Prosím o kontrolu logu - trojan?

Poky · Příspěvekod **Poky** » 13 pro 2011 20:17

Zdravím. Dneska sem musel posílat sms z gmailu a resetovat heslo, protože mi nějaká reklama na viagru rozesílala maily. Heslo bezpečné, avast žádný vir nenašel.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:24, on 13.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Michal\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SensorsView] C:\Program Files\SensorsView\sview.exe
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [tsnpstd3] ; C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [HP Software Update] ; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EVGAPrecision] ; "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] ; "C:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HDDHealth] ; C:\Program Files\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Michal\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Michal\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] ; C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKUS\S-1-5-21-583907252-1604221776-725345543-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: _uninst_setup_9.0.0.722_20.02.2010_20-04.exe.lnk = C:\Documents and Settings\Michal\Local Settings\temp\_uninst_setup_9.0.0.722_20.02.2010_20-04.exe.bat
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 11186 bytes

Reklama

Příspěvekod **jaro3** » 13 pro 2011 21:32

Trojan a červ...

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Michal\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - Startup: _uninst_setup_9.0.0.722_20.02.2010_20-04.exe.lnk = C:\Documents and Settings\Michal\Local Settings\temp\_uninst_setup_9.0.0.722_20.02.2010_20-04.exe.bat
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Poky · Příspěvekod **Poky** » 14 pro 2011 17:58

regtool vir není mimochodem, asi se mu jen nelíbí..

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14.12.2011 17:56:41
mbam-log-2011-12-14 (17-56-37).txt

Typ: Rychlá kontrola
Kontrolované objekty: 210379
Uplynulý čas: 7 minut, 36 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 23
Infikované soubory: 318

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3EF3BD5-02F3-4F99-9DAC-A20637DF084D}_is1 (Rogue.RegTool) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\program files\regTool (Rogue.RegTool) -> No action taken.
c:\program files\regTool\Data (Rogue.RegTool) -> No action taken.
c:\program files\regTool\Email (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\chrome (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\autoconfig (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\pref (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\profile (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\profile\chrome (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\profile\US (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\profile\US\chrome (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\dictionaries (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\greprefs (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\modules (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\plugins (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\dtd (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\entitytables (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\fonts (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\html (Rogue.RegTool) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\regTool (Rogue.RegTool) -> No action taken.

Infikované soubory:
c:\downloads\ventrilo-2.1.4.exe (Trojan.Dropper) -> No action taken.
c:\program files\regTool\account.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\folderzipper.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\icsharpcode.sharpziplib.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\microsoft.reportviewer.common.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\microsoft.reportviewer.processingobjectmodel.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\microsoft.reportviewer.winforms.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\regTool.exe (Rogue.RegTool) -> No action taken.
c:\program files\regTool\regtool.exe.config (Rogue.RegTool) -> No action taken.
c:\program files\regTool\skybound.gecko.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\system.data.sqlite.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\unins000.dat (Rogue.RegTool) -> No action taken.
c:\program files\regTool\unins000.exe (Rogue.RegTool) -> No action taken.
c:\program files\regTool\Data\elNames.xml (Rogue.RegTool) -> No action taken.
c:\program files\regTool\Data\regdb.s3db (Rogue.RegTool) -> No action taken.
c:\program files\regTool\Data\regdbnew.s3db (Rogue.RegTool) -> No action taken.
c:\program files\regTool\Data\system.data.sqlite.xml (Rogue.RegTool) -> No action taken.
c:\program files\regTool\Email\vzorovyemail.txt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\js3250.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\accessiblemarshal.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\crashreporter.exe (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\crashreporter.ini (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\dependentlibs.list (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\freebl3.chk (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\freebl3.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\ia2marshal.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\javaxpcom.jar (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\javaxpcomglue.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\js.exe (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\LICENSE (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\mozcrt19.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\mozctl.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\mozctlx.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\nspr-config (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\nspr4.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\nss3.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\nssckbi.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\nssdbm3.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\nssutil3.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\platform.ini (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\plc4.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\plds4.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\README.txt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\redit.exe (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\smime3.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\softokn3.chk (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\softokn3.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\sqlite3.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\ssl3.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\update.locale (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\updater.exe (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\xpcom.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\xpcshell.exe (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\xpidl.exe (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\xpt_dump.exe (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\xpt_link.exe (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\xul.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\xulrunner-stub.exe (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\xulrunner.exe (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\chrome\classic.jar (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\chrome\classic.manifest (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\chrome\comm.jar (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\chrome\comm.manifest (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\chrome\en-US.jar (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\chrome\en-us.manifest (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\chrome\pippki.jar (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\chrome\pippki.manifest (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\chrome\toolkit.jar (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\chrome\toolkit.manifest (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\accessibility-msaa.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\accessibility.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\alerts.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\appshell.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\appstartup.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\autocomplete.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\autoconfig.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\caps.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\chardet.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\chrome.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\commandhandler.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\commandlines.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\composer.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\compreg.dat (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\contentprefs.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\content_base.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\content_html.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\content_htmldoc.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\content_xmldoc.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\content_xslt.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\content_xtf.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\directory.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\docshell_base.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_base.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_canvas.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_core.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_css.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_events.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_geolocation.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_html.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_json.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_loadsave.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_offline.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_range.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_sidebar.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_storage.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_stylesheets.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_svg.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_threads.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_traversal.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_views.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_xpath.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_xul.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\downloads.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\editor.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\embed_base.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\extensions.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\exthandler.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\exthelper.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\fastfind.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\feedprocessor.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\feeds.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\cookie.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\dom_xbl.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\find.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko_cookie.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nssearchsuggestions.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\pipnss.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\storage-mozstorage.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\urlformatter.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xpcom_thread.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\gfx.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\htmlparser.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\imgicon.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\imglib2.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\inspector.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\intl.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\jar.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\jsconsole-clhandler.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\jsdservice.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\layout_base.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\layout_printing.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\layout_xul.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\layout_xul_tree.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\locale.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\loginmgr.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\lwbrk.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\mimetype.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\mozbrwsr.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\mozfind.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko_about.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko_cache.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko_dns.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko_file.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko_ftp.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko_http.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko_res.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko_socket.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko_strconv.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko_viewsource.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\necko_wifi.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\networkgeolocationprovider.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsaddonrepository.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsbadcerthandler.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsblocklistservice.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nscontentdispatchchooser.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nscontentprefservice.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsdefaultclh.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsdownloadmanagerui.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsextensionmanager.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nshandlerservice.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nshelperappdlg.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nslivemarkservice.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nslogininfo.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsloginmanager.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsloginmanagerprompter.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsplacesdbflush.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nspostupdatewin.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsprogressdialog.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsproxyautoconfig.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nssearchservice.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nstaggingservice.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nstrytoclose.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsupdateservice.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsurlformatter.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nswebhandlerapp.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\nsxulappinstall.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\oji.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\parentalcontrols.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\pipboot.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\pippki.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\places.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\plugin.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\pluginglue.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\pref.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\prefetch.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\profile.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\proxyobject.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\rdf.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\satchel.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\saxparser.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\shistory.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\spellchecker.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\storage-legacy.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\storage.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\toolkitprofile.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\toolkitsearch.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\txexsltregexfunctions.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\txmgr.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\txtsvc.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\uconv.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\unicharutil.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\update.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\uriloader.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\webbrowserpersist.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\webbrowser_core.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\webshell_idls.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\widget.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\windowds.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\windowwatcher.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xpcom_base.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xpcom_components.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xpcom_ds.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xpcom_io.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xpcom_system.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xpcom_xpti.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xpconnect.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xpinstall.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xpti.dat (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xulapp.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xulapp_setup.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xuldoc.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\xultmpl.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\components\zipwriter.xpt (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\autoconfig\platform.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\autoconfig\prefcalls.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\pref\xulrunner.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\profile\localstore.rdf (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\profile\chrome\userchrome-example.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\profile\chrome\usercontent-example.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\profile\US\localstore.rdf (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\profile\US\chrome\userchrome-example.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\defaults\profile\US\chrome\usercontent-example.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\dictionaries\en-US.aff (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\dictionaries\en-US.dic (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\greprefs\all.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\greprefs\security-prefs.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\greprefs\xpinstall.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\modules\debug.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\modules\downloadlastdir.jsm (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\modules\downloadutils.jsm (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\modules\iso8601dateutils.jsm (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\modules\microformats.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\modules\placesdbutils.jsm (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\modules\pluralform.jsm (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\modules\spatialnavigation.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\modules\utils.js (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\modules\windowdraggingutils.jsm (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\modules\xpcomutils.jsm (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\plugins\npnul32.dll (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-add-column-after-active.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\arrow.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\arrowd.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\broken-image.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\charsetalias.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\charsetdata.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\contenteditable.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\designmode.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\editoroverride.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\forms.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\grabber.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\hiddenwindow.html (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\html.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\langgroups.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\language.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\loading-image.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\mathml.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\quirk.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\svg.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-add-column-after-hover.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-add-column-after.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-add-column-before-active.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-add-column-before-hover.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-add-column-before.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-add-row-after-active.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-add-row-after-hover.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-add-row-after.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-add-row-before-active.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-add-row-before-hover.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-add-row-before.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-remove-column-active.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-remove-column-hover.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-remove-column.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-remove-row-active.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-remove-row-hover.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\table-remove-row.gif (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\ua.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\viewsource.css (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\wincharset.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\dtd\mathml.dtd (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\dtd\xhtml11.dtd (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\entitytables\html40latin1.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\entitytables\html40special.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\entitytables\html40symbols.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\entitytables\htmlentityversions.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\entitytables\mathml20.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\entitytables\transliterate.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\fonts\mathfont.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\fonts\mathfontstandardsymbolsl.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\fonts\mathfontstixnonunicode.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\fonts\mathfontstixsize1.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\fonts\mathfontsymbol.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\fonts\mathfontunicode.properties (Rogue.RegTool) -> No action taken.
c:\program files\regTool\xulrunner\res\html\folder.png (Rogue.RegTool) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\regTool\aplikace regtool na internetu.url (Rogue.RegTool) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\regTool\odinstalovat aplikaci regtool.lnk (Rogue.RegTool) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\regTool\regTool.lnk (Rogue.RegTool) -> No action taken.

Příspěvekod **jaro3** » 14 pro 2011 19:24

No , ale je to Adware , to bude ta reklama , co Ti vyskakuje..

