skin\Flags\mk.gif
c:\program files\Garena\Skin\Flags\ml.gif
c:\program files\Garena\Skin\Flags\mm.gif
c:\program files\Garena\Skin\Flags\mn.gif
c:\program files\Garena\Skin\Flags\mo.gif
c:\program files\Garena\Skin\Flags\mp.gif
c:\program files\Garena\Skin\Flags\mq.gif
c:\program files\Garena\Skin\Flags\mr.gif
c:\program files\Garena\Skin\Flags\ms.gif
c:\program files\Garena\Skin\Flags\mt.gif
c:\program files\Garena\Skin\Flags\mu.gif
c:\program files\Garena\Skin\Flags\mv.gif
c:\program files\Garena\Skin\Flags\mw.gif
c:\program files\Garena\Skin\Flags\mx.gif
c:\program files\Garena\Skin\Flags\my.gif
c:\program files\Garena\Skin\Flags\mz.gif
c:\program files\Garena\Skin\Flags\na.gif
c:\program files\Garena\Skin\Flags\nc.gif
c:\program files\Garena\Skin\Flags\ne.gif
c:\program files\Garena\Skin\Flags\nf.gif
c:\program files\Garena\Skin\Flags\ng.gif
c:\program files\Garena\Skin\Flags\ni.gif
c:\program files\Garena\Skin\Flags\nl.gif
c:\program files\Garena\Skin\Flags\no.gif
c:\program files\Garena\Skin\Flags\np.gif
c:\program files\Garena\Skin\Flags\nr.gif
c:\program files\Garena\Skin\Flags\nz.gif
c:\program files\Garena\Skin\Flags\om.gif
c:\program files\Garena\Skin\Flags\pa.gif
c:\program files\Garena\Skin\Flags\pe.gif
c:\program files\Garena\Skin\Flags\pf.gif
c:\program files\Garena\Skin\Flags\pg.gif
c:\program files\Garena\Skin\Flags\ph.gif
c:\program files\Garena\Skin\Flags\pk.gif
c:\program files\Garena\Skin\Flags\pl.gif
c:\program files\Garena\Skin\Flags\pm.gif
c:\program files\Garena\Skin\Flags\pr.gif
c:\program files\Garena\Skin\Flags\ps.gif
c:\program files\Garena\Skin\Flags\pt.gif
c:\program files\Garena\Skin\Flags\pw.gif
c:\program files\Garena\Skin\Flags\py.gif
c:\program files\Garena\Skin\Flags\qa.gif
c:\program files\Garena\Skin\Flags\re.gif
c:\program files\Garena\Skin\Flags\ro.gif
c:\program files\Garena\Skin\Flags\rs.gif
c:\program files\Garena\Skin\Flags\ru.gif
c:\program files\Garena\Skin\Flags\rw.gif
c:\program files\Garena\Skin\Flags\sa.gif
c:\program files\Garena\Skin\Flags\sb.gif
c:\program files\Garena\Skin\Flags\sc.gif
c:\program files\Garena\Skin\Flags\sd.gif
c:\program files\Garena\Skin\Flags\se.gif
c:\program files\Garena\Skin\Flags\sg.gif
c:\program files\Garena\Skin\Flags\si.gif
c:\program files\Garena\Skin\Flags\sk.gif
c:\program files\Garena\Skin\Flags\sl.gif
c:\program files\Garena\Skin\Flags\sm.gif
c:\program files\Garena\Skin\Flags\sn.gif
c:\program files\Garena\Skin\Flags\so.gif
c:\program files\Garena\Skin\Flags\sr.gif
c:\program files\Garena\Skin\Flags\st.gif
c:\program files\Garena\Skin\Flags\sv.gif
c:\program files\Garena\Skin\Flags\sy.gif
c:\program files\Garena\Skin\Flags\sz.gif
c:\program files\Garena\Skin\Flags\tc.gif
c:\program files\Garena\Skin\Flags\td.gif
c:\program files\Garena\Skin\Flags\tf.gif
c:\program files\Garena\Skin\Flags\tg.gif
c:\program files\Garena\Skin\Flags\th.gif
c:\program files\Garena\Skin\Flags\Thumbs.db
c:\program files\Garena\Skin\Flags\tj.gif
c:\program files\Garena\Skin\Flags\tm.gif
c:\program files\Garena\Skin\Flags\tn.gif
c:\program files\Garena\Skin\Flags\to.gif
c:\program files\Garena\Skin\Flags\tp.gif
c:\program files\Garena\Skin\Flags\tr.gif
c:\program files\Garena\Skin\Flags\tt.gif
