Logfile of random's system information tool 1.06 (written by random/random)
Run by lukas at 2010-01-12 18:38:25
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (16%) free of 20 GB
Total RAM: 1023 MB (25% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:46, on 12.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\BitLord2\BitLord.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\RSIT.exe
C:\Program Files\trend micro\lukas.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Hynek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Hynek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {24BCDA96-8FCB-4D3B-0500-000000000003} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe"
O4 - HKCU\..\Run: [Kalendar] C:\Program Files\Kalendar\kalendar.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FreeRapid 0.83u1.lnk = D:\FreeRapid-0.83U1\FreeRapid-0.83u1\frd.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFDD9398-0988-4894-B809-CB8FAC75BBFF}: NameServer = 213.46.172.36,213.46.172.37
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1ca45312f42830) (gupdate1ca45312f42830) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 11763 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
CKeyScramblerBHO Object - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2008-06-01 808936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Hynek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2008-12-30 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-14 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-12 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-14 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-14 256112]
{24BCDA96-8FCB-4D3B-0500-000000000003}
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-05 491008]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"MaxMenuMgr"=C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2005-03-05 2573536]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"snpstd"=C:\WINDOWS\vsnpstd.exe []
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-04-21 94208]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2008-08-24 4067328]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-21 68856]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2006-11-24 20058152]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-08-27 247144]
"SpyEmergency"=C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe []
"Kalendar"=C:\Program Files\Kalendar\kalendar.exe []
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE /STARTUP []
"WrCtrl"=C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE /STARTUP []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kalendar]
C:\Program Files\Kalendar\kalendar.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
C:\WINDOWS\vsnpstd.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrCtrl]
C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Hynek\Nabídka Start\Programy\Po spuštění
FreeRapid 0.83u1.lnk - D:\FreeRapid-0.83U1\FreeRapid-0.83u1\frd.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-05-18 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\Steam\SteamApps\posli\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\posli\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"D:\csko\cstrike.exe"="D:\csko\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\Program Files\Valve\Steam\SteamApps\posli\counter-strike beta\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\posli\counter-strike beta\hl.exe:*:Enabled:Half-Life Launcher"
"D:\ns\cstrike.exe"="D:\ns\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Disabled:Pro Evolution Soccer 2009"
"C:\Documents and Settings\Hynek\Plocha\pes2009.exe"="C:\Documents and Settings\Hynek\Plocha\pes2009.exe:*:Disabled:Pro Evolution Soccer 2009"
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"
"C:\Program Files\Microsoft Games\Rise of Nations\nations.exe"="C:\Program Files\Microsoft Games\Rise of Nations\nations.exe:*:Enabled:Rise of Nations"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Codemasters\DiRT Demo\DiRTDemo.exe"="C:\Program Files\Codemasters\DiRT Demo\DiRTDemo.exe:*:Enabled:DiRT Demo Executable"
"D:\Program Files\Codemasters\dirt\DiRT.exe"="D:\Program Files\Codemasters\dirt\DiRT.exe:*:Enabled:DiRT Executable"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Diablo\Spawn\diablo_s.exe"="C:\Diablo\Spawn\diablo_s.exe:*:Enabled:Diablo"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"D:\gta4\Rockstar Games Social Club\RGSCLauncher.exe"="D:\gta4\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\gta4\Grand Theft Auto IV\GTAIV.exe"="D:\gta4\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"D:\World of Warcraft\Launcher.exe"="D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\most wanted\speed.exe"="D:\most wanted\speed.exe:*:Enabled:speed"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\call of duty 4\iw3mp.exe"="D:\call of duty 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\BitLord2\BitLord.exe"="C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b50339d-9d5d-11de-9e2d-0014858fbecb}]
shell\AutoRun\command - I:\InstallTomTomHOME.exe
======List of files/folders created in the last 1 months======
2010-01-12 18:38:26 ----D---- C:\Program Files\trend micro
2010-01-12 18:38:25 ----D---- C:\rsit
2010-01-12 10:13:53 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Opera
2010-01-12 10:13:42 ----D---- C:\Program Files\Opera
2010-01-05 10:30:15 ----D---- C:\Program Files\GamePark
2010-01-04 23:29:49 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-04 23:29:49 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-04 23:29:48 ----A---- C:\WINDOWS\system32\java.exe
2010-01-04 12:38:36 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Help
2009-12-29 20:04:12 ----D---- C:\Program Files\Sony Ericsson
2009-12-29 14:36:46 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Facebook
2009-12-20 16:34:28 ----A---- C:\WINDOWS\ScUnin.exe
2009-12-20 13:20:38 ----D---- C:\Program Files\Garena
2009-12-17 22:16:13 ----A---- C:\WINDOWS\BJPSUNST.EXE
2009-12-16 19:58:53 ----A---- C:\WINDOWS\system32\fxtls432.dll
======List of files/folders modified in the last 1 months======
2010-01-12 18:38:45 ----D---- C:\Temp
2010-01-12 18:38:32 ----D---- C:\WINDOWS\Prefetch
2010-01-12 18:38:26 ----D---- C:\Program Files
2010-01-12 18:00:13 ----D---- C:\Program Files\Mozilla Firefox
2010-01-12 16:19:01 ----D---- C:\WINDOWS\system
2010-01-12 10:13:47 ----SHD---- C:\WINDOWS\Installer
2010-01-12 10:11:47 ----D---- C:\Program Files\SpeedFan
2010-01-12 10:10:50 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Skype
2010-01-12 10:08:25 ----D---- C:\WINDOWS
2010-01-11 23:23:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-11 09:59:55 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-10 18:48:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-08 17:37:58 ----D---- C:\WINDOWS\system32
2010-01-08 17:37:58 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-08 17:06:32 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-01-07 22:33:24 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Vso