Měl bys to smazat celý..
:
http://www.emsisoft.fr/en/malware/?Adware.Win32.RegTool

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Poky · Příspěvekod **Poky** » 14 pro 2011 20:14

To jsem se asi spatne vyjadril - mne zadna reklama nevyskakuje. Jen sem zjistoval, proc bylo nutne menit heslo na gmail a nasel tam vracene+v odeslanych maily s odkazem na nejakou viagru nebo neco.

Jinak ten regtool mam od zamestnavatele a normalne v nem pracuji (tyka se to spravy ruznych katalogu), takze jeho odstraneni neprichazi moc v uvahu..

Jedine co me napada je to ventrilo, to sem shanel nedavno celkem na rychlo urcitou verzi, takze sem pri tom asi neco nabral..

Příspěvekod **jaro3** » 14 pro 2011 21:03

Jak myslíš , tak regtool nech , ostatní odstraň...

Poky · Příspěvekod **Poky** » 14 pro 2011 22:26

Koukám combofix se s tím nemaže. :-)) Budu si muset zase vyžádat link na ten program..

ComboFix 11-12-13.03 - Michal 14.12.2011 22:03:47.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2290 [GMT 1:00]
Spuštěný z: c:\documents and settings\Michal\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Michal\Plocha\Setup.exe
c:\documents and settings\Michal\WINDOWS
c:\program files\lol
c:\program files\lol\League of Legends\0x0407.ini
c:\program files\lol\League of Legends\0x0409.ini
c:\program files\lol\League of Legends\0x040a.ini
c:\program files\lol\League of Legends\0x040c.ini
c:\program files\lol\League of Legends\data1.cab
c:\program files\lol\League of Legends\data1.hdr
c:\program files\lol\League of Legends\data2.cab
c:\program files\lol\League of Legends\ISSetup.dll
c:\program files\lol\League of Legends\layout.bin
c:\program files\lol\League of Legends\setup.exe
c:\program files\lol\League of Legends\setup.ini
c:\program files\lol\League of Legends\setup.inx
c:\program files\lol\League of Legends\setup.isn
c:\program files\RegTool
c:\program files\RegTool\account.dll
c:\program files\RegTool\Data\elNames.xml
c:\program files\RegTool\Data\regDB.s3db
c:\program files\RegTool\Data\regDBNew.s3db
c:\program files\RegTool\Data\System.Data.SQLite.xml
c:\program files\RegTool\Email\vzorovyEmail.txt
c:\program files\RegTool\FolderZipper.dll
c:\program files\RegTool\ICSharpCode.SharpZipLib.dll
c:\program files\RegTool\Microsoft.ReportViewer.Common.dll
c:\program files\RegTool\Microsoft.ReportViewer.ProcessingObjectModel.dll
c:\program files\RegTool\Microsoft.ReportViewer.WinForms.dll
c:\program files\RegTool\regTool.exe
c:\program files\RegTool\regTool.exe.config
c:\program files\RegTool\Skybound.Gecko.dll
c:\program files\RegTool\System.Data.SQLite.dll
c:\program files\RegTool\unins000.dat
c:\program files\RegTool\unins000.exe
c:\program files\RegTool\xulrunner\AccessibleMarshal.dll
c:\program files\RegTool\xulrunner\components\accessibility-msaa.xpt
c:\program files\RegTool\xulrunner\components\accessibility.xpt
c:\program files\RegTool\xulrunner\components\alerts.xpt
c:\program files\RegTool\xulrunner\components\appshell.xpt
c:\program files\RegTool\xulrunner\components\appstartup.xpt
c:\program files\RegTool\xulrunner\components\autocomplete.xpt
c:\program files\RegTool\xulrunner\components\autoconfig.xpt
c:\program files\RegTool\xulrunner\components\caps.xpt
c:\program files\RegTool\xulrunner\components\commandhandler.xpt
c:\program files\RegTool\xulrunner\components\commandlines.xpt
c:\program files\RegTool\xulrunner\components\composer.xpt
c:\program files\RegTool\xulrunner\components\compreg.dat
c:\program files\RegTool\xulrunner\components\content_base.xpt
c:\program files\RegTool\xulrunner\components\content_html.xpt
c:\program files\RegTool\xulrunner\components\content_htmldoc.xpt
c:\program files\RegTool\xulrunner\components\content_xmldoc.xpt
c:\program files\RegTool\xulrunner\components\content_xslt.xpt
c:\program files\RegTool\xulrunner\components\content_xtf.xpt
c:\program files\RegTool\xulrunner\components\contentprefs.xpt
c:\program files\RegTool\xulrunner\components\cookie.xpt
c:\program files\RegTool\xulrunner\components\directory.xpt
c:\program files\RegTool\xulrunner\components\docshell_base.xpt
c:\program files\RegTool\xulrunner\components\dom.xpt
c:\program files\RegTool\xulrunner\components\dom_base.xpt
c:\program files\RegTool\xulrunner\components\dom_canvas.xpt
c:\program files\RegTool\xulrunner\components\dom_core.xpt
c:\program files\RegTool\xulrunner\components\dom_css.xpt
c:\program files\RegTool\xulrunner\components\dom_events.xpt
c:\program files\RegTool\xulrunner\components\dom_geolocation.xpt
c:\program files\RegTool\xulrunner\components\dom_html.xpt
c:\program files\RegTool\xulrunner\components\dom_json.xpt
c:\program files\RegTool\xulrunner\components\dom_loadsave.xpt
c:\program files\RegTool\xulrunner\components\dom_offline.xpt
c:\program files\RegTool\xulrunner\components\dom_range.xpt
c:\program files\RegTool\xulrunner\components\dom_sidebar.xpt
c:\program files\RegTool\xulrunner\components\dom_storage.xpt
c:\program files\RegTool\xulrunner\components\dom_stylesheets.xpt
c:\program files\RegTool\xulrunner\components\dom_svg.xpt
c:\program files\RegTool\xulrunner\components\dom_threads.xpt
c:\program files\RegTool\xulrunner\components\dom_traversal.xpt
c:\program files\RegTool\xulrunner\components\dom_views.xpt
c:\program files\RegTool\xulrunner\components\dom_xbl.xpt
c:\program files\RegTool\xulrunner\components\dom_xpath.xpt
c:\program files\RegTool\xulrunner\components\dom_xul.xpt
c:\program files\RegTool\xulrunner\components\downloads.xpt
c:\program files\RegTool\xulrunner\components\editor.xpt
c:\program files\RegTool\xulrunner\components\embed_base.xpt
c:\program files\RegTool\xulrunner\components\extensions.xpt
c:\program files\RegTool\xulrunner\components\exthandler.xpt
c:\program files\RegTool\xulrunner\components\exthelper.xpt
c:\program files\RegTool\xulrunner\components\fastfind.xpt
c:\program files\RegTool\xulrunner\components\FeedProcessor.js
c:\program files\RegTool\xulrunner\components\feeds.xpt
c:\program files\RegTool\xulrunner\components\find.xpt
c:\program files\RegTool\xulrunner\components\gfx.xpt
c:\program files\RegTool\xulrunner\components\htmlparser.xpt
c:\program files\RegTool\xulrunner\components\chardet.xpt
c:\program files\RegTool\xulrunner\components\chrome.xpt
c:\program files\RegTool\xulrunner\components\imgicon.xpt
c:\program files\RegTool\xulrunner\components\imglib2.xpt
c:\program files\RegTool\xulrunner\components\inspector.xpt
c:\program files\RegTool\xulrunner\components\intl.xpt
c:\program files\RegTool\xulrunner\components\jar.xpt
c:\program files\RegTool\xulrunner\components\jsconsole-clhandler.js
c:\program files\RegTool\xulrunner\components\jsdservice.xpt
c:\program files\RegTool\xulrunner\components\layout_base.xpt
c:\program files\RegTool\xulrunner\components\layout_printing.xpt
c:\program files\RegTool\xulrunner\components\layout_xul.xpt
c:\program files\RegTool\xulrunner\components\layout_xul_tree.xpt
c:\program files\RegTool\xulrunner\components\locale.xpt
c:\program files\RegTool\xulrunner\components\loginmgr.xpt
c:\program files\RegTool\xulrunner\components\lwbrk.xpt
c:\program files\RegTool\xulrunner\components\mimetype.xpt
c:\program files\RegTool\xulrunner\components\mozbrwsr.xpt
c:\program files\RegTool\xulrunner\components\mozfind.xpt
c:\program files\RegTool\xulrunner\components\necko.xpt
c:\program files\RegTool\xulrunner\components\necko_about.xpt
c:\program files\RegTool\xulrunner\components\necko_cache.xpt
c:\program files\RegTool\xulrunner\components\necko_cookie.xpt
c:\program files\RegTool\xulrunner\components\necko_dns.xpt
c:\program files\RegTool\xulrunner\components\necko_file.xpt
c:\program files\RegTool\xulrunner\components\necko_ftp.xpt
c:\program files\RegTool\xulrunner\components\necko_http.xpt
c:\program files\RegTool\xulrunner\components\necko_res.xpt
c:\program files\RegTool\xulrunner\components\necko_socket.xpt
c:\program files\RegTool\xulrunner\components\necko_strconv.xpt
c:\program files\RegTool\xulrunner\components\necko_viewsource.xpt
c:\program files\RegTool\xulrunner\components\necko_wifi.xpt
c:\program files\RegTool\xulrunner\components\NetworkGeolocationProvider.js
c:\program files\RegTool\xulrunner\components\nsAddonRepository.js
c:\program files\RegTool\xulrunner\components\nsBadCertHandler.js
c:\program files\RegTool\xulrunner\components\nsBlocklistService.js
c:\program files\RegTool\xulrunner\components\nsContentDispatchChooser.js
c:\program files\RegTool\xulrunner\components\nsContentPrefService.js
c:\program files\RegTool\xulrunner\components\nsDefaultCLH.js
c:\program files\RegTool\xulrunner\components\nsDownloadManagerUI.js
c:\program files\RegTool\xulrunner\components\nsExtensionManager.js
c:\program files\RegTool\xulrunner\components\nsHandlerService.js
c:\program files\RegTool\xulrunner\components\nsHelperAppDlg.js
c:\program files\RegTool\xulrunner\components\nsLivemarkService.js
c:\program files\RegTool\xulrunner\components\nsLoginInfo.js
c:\program files\RegTool\xulrunner\components\nsLoginManager.js
c:\program files\RegTool\xulrunner\components\nsLoginManagerPrompter.js
c:\program files\RegTool\xulrunner\components\nsPlacesDBFlush.js
c:\program files\RegTool\xulrunner\components\nsPostUpdateWin.js
c:\program files\RegTool\xulrunner\components\nsProgressDialog.js
c:\program files\RegTool\xulrunner\components\nsProxyAutoConfig.js
c:\program files\RegTool\xulrunner\components\nsSearchService.js
c:\program files\RegTool\xulrunner\components\nsSearchSuggestions.js
c:\program files\RegTool\xulrunner\components\nsTaggingService.js
c:\program files\RegTool\xulrunner\components\nsTryToClose.js
c:\program files\RegTool\xulrunner\components\nsUpdateService.js
c:\program files\RegTool\xulrunner\components\nsURLFormatter.js
c:\program files\RegTool\xulrunner\components\nsWebHandlerApp.js
c:\program files\RegTool\xulrunner\components\nsXULAppInstall.js
c:\program files\RegTool\xulrunner\components\oji.xpt
c:\program files\RegTool\xulrunner\components\parentalcontrols.xpt
c:\program files\RegTool\xulrunner\components\pipboot.xpt
c:\program files\RegTool\xulrunner\components\pipnss.xpt
c:\program files\RegTool\xulrunner\components\pippki.xpt
c:\program files\RegTool\xulrunner\components\places.xpt
c:\program files\RegTool\xulrunner\components\plugin.xpt
c:\program files\RegTool\xulrunner\components\pluginGlue.js
c:\program files\RegTool\xulrunner\components\pref.xpt
c:\program files\RegTool\xulrunner\components\prefetch.xpt
c:\program files\RegTool\xulrunner\components\profile.xpt
c:\program files\RegTool\xulrunner\components\proxyObject.xpt
c:\program files\RegTool\xulrunner\components\rdf.xpt
c:\program files\RegTool\xulrunner\components\satchel.xpt
c:\program files\RegTool\xulrunner\components\saxparser.xpt
c:\program files\RegTool\xulrunner\components\shistory.xpt
c:\program files\RegTool\xulrunner\components\spellchecker.xpt
c:\program files\RegTool\xulrunner\components\storage-Legacy.js
c:\program files\RegTool\xulrunner\components\storage-mozStorage.js
c:\program files\RegTool\xulrunner\components\storage.xpt
c:\program files\RegTool\xulrunner\components\toolkitprofile.xpt
c:\program files\RegTool\xulrunner\components\toolkitsearch.xpt
c:\program files\RegTool\xulrunner\components\txEXSLTRegExFunctions.js
c:\program files\RegTool\xulrunner\components\txmgr.xpt