c:\program files\Garena\Skin\Flags\tv.gif
c:\program files\Garena\Skin\Flags\tw.gif
c:\program files\Garena\Skin\Flags\tz.gif
c:\program files\Garena\Skin\Flags\ua.gif
c:\program files\Garena\Skin\Flags\ug.gif
c:\program files\Garena\Skin\Flags\uk.gif
c:\program files\Garena\Skin\Flags\um.gif
c:\program files\Garena\Skin\Flags\us.gif
c:\program files\Garena\Skin\Flags\uy.gif
c:\program files\Garena\Skin\Flags\uz.gif
c:\program files\Garena\Skin\Flags\va.gif
c:\program files\Garena\Skin\Flags\vc.gif
c:\program files\Garena\Skin\Flags\ve.gif
c:\program files\Garena\Skin\Flags\vg.gif
c:\program files\Garena\Skin\Flags\vi.gif
c:\program files\Garena\Skin\Flags\vn.gif
c:\program files\Garena\Skin\Flags\vu.gif
c:\program files\Garena\Skin\Flags\ws.gif
c:\program files\Garena\Skin\Flags\ye.gif
c:\program files\Garena\Skin\Flags\yu.gif
c:\program files\Garena\Skin\Flags\za.gif
c:\program files\Garena\Skin\Flags\zm.gif
c:\program files\Garena\Skin\Flags\zr.gif
c:\program files\Garena\Skin\Flags\zw.gif
c:\program files\Garena\Skin\garenatv.ggz
c:\program files\Garena\Skin\red_thumbnail.bmp
c:\program files\Garena\Skin\red_thumbnail_select.bmp
c:\program files\Garena\Skin\Skin.ggz
c:\program files\Garena\Skin\SkinSwitcher\skinselect_Logo.bmp
c:\program files\Garena\Skin\SkinSwitcher\skinselect_main_bg.bmp
c:\program files\Garena\Skin\SkinSwitcher\skinselect_ok_btn.bmp
c:\program files\Garena\Skin\SkinSwitcher\skinselect_thumbnail_bg.bmp
c:\program files\Garena\Skin\Thumbs.db
c:\program files\Garena\SkinBlack\black_thumbnail.bmp
c:\program files\Garena\SkinBlack\black_thumbnail_select.bmp
c:\program files\Garena\SkinBlack\garenatv.ggz
c:\program files\Garena\SkinBlack\Skin.ggz
c:\program files\Garena\Skins.xml
c:\program files\Garena\slotmachine.ggz
c:\program files\Garena\SocketHook.dll
c:\program files\Garena\sound\folder.wav
c:\program files\Garena\sound\game.wav
c:\program files\Garena\sound\msg.wav
c:\program files\Garena\sound\nudge.wav
c:\program files\Garena\sound\quit.wav
c:\program files\Garena\sound\ring.wav
c:\program files\Garena\sound\sysmsg.wav
c:\program files\Garena\source.xml
c:\program files\Garena\sqlite3.dll
c:\program files\Garena\uninst.exe
c:\program files\Garena\update.dat
c:\program files\Garena\update.exe
c:\program files\Garena\update2.exe
c:\program files\Garena\user.xml
c:\program files\Garena\user\66156978\ban.dat
c:\program files\Garena\user\66156978\data.dat
c:\program files\Garena\user\66156978\fps.dat
c:\program files\Garena\user\66156978\recent.txt
c:\program files\Garena\War3Hook.dll
c:\program files\Garena\web\1.cn.html
c:\program files\Garena\web\1.en.html
c:\program files\Garena\web\1.tw.html
c:\program files\Garena\web\2.cn.html
c:\program files\Garena\web\2.en.html
c:\program files\Garena\web\2.tw.html
c:\program files\Garena\web\3.cn.html
c:\program files\Garena\web\3.en.html
c:\program files\Garena\web\3.tw.html
c:\program files\Garena\web\6.cn.html
c:\program files\Garena\web\6.en.html
c:\program files\Garena\web\6.tw.html
c:\program files\Garena\web\cache\Freesky\css\foemb_2.css
c:\program files\Garena\web\cache\Freesky\img\do_bg2.jpg
c:\program files\Garena\web\cache\Freesky\img\do_btn.jpg
c:\program files\Garena\web\cache\Freesky\img\ggbackground.jpg