2010-01-05 22:12:47 ----D---- C:\WINDOWS\system32\DirectX
2010-01-05 22:12:46 ----HD---- C:\WINDOWS\inf
2010-01-05 22:12:46 ----D---- C:\WINDOWS\Temp
2010-01-05 22:12:34 ----RSD---- C:\WINDOWS\assembly
2010-01-05 22:07:11 ----A---- C:\WINDOWS\game.ini
2010-01-05 21:45:21 ----D---- C:\WINDOWS\Minidump
2010-01-05 10:29:09 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-04 23:29:46 ----D---- C:\Program Files\Java
2010-01-04 12:55:47 ----A---- C:\WINDOWS\WINCMD.INI
2010-01-04 12:38:36 ----D---- C:\Program Files\totalcmd
2010-01-03 00:39:33 ----D---- C:\Program Files\ICQ6.5
2010-01-01 12:54:20 ----D---- C:\WINDOWS\system32\oodag
2009-12-29 20:08:57 ----D---- C:\WINDOWS\system32\drivers
2009-12-29 20:04:53 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-20 17:57:48 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND
2009-12-20 17:20:48 ----D---- C:\vcs5BGEffects
2009-12-20 12:33:18 ----D---- C:\Program Files\PokerStars
2009-12-18 10:23:29 ----D---- C:\Program Files\The KMPlayer
2009-12-17 22:16:11 ----D---- C:\Program Files\Canon
2009-12-17 22:05:32 ----D---- C:\WINDOWS\Debug
2009-12-17 22:05:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-12-16 20:27:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-23 279712]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-23 25888]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-05-18 2164736]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2008-03-22 113896]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-22 47360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 a9pn1t4e;a9pn1t4e; C:\WINDOWS\system32\drivers\a9pn1t4e.sys []
S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Temp\WQZ1B8A.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-12-29 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-12-29 25512]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-19 25280]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd;TRUST 120 SPACEC@M; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-02-19 299776]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\Temp\sony_ssm.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVicHW32;TVicHW32; \??\C:\WINDOWS\system32\DRIVERS\TVicHW32.SYS []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-05-18 479232]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-04 1028432]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-08 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-08 215104]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2005-03-05 2573536]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-11-17 192512]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-05-17 520192]
S2 gupdate1ca45312f42830;Google Update Service (gupdate1ca45312f42830); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-04 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu...
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu...
Dobré ranko 
doporučuji odinstalovat
C:\Program Files\Trojan Remover\
spusťte přejmenované HJT C:\Program Files\trend micro\lukas.exe
-Klikněte na "Do a system scan only"
-u řádku
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Dejte fajfku do čtverečku a zmáčkněte Fix checked
-restartujte pc
Z mého podpisu stahněte Ccleaner
-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy udělat zálohu registrů - nemusíte
-kliknete opravit všechny problémy ok zavřít
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
jsou s pc nějaké problémy?
doporučuji odinstalovatC:\Program Files\Trojan Remover\
spusťte přejmenované HJT C:\Program Files\trend micro\lukas.exe-Klikněte na "Do a system scan only"
-u řádku
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Dejte fajfku do čtverečku a zmáčkněte Fix checked
-restartujte pc
Z mého podpisu stahněte Ccleaner-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy
udělat zálohu registrů - nemusíte-kliknete opravit všechny problémy
ok zavřítCcleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
jsou s pc nějaké problémy?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu...
dobre odpoledne
děkuji za kontrolu... vše jsem udělal tak jak je zde psáno... po vyčištění ccleanerem se mi ukazují chybějící softwary
po spustění pc ... nejdou smazat ale to už mi dělá ccleaner dlouho...
v HJT jsem našel ješte toto, asi to nejde opravit...
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
C:\Program Files\Trojan Remover\ - jsem nenašel, už jsem ho máznul nejspíš dříve ... je možnost odstranit ho přes HJT?
nechci se hrabat v registrech...
další problémy se projevují jenom v lennosti pc (seká se)
...
děkuji za kontrolu... vše jsem udělal tak jak je zde psáno... po vyčištění ccleanerem se mi ukazují chybějící softwary
po spustění pc ... nejdou smazat ale to už mi dělá ccleaner dlouho...
v HJT jsem našel ješte toto, asi to nejde opravit...
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
C:\Program Files\Trojan Remover\ - jsem nenašel, už jsem ho máznul nejspíš dříve ... je možnost odstranit ho přes HJT?
nechci se hrabat v registrech...
další problémy se projevují jenom v lennosti pc (seká se)
...Re: Prosím o kontrolu...
Zkuste vypnout tea timer od Spybotu, může blokovat změny v registrech.
Otevřete si Poznámkový blok a zkopírujte do něj text
-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.
-restartujte pc
Napište mi, co za programy po startu vyskakuje na tabulkách
používáte garenu?
Měl jste někdy Zone alarm?
Máte už málo místa na disku, trochu ho pročistěte.
System drive C: has 3 GB
(16%) free of 20 GB
Total RAM: 1023 MB (25% free)
klikněte mi do podpisu na SVI a podle návodu vypněte a zapněte obnovu systému, někdy se v ní viry schovávají.
Smažte cache Opery bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/
- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
-zatrhněte Select All a pak klikněte na Empty Selected
pozor - přijdete o všechna hesla uložená ve FF /Opere!
-Na záložce main zaškrtněte All users temp a potvrdte Empty selected
Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)
vyčistění disku
start-spustit - napište cleanmgr - ok..ok
-dát fajfku temporary ,,,offline,,koš,,,dočasné soubory - ok,
start-spustit - napište cleanmgr - ok..ok
-další možnosti - obnovení systému - vyčistit - ok
start-spustit - napište chkdsk /f/r
-[enter]
souhlas - restartuje se pc a nechá se disk zkontrolovat
defragmentace disku
start - ovládací panely - nástroje pro správu - správa počítače - defragmentace disku
-můžete použít i jiný nástroj na defragmentaci, ten ve windows není nic moc
Za sebe můžu doporučit JK defrag, který se neinstaluje
http://www.slunecnice.cz/sw/jkdefrag/
A pak napište, zda to pomohlo , jinak budeme hledat dál
Otevřete si Poznámkový blok a zkopírujte do něj text Kód: Vybrat vše
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrCtrl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kalendar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpyEmergency"=-
"Kalendar"=-
"DownloadAccelerator"=-
"WrCtrl"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-
"snpstd"=-
"TrojanScanner"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.