c:\program files\RegTool\xulrunner\components\txtsvc.xpt
c:\program files\RegTool\xulrunner\components\uconv.xpt
c:\program files\RegTool\xulrunner\components\unicharutil.xpt
c:\program files\RegTool\xulrunner\components\update.xpt
c:\program files\RegTool\xulrunner\components\uriloader.xpt
c:\program files\RegTool\xulrunner\components\urlformatter.xpt
c:\program files\RegTool\xulrunner\components\webBrowser_core.xpt
c:\program files\RegTool\xulrunner\components\webbrowserpersist.xpt
c:\program files\RegTool\xulrunner\components\webshell_idls.xpt
c:\program files\RegTool\xulrunner\components\widget.xpt
c:\program files\RegTool\xulrunner\components\windowds.xpt
c:\program files\RegTool\xulrunner\components\windowwatcher.xpt
c:\program files\RegTool\xulrunner\components\xpcom_base.xpt
c:\program files\RegTool\xulrunner\components\xpcom_components.xpt
c:\program files\RegTool\xulrunner\components\xpcom_ds.xpt
c:\program files\RegTool\xulrunner\components\xpcom_io.xpt
c:\program files\RegTool\xulrunner\components\xpcom_system.xpt
c:\program files\RegTool\xulrunner\components\xpcom_thread.xpt
c:\program files\RegTool\xulrunner\components\xpcom_xpti.xpt
c:\program files\RegTool\xulrunner\components\xpconnect.xpt
c:\program files\RegTool\xulrunner\components\xpinstall.xpt
c:\program files\RegTool\xulrunner\components\xpti.dat
c:\program files\RegTool\xulrunner\components\xulapp.xpt
c:\program files\RegTool\xulrunner\components\xulapp_setup.xpt
c:\program files\RegTool\xulrunner\components\xuldoc.xpt
c:\program files\RegTool\xulrunner\components\xultmpl.xpt
c:\program files\RegTool\xulrunner\components\zipwriter.xpt
c:\program files\RegTool\xulrunner\crashreporter.exe
c:\program files\RegTool\xulrunner\crashreporter.ini
c:\program files\RegTool\xulrunner\defaults\autoconfig\platform.js
c:\program files\RegTool\xulrunner\defaults\autoconfig\prefcalls.js
c:\program files\RegTool\xulrunner\defaults\pref\xulrunner.js
c:\program files\RegTool\xulrunner\defaults\profile\chrome\userContent-example.css
c:\program files\RegTool\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\program files\RegTool\xulrunner\defaults\profile\localstore.rdf
c:\program files\RegTool\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\program files\RegTool\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\program files\RegTool\xulrunner\defaults\profile\US\localstore.rdf
c:\program files\RegTool\xulrunner\dependentlibs.list
c:\program files\RegTool\xulrunner\dictionaries\en-US.aff
c:\program files\RegTool\xulrunner\dictionaries\en-US.dic
c:\program files\RegTool\xulrunner\freebl3.dll
c:\program files\RegTool\xulrunner\freebl3.chk
c:\program files\RegTool\xulrunner\greprefs\all.js
c:\program files\RegTool\xulrunner\greprefs\security-prefs.js
c:\program files\RegTool\xulrunner\greprefs\xpinstall.js
c:\program files\RegTool\xulrunner\chrome\classic.jar
c:\program files\RegTool\xulrunner\chrome\classic.manifest
c:\program files\RegTool\xulrunner\chrome\comm.jar
c:\program files\RegTool\xulrunner\chrome\comm.manifest
c:\program files\RegTool\xulrunner\chrome\en-US.jar
c:\program files\RegTool\xulrunner\chrome\en-US.manifest
c:\program files\RegTool\xulrunner\chrome\pippki.jar
c:\program files\RegTool\xulrunner\chrome\pippki.manifest
c:\program files\RegTool\xulrunner\chrome\toolkit.jar
c:\program files\RegTool\xulrunner\chrome\toolkit.manifest
c:\program files\RegTool\xulrunner\IA2Marshal.dll
c:\program files\RegTool\xulrunner\javaxpcom.jar
c:\program files\RegTool\xulrunner\javaxpcomglue.dll
c:\program files\RegTool\xulrunner\js.exe
c:\program files\RegTool\xulrunner\js3250.dll
c:\program files\RegTool\xulrunner\LICENSE
c:\program files\RegTool\xulrunner\modules\debug.js
c:\program files\RegTool\xulrunner\modules\DownloadLastDir.jsm
c:\program files\RegTool\xulrunner\modules\DownloadUtils.jsm
c:\program files\RegTool\xulrunner\modules\ISO8601DateUtils.jsm
c:\program files\RegTool\xulrunner\modules\Microformats.js
c:\program files\RegTool\xulrunner\modules\PlacesDBUtils.jsm
c:\program files\RegTool\xulrunner\modules\PluralForm.jsm
c:\program files\RegTool\xulrunner\modules\SpatialNavigation.js
c:\program files\RegTool\xulrunner\modules\utils.js
c:\program files\RegTool\xulrunner\modules\WindowDraggingUtils.jsm
c:\program files\RegTool\xulrunner\modules\XPCOMUtils.jsm
c:\program files\RegTool\xulrunner\mozcrt19.dll
c:\program files\RegTool\xulrunner\mozctl.dll
c:\program files\RegTool\xulrunner\mozctlx.dll
c:\program files\RegTool\xulrunner\nspr-config
c:\program files\RegTool\xulrunner\nspr4.dll
c:\program files\RegTool\xulrunner\nss3.dll
c:\program files\RegTool\xulrunner\nssckbi.dll
c:\program files\RegTool\xulrunner\nssdbm3.dll
c:\program files\RegTool\xulrunner\nssutil3.dll
c:\program files\RegTool\xulrunner\platform.ini
c:\program files\RegTool\xulrunner\plc4.dll
c:\program files\RegTool\xulrunner\plds4.dll
c:\program files\RegTool\xulrunner\plugins\npnul32.dll
c:\program files\RegTool\xulrunner\README.txt
c:\program files\RegTool\xulrunner\redit.exe
c:\program files\RegTool\xulrunner\res\arrow.gif
c:\program files\RegTool\xulrunner\res\arrowd.gif
c:\program files\RegTool\xulrunner\res\broken-image.gif
c:\program files\RegTool\xulrunner\res\contenteditable.css
c:\program files\RegTool\xulrunner\res\designmode.css
c:\program files\RegTool\xulrunner\res\dtd\mathml.dtd
c:\program files\RegTool\xulrunner\res\dtd\xhtml11.dtd
c:\program files\RegTool\xulrunner\res\EditorOverride.css
c:\program files\RegTool\xulrunner\res\entityTables\html40Latin1.properties
c:\program files\RegTool\xulrunner\res\entityTables\html40Special.properties
c:\program files\RegTool\xulrunner\res\entityTables\html40Symbols.properties
c:\program files\RegTool\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\program files\RegTool\xulrunner\res\entityTables\mathml20.properties
c:\program files\RegTool\xulrunner\res\entityTables\transliterate.properties
c:\program files\RegTool\xulrunner\res\fonts\mathfont.properties
c:\program files\RegTool\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\program files\RegTool\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\program files\RegTool\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\program files\RegTool\xulrunner\res\fonts\mathfontSymbol.properties
c:\program files\RegTool\xulrunner\res\fonts\mathfontUnicode.properties
c:\program files\RegTool\xulrunner\res\forms.css
c:\program files\RegTool\xulrunner\res\grabber.gif
c:\program files\RegTool\xulrunner\res\hiddenWindow.html
c:\program files\RegTool\xulrunner\res\html.css
c:\program files\RegTool\xulrunner\res\html\folder.png
c:\program files\RegTool\xulrunner\res\charsetalias.properties
c:\program files\RegTool\xulrunner\res\charsetData.properties
c:\program files\RegTool\xulrunner\res\langGroups.properties
c:\program files\RegTool\xulrunner\res\language.properties
c:\program files\RegTool\xulrunner\res\loading-image.gif
c:\program files\RegTool\xulrunner\res\mathml.css
c:\program files\RegTool\xulrunner\res\quirk.css
c:\program files\RegTool\xulrunner\res\svg.css
c:\program files\RegTool\xulrunner\res\table-add-column-after-active.gif
c:\program files\RegTool\xulrunner\res\table-add-column-after-hover.gif
c:\program files\RegTool\xulrunner\res\table-add-column-after.gif
c:\program files\RegTool\xulrunner\res\table-add-column-before-active.gif
c:\program files\RegTool\xulrunner\res\table-add-column-before-hover.gif
c:\program files\RegTool\xulrunner\res\table-add-column-before.gif
c:\program files\RegTool\xulrunner\res\table-add-row-after-active.gif
c:\program files\RegTool\xulrunner\res\table-add-row-after-hover.gif
c:\program files\RegTool\xulrunner\res\table-add-row-after.gif
c:\program files\RegTool\xulrunner\res\table-add-row-before-active.gif
c:\program files\RegTool\xulrunner\res\table-add-row-before-hover.gif
c:\program files\RegTool\xulrunner\res\table-add-row-before.gif
c:\program files\RegTool\xulrunner\res\table-remove-column-active.gif
c:\program files\RegTool\xulrunner\res\table-remove-column-hover.gif
c:\program files\RegTool\xulrunner\res\table-remove-column.gif
c:\program files\RegTool\xulrunner\res\table-remove-row-active.gif
c:\program files\RegTool\xulrunner\res\table-remove-row-hover.gif
c:\program files\RegTool\xulrunner\res\table-remove-row.gif
c:\program files\RegTool\xulrunner\res\ua.css
c:\program files\RegTool\xulrunner\res\viewsource.css
c:\program files\RegTool\xulrunner\res\wincharset.properties
c:\program files\RegTool\xulrunner\smime3.dll
c:\program files\RegTool\xulrunner\softokn3.dll
c:\program files\RegTool\xulrunner\softokn3.chk
c:\program files\RegTool\xulrunner\sqlite3.dll
c:\program files\RegTool\xulrunner\ssl3.dll
c:\program files\RegTool\xulrunner\update.locale
c:\program files\RegTool\xulrunner\updater.exe
c:\program files\RegTool\xulrunner\xpcom.dll
c:\program files\RegTool\xulrunner\xpcshell.exe
c:\program files\RegTool\xulrunner\xpidl.exe
c:\program files\RegTool\xulrunner\xpt_dump.exe
c:\program files\RegTool\xulrunner\xpt_link.exe
c:\program files\RegTool\xulrunner\xul.dll
c:\program files\RegTool\xulrunner\xulrunner-stub.exe
c:\program files\RegTool\xulrunner\xulrunner.exe
c:\windows\system\actualspy.lnk
c:\windows\system32\wservice.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-14 do 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 20:49 . 2011-12-14 20:49 54016 ----a-w- c:\windows\system32\drivers\vooym.sys
2011-12-13 19:14 . 2011-12-13 19:14 388096 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-01 20:51 . 2011-12-01 20:51 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2011-12-01 20:51 . 1999-04-12 23:00 1046288 ------w- c:\windows\system32\msjet35.dll
2011-12-01 20:51 . 1998-05-01 20:01 368912 ------w- c:\windows\system32\vbar332.dll
2011-12-01 20:51 . 1998-05-01 20:01 287504 ------w- c:\windows\system32\msxbse35.dll
2011-12-01 20:51 . 1998-05-01 20:01 252176 ------w- c:\windows\system32\msrd2x35.dll
2011-12-01 20:51 . 1998-05-01 20:01 250128 ------w- c:\windows\system32\msexcl35.dll
2011-12-01 20:51 . 1998-05-01 20:01 165648 ------w- c:\windows\system32\mstext35.dll
2011-12-01 20:51 . 1999-04-12 23:00 415504 ------w- c:\windows\system32\msrepl35.dll
2011-12-01 20:51 . 1998-05-01 20:01 24848 ------w- c:\windows\system32\msjter35.dll
2011-12-01 20:51 . 1998-05-01 20:01 123664 ------w- c:\windows\system32\Msjint35.dll
2011-12-01 20:51 . 2011-12-01 20:51 -------- d-----w- c:\program files\STORMWARE
2011-11-27 15:58 . 2011-11-27 16:02 -------- d-----w- c:\program files\Garena Classic
2011-11-27 15:30 . 2011-12-12 20:48 -------- d-----w- c:\documents and settings\Michal\Local Settings\Data aplikací\LogMeIn Hamachi
2011-11-27 15:30 . 2011-12-14 21:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2011-11-27 15:30 . 2011-11-27 15:30 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-11-24 21:32 . 1994-09-21 02:00 12800 ----a-w- c:\windows\system\WING32.DLL
2011-11-18 22:44 . 2011-11-18 22:44 3177 ----a-w- C:\STF85.tmp