c:\program files\Garena\web\cache\ROM\config\css\screen.css
c:\program files\Garena\web\cache\ROM\config\images\bgd_body.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_hevertical.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_vertical.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_footer.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_html.gif
c:\program files\Garena\web\cache\ROM\config\images\header.jpg
c:\program files\Garena\web\cache\ROM\config\images\ico_bullet.gif
c:\program files\Garena\web\cache\ROM\config\images\Thumbs.db
c:\program files\Garena\web\cache\ROM\config\images\visu_download.jpg
c:\program files\Garena\web\cache\ROM\config\images\visu_line.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_logo-garena.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_run.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_setting.gif
c:\program files\Garena\web\cache\ROM\css\screen.css
c:\program files\Garena\web\cache\ROM\images\bgd_body.jpg
c:\program files\Garena\web\cache\ROM\images\bgd_html.gif
c:\program files\Garena\web\cache\ROM\images\bgd_news.gif
c:\program files\Garena\web\cache\ROM\images\btn_forum_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_forum_o.gif
c:\program files\Garena\web\cache\ROM\images\btn_support_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_support_o.gif
c:\program files\Garena\web\cache\ROM\images\btn_webiste_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_webiste_o.gif
c:\program files\Garena\web\cache\ROM\images\ico-01.gif
c:\program files\Garena\web\cache\ROM\images\slogan_rom.jpg
c:\program files\Garena\web\cache\ROM\images\Thumbs.db
c:\program files\Garena\web\cache\ROM\images\topupbanner.jpg
c:\program files\Garena\web\cache\ROM\images\visu_banner.gif
c:\program files\Garena\web\cache\ROM\images\visu_banner_01.gif
c:\program files\Garena\web\cache\ROM\images\visu_forum.gif
c:\program files\Garena\web\cache\ROM\images\visu_garena.gif
c:\program files\Garena\web\cache\RUpoker\css\pokerembed.css
c:\program files\Garena\web\cache\RUpoker\img\bg.jpg
c:\program files\Garena\web\cache\RUpoker\img\btn.jpg
c:\program files\Garena\web\cache\RUpoker\img\ggbackground.jpg
c:\program files\Garena\web\embed_game.jpg
c:\program files\Garena\web\embed_game_cn.jpg
c:\program files\Garena\web\embed_game_tw.jpg
c:\program files\Garena\web\embed_garenafire_ZH.jpg
c:\program files\Garena\web\embed_gfire.jpg
c:\program files\Garena\web\gfire.cn.html
c:\program files\Garena\web\gfire.en.html
c:\program files\Garena\web\gfire.tw.html
c:\program files\Garena\web\ggbackground.jpg
c:\program files\Garena\web\loading.gif
c:\program files\Garena\web\loading.html
c:\program files\Garena\YYFileSystem.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMDMSRIO
-------\Legacy_AODDRIVER2
-------\Legacy_ATIDGLLK
-------\Legacy_CPUZ130
-------\Legacy_EVERESTDRIVER
-------\Legacy_GGSAFERDRIVER
-------\Legacy_MAPMEM
-------\Service_AMDMSRIO
-------\Service_AODDriver2
-------\Service_atidgllk
-------\Service_cpuz130
-------\Service_EverestDriver
-------\Service_GGSAFERDriver
-------\Service_MapMem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-01 do 2011-09-01 )))))))))))))))))))))))))))))))
.
.