-restartujte pc
Napište mi, co za programy po startu vyskakuje na tabulkách používáte garenu? Měl jste někdy Zone alarm? Máte už málo místa na disku, trochu ho pročistěte.System drive C: has 3 GB
(16%) free of 20 GB
Total RAM: 1023 MB (25% free)
klikněte mi do podpisu na SVI a podle návodu vypněte a zapněte obnovu systému, někdy se v ní viry schovávají. Smažte cache Opery bud ručně nebo ATF Cleaneremhttp://www.slunecnice.cz/sw/atf-cleaner/
- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
-zatrhněte Select All a pak klikněte na Empty Selected
pozor - přijdete o všechna hesla uložená ve FF /Opere!
-Na záložce main zaškrtněte All users temp a potvrdte Empty selected
Stahněte TFC a použijteTFC (http://oldtimer.geekstogo.com/TFC.exe)
vyčistění diskustart-spustit - napište cleanmgr - ok..ok
-dát fajfku temporary ,,,offline,,koš,,,dočasné soubory - ok,
start-spustit - napište cleanmgr - ok..ok
-další možnosti - obnovení systému - vyčistit - ok
start-spustit - napište chkdsk /f/r -[enter]
souhlas - restartuje se pc a nechá se disk zkontrolovat
defragmentace diskustart - ovládací panely - nástroje pro správu - správa počítače - defragmentace disku
-můžete použít i jiný nástroj na defragmentaci, ten ve windows není nic moc
Za sebe můžu doporučit JK defrag, který se neinstaluje
http://www.slunecnice.cz/sw/jkdefrag/
A pak napište, zda to pomohlo
, jinak budeme hledat dál Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu...
dobré ranko:)
takže jsem udělal skoro všechno... smáznul registry... udělal místo na disku... vypnutí a zapnutí obnovy systému..
atf cleanerem jsem maznul firefox a operu... hesla mi tam stejnak zustala... pc mi šlapalo lépe, než se mi tu objevil vir z nějaké ruské stránky.. chytil Eset nod 32 ... po restartu se mi tu vždy objeví uložení do karantény... nevím jestli to s tím souvisí ale svchost.exe mi jede furt na 100%... aplikace nabíhaj hrozně pomalu... potřebuju helfnout , poradte prosím...
takže jsem udělal skoro všechno... smáznul registry... udělal místo na disku... vypnutí a zapnutí obnovy systému..
atf cleanerem jsem maznul firefox a operu... hesla mi tam stejnak zustala... pc mi šlapalo lépe, než se mi tu objevil vir z nějaké ruské stránky.. chytil Eset nod 32 ... po restartu se mi tu vždy objeví uložení do karantény... nevím jestli to s tím souvisí ale svchost.exe mi jede furt na 100%... aplikace nabíhaj hrozně pomalu... potřebuju helfnout , poradte prosím...
Re: Prosím o kontrolu...
a kde jste vzal tu ruskou stránku? Z ICq?Poprosím o aktuální log ze Rsitu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu...
nejspíš ano jelikož jsem instaloval new qip ...
Logfile of random's system information tool 1.06 (written by random/random)
Run by lukas at 2010-01-19 07:25:13
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (43%) free of 20 GB
Total RAM: 1023 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:00, on 19.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Opera\opera.exe
D:\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\lukas.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Hynek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Hynek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FreeRapid 0.83u1.lnk = D:\FreeRapid-0.83U1\FreeRapid-0.83u1\frd.exe
O4 - Startup: siszyd32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFDD9398-0988-4894-B809-CB8FAC75BBFF}: NameServer = 213.46.172.36,213.46.172.37
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1ca45312f42830) (gupdate1ca45312f42830) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10755 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
CKeyScramblerBHO Object - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2008-06-01 808936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Hynek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2008-12-30 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-14 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-12 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-14 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-14 256112]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-05 491008]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"MaxMenuMgr"=C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2005-03-05 2573536]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-04-21 94208]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2008-08-24 4067328]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-21 68856]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-08-27 247144]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Hynek\Nabídka Start\Programy\Po spuštění
FreeRapid 0.83u1.lnk - D:\FreeRapid-0.83U1\FreeRapid-0.83u1\frd.exe
siszyd32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-05-18 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\Steam\SteamApps\posli\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\posli\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"D:\csko\cstrike.exe"="D:\csko\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\Program Files\Valve\Steam\SteamApps\posli\counter-strike beta\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\posli\counter-strike beta\hl.exe:*:Enabled:Half-Life Launcher"
"D:\ns\cstrike.exe"="D:\ns\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Disabled:Pro Evolution Soccer 2009"
"C:\Documents and Settings\Hynek\Plocha\pes2009.exe"="C:\Documents and Settings\Hynek\Plocha\pes2009.exe:*:Disabled:Pro Evolution Soccer 2009"
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"
"C:\Program Files\Microsoft Games\Rise of Nations\nations.exe"="C:\Program Files\Microsoft Games\Rise of Nations\nations.exe:*:Enabled:Rise of Nations"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Codemasters\DiRT Demo\DiRTDemo.exe"="C:\Program Files\Codemasters\DiRT Demo\DiRTDemo.exe:*:Enabled:DiRT Demo Executable"
"D:\Program Files\Codemasters\dirt\DiRT.exe"="D:\Program Files\Codemasters\dirt\DiRT.exe:*:Enabled:DiRT Executable"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Diablo\Spawn\diablo_s.exe"="C:\Diablo\Spawn\diablo_s.exe:*:Enabled:Diablo"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"D:\gta4\Rockstar Games Social Club\RGSCLauncher.exe"="D:\gta4\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\gta4\Grand Theft Auto IV\GTAIV.exe"="D:\gta4\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"D:\World of Warcraft\Launcher.exe"="D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\most wanted\speed.exe"="D:\most wanted\speed.exe:*:Enabled:speed"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\call of duty 4\iw3mp.exe"="D:\call of duty 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\BitLord2\BitLord.exe"="C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2"