2011-11-17 15:51 . 2011-11-17 15:52 -------- d-----w- c:\program files\Test My Hardware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 17:22 . 2011-06-29 12:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 11:32 . 2011-11-07 11:32 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-11-07 11:32 . 2011-11-07 11:32 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-11-07 11:32 . 2011-11-07 11:32 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-11-07 11:30 . 2011-11-07 11:30 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2011-10-30 08:57 . 2011-10-30 08:57 40960 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-10-30 08:57 . 2011-10-30 08:57 40960 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-10-10 14:22 . 2009-04-27 18:49 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2011-11-13 07:54 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-08 04:50 . 2011-11-13 07:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2011-11-13 07:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2011-11-13 07:53 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2011-11-13 07:53 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2009-08-08 18:38 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2009-08-08 18:38 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2009-07-14 11:34 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2009-07-14 11:34 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2009-07-14 11:34 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2009-07-14 11:34 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2008-10-07 05:33 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2008-10-07 05:33 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2008-10-07 05:33 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2008-10-07 05:33 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2008-10-07 05:33 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-03 03:06 . 2011-10-22 19:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2009-05-11 13:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-01 13:37 . 2011-10-01 13:37 3079 ----a-w- C:\STF2AA.tmp
2011-09-28 07:06 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2008-03-09 05:25 . 2009-04-30 17:01 236 ---ha-w- c:\program files\Common Files\dx.reg
2011-09-09 22:33 . 2011-08-17 12:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-11-07 3077528]
"Octoshape Streaming Services"="c:\documents and settings\Michal\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SensorsView"="c:\program files\SensorsView\sview.exe" [2005-11-28 940032]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2009-08-18 273424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\Michal\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [N/A]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-27 813584]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Action Manager 32.lnk]
backup=c:\windows\pss\Action Manager 32.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal^Nabídka Start^Programy^Po spuštění^GIGABYTE Gamer HUD.lnk]
backup=c:\windows\pss\GIGABYTE Gamer HUD.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-16 19:22 1242448 ----a-w- e:\games\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 11:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Windows Mobile 6 SDK\\Tools\\Cellular Emulator\\Cellular Emulator.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Michal\\Dokumenty\\Downloads\\Ranked Gaming Client\\rgc.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Documents and Settings\\Michal\\Data aplikací\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Documents and Settings\\Michal\\Data aplikací\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\GRETECH\\GomTVStreamer\\GomTVStreamerLive.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Starcraft II NA\\StarCraft II.exe"=
"c:\\Program Files\\Starcraft II NA\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\Starcraft II NA\\StarCraft II Public Test.exe"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\Games\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Games\\Starcraft 2\\StarCraft II.exe"=
"e:\\Games\\Arma 2\\Bohemia Interactive\\arma2free.exe"=
"e:\\Games\\Starcraft 2\\Versions\\Base19132\\SC2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"e:\\Games\\Starcraft 2 NA\\StarCraft II.exe"=
"e:\\Games\\Starcraft 2 NA\\StarCraft II Public Test.exe"=
"e:\\Games\\portal 2\\Portal 2\\portal2.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"e:\\Games\\W3 TFT\\Warcraft III Reign of Chaos & The Frozen Throne\\Warcraft III.exe"=
"c:\\Program Files\\Garena Classic\\Garena.exe"=
"e:\\Games\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57390:TCP"= 57390:TCP:Pando Media Booster
"57390:UDP"= 57390:UDP:Pando Media Booster
"67:TCP"= 67:TCP:hamachi
"67:UDP"= 67:UDP:67
"68:TCP"= 68:TCP:68
"68:UDP"= 68:UDP:68
"6881:TCP"= 6881:TCP:blizzarddownloader
"6112:TCP"= 6112:TCP:blizzarddownloader
"56159:TCP"= 56159:TCP:Pando Media Booster
"56159:UDP"= 56159:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6981:TCP"= 6981:TCP:League of Legends Launcher
"6981:UDP"= 6981:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"56321:TCP"= 56321:TCP:Pando Media Booster
"56321:UDP"= 56321:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.4.2009 9:14 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27.9.2010 23:32 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.9.2010 23:32 17744]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [31.8.2011 12:26 21992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [15.8.2011 16:18 1361288]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [13.11.2011 8:56 2253120]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9.3.2011 10:07 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9.3.2011 10:18 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9.3.2011 10:16 484352]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7.11.2011 12:30 27632]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [16.4.2011 8:49 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23.3.2007 1:00 30032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [27.12.2010 15:23 10384]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Michal\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Michal\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [10.2.2007 1:04 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Michal\LOCALS~1\Temp\NOG3C2.tmp --> c:\docume~1\Michal\LOCALS~1\Temp\NOG3C2.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7.11.2011 12:32 13224]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Classic\safedrv.sys --> c:\program files\Garena Classic\safedrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys --> c:\windows\system32\DRIVERS\nbdrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 22:10 32512]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys --> c:\windows\system32\DRIVERS\PTSimBus.sys [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys --> c:\windows\system32\DRIVERS\PTSimHid.sys [?]
S3 RTCore32;RTCore32;\??\c:\program files\RMClock\RTCore32.sys --> c:\program files\RMClock\RTCore32.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [1.11.2011 19:31 155344]
S3 utexmtm2;AVZ Kernel Driver;c:\windows\system32\drivers\utexmtm2.sys [20.2.2010 21:47 7168]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [30.8.2009 18:41 91472]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11.11.2010 12:57 268528]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\lxs87s1u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-HDDHealth - c:\program files\HDD Health\HDDHealth.exe
HKCU-Run-igndlm.exe - c:\program files\Download Manager\DLM.exe
HKLM-Run-WService - WService.EXE
HKLM-Run-OODefragTray - c:\windows\system32\oodtray.exe
MSConfigStartUp-eurobattlegui - c:\program files\Warcraft III\eb.exe
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
AddRemove-BattlEye A2 Free - e:\games\Arma 2\Bohemia InteractiveBattlEye\UnInstallBE.exe
AddRemove-Stratagus - e:\games\Warcraft II BNE\uninstall.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll
AddRemove-{E3EF3BD5-02F3-4F99-9DAC-A20637DF084D}_is1 - c:\program files\regTool\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 22:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\AODService]
"ImagePath"="c:\program files\AMD\OverDrive\AODAssist"
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Michal\LOCALS~1\Temp\NOG3C2.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-1604221776-725345543-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-583907252-1604221776-725345543-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:61,d3,8c,90,de,40,98,27,56,9f,d2,29,ba,ff,1b,e4,0c,ae,f6,53,e4,2d,69,
d2,ae,1b,33,ed,01,45,fe,5c,35,08,55,37,8f,1f,3f,b7,10,10,41,93,2c,33,77,56,\
"??"=hex:71,c4,48,31,45,10,4a,b7,54,45,ca,24,88,74,1e,c4
.
[HKEY_USERS\S-1-5-21-583907252-1604221776-725345543-1006\Software\SecuROM\License information*]
"datasecu"=hex:d3,66,b2,c3,fe,00,72,3e,db,97,de,ce,07,99,f1,6e,eb,15,38,7a,b4,
ac,43,34,e7,9d,18,4a,b1,99,0a,68,fe,df,63,0c,22,58,2b,5c,d8,8f,91,e9,4b,fe,\
"rkeysecu"=hex:37,6c,20,fc,ac,3f,4c,c6,a7,8d,ed,84,d0,27,1f,2c
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="CA670944D4270CDC6043A04FADDD10F3C3578F6F446CB3CE4FA10CDF5A4950211E44FC1407424B4DC5AE620A60F6A6B6F1698E9977E1DE1C46E2ACDC26F41A8912539829AB442FD558AE8C90983E6F2E1E2A94FC8C774A38154956D3BE86BD408D052F2F606B96F5BA7C181F448C7EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407BA7FD869164D67949BA79AEE48F45C52D42647060A0C375823B2EC888E929B01D488FA607A0E3FEEC3C37E3089BF689B9A314EC35B586A68995A574245EC33FC7E6BE4B7BC486279EC6E8C704D88F477EE451A201B05FC5782861455FC11F2E4BA9ECDCAA6080AC6EB440E7B54251A3C693CB8089BB621AF56711CF4BC924699035538B00D6BF62C5B172CEAE66594D565A4A0BEB508A91551854D2A0D77B89213F88AD74A841216996C78344E85434782C128DC448491BBF263E8517839FC586D25907F3B5C6404C77D641C5A3CAB2323890ECB292D736D7F5C149891C6690BD6AAF5BC426C1F874DB849BBDD3073906F26F0C94477120600795803EB0078DB580E4EF7C42493C95340E1012EFCE8CD51F6D56A7FCCD1F74077236B21BC46113E88906F2C67B706C867CC2E26B4F82A780EA394470BBBC84FC347FACCC717061C8518B2678A298A60390ED8A559BA89D7B1A9820901FA91838277B2905CCFA6C326A027E5DC25B98EF20D6B0FE363E5275C96433AF4637F728BCF66912F7878513FCE059E198E8D0F8694A1C740D049E13DFE3A529FE7D27A6A4B3D76E4C10F9FD827D90C756C0F5E97D48F3C4D82D5C5B65B9CCB2F22633BDC4DB36D987C1652AF9606A917E9DF400361995AE19B3F575F097627C14F97975A9A1826D61ECB4CB4693DFB9AD5B0B9D2B07A1443644DDC8046A567704F6E3986DA8F56A24101378B520A068CA3C9954B9EBFDFAE495DE19BB8DE16C027F88B3F1E13B571239E810D68485272E806E1DF6BC9B9D3D8DDB4DF69A63CB1805BBE92D4EA022E269C5B452629EEC261D5703B395020D74854E9B543D96BB3A851C6C554B97A36500AB9766931EDE76C3BD83B905C94506F5958B69725372B8E255C4F55F2E45CCA89561374B863418BCEF270DA4B1FCC49199AB19B8C3672493AFAD9F5DC0A65E3512DC56EEC6A2167BADEA06A50494977530F2A66E504551085E3C5B794350C0F2A8169E0CE9FCFC8BE7D466FEF223D3BDB5B55F3DD4195418E9AA77F0AB87D5F75D60FBB33A58621AD750E84033D8E7E1CE31EA6F09168DB75E6451800E7DD11A2F67ACE4321F68170B1D82339AF994D1056A2C1739B760769559B2D0E1C4100B8ED2652F9BC41A000DEBC2B9315AFD5C71FB66D0C0C5C8AB0B5585022B1B130D20FBC61AA26FEDAEC6F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Celkový čas: 2011-12-14 22:11:18
ComboFix-quarantined-files.txt 2011-12-14 21:11
.
Před spuštěním: Volných bajtů: 45 113 614 336
Po spuštění: Volných bajtů: 46 486 429 696
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 824F0986672AF392C73F229E11EBADF8