2011-08-31 20:02 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-31 20:02 . 2011-08-31 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-31 20:02 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 19:21 . 2011-08-31 19:21 388096 ----a-r- c:\documents and settings\prolimit\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-31 19:21 . 2011-08-31 19:21 -------- d-----w- c:\program files\Trend Micro
2011-08-31 08:45 . 2011-08-31 08:45 -------- d-----w- C:\Downloads
2011-08-30 10:54 . 2011-08-31 07:21 -------- d-----w- c:\program files\PowerStrip
2011-08-30 10:52 . 2011-08-31 07:21 -------- d-----w- c:\program files\SysMetrix
2011-08-29 11:28 . 2011-08-29 11:28 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-08-29 11:27 . 2011-08-29 11:27 -------- d-----w- c:\program files\Futuremark
2011-08-26 17:46 . 2011-08-29 07:13 -------- d-----w- c:\program files\Anti-Vibrate Oscar Editor
2011-08-26 06:29 . 2011-08-26 06:31 -------- d-----w- c:\program files\Google
2011-08-20 11:48 . 2011-08-20 11:48 -------- d-----w- c:\program files\AnalogX
2011-08-19 17:40 . 2010-08-16 13:31 725064 ----a-w- c:\windows\system32\pwNative.exe
2011-08-19 17:40 . 2010-08-16 13:31 16472 ------w- c:\windows\system32\pwdrvio.sys
2011-08-19 17:40 . 2010-08-16 13:31 11104 ------w- c:\windows\system32\pwdspio.sys
2011-08-19 17:40 . 2011-08-19 17:40 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 5.2
2011-08-19 16:42 . 2011-08-26 06:33 -------- d-----w- c:\documents and settings\prolimit\Local Settings\Data aplikací\Google
2011-08-19 07:24 . 2011-08-19 07:24 -------- d-----w- c:\program files\HD Tune
2011-08-18 20:58 . 2011-08-18 20:58 -------- d-----w- c:\program files\7-Zip
2011-08-18 09:32 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-08-18 09:32 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-08-18 09:32 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-08-18 09:32 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-08-18 09:32 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-08-18 09:32 . 2011-08-18 09:32 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-08-18 09:32 . 2011-08-18 09:32 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-08-16 17:29 . 2011-08-16 17:40 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\HLSW
2011-08-16 17:29 . 2011-08-16 17:29 -------- d-s---w- c:\program files\HLSW
2011-08-14 15:53 . 2011-08-14 15:53 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\Rovio
2011-08-14 15:09 . 2011-08-14 15:09 -------- d-----w- c:\documents and settings\prolimit\.config
2011-08-14 15:09 . 2011-08-14 15:09 -------- d-----w- c:\documents and settings\prolimit\.cache
2011-08-14 15:09 . 2011-08-14 15:09 -------- d-----w- c:\documents and settings\prolimit\.local
2011-08-13 18:06 . 2011-08-13 18:26 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\Image Zone Express
2011-08-13 15:25 . 2011-08-31 08:45 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\BitComet
2011-08-13 15:25 . 2011-08-13 15:25 -------- d-----w- c:\program files\BitComet
2011-08-12 16:50 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2011-08-12 06:28 . 2011-08-12 06:28 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\Locktime
2011-08-12 06:26 . 2011-08-12 06:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Locktime
2011-08-10 10:34 . 2011-08-10 10:34 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-09 19:13 . 2011-08-09 19:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2011-08-09 16:47 . 2011-08-09 16:47 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\MMToolz
2011-08-09 07:57 . 2003-10-03 14:28 45056 ----a-w- c:\windows\system32\vusetup.dll
2011-08-09 07:57 . 2000-01-01 00:00 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2011-08-09 07:57 . 2000-01-01 00:00 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2011-08-09 06:44 . 1997-01-15 22:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2011-08-09 06:44 . 1997-01-15 22:00 29696 ----a-w- c:\windows\system32\VB5StKit.dll
2011-08-08 12:19 . 2011-08-08 12:19 -------- d-----w- c:\program files\Common Files\Java
2011-08-08 07:56 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-08-08 07:49 . 2011-08-08 07:49 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-08-08 07:49 . 2011-08-08 07:49 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-08-08 07:49 . 2011-08-08 07:49 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-08-08 07:43 . 2011-08-08 07:46 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-08-08 07:42 . 2008-01-09 10:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2011-08-08 07:38 . 2011-08-08 07:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avanquest
2011-08-08 07:33 . 2011-08-08 07:33 -------- d-----w- c:\documents and settings\prolimit\Local Settings\Data aplikací\Sony Ericsson
2011-08-08 07:31 . 2011-08-08 07:31 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\InstallShield
2011-08-07 09:11 . 2011-08-08 07:51 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\MyPhoneExplorer
2011-08-07 09:10 . 2011-08-07 09:11 -------- d-----w- c:\program files\MyPhoneExplorer
2011-08-05 10:14 . 2011-08-05 10:14 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\Lazy 8 Studios