"C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome"
"C:\Program Files\Home Series\Home Ftp Server\HomeFtpServer.exe"="C:\Program Files\Home Series\Home Ftp Server\HomeFtpServer.exe:*:Enabled:Ftp Server Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b50339d-9d5d-11de-9e2d-0014858fbecb}]
shell\AutoRun\command - I:\InstallTomTomHOME.exe
======List of files/folders created in the last 1 months======
2010-01-18 17:29:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-18 15:18:07 ----D---- C:\Documents and Settings\Hynek\Data aplikací\skypePM
2010-01-18 15:15:03 ----D---- C:\Program Files\Common Files\Skype
2010-01-18 15:14:16 ----RD---- C:\Program Files\Skype
2010-01-18 15:12:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-01-17 22:20:16 ----D---- C:\Documents and Settings\Hynek\Data aplikací\QIP
2010-01-17 22:19:28 ----D---- C:\Program Files\QIP Infium
2010-01-15 13:09:07 ----D---- C:\Program Files\CCleaner
2010-01-15 12:37:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Home Ftp Server
2010-01-15 08:05:55 ----D---- C:\Program Files\The KMPlayer
2010-01-13 06:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-12 18:38:26 ----D---- C:\Program Files\trend micro
2010-01-12 18:38:25 ----D---- C:\rsit
2010-01-12 10:13:53 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Opera
2010-01-12 10:13:42 ----D---- C:\Program Files\Opera
2010-01-05 10:30:15 ----D---- C:\Program Files\GamePark
2010-01-04 23:29:49 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-04 23:29:49 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-04 23:29:48 ----A---- C:\WINDOWS\system32\java.exe
2010-01-04 12:38:36 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Help
2009-12-29 20:04:12 ----D---- C:\Program Files\Sony Ericsson
2009-12-29 14:36:46 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Facebook
======List of files/folders modified in the last 1 months======
2010-01-19 07:26:08 ----D---- C:\Temp
2010-01-19 07:25:17 ----D---- C:\WINDOWS\Prefetch
2010-01-19 07:15:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-19 06:13:54 ----D---- C:\Program Files\Mozilla Firefox
2010-01-19 06:12:24 ----D---- C:\WINDOWS
2010-01-18 20:30:30 ----D---- C:\Program Files
2010-01-18 20:26:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-18 20:00:31 ----SHD---- C:\WINDOWS\Installer
2010-01-18 19:31:44 ----SHD---- C:\System Volume Information
2010-01-18 19:31:44 ----D---- C:\WINDOWS\system32\Restore
2010-01-18 18:30:08 ----D---- C:\Program Files\SpeedFan
2010-01-18 18:23:31 ----A---- C:\moduleName.txt
2010-01-18 17:40:00 ----D---- C:\Program Files\PokerStars
2010-01-18 15:33:50 ----D---- C:\Program Files\DivX
2010-01-18 15:19:01 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Skype
2010-01-18 15:18:14 ----D---- C:\WINDOWS\system32
2010-01-18 15:15:03 ----D---- C:\Program Files\Common Files
2010-01-17 21:40:11 ----D---- C:\WINDOWS\system32\oodag
2010-01-17 21:12:50 ----SD---- C:\Documents and Settings\Hynek\Data aplikací\Microsoft
2010-01-17 20:45:14 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-15 13:10:15 ----D---- C:\WINDOWS\Debug
2010-01-15 12:00:50 ----D---- C:\WINDOWS\Help
2010-01-15 11:58:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-15 10:02:55 ----A---- C:\WINDOWS\WINCMD.INI
2010-01-14 19:43:58 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 19:43:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-01-14 19:43:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-14 18:43:24 ----D---- C:\Program Files\OTTD
2010-01-14 14:35:13 ----D---- C:\WINDOWS\system
2010-01-13 06:20:46 ----HD---- C:\WINDOWS\inf
2010-01-13 06:20:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 06:20:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 03:16:52 ----D---- C:\WINDOWS\AppPatch
2010-01-08 17:37:58 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-08 17:06:32 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-01-07 22:33:24 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Vso
2010-01-05 22:12:47 ----D---- C:\WINDOWS\system32\DirectX
2010-01-05 22:12:46 ----D---- C:\WINDOWS\Temp
2010-01-05 22:12:34 ----RSD---- C:\WINDOWS\assembly
2010-01-05 22:07:11 ----A---- C:\WINDOWS\game.ini
2010-01-05 21:45:21 ----D---- C:\WINDOWS\Minidump
2010-01-05 10:29:09 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-04 23:29:46 ----D---- C:\Program Files\Java
2010-01-04 12:38:36 ----D---- C:\Program Files\totalcmd
2010-01-03 00:39:33 ----D---- C:\Program Files\ICQ6.5
2009-12-20 17:57:48 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND
2009-12-20 17:20:48 ----D---- C:\vcs5BGEffects
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-23 279712]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-23 25888]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-05-18 2164736]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2008-03-22 113896]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-22 47360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 a4o0x458;a4o0x458; C:\WINDOWS\system32\drivers\a4o0x458.sys []
S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Temp\WQZ1B8A.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-12-29 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-12-29 25512]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-19 25280]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd;TRUST 120 SPACEC@M; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-02-19 299776]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\Temp\sony_ssm.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVicHW32;TVicHW32; \??\C:\WINDOWS\system32\DRIVERS\TVicHW32.SYS []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-05-18 479232]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-08 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-08 215104]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2005-03-05 2573536]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-11-17 192512]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-05-17 520192]
S2 gupdate1ca45312f42830;Google Update Service (gupdate1ca45312f42830); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-04 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by lukas at 2010-01-19 07:25:13
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (43%) free of 20 GB
Total RAM: 1023 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:00, on 19.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Opera\opera.exe