------------

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14.12.2011 22:23:44
mbam-log-2011-12-14 (22-23-42).txt

Typ: Rychlá kontrola
Kontrolované objekty: 205936
Uplynulý čas: 7 minut, 4 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 1
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\documents and settings\all users\nabídka start\Programy\regTool (Rogue.RegTool) -> No action taken.

Infikované soubory:
c:\documents and settings\all users\nabídka start\Programy\regTool\aplikace regtool na internetu.url (Rogue.RegTool) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\regTool\odinstalovat aplikaci regtool.lnk (Rogue.RegTool) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\regTool\regTool.lnk (Rogue.RegTool) -> No action taken.

Příspěvekod **jaro3** » 15 pro 2011 09:16

Reg Tool je potencionální hrozba , proto je ve všech databázích zapsána ke smazání...

Smaž ten zbytek v MbAM...

Tyto porty si otevíral sám:
"67:UDP"= 67:UDP:67
"68:TCP"= 68:TCP:68
"68:UDP"= 68:UDP:68
???

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Collect::
c:\windows\system32\drivers\vooym.sys

File::
C:\STF85.tmp
C:\STF2AA.tmp
c:\windows\system32\drivers\utexmtm2.sys
c:\docume~1\Michal\LOCALS~1\Temp\NOG3C2.tmp
C:\Documents and Settings\Michal\Local Settings\Apps\F.lux\flux.exe
C:\Documents and Settings\Michal\Local Settings\temp\_uninst_setup_9.0.0.722_20.02.2010_20-04.exe.bat

Driver::
ALSysIO
GarenaPEngine
GGSAFERDriver
Nbdrv
PTSimBus
PTSimHid
RTCore32
utexmtm2
VBoxNetFlt

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet006\Services\GarenaPEngine]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Poky · Příspěvekod **Poky** » 15 pro 2011 15:11

Ty porty mi nic neříkají. Vpodstatě sem kromě 6112 neotevíral snad nikdy žádný.