2011-08-05 10:13 . 2011-08-05 10:13 -------- d-----w- c:\documents and settings\prolimit\Local Settings\Data aplikací\Lazy 8 Studios
2011-08-05 10:12 . 2011-08-05 10:12 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\Broken Rules
2011-08-04 12:07 . 2011-08-04 12:07 -------- d-----w- c:\documents and settings\prolimit\Data aplikací\Need for Speed World
2011-08-04 10:16 . 2011-08-04 10:16 -------- d-----w- c:\documents and settings\prolimit\Local Settings\Data aplikací\Electronic_Arts_Inc
2011-08-04 10:16 . 2011-08-04 10:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Electronic Arts
2011-08-03 12:04 . 2011-08-03 12:08 -------- d-----w- c:\program files\ATITool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-29 10:44 . 2011-03-14 20:49 17488 ----a-w- c:\windows\gdrv.sys
2011-08-16 17:14 . 2011-06-02 08:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 07:34 . 2011-02-02 20:56 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-08-31 10:01 . 2011-03-22 19:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2006-05-03 16:44 61440 ----a-w- c:\windows\system32\ati2evxx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Down2Home.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Down2Home.lnk
backup=c:\windows\pss\Down2Home.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Hlavní panel ATI CATALYST.lnk
backup=c:\windows\pss\Hlavní panel ATI CATALYST.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^IDETool.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\IDETool.lnk
backup=c:\windows\pss\IDETool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^prolimit^Nabídka Start^Programy^Po spuštění^Warcraft Config.lnk]
path=c:\documents and settings\prolimit\Nabídka Start\Programy\Po spuštění\Warcraft Config.lnk
backup=c:\windows\pss\Warcraft Config.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cli]
2006-01-02 15:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dxdllreg]
2002-12-11 23:14 46592 ----a-w- c:\windows\system32\dxdllreg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2011-01-16 23:23 742944 ----a-w- c:\program files\PowerStrip\PStrip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
2011-08-01 12:44 26441568 ----a-w- c:\program files\SlimDrivers\SlimDrivers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2011-06-17 07:17 466944 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 07:27 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysMetrix]
2010-02-17 19:44 2621440 ----a-w- c:\program files\SysMetrix\SysMetrix.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CryptSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\active152\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58689:TCP"= 58689:TCP:Pando Media Booster
"58689:UDP"= 58689:UDP:Pando Media Booster
"26293:TCP"= 26293:TCP:BitComet 26293 TCP
"26293:UDP"= 26293:UDP:BitComet 26293 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.12.2010 12:06 642560]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [15.3.2011 7:45 22504]
R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [15.7.2007 4:37 27992]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [8.8.2011 9:42 27632]
S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [10.11.2006 15:08 24064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.8.2011 8:29 136176]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8.8.2011 9:49 13224]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.8.2011 8:29 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [31.8.2011 22:02 41272]
S3 NLNdisMP;NLNdisMP; [x]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; [x]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [19.8.2011 19:40 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [19.8.2011 19:40 11104]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [8.8.2011 9:32 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [8.8.2011 9:32 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [8.8.2011 9:32 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [8.8.2011 9:32 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [8.8.2011 9:32 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [8.8.2011 9:32 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [8.8.2011 9:32 117544]
S3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [15.3.2011 7:36 1670016]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2.2.2011 22:56 12984]
S3 USBPNPA;USB PnP Sound Device Interface; [x]
S4 AODService;AODService; [x]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [15.3.2011 7:36 79360]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [8.8.2011 9:42 90112]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 212.158.124.142 192.168.1.1
TCP: Interfaces\{9370BAAC-8365-48D3-B655-EA61841021C3}: NameServer = 212.158.124.142
FF - ProfilePath - c:\documents and settings\prolimit\Data aplikací\Mozilla\Firefox\Profiles\j26hh4ac.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Garena - c:\program files\Garena\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-01 20:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(664)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2011-09-01 20:18:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-01 18:18
ComboFix2.txt 2011-09-01 09:00
.
Před spuštěním: 8 359 538 688
Po spuštění: 8 255 901 696
.