D:\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\lukas.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Hynek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Hynek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FreeRapid 0.83u1.lnk = D:\FreeRapid-0.83U1\FreeRapid-0.83u1\frd.exe
O4 - Startup: siszyd32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFDD9398-0988-4894-B809-CB8FAC75BBFF}: NameServer = 213.46.172.36,213.46.172.37
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1ca45312f42830) (gupdate1ca45312f42830) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10755 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
CKeyScramblerBHO Object - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2008-06-01 808936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Hynek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2008-12-30 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-14 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-12 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-14 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-14 256112]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-05 491008]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"MaxMenuMgr"=C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2005-03-05 2573536]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-04-21 94208]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2008-08-24 4067328]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-21 68856]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-08-27 247144]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Hynek\Nabídka Start\Programy\Po spuštění
FreeRapid 0.83u1.lnk - D:\FreeRapid-0.83U1\FreeRapid-0.83u1\frd.exe
siszyd32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-05-18 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\Steam\SteamApps\posli\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\posli\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"D:\csko\cstrike.exe"="D:\csko\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\Program Files\Valve\Steam\SteamApps\posli\counter-strike beta\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\posli\counter-strike beta\hl.exe:*:Enabled:Half-Life Launcher"
"D:\ns\cstrike.exe"="D:\ns\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Disabled:Pro Evolution Soccer 2009"
"C:\Documents and Settings\Hynek\Plocha\pes2009.exe"="C:\Documents and Settings\Hynek\Plocha\pes2009.exe:*:Disabled:Pro Evolution Soccer 2009"
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"
"C:\Program Files\Microsoft Games\Rise of Nations\nations.exe"="C:\Program Files\Microsoft Games\Rise of Nations\nations.exe:*:Enabled:Rise of Nations"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Codemasters\DiRT Demo\DiRTDemo.exe"="C:\Program Files\Codemasters\DiRT Demo\DiRTDemo.exe:*:Enabled:DiRT Demo Executable"
"D:\Program Files\Codemasters\dirt\DiRT.exe"="D:\Program Files\Codemasters\dirt\DiRT.exe:*:Enabled:DiRT Executable"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Diablo\Spawn\diablo_s.exe"="C:\Diablo\Spawn\diablo_s.exe:*:Enabled:Diablo"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"D:\gta4\Rockstar Games Social Club\RGSCLauncher.exe"="D:\gta4\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\gta4\Grand Theft Auto IV\GTAIV.exe"="D:\gta4\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"D:\World of Warcraft\Launcher.exe"="D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\most wanted\speed.exe"="D:\most wanted\speed.exe:*:Enabled:speed"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\call of duty 4\iw3mp.exe"="D:\call of duty 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\BitLord2\BitLord.exe"="C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2"
"C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome"
"C:\Program Files\Home Series\Home Ftp Server\HomeFtpServer.exe"="C:\Program Files\Home Series\Home Ftp Server\HomeFtpServer.exe:*:Enabled:Ftp Server Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b50339d-9d5d-11de-9e2d-0014858fbecb}]
shell\AutoRun\command - I:\InstallTomTomHOME.exe
======List of files/folders created in the last 1 months======
2010-01-18 17:29:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-18 15:18:07 ----D---- C:\Documents and Settings\Hynek\Data aplikací\skypePM
2010-01-18 15:15:03 ----D---- C:\Program Files\Common Files\Skype
2010-01-18 15:14:16 ----RD---- C:\Program Files\Skype
2010-01-18 15:12:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-01-17 22:20:16 ----D---- C:\Documents and Settings\Hynek\Data aplikací\QIP
2010-01-17 22:19:28 ----D---- C:\Program Files\QIP Infium
2010-01-15 13:09:07 ----D---- C:\Program Files\CCleaner
2010-01-15 12:37:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Home Ftp Server
2010-01-15 08:05:55 ----D---- C:\Program Files\The KMPlayer
2010-01-13 06:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-12 18:38:26 ----D---- C:\Program Files\trend micro
2010-01-12 18:38:25 ----D---- C:\rsit
2010-01-12 10:13:53 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Opera
2010-01-12 10:13:42 ----D---- C:\Program Files\Opera
2010-01-05 10:30:15 ----D---- C:\Program Files\GamePark
2010-01-04 23:29:49 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-04 23:29:49 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-04 23:29:48 ----A---- C:\WINDOWS\system32\java.exe
2010-01-04 12:38:36 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Help
2009-12-29 20:04:12 ----D---- C:\Program Files\Sony Ericsson
2009-12-29 14:36:46 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Facebook
======List of files/folders modified in the last 1 months======
2010-01-19 07:26:08 ----D---- C:\Temp
2010-01-19 07:25:17 ----D---- C:\WINDOWS\Prefetch
2010-01-19 07:15:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-19 06:13:54 ----D---- C:\Program Files\Mozilla Firefox
2010-01-19 06:12:24 ----D---- C:\WINDOWS
2010-01-18 20:30:30 ----D---- C:\Program Files
2010-01-18 20:26:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-18 20:00:31 ----SHD---- C:\WINDOWS\Installer
2010-01-18 19:31:44 ----SHD---- C:\System Volume Information
2010-01-18 19:31:44 ----D---- C:\WINDOWS\system32\Restore
2010-01-18 18:30:08 ----D---- C:\Program Files\SpeedFan
2010-01-18 18:23:31 ----A---- C:\moduleName.txt
2010-01-18 17:40:00 ----D---- C:\Program Files\PokerStars
2010-01-18 15:33:50 ----D---- C:\Program Files\DivX
2010-01-18 15:19:01 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Skype
2010-01-18 15:18:14 ----D---- C:\WINDOWS\system32