ComboFix 11-12-15.02 - Michal 15.12.2011 14:54:26.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2365 [GMT 1:00]
Spuštěný z: c:\documents and settings\Michal\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal\Dokumenty\Downloads\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\docume~1\Michal\LOCALS~1\Temp\NOG3C2.tmp"
"c:\documents and settings\Michal\Local Settings\Apps\F.lux\flux.exe"
"c:\documents and settings\Michal\Local Settings\temp\_uninst_setup_9.0.0.722_20.02.2010_20-04.exe.bat"
"C:\STF2AA.tmp"
"C:\STF85.tmp"
"c:\windows\system32\drivers\utexmtm2.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Michal\Local Settings\Apps\F.lux\flux.exe
C:\STF2AA.tmp
C:\STF85.tmp
c:\windows\system32\drivers\utexmtm2.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALSYSIO
-------\Legacy_GARENAPENGINE
-------\Legacy_GGSAFERDRIVER
-------\Legacy_RTCORE32
-------\Legacy_UTEXMTM2
-------\Service_ALSysIO
-------\Service_GarenaPEngine
-------\Service_GGSAFERDriver
-------\Service_Nbdrv
-------\Service_PTSimBus
-------\Service_PTSimHid
-------\Service_RTCore32
-------\Service_utexmtm2
-------\Service_VBoxNetFlt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-15 do 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 04:59 . 2011-12-15 04:59 -------- d-----w- c:\windows\LastGood.Tmp
2011-12-13 19:14 . 2011-12-13 19:14 388096 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-01 20:51 . 2011-12-01 20:51 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2011-12-01 20:51 . 1999-04-12 23:00 1046288 ------w- c:\windows\system32\msjet35.dll
2011-12-01 20:51 . 1998-05-01 20:01 368912 ------w- c:\windows\system32\vbar332.dll
2011-12-01 20:51 . 1998-05-01 20:01 287504 ------w- c:\windows\system32\msxbse35.dll
2011-12-01 20:51 . 1998-05-01 20:01 252176 ------w- c:\windows\system32\msrd2x35.dll
2011-12-01 20:51 . 1998-05-01 20:01 250128 ------w- c:\windows\system32\msexcl35.dll
2011-12-01 20:51 . 1998-05-01 20:01 165648 ------w- c:\windows\system32\mstext35.dll
2011-12-01 20:51 . 1999-04-12 23:00 415504 ------w- c:\windows\system32\msrepl35.dll
2011-12-01 20:51 . 1998-05-01 20:01 24848 ------w- c:\windows\system32\msjter35.dll
2011-12-01 20:51 . 1998-05-01 20:01 123664 ------w- c:\windows\system32\Msjint35.dll
2011-12-01 20:51 . 2011-12-01 20:51 -------- d-----w- c:\program files\STORMWARE
2011-11-27 15:58 . 2011-11-27 16:02 -------- d-----w- c:\program files\Garena Classic
2011-11-27 15:30 . 2011-12-15 14:05 -------- d-----w- c:\documents and settings\Michal\Local Settings\Data aplikací\LogMeIn Hamachi
2011-11-27 15:30 . 2011-12-15 14:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2011-11-27 15:30 . 2011-11-27 15:30 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-11-24 21:32 . 1994-09-21 02:00 12800 ----a-w- c:\windows\system\WING32.DLL
2011-11-17 15:51 . 2011-11-17 15:52 -------- d-----w- c:\program files\Test My Hardware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 17:22 . 2011-06-29 12:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 11:32 . 2011-11-07 11:32 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-11-07 11:32 . 2011-11-07 11:32 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-11-07 11:32 . 2011-11-07 11:32 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-11-07 11:30 . 2011-11-07 11:30 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2011-10-30 08:57 . 2011-10-30 08:57 40960 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-10-30 08:57 . 2011-10-30 08:57 40960 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-10-10 14:22 . 2009-04-27 18:49 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2011-11-13 07:54 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-08 04:50 . 2011-11-13 07:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2011-11-13 07:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2011-11-13 07:53 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2011-11-13 07:53 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2009-08-08 18:38 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2009-08-08 18:38 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2009-07-14 11:34 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2009-07-14 11:34 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2009-07-14 11:34 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2009-07-14 11:34 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2008-10-07 05:33 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2008-10-07 05:33 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2008-10-07 05:33 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2008-10-07 05:33 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2008-10-07 05:33 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-03 03:06 . 2011-10-22 19:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2009-05-11 13:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2008-03-09 05:25 . 2009-04-30 17:01 236 ---ha-w- c:\program files\Common Files\dx.reg
2011-09-09 22:33 . 2011-08-17 12:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-14_21.09.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-15 14:05 . 2011-12-15 14:05 16384 c:\windows\temp\Perflib_Perfdata_2cc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-11-07 3077528]
"Octoshape Streaming Services"="c:\documents and settings\Michal\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SensorsView"="c:\program files\SensorsView\sview.exe" [2005-11-28 940032]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2009-08-18 273424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\Michal\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [N/A]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-27 813584]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Action Manager 32.lnk]
backup=c:\windows\pss\Action Manager 32.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal^Nabídka Start^Programy^Po spuštění^GIGABYTE Gamer HUD.lnk]
backup=c:\windows\pss\GIGABYTE Gamer HUD.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-16 19:22 1242448 ----a-w- e:\games\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 11:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Windows Mobile 6 SDK\\Tools\\Cellular Emulator\\Cellular Emulator.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Michal\\Dokumenty\\Downloads\\Ranked Gaming Client\\rgc.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Documents and Settings\\Michal\\Data aplikací\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Documents and Settings\\Michal\\Data aplikací\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\GRETECH\\GomTVStreamer\\GomTVStreamerLive.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Starcraft II NA\\StarCraft II.exe"=
"c:\\Program Files\\Starcraft II NA\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\Starcraft II NA\\StarCraft II Public Test.exe"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\Games\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Games\\Starcraft 2\\StarCraft II.exe"=
"e:\\Games\\Arma 2\\Bohemia Interactive\\arma2free.exe"=
"e:\\Games\\Starcraft 2\\Versions\\Base19132\\SC2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"e:\\Games\\Starcraft 2 NA\\StarCraft II.exe"=
"e:\\Games\\Starcraft 2 NA\\StarCraft II Public Test.exe"=
"e:\\Games\\portal 2\\Portal 2\\portal2.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"e:\\Games\\W3 TFT\\Warcraft III Reign of Chaos & The Frozen Throne\\Warcraft III.exe"=
"c:\\Program Files\\Garena Classic\\Garena.exe"=
"e:\\Games\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57390:TCP"= 57390:TCP:Pando Media Booster
"57390:UDP"= 57390:UDP:Pando Media Booster
"67:TCP"= 67:TCP:hamachi
"67:UDP"= 67:UDP:67
"68:TCP"= 68:TCP:68
"68:UDP"= 68:UDP:68
"6881:TCP"= 6881:TCP:blizzarddownloader
"6112:TCP"= 6112:TCP:blizzarddownloader
"56159:TCP"= 56159:TCP:Pando Media Booster
"56159:UDP"= 56159:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6981:TCP"= 6981:TCP:League of Legends Launcher
"6981:UDP"= 6981:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"56321:TCP"= 56321:TCP:Pando Media Booster
"56321:UDP"= 56321:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.4.2009 9:14 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27.9.2010 23:32 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.9.2010 23:32 17744]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [31.8.2011 12:26 21992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [15.8.2011 16:18 1361288]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [13.11.2011 8:56 2253120]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9.3.2011 10:07 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9.3.2011 10:18 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9.3.2011 10:16 484352]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7.11.2011 12:30 27632]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [16.4.2011 8:49 11520]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23.3.2007 1:00 30032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [27.12.2010 15:23 10384]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [10.2.2007 1:04 14336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7.11.2011 12:32 13224]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 22:10 32512]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [1.11.2011 19:31 155344]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [30.8.2009 18:41 91472]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11.11.2010 12:57 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\lxs87s1u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-15 15:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\AODService]
"ImagePath"="c:\program files\AMD\OverDrive\AODAssist"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-1604221776-725345543-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-583907252-1604221776-725345543-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:61,d3,8c,90,de,40,98,27,56,9f,d2,29,ba,ff,1b,e4,0c,ae,f6,53,e4,2d,69,
d2,ae,1b,33,ed,01,45,fe,5c,35,08,55,37,8f,1f,3f,b7,10,10,41,93,2c,33,77,56,\
"??"=hex:71,c4,48,31,45,10,4a,b7,54,45,ca,24,88,74,1e,c4
.
[HKEY_USERS\S-1-5-21-583907252-1604221776-725345543-1006\Software\SecuROM\License information*]
"datasecu"=hex:d3,66,b2,c3,fe,00,72,3e,db,97,de,ce,07,99,f1,6e,eb,15,38,7a,b4,
ac,43,34,e7,9d,18,4a,b1,99,0a,68,fe,df,63,0c,22,58,2b,5c,d8,8f,91,e9,4b,fe,\
"rkeysecu"=hex:37,6c,20,fc,ac,3f,4c,c6,a7,8d,ed,84,d0,27,1f,2c
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="CA670944D4270CDC6043A04FADDD10F3C3578F6F446CB3CE4FA10CDF5A4950211E44FC1407424B4DC5AE620A60F6A6B6F1698E9977E1DE1C46E2ACDC26F41A8912539829AB442FD558AE8C90983E6F2E1E2A94FC8C774A38154956D3BE86BD408D052F2F606B96F5BA7C181F448C7EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407BA7FD869164D67949BA79AEE48F45C52D42647060A0C375823B2EC888E929B01D488FA607A0E3FEEC3C37E3089BF689B9A314EC35B586A68995A574245EC33FC7E6BE4B7BC486279EC6E8C704D88F477EE451A201B05FC5782861455FC11F2E4BA9ECDCAA6080AC6EB440E7B54251A3C693CB8089BB621AF56711CF4BC924699035538B00D6BF62C5B172CEAE66594D565A4A0BEB508A91551854D2A0D77B89213F88AD74A841216996C78344E85434782C128DC448491BBF263E8517839FC586D25907F3B5C6404C77D641C5A3CAB2323890ECB292D736D7F5C149891C6690BD6AAF5BC426C1F874DB849BBDD3073906F26F0C94477120600795803EB0078DB580E4EF7C42493C95340E1012EFCE8CD51F6D56A7FCCD1F74077236B21BC46113E88906F2C67B706C867CC2E26B4F82A780EA394470BBBC84FC347FACCC717061C8518B2678A298A60390ED8A559BA89D7B1A9820901FA91838277B2905CCFA6C326A027E5DC25B98EF20D6B0FE363E5275C96433AF4637F728BCF66912F7878513FCE059E198E8D0F8694A1C740D049E13DFE3A529FE7D27A6A4B3D76E4C10F9FD827D90C756C0F5E97D48F3C4D82D5C5B65B9CCB2F22633BDC4DB36D987C1652AF9606A917E9DF400361995AE19B3F575F097627C14F97975A9A1826D61ECB4CB4693DFB9AD5B0B9D2B07A1443644DDC8046A567704F6E3986DA8F56A24101378B520A068CA3C9954B9EBFDFAE495DE19BB8DE16C027F88B3F1E13B571239E810D68485272E806E1DF6BC9B9D3D8DDB4DF69A63CB1805BBE92D4EA022E269C5B452629EEC261D5703B395020D74854E9B543D96BB3A851C6C554B97A36500AB9766931EDE76C3BD83B905C94506F5958B69725372B8E255C4F55F2E45CCA89561374B863418BCEF270DA4B1FCC49199AB19B8C3672493AFAD9F5DC0A65E3512DC56EEC6A2167BADEA06A50494977530F2A66E504551085E3C5B794350C0F2A8169E0CE9FCFC8BE7D466FEF223D3BDB5B55F3DD4195418E9AA77F0AB87D5F75D60FBB33A58621AD750E84033D8E7E1CE31EA6F09168DB75E6451800E7DD11A2F67ACE4321F68170B1D82339AF994D1056A2C1739B760769559B2D0E1C4100B8ED2652F9BC41A000DEBC2B9315AFD5C71FB66D0C0C5C8AB0B5585022B1B130D20FBC61AA26FEDAEC6F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3428)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\DRIVERS\WtSrv.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-12-15 15:09:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-15 14:09
ComboFix2.txt 2011-12-14 21:11
.
Před spuštěním: Volných bajtů: 46 280 056 832
Po spuštění: Volných bajtů: 46 188 371 968
.
- - End Of File - - CDCF079AEF90DF5CAACF03E9A79FC0A3

------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:11:05, on 15.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SensorsView\sview.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Documents and Settings\Michal\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SensorsView] C:\Program Files\SensorsView\sview.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [tsnpstd3] ; C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [HP Software Update] ; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EVGAPrecision] ; "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Michal\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKUS\S-1-5-21-583907252-1604221776-725345543-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 9931 bytes

Příspěvekod **jaro3** » 15 pro 2011 17:43

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"=- 
"68:TCP"=- 
"68:UDP"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Poky · Příspěvekod **Poky** » 17 pro 2011 20:13