- - End Of File - - 22C70D95B5739EFFED98B42FBCA7ACE1

HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:53, on 1.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9370BAAC-8365-48D3-B655-EA61841021C3}: NameServer = 212.158.124.142
O20 - Winlogon Notify: AutorunsDisabled - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 2982 bytes

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
http://www.edisk.cz/stahni/29485/T-Clea ... 8.5KB.html

smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Stáhni si na svojí plochu StartupLite .exe by MalwareBytes

Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Pak napiš , jak s lagy a netem..

zkusím zatím ping, protože půjdu spát.. zítra hodím result :)... tady je ten poslední log:

2011/09/01 21:53:58.0578 1464 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/01 21:53:58.0640 1464 ================================================================================
2011/09/01 21:53:58.0640 1464 SystemInfo:
2011/09/01 21:53:58.0640 1464
2011/09/01 21:53:58.0640 1464 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/01 21:53:58.0640 1464 Product type: Workstation
2011/09/01 21:53:58.0640 1464 ComputerName: PROLIMIT123
2011/09/01 21:53:58.0640 1464 UserName: prolimit
2011/09/01 21:53:58.0640 1464 Windows directory: C:\WINDOWS
2011/09/01 21:53:58.0640 1464 System windows directory: C:\WINDOWS
2011/09/01 21:53:58.0640 1464 Processor architecture: Intel x86
2011/09/01 21:53:58.0640 1464 Number of processors: 1
2011/09/01 21:53:58.0640 1464 Page size: 0x1000
2011/09/01 21:53:58.0640 1464 Boot type: Normal boot
2011/09/01 21:53:58.0640 1464 ================================================================================
2011/09/01 21:53:59.0640 1464 Initialize success
2011/09/01 21:54:17.0875 1428 ================================================================================
2011/09/01 21:54:17.0875 1428 Scan started
2011/09/01 21:54:17.0875 1428 Mode: Manual;
2011/09/01 21:54:17.0875 1428 ================================================================================
2011/09/01 21:54:18.0421 1428 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/01 21:54:18.0531 1428 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/01 21:54:18.0687 1428 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/01 21:54:18.0781 1428 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/09/01 21:54:19.0156 1428 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/09/01 21:54:19.0437 1428 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/09/01 21:54:19.0765 1428 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/01 21:54:19.0859 1428 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/01 21:54:20.0062 1428 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/01 21:54:20.0203 1428 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
2011/09/01 21:54:20.0265 1428 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/01 21:54:20.0375 1428 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/01 21:54:20.0453 1428 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/01 21:54:20.0562 1428 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/09/01 21:54:20.0578 1428 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/09/01 21:54:20.0640 1428 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/01 21:54:20.0828 1428 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/01 21:54:20.0953 1428 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/01 21:54:21.0078 1428 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/01 21:54:21.0328 1428 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2011/09/01 21:54:21.0515 1428 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/01 21:54:21.0593 1428 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/01 21:54:21.0734 1428 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/01 21:54:21.0843 1428 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/01 21:54:21.0937 1428 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/01 21:54:22.0125 1428 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/01 21:54:22.0234 1428 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
2011/09/01 21:54:22.0234 1428 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
2011/09/01 21:54:22.0250 1428 dtscsi - detected LockedFile.Multi.Generic (1)
2011/09/01 21:54:22.0359 1428 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/09/01 21:54:22.0437 1428 ET5Drv (57af1036880449056dd8adac9f2d1fe1) C:\WINDOWS\system32\Drivers\ET5Drv.sys
2011/09/01 21:54:22.0562 1428 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/01 21:54:22.0687 1428 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/01 21:54:22.0750 1428 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/01 21:54:22.0875 1428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/01 21:54:23.0015 1428 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/01 21:54:23.0156 1428 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/01 21:54:23.0250 1428 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/01 21:54:23.0312 1428 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys
2011/09/01 21:54:23.0406 1428 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2011/09/01 21:54:23.0515 1428 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2011/09/01 21:54:23.0609 1428 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/01 21:54:23.0734 1428 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/09/01 21:54:23.0828 1428 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/01 21:54:24.0000 1428 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/01 21:54:24.0109 1428 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/01 21:54:24.0203 1428 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/01 21:54:24.0296 1428 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/01 21:54:24.0515 1428 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/01 21:54:24.0656 1428 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/01 21:54:24.0875 1428 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/01 21:54:24.0968 1428 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/01 21:54:25.0078 1428 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/01 21:54:25.0156 1428 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/01 21:54:25.0265 1428 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/01 21:54:25.0328 1428 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/01 21:54:25.0468 1428 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/01 21:54:25.0562 1428 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/01 21:54:25.0687 1428 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/01 21:54:25.0781 1428 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/01 21:54:25.0906 1428 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/01 21:54:26.0109 1428 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/01 21:54:26.0203 1428 MDC8021X (8fee53c104223973ed9919936d9cd156) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/09/01 21:54:26.0312 1428 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/01 21:54:26.0437 1428 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/01 21:54:26.0531 1428 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/01 21:54:26.0609 1428 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/01 21:54:26.0718 1428 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/01 21:54:26.0875 1428 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/01 21:54:27.0015 1428 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/01 21:54:27.0171 1428 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/01 21:54:27.0250 1428 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/01 21:54:27.0328 1428 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/01 21:54:27.0421 1428 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/01 21:54:27.0531 1428 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/01 21:54:27.0640 1428 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/01 21:54:27.0765 1428 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/01 21:54:27.0875 1428 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/01 21:54:28.0000 1428 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/01 21:54:28.0093 1428 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/01 21:54:28.0203 1428 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/01 21:54:28.0296 1428 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/01 21:54:28.0375 1428 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/01 21:54:28.0593 1428 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/01 21:54:28.0718 1428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/01 21:54:28.0859 1428 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
2011/09/01 21:54:28.0937 1428 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/01 21:54:29.0046 1428 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/01 21:54:29.0140 1428 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/01 21:54:29.0250 1428 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/01 21:54:29.0359 1428 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/01 21:54:29.0437 1428 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/01 21:54:29.0546 1428 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/01 21:54:29.0765 1428 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/01 21:54:30.0437 1428 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/01 21:54:30.0578 1428 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/01 21:54:30.0703 1428 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/01 21:54:30.0828 1428 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/01 21:54:30.0890 1428 pwdrvio (c50de6d0c04b230f185a13fde0f047fa) C:\WINDOWS\system32\pwdrvio.sys
2011/09/01 21:54:31.0015 1428 pwdspio (cdc5704308222400ad606bcf87b006a5) C:\WINDOWS\system32\pwdspio.sys
2011/09/01 21:54:31.0328 1428 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/01 21:54:31.0406 1428 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/01 21:54:31.0515 1428 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/01 21:54:31.0593 1428 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/01 21:54:31.0718 1428 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/01 21:54:31.0828 1428 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/01 21:54:31.0937 1428 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/01 21:54:32.0062 1428 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/01 21:54:32.0187 1428 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/01 21:54:32.0296 1428 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/09/01 21:54:32.0406 1428 rtl8139 (8be348f9aeeb4da0005b7f500f46f6ad) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/09/01 21:54:32.0484 1428 s1018bus (27ccf532a08f437ffc795158b8b7a7f6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
2011/09/01 21:54:32.0609 1428 s1018mdfl (2443aca3551cfb160ecaa642f6718b99) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
2011/09/01 21:54:32.0703 1428 s1018mdm (9d273a6cf8f984097e61ecd68827d8c0) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
2011/09/01 21:54:32.0828 1428 s1018mgmt (57d4d2efd2f3dc4bb8a351702ae01ba5) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