2010-01-18 15:15:03 ----D---- C:\Program Files\Common Files
2010-01-17 21:40:11 ----D---- C:\WINDOWS\system32\oodag
2010-01-17 21:12:50 ----SD---- C:\Documents and Settings\Hynek\Data aplikací\Microsoft
2010-01-17 20:45:14 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-15 13:10:15 ----D---- C:\WINDOWS\Debug
2010-01-15 12:00:50 ----D---- C:\WINDOWS\Help
2010-01-15 11:58:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-15 10:02:55 ----A---- C:\WINDOWS\WINCMD.INI
2010-01-14 19:43:58 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 19:43:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-01-14 19:43:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-14 18:43:24 ----D---- C:\Program Files\OTTD
2010-01-14 14:35:13 ----D---- C:\WINDOWS\system
2010-01-13 06:20:46 ----HD---- C:\WINDOWS\inf
2010-01-13 06:20:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 06:20:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 03:16:52 ----D---- C:\WINDOWS\AppPatch
2010-01-08 17:37:58 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-08 17:06:32 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-01-07 22:33:24 ----D---- C:\Documents and Settings\Hynek\Data aplikací\Vso
2010-01-05 22:12:47 ----D---- C:\WINDOWS\system32\DirectX
2010-01-05 22:12:46 ----D---- C:\WINDOWS\Temp
2010-01-05 22:12:34 ----RSD---- C:\WINDOWS\assembly
2010-01-05 22:07:11 ----A---- C:\WINDOWS\game.ini
2010-01-05 21:45:21 ----D---- C:\WINDOWS\Minidump
2010-01-05 10:29:09 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-04 23:29:46 ----D---- C:\Program Files\Java
2010-01-04 12:38:36 ----D---- C:\Program Files\totalcmd
2010-01-03 00:39:33 ----D---- C:\Program Files\ICQ6.5
2009-12-20 17:57:48 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND
2009-12-20 17:20:48 ----D---- C:\vcs5BGEffects
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-23 279712]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-23 25888]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-05-18 2164736]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2008-03-22 113896]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-22 47360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 a4o0x458;a4o0x458; C:\WINDOWS\system32\drivers\a4o0x458.sys []
S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Temp\WQZ1B8A.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-12-29 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-12-29 25512]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-19 25280]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd;TRUST 120 SPACEC@M; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-02-19 299776]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\Temp\sony_ssm.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVicHW32;TVicHW32; \??\C:\WINDOWS\system32\DRIVERS\TVicHW32.SYS []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-05-18 479232]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-08 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-08 215104]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2005-03-05 2573536]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-11-17 192512]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-05-17 520192]
S2 gupdate1ca45312f42830;Google Update Service (gupdate1ca45312f42830); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-04 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Prosím o kontrolu...
Zkuste jestli Vám půjde spustit combofix, včera měl nějakou chybu..pokud ne, nevadí, opakovaně to nezkoušejte a napište mi
Je tam mrška jedna
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Je tam mrška jedna
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu...
ComboFix 10-01-18.02 - lukas 19.01.2010 13:16:37.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.640 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hynek\Plocha\ComboFix.exe
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\QIP
c:\program files\QIP\LI\current.cfg
c:\program files\QIP\LI\Czech\_cntry.lng
c:\program files\QIP\LI\Czech\_intrsts.lng
c:\program files\QIP\LI\Czech\_langs.lng
c:\program files\QIP\LI\Czech\_marital.lng
c:\program files\QIP\LI\Czech\_occup.lng
c:\program files\QIP\LI\Czech\_orgs.lng
c:\program files\QIP\LI\Czech\_past.lng
c:\program files\QIP\LI\Czech\_rndchat.lng
c:\program files\QIP\LI\Czech\desc.txt
c:\program files\QIP\LI\Czech\chars_r.ini
c:\program files\QIP\LI\Czech\chars_t.ini
c:\program files\QIP\LI\Czech\lang.ini
c:\program files\QIP\LI\English\_cntry.lng
c:\program files\QIP\LI\English\_intrsts.lng
c:\program files\QIP\LI\English\_langs.lng
c:\program files\QIP\LI\English\_marital.lng
c:\program files\QIP\LI\English\_occup.lng
c:\program files\QIP\LI\English\_orgs.lng
c:\program files\QIP\LI\English\_past.lng
c:\program files\QIP\LI\English\_rndchat.lng
c:\program files\QIP\LI\English\desc.txt
c:\program files\QIP\LI\English\chars_r.ini
c:\program files\QIP\LI\English\chars_t.ini
c:\program files\QIP\LI\English\lang.ini
c:\program files\QIP\LI\langs.cfg
c:\program files\QIP\LI\Russian\_cntry.lng
c:\program files\QIP\LI\Russian\_intrsts.lng
c:\program files\QIP\LI\Russian\_langs.lng
c:\program files\QIP\LI\Russian\_marital.lng
c:\program files\QIP\LI\Russian\_occup.lng
c:\program files\QIP\LI\Russian\_orgs.lng
c:\program files\QIP\LI\Russian\_past.lng
c:\program files\QIP\LI\Russian\_rndchat.lng
c:\program files\QIP\LI\Russian\desc.txt
c:\program files\QIP\LI\Russian\chars_r.ini
c:\program files\QIP\LI\Russian\chars_t.ini
c:\program files\QIP\LI\Russian\lang.ini
c:\program files\QIP\Plugins\docking.dll
c:\program files\QIP\qip.exe
c:\program files\QIP\Skins\current.cfg
c:\program files\QIP\Skins\ICQ5\addopt.bmp
c:\program files\QIP\Skins\ICQ5\allicons.bmp
c:\program files\QIP\Skins\ICQ5\clbg.bmp
c:\program files\QIP\Skins\ICQ5\clevent.bmp
c:\program files\QIP\Skins\ICQ5\clstatus.bmp
c:\program files\QIP\Skins\ICQ5\Colors.ini
c:\program files\QIP\Skins\ICQ5\desc.txt
c:\program files\QIP\Skins\ICQ5\downbutton1.bmp
c:\program files\QIP\Skins\ICQ5\fadehlp.bmp
c:\program files\QIP\Skins\ICQ5\fadehlpt.bmp
c:\program files\QIP\Skins\ICQ5\fademsg.bmp
c:\program files\QIP\Skins\ICQ5\fademsgt.bmp
c:\program files\QIP\Skins\ICQ5\fadesrv.bmp
c:\program files\QIP\Skins\ICQ5\fadesrvt.bmp
c:\program files\QIP\Skins\ICQ5\msgbg.bmp
c:\program files\QIP\Skins\ICQ5\msgbge.bmp
c:\program files\QIP\Skins\ICQ5\noimage.jpg
c:\program files\QIP\Skins\ICQ5\qipbtn.bmp
c:\program files\QIP\Skins\ICQ5\signs.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\_define.ini