ComboFix 11-12-17.02 - Michal 17.12.2011 20:00:08.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2277 [GMT 1:00]
Spuštěný z: c:\documents and settings\Michal\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal\Dokumenty\Downloads\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-17 do 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-16 04:54 . 2011-12-16 04:54 -------- d-----w- c:\windows\LastGood
2011-12-15 05:00 . 2011-11-04 19:13 602112 ----a-w- c:\windows\system32\SET30D.tmp
2011-12-15 05:00 . 2011-11-04 19:13 55296 ----a-w- c:\windows\system32\SET30C.tmp
2011-12-15 05:00 . 2011-11-04 19:13 2000384 ----a-w- c:\windows\system32\SET311.tmp
2011-12-15 05:00 . 2011-11-04 19:13 105984 ----a-w- c:\windows\system32\SET307.tmp
2011-12-15 05:00 . 2011-11-04 19:13 916992 ----a-w- c:\windows\system32\SET305.tmp
2011-12-15 05:00 . 2011-11-04 19:13 5978112 ----a-w- c:\windows\system32\SET30B.tmp
2011-12-15 05:00 . 2011-11-04 19:13 1212416 ----a-w- c:\windows\system32\SET306.tmp
2011-12-13 19:14 . 2011-12-13 19:14 388096 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-01 20:51 . 2011-12-01 20:51 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2011-12-01 20:51 . 1999-04-12 23:00 1046288 ------w- c:\windows\system32\msjet35.dll
2011-12-01 20:51 . 1998-05-01 20:01 368912 ------w- c:\windows\system32\vbar332.dll
2011-12-01 20:51 . 1998-05-01 20:01 287504 ------w- c:\windows\system32\msxbse35.dll
2011-12-01 20:51 . 1998-05-01 20:01 252176 ------w- c:\windows\system32\msrd2x35.dll
2011-12-01 20:51 . 1998-05-01 20:01 250128 ------w- c:\windows\system32\msexcl35.dll
2011-12-01 20:51 . 1998-05-01 20:01 165648 ------w- c:\windows\system32\mstext35.dll
2011-12-01 20:51 . 1999-04-12 23:00 415504 ------w- c:\windows\system32\msrepl35.dll
2011-12-01 20:51 . 1998-05-01 20:01 24848 ------w- c:\windows\system32\msjter35.dll
2011-12-01 20:51 . 1998-05-01 20:01 123664 ------w- c:\windows\system32\Msjint35.dll
2011-12-01 20:51 . 2011-12-01 20:51 -------- d-----w- c:\program files\STORMWARE
2011-11-27 15:58 . 2011-11-27 16:02 -------- d-----w- c:\program files\Garena Classic
2011-11-27 15:30 . 2011-12-17 18:58 -------- d-----w- c:\documents and settings\Michal\Local Settings\Data aplikací\LogMeIn Hamachi
2011-11-27 15:30 . 2011-12-17 19:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2011-11-27 15:30 . 2011-11-27 15:30 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-11-24 21:32 . 1994-09-21 02:00 12800 ----a-w- c:\windows\system\WING32.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 17:22 . 2011-06-29 12:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2006-03-02 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 11:32 . 2011-11-07 11:32 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-11-07 11:32 . 2011-11-07 11:32 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-11-07 11:32 . 2011-11-07 11:32 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-11-07 11:30 . 2011-11-07 11:30 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2011-11-05 13:13 . 2011-11-05 13:13 11081728 ----a-w- c:\windows\system32\SET313.tmp
2011-11-04 19:13 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2011-11-01 16:07 1288192 ----a-w- c:\windows\system32\SET345.tmp
2011-10-30 08:57 . 2011-10-30 08:57 40960 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-10-30 08:57 . 2011-10-30 08:57 40960 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-10-28 05:32 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2006-03-02 12:00 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2004-08-17 15:45 2029056 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-04-27 18:49 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2011-11-13 07:54 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-08 04:50 . 2011-11-13 07:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2011-11-13 07:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2011-11-13 07:53 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2011-11-13 07:53 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2009-08-08 18:38 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2009-08-08 18:38 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2009-07-14 11:34 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2009-07-14 11:34 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2009-07-14 11:34 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2009-07-14 11:34 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2008-10-07 05:33 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2008-10-07 05:33 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2008-10-07 05:33 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2008-10-07 05:33 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2008-10-07 05:33 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-03 03:06 . 2011-10-22 19:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2009-05-11 13:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2008-03-09 05:25 . 2009-04-30 17:01 236 ---ha-w- c:\program files\Common Files\dx.reg
2011-09-09 22:33 . 2011-08-17 12:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-14_21.09.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-15 14:05 . 2011-12-15 14:05 16384 c:\windows\temp\Perflib_Perfdata_2cc.dat
- 2009-04-27 13:37 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
+ 2009-04-27 13:37 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2010-02-18 18:42 . 2010-07-05 13:13 18296 c:\windows\system32\spmsg.dll
- 2006-03-02 12:00 . 2011-08-22 23:41 66560 c:\windows\system32\mshtmled.dll
+ 2006-03-02 12:00 . 2011-11-04 19:13 66560 c:\windows\system32\mshtmled.dll
- 2006-03-02 12:00 . 2011-08-22 23:41 25600 c:\windows\system32\jsproxy.dll
+ 2006-03-02 12:00 . 2011-11-04 19:13 25600 c:\windows\system32\jsproxy.dll
- 2009-09-13 08:46 . 2011-08-22 23:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-09-13 08:46 . 2011-11-04 19:13 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-08-13 16:54 . 2011-11-04 19:13 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 16:54 . 2011-08-22 23:41 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-04-27 14:22 . 2011-11-04 19:13 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-04-27 14:22 . 2011-08-22 23:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-13 16:44 . 2011-08-22 23:41 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 16:44 . 2011-11-04 19:13 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-08-13 16:54 . 2011-08-22 23:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 16:54 . 2011-11-04 19:13 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:10 . 2011-10-28 05:32 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:10 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-05-08 21:38 . 2011-09-16 07:42 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-08 21:38 . 2011-12-16 05:04 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-08 21:38 . 2011-12-16 05:04 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-05-08 21:38 . 2011-09-16 07:42 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-05-08 21:38 . 2011-09-16 07:42 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-05-08 21:38 . 2011-12-16 05:04 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-12-16 05:03 . 2011-08-22 23:41 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2011-12-16 05:03 . 2011-08-22 23:41 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2011-12-16 05:03 . 2011-08-22 23:41 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2011-12-16 05:03 . 2011-08-22 23:41 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2011-12-16 05:03 . 2011-08-22 23:41 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
- 2006-03-02 12:00 . 2011-08-22 23:41 206848 c:\windows\system32\occache.dll
+ 2006-03-02 12:00 . 2011-11-04 19:13 206848 c:\windows\system32\occache.dll
- 2006-03-02 12:00 . 2011-08-22 23:41 611840 c:\windows\system32\mstime.dll
+ 2006-03-02 12:00 . 2011-11-04 19:13 611840 c:\windows\system32\mstime.dll
- 2006-03-02 12:00 . 2011-08-22 23:41 184320 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2011-11-04 19:13 184320 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2011-11-04 19:13 387584 c:\windows\system32\iedkcs32.dll
- 2006-03-02 12:00 . 2011-08-22 23:41 387584 c:\windows\system32\iedkcs32.dll
+ 2006-03-02 12:00 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
- 2006-03-02 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
+ 2009-02-20 08:12 . 2011-11-04 19:13 916992 c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 16:44 . 2011-08-22 23:41 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 16:44 . 2011-11-04 19:13 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 16:44 . 2011-11-04 19:13 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 16:44 . 2011-08-22 23:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 16:54 . 2011-11-04 19:13 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 16:54 . 2011-08-22 23:41 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-04-27 14:22 . 2011-08-22 23:41 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-27 14:22 . 2011-11-04 19:13 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-09-13 08:46 . 2011-11-04 19:13 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-09-13 08:46 . 2011-08-22 23:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2007-08-13 16:54 . 2011-08-22 23:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 16:54 . 2011-11-04 19:13 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 12:22 . 2011-11-04 19:13 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 12:22 . 2011-08-22 23:41 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2007-08-13 16:39 . 2011-08-22 23:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:39 . 2011-11-04 19:13 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 16:39 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 16:39 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
- 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2009-05-08 21:38 . 2011-12-16 05:04 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-05-08 21:38 . 2011-09-16 07:42 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-08 21:38 . 2011-12-16 05:04 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-05-08 21:38 . 2011-09-16 07:42 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-05-08 21:38 . 2011-09-16 07:42 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-05-08 21:38 . 2011-12-16 05:04 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-05-08 21:38 . 2011-12-16 05:04 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-05-08 21:38 . 2011-09-16 07:42 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-12-16 05:03 . 2011-08-22 23:41 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2011-12-16 05:03 . 2011-08-22 23:41 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2011-12-16 05:03 . 2010-07-05 13:13 391032 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2011-12-16 05:03 . 2010-07-05 13:13 233848 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2011-12-16 05:03 . 2011-08-22 23:41 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2011-12-16 05:03 . 2011-08-22 23:41 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2011-12-16 05:03 . 2011-08-22 23:41 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2011-12-16 05:03 . 2011-08-22 23:41 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2011-12-16 05:03 . 2011-08-22 23:41 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2011-12-16 05:03 . 2011-08-22 23:41 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2011-12-16 05:03 . 2011-08-22 23:41 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2011-12-16 05:03 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2011-12-16 05:04 . 2011-12-16 05:04 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-02-09 14:07 . 2011-11-23 14:40 1859584 c:\windows\system32\dllcache\win32k.sys