2011/09/01 21:54:32.0937 1428 s1018nd5 (2102d69ed2ed4b89a607c4e09504fb59) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
2011/09/01 21:54:33.0015 1428 s1018obex (382921439a5fb855cc6e000ac24d0c95) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
2011/09/01 21:54:33.0125 1428 s1018unic (4e2c788d013e567bd68ae4ad36485239) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
2011/09/01 21:54:33.0250 1428 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/01 21:54:33.0343 1428 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2011/09/01 21:54:33.0453 1428 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/01 21:54:33.0546 1428 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/01 21:54:33.0671 1428 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/01 21:54:33.0875 1428 skfilt (dccca3f40c883566485bd18f1f6f4edd) C:\WINDOWS\system32\drivers\skfilt.sys
2011/09/01 21:54:34.0109 1428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/01 21:54:34.0250 1428 sptd (9b83f6e9289b422548fa8267d841ab52) C:\WINDOWS\system32\Drivers\sptd.sys
2011/09/01 21:54:34.0250 1428 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 9b83f6e9289b422548fa8267d841ab52
2011/09/01 21:54:34.0265 1428 sptd - detected LockedFile.Multi.Generic (1)
2011/09/01 21:54:34.0375 1428 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/01 21:54:34.0468 1428 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/01 21:54:34.0593 1428 SWDUMon (5a8900251c6bb93f9fe9f2f556e3593e) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
2011/09/01 21:54:34.0671 1428 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/01 21:54:34.0781 1428 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/01 21:54:35.0062 1428 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/01 21:54:35.0171 1428 SysTool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\SysTool.sys
2011/09/01 21:54:35.0281 1428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/01 21:54:35.0406 1428 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/01 21:54:35.0500 1428 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/01 21:54:35.0578 1428 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/01 21:54:35.0765 1428 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/01 21:54:35.0937 1428 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/01 21:54:36.0078 1428 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/01 21:54:36.0156 1428 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/01 21:54:36.0250 1428 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/01 21:54:36.0328 1428 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/01 21:54:36.0484 1428 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/01 21:54:36.0593 1428 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/01 21:54:36.0671 1428 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/01 21:54:36.0781 1428 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/01 21:54:36.0843 1428 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/01 21:54:36.0953 1428 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/01 21:54:37.0046 1428 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/09/01 21:54:37.0140 1428 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/01 21:54:37.0265 1428 VIAPFD (662626bccf060f2f4b6d5af7ac121ff5) C:\WINDOWS\System32\Drivers\VIAPFD.SYS
2011/09/01 21:54:37.0375 1428 videX32 (09d0aa11e41ca58f65006d5de84acaf0) C:\WINDOWS\system32\DRIVERS\videX32.sys
2011/09/01 21:54:37.0421 1428 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/01 21:54:37.0531 1428 vulfnths (c0f55cc0903cfdc819f6d857402b697c) C:\WINDOWS\System32\Drivers\vulfnth.sys
2011/09/01 21:54:37.0625 1428 vulfntrs (545d98a7f61af1c7c4ad38b8f333e0b7) C:\WINDOWS\System32\Drivers\vulfntr.sys
2011/09/01 21:54:37.0734 1428 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/01 21:54:37.0859 1428 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/09/01 21:54:38.0062 1428 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/01 21:54:38.0250 1428 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/01 21:54:38.0343 1428 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/01 21:54:38.0453 1428 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/01 21:54:38.0578 1428 xfilt (d16ac638a45d0df2e3bf0d4e0e42a381) C:\WINDOWS\system32\DRIVERS\xfilt.sys
2011/09/01 21:54:38.0640 1428 MBR (0x1B8) (90f0e56d422370bae9356874a0afd4b5) \Device\Harddisk0\DR0
2011/09/01 21:54:38.0671 1428 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR1
2011/09/01 21:54:38.0812 1428 Boot (0x1200) (f19748656218a357821228f96e547b7a) \Device\Harddisk0\DR0\Partition0
2011/09/01 21:54:38.0843 1428 Boot (0x1200) (be2300b89f3e1f3cb2d0532fd430013b) \Device\Harddisk1\DR1\Partition0
2011/09/01 21:54:38.0875 1428 Boot (0x1200) (229dd635c0927063a0df6627cc729b40) \Device\Harddisk1\DR1\Partition1
2011/09/01 21:54:38.0875 1428 ================================================================================
2011/09/01 21:54:38.0875 1428 Scan finished
2011/09/01 21:54:38.0875 1428 ================================================================================
2011/09/01 21:54:38.0906 1200 Detected object count: 2
2011/09/01 21:54:38.0906 1200 Actual detected object count: 2
2011/09/01 21:54:41.0828 1200 LockedFile.Multi.Generic(dtscsi) - User select action: Skip
2011/09/01 21:54:41.0828 1200 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/09/01 21:54:50.0250 1468 Deinitialize success

žádná nákaza...

vyzkoušej a napiš , na viry už to nevypadá , ale kdyby byly ještě problémy:

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.