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aa.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ab.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ac.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ad.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ae.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\af.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ag.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ah.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ai.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aj.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ak.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\al.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\am.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\an.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ao.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ap.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aq.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ar.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\as.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\at.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\au.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\av.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aw.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ax.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ay.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\az.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ba.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bb.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bc.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bd.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\be.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bf.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bg.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bh.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bi.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bj.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bk.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bl.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bm.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bn.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bo.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bp.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bq.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\br.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bs.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bt.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bu.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bv.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bw.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\Copyright(eng).txt
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\Copyright.txt
c:\program files\QIP\Skins\ICQ5\Smilies\Static\_define.ini
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aa.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ab.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ac.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ad.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ae.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\af.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ag.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ah.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ai.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aj.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ak.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\al.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\am.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\an.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ao.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ap.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aq.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ar.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\as.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\at.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\au.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\av.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aw.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ax.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ay.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ba.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\bb.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\bc.bmp
c:\program files\QIP\Skins\ICQ5\splash.bmp
c:\program files\QIP\Skins\ICQ5\st_custom.bmp
c:\program files\QIP\Skins\ICQ5\statuses.bmp
c:\program files\QIP\Skins\ICQ5\title.bmp
c:\program files\QIP\Skins\ICQ5\tray.bmp
c:\program files\QIP\Skins\ICQ5\tray2k.bmp
c:\program files\QIP\Skins\ICQ5\upbutton1.bmp
c:\program files\QIP\Skins\ICQ5\upbutton2.bmp
c:\program files\QIP\Skins\ICQ5\upbutton3.bmp
c:\program files\QIP\Skins\ICQ5\userinfo.bmp
c:\program files\QIP\Skins\ICQ5\vis.bmp
c:\program files\QIP\Skins\skins.cfg
c:\program files\QIP\Sounds\sndAuth.wav
c:\program files\QIP\Sounds\sndGlobal.wav
c:\program files\QIP\Sounds\sndMsg.wav
c:\program files\QIP\Sounds\sndMsgSent.wav
c:\program files\QIP\Sounds\sndPlugin.wav
c:\program files\QIP\Sounds\sndRemSelf.wav
c:\program files\QIP\Sounds\sndSrvMsg.wav
c:\program files\QIP\Sounds\sndStartup.wav
c:\program files\QIP\Sounds\sndSystem.wav
c:\program files\QIP\unins000.dat
c:\program files\QIP\unins000.exe
c:\program files\QIP\Users\196634762\_birth.txt
c:\program files\QIP\Users\196634762\_botq.txt
c:\program files\QIP\Users\196634762\_events.txt
c:\program files\QIP\Users\196634762\_eye.txt
c:\program files\QIP\Users\196634762\_groups.txt
c:\program files\QIP\Users\196634762\_m_away.txt
c:\program files\QIP\Users\196634762\_m_depr.txt
c:\program files\QIP\Users\196634762\_m_dnd.txt
c:\program files\QIP\Users\196634762\_m_evil.txt
c:\program files\QIP\Users\196634762\_m_ffc.txt
c:\program files\QIP\Users\196634762\_m_home.txt
c:\program files\QIP\Users\196634762\_m_lunch.txt
c:\program files\QIP\Users\196634762\_m_na.txt
c:\program files\QIP\Users\196634762\_m_occup.txt
c:\program files\QIP\Users\196634762\_m_work.txt
c:\program files\QIP\Users\196634762\_premsg.txt
c:\program files\QIP\Users\196634762\_st_away.txt
c:\program files\QIP\Users\196634762\_st_cust.txt
c:\program files\QIP\Users\196634762\196634762.cl
c:\program files\QIP\Users\196634762\196634762.clg
c:\program files\QIP\Users\196634762\196634762.cli
c:\program files\QIP\Users\196634762\196634762.clv
c:\program files\QIP\Users\196634762\196634762.lcl
c:\program files\QIP\Users\196634762\196634762.nil
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_05.cl
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_05.clg
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_05.cli
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_05.clv
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_06.cl
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_06.clg
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_06.cli
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_06.clv
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_09.cl
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_09.clg
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_09.cli
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_09.clv
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_10.cl
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_10.clg
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_10.cli
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_10.clv
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_12.cl
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_12.clg
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_12.cli
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_12.clv
c:\program files\QIP\Users\196634762\Config.ini
c:\program files\QIP\Users\196634762\Devils\190279455.jpg
c:\program files\QIP\Users\196634762\Devils\192568689.jpg
c:\program files\QIP\Users\196634762\Devils\194633876.jpg
c:\program files\QIP\Users\196634762\Devils\196634762.jpg
c:\program files\QIP\Users\196634762\Devils\196832210.jpg
c:\program files\QIP\Users\196634762\Devils\197903309.jpg
c:\program files\QIP\Users\196634762\Devils\199589375.jpg
c:\program files\QIP\Users\196634762\Devils\201051294.gif
c:\program files\QIP\Users\196634762\Devils\207260820.jpg
c:\program files\QIP\Users\196634762\Devils\208072017.jpg
c:\program files\QIP\Users\196634762\Devils\211037088.jpg
c:\program files\QIP\Users\196634762\Devils\211763137.jpg
c:\program files\QIP\Users\196634762\Devils\218507493.jpg
c:\program files\QIP\Users\196634762\Devils\219782928.jpg
c:\program files\QIP\Users\196634762\Devils\225560421.jpg
c:\program files\QIP\Users\196634762\Devils\228343311.jpg
c:\program files\QIP\Users\196634762\Devils\231653301.jpg
c:\program files\QIP\Users\196634762\Devils\232732564.jpg
c:\program files\QIP\Users\196634762\Devils\238833324.jpg
c:\program files\QIP\Users\196634762\Devils\243574131.jpg
c:\program files\QIP\Users\196634762\Devils\248788527.jpg
c:\program files\QIP\Users\196634762\Devils\249834439.jpg
c:\program files\QIP\Users\196634762\Devils\253539585.jpg
c:\program files\QIP\Users\196634762\Devils\258749556.jpg
c:\program files\QIP\Users\196634762\Devils\260246434.jpg
c:\program files\QIP\Users\196634762\Devils\263750042.jpg
c:\program files\QIP\Users\196634762\Devils\264270750.jpg
c:\program files\QIP\Users\196634762\Devils\267493870.jpg
c:\program files\QIP\Users\196634762\Devils\270419451.jpg
c:\program files\QIP\Users\196634762\Devils\271724152.jpg
c:\program files\QIP\Users\196634762\Devils\273911950.jpg
c:\program files\QIP\Users\196634762\Devils\281056601.jpg
c:\program files\QIP\Users\196634762\Devils\281883471.jpg
c:\program files\QIP\Users\196634762\Devils\282837531.jpg
c:\program files\QIP\Users\196634762\Devils\286933175.jpg
c:\program files\QIP\Users\196634762\Devils\289386286.jpg
c:\program files\QIP\Users\196634762\Devils\294881566.jpg
c:\program files\QIP\Users\196634762\Devils\306724754.jpg
c:\program files\QIP\Users\196634762\Devils\308221608.jpg
c:\program files\QIP\Users\196634762\Devils\319504609.jpg
c:\program files\QIP\Users\196634762\Devils\321809574.jpg
c:\program files\QIP\Users\196634762\Devils\332989228.jpg
c:\program files\QIP\Users\196634762\Devils\335465827.jpg
c:\program files\QIP\Users\196634762\Devils\347508089.jpg
c:\program files\QIP\Users\196634762\Devils\351835648.jpg
c:\program files\QIP\Users\196634762\Devils\375977283.jpg
c:\program files\QIP\Users\196634762\Devils\394905250.jpg
c:\program files\QIP\Users\196634762\Devils\396806300.jpg
c:\program files\QIP\Users\196634762\Devils\405724579.jpg
c:\program files\QIP\Users\196634762\Devils\406082880.jpg
c:\program files\QIP\Users\196634762\Devils\408306820.jpg
c:\program files\QIP\Users\196634762\Devils\418453428.jpg
c:\program files\QIP\Users\196634762\Devils\436747569.jpg
c:\program files\QIP\Users\196634762\Devils\445206196.jpg
c:\program files\QIP\Users\196634762\Devils\449372073.jpg
c:\program files\QIP\Users\196634762\Devils\450079940.jpg
c:\program files\QIP\Users\196634762\Devils\486559025.jpg
c:\program files\QIP\Users\196634762\Devils\489704702.jpg
c:\program files\QIP\Users\196634762\Devils\498305286.gif
c:\program files\QIP\Users\196634762\History\_srvlog.txt
c:\program files\QIP\Users\196634762\History\194762354.txt
c:\program files\QIP\Users\196634762\History\218507493.txt
c:\program files\QIP\Users\196634762\History\232732564.txt
c:\program files\QIP\Users\196634762\History\251741815.txt
c:\program files\QIP\Users\196634762\History\282304405.txt
c:\program files\QIP\Users\196634762\History\306724754.txt
c:\program files\QIP\Users\196634762\History\308221608.txt
c:\program files\QIP\Users\196634762\History\319504609.txt
c:\program files\QIP\Users\196634762\History\320084012.txt
c:\program files\QIP\Users\196634762\History\365880350.txt
c:\program files\QIP\Users\196634762\History\394855655.txt
c:\program files\QIP\Users\196634762\History\394905250.txt
c:\program files\QIP\Users\196634762\History\396806300.txt
c:\program files\QIP\Users\196634762\History\405724579.txt
c:\program files\QIP\Users\196634762\History\418618785.txt
c:\program files\QIP\Users\196634762\History\489704702.txt
c:\program files\QIP\Users\196634762\History\498305286.txt
c:\program files\QIP\Users\218507493\_birth.txt
c:\program files\QIP\Users\218507493\_botq.txt
c:\program files\QIP\Users\218507493\_events.txt
c:\program files\QIP\Users\218507493\_eye.txt
c:\program files\QIP\Users\218507493\_groups.txt
c:\program files\QIP\Users\218507493\_m_away.txt
c:\program files\QIP\Users\218507493\_m_depr.txt
c:\program files\QIP\Users\218507493\_m_dnd.txt
c:\program files\QIP\Users\218507493\_m_evil.txt
c:\program files\QIP\Users\218507493\_m_ffc.txt
c:\program files\QIP\Users\218507493\_m_home.txt
c:\program files\QIP\Users\218507493\_m_lunch.txt
c:\program files\QIP\Users\218507493\_m_na.txt
c:\program files\QIP\Users\218507493\_m_occup.txt
c:\program files\QIP\Users\218507493\_m_work.txt
c:\program files\QIP\Users\218507493\_premsg.txt
c:\program files\QIP\