- 2009-02-20 08:12 . 2011-08-22 23:41 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-02-20 08:12 . 2011-11-04 19:13 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-16 12:00 . 2011-11-01 16:07 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2009-04-27 13:49 . 2011-10-26 10:50 2194944 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-04-27 13:49 . 2010-12-09 15:14 2194944 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-27 13:49 . 2011-10-26 10:49 2029056 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-27 13:49 . 2010-12-09 15:14 2029056 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-10 17:09 . 2010-12-09 15:14 2071552 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-10 17:09 . 2011-10-26 10:50 2071552 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-04-27 13:49 . 2010-12-09 15:14 2150912 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-04-27 13:49 . 2011-10-26 10:49 2150912 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-02-20 08:12 . 2011-11-04 19:13 5978112 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-27 14:22 . 2011-11-04 19:13 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2009-04-27 14:22 . 2011-08-22 23:41 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-11-01 12:34 . 2011-11-01 12:34 4250112 c:\windows\Installer\3307740.msp
+ 2011-11-01 12:34 . 2011-11-01 12:34 2247168 c:\windows\Installer\330772c.msp
+ 2011-11-11 15:14 . 2011-11-11 15:14 9096192 c:\windows\Installer\330771a.msp
+ 2011-11-01 12:34 . 2011-11-01 12:34 2531840 c:\windows\Installer\3307708.msp
+ 2011-11-11 15:15 . 2011-11-11 15:15 1795584 c:\windows\Installer\33076f6.msp
+ 2011-11-11 15:16 . 2011-11-11 15:16 8458240 c:\windows\Installer\33076e4.msp
- 2009-05-08 21:38 . 2011-09-16 07:42 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-05-08 21:38 . 2011-12-16 05:04 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-02 19:44 . 2009-04-02 19:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\GRAPH.EXE
+ 2011-12-16 05:03 . 2011-08-22 23:41 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2011-12-16 05:03 . 2011-10-03 08:31 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2011-12-16 05:03 . 2011-08-22 23:41 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2009-04-27 13:49 . 2011-10-26 10:50 2194944 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-27 13:49 . 2010-12-09 15:14 2194944 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-27 13:49 . 2011-10-26 10:49 2029056 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-04-27 13:49 . 2010-12-09 15:14 2029056 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-10 17:09 . 2011-10-26 10:50 2071552 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-10 17:09 . 2010-12-09 15:14 2071552 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-04-27 13:49 . 2010-12-09 15:14 2150912 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-27 13:49 . 2011-10-26 10:49 2150912 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-27 14:12 . 2011-12-16 04:59 52988224 c:\windows\system32\MRT.exe
+ 2009-04-27 14:22 . 2011-11-05 13:13 11081728 c:\windows\system32\dllcache\ieframe.dll
- 2009-04-27 14:22 . 2011-08-23 15:41 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-16 05:03 . 2011-08-23 15:41 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-11-07 3077528]
"Octoshape Streaming Services"="c:\documents and settings\Michal\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"F.lux"="c:\documents and settings\Michal\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SensorsView"="c:\program files\SensorsView\sview.exe" [2005-11-28 940032]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2009-08-18 273424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\Michal\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [N/A]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-27 813584]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Action Manager 32.lnk]
backup=c:\windows\pss\Action Manager 32.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal^Nabídka Start^Programy^Po spuštění^GIGABYTE Gamer HUD.lnk]
backup=c:\windows\pss\GIGABYTE Gamer HUD.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-16 19:22 1242448 ----a-w- e:\games\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 11:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Windows Mobile 6 SDK\\Tools\\Cellular Emulator\\Cellular Emulator.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Michal\\Dokumenty\\Downloads\\Ranked Gaming Client\\rgc.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Documents and Settings\\Michal\\Data aplikací\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Documents and Settings\\Michal\\Data aplikací\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\GRETECH\\GomTVStreamer\\GomTVStreamerLive.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Starcraft II NA\\StarCraft II.exe"=
"c:\\Program Files\\Starcraft II NA\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\Starcraft II NA\\StarCraft II Public Test.exe"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\Games\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Games\\Starcraft 2\\StarCraft II.exe"=
"e:\\Games\\Arma 2\\Bohemia Interactive\\arma2free.exe"=
"e:\\Games\\Starcraft 2\\Versions\\Base19132\\SC2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"e:\\Games\\Starcraft 2 NA\\StarCraft II.exe"=
"e:\\Games\\Starcraft 2 NA\\StarCraft II Public Test.exe"=
"e:\\Games\\portal 2\\Portal 2\\portal2.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"e:\\Games\\W3 TFT\\Warcraft III Reign of Chaos & The Frozen Throne\\Warcraft III.exe"=
"c:\\Program Files\\Garena Classic\\Garena.exe"=
"e:\\Games\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57390:TCP"= 57390:TCP:Pando Media Booster
"57390:UDP"= 57390:UDP:Pando Media Booster
"67:TCP"= 67:TCP:hamachi
"6881:TCP"= 6881:TCP:blizzarddownloader
"6112:TCP"= 6112:TCP:blizzarddownloader
"56159:TCP"= 56159:TCP:Pando Media Booster
"56159:UDP"= 56159:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6981:TCP"= 6981:TCP:League of Legends Launcher
"6981:UDP"= 6981:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"56321:TCP"= 56321:TCP:Pando Media Booster
"56321:UDP"= 56321:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.4.2009 9:14 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27.9.2010 23:32 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.9.2010 23:32 17744]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [31.8.2011 12:26 21992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [15.8.2011 16:18 1361288]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [13.11.2011 8:56 2253120]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9.3.2011 10:07 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9.3.2011 10:18 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9.3.2011 10:16 484352]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7.11.2011 12:30 27632]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [16.4.2011 8:49 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23.3.2007 1:00 30032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [27.12.2010 15:23 10384]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [10.2.2007 1:04 14336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7.11.2011 12:32 13224]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 22:10 32512]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [1.11.2011 19:31 155344]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [30.8.2009 18:41 91472]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11.11.2010 12:57 268528]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\lxs87s1u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 20:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\AODService]
"ImagePath"="c:\program files\AMD\OverDrive\AODAssist"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-1604221776-725345543-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-583907252-1604221776-725345543-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:61,d3,8c,90,de,40,98,27,56,9f,d2,29,ba,ff,1b,e4,0c,ae,f6,53,e4,2d,69,
d2,ae,1b,33,ed,01,45,fe,5c,35,08,55,37,8f,1f,3f,b7,10,10,41,93,2c,33,77,56,\
"??"=hex:71,c4,48,31,45,10,4a,b7,54,45,ca,24,88,74,1e,c4
.
[HKEY_USERS\S-1-5-21-583907252-1604221776-725345543-1006\Software\SecuROM\License information*]
"datasecu"=hex:d3,66,b2,c3,fe,00,72,3e,db,97,de,ce,07,99,f1,6e,eb,15,38,7a,b4,
ac,43,34,e7,9d,18,4a,b1,99,0a,68,fe,df,63,0c,22,58,2b,5c,d8,8f,91,e9,4b,fe,\
"rkeysecu"=hex:37,6c,20,fc,ac,3f,4c,c6,a7,8d,ed,84,d0,27,1f,2c
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="CA670944D4270CDC6043A04FADDD10F3C3578F6F446CB3CE4FA10CDF5A4950211E44FC1407424B4DC5AE620A60F6A6B6F1698E9977E1DE1C46E2ACDC26F41A8912539829AB442FD558AE8C90983E6F2E1E2A94FC8C774A38154956D3BE86BD408D052F2F606B96F5BA7C181F448C7EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407BA7FD869164D67949BA79AEE48F45C52D42647060A0C375823B2EC888E929B01D488FA607A0E3FEEC3C37E3089BF689B9A314EC35B586A68995A574245EC33FC7E6BE4B7BC486279EC6E8C704D88F477EE451A201B05FC5782861455FC11F2E4BA9ECDCAA6080AC6EB440E7B54251A3C693CB8089BB621AF56711CF4BC924699035538B00D6BF62C5B172CEAE66594D565A4A0BEB508A91551854D2A0D77B89213F88AD74A841216996C78344E85434782C128DC448491BBF263E8517839FC586D25907F3B5C6404C77D641C5A3CAB2323890ECB292D736D7F5C149891C6690BD6AAF5BC426C1F874DB849BBDD3073906F26F0C94477120600795803EB0078DB580E4EF7C42493C95340E1012EFCE8CD51F6D56A7FCCD1F74077236B21BC46113E88906F2C67B706C867CC2E26B4F82A780EA394470BBBC84FC347FACCC717061C8518B2678A298A60390ED8A559BA89D7B1A9820901FA91838277B2905CCFA6C326A027E5DC25B98EF20D6B0FE363E5275C96433AF4637F728BCF66912F7878513FCE059E198E8D0F8694A1C740D049E13DFE3A529FE7D27A6A4B3D76E4C10F9FD827D90C756C0F5E97D48F3C4D82D5C5B65B9CCB2F22633BDC4DB36D987C1652AF9606A917E9DF400361995AE19B3F575F097627C14F97975A9A1826D61ECB4CB4693DFB9AD5B0B9D2B07A1443644DDC8046A567704F6E3986DA8F56A24101378B520A068CA3C9954B9EBFDFAE495DE19BB8DE16C027F88B3F1E13B571239E810D68485272E806E1DF6BC9B9D3D8DDB4DF69A63CB1805BBE92D4EA022E269C5B452629EEC261D5703B395020D74854E9B543D96BB3A851C6C554B97A36500AB9766931EDE76C3BD83B905C94506F5958B69725372B8E255C4F55F2E45CCA89561374B863418BCEF270DA4B1FCC49199AB19B8C3672493AFAD9F5DC0A65E3512DC56EEC6A2167BADEA06A50494977530F2A66E504551085E3C5B794350C0F2A8169E0CE9FCFC8BE7D466FEF223D3BDB5B55F3DD4195418E9AA77F0AB87D5F75D60FBB33A58621AD750E84033D8E7E1CE31EA6F09168DB75E6451800E7DD11A2F67ACE4321F68170B1D82339AF994D1056A2C1739B760769559B2D0E1C4100B8ED2652F9BC41A000DEBC2B9315AFD5C71FB66D0C0C5C8AB0B5585022B1B130D20FBC61AA26FEDAEC6F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Celkový čas: 2011-12-17 20:11:56
ComboFix-quarantined-files.txt 2011-12-17 19:11
ComboFix2.txt 2011-12-15 14:09
ComboFix3.txt 2011-12-14 21:11
.
Před spuštěním: Volných bajtů: 47 281 090 560
Po spuštění: Volných bajtů: 47 380 934 656
.
- - End Of File - - 95651D334BA4FEBD5903EE06EEEC35C4

Příspěvekod **Žbeky** » 18 pro 2011 10:07

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

Prosím o kontrolu logu - trojan? Vyřešeno

Prosím o kontrolu logu - trojan?

Re: Prosím o kontrolu logu - trojan?

Re: Prosím o kontrolu logu - trojan?

Re: Prosím o kontrolu logu - trojan?

Re: Prosím o kontrolu logu - trojan?

Re: Prosím o kontrolu logu - trojan?

Re: Prosím o kontrolu logu - trojan?

Re: Prosím o kontrolu logu - trojan?

Re: Prosím o kontrolu logu - trojan?

Re: Prosím o kontrolu logu - trojan?

Re: Prosím o kontrolu logu - trojan?

Re: Prosím o kontrolu logu - trojan?

Kdo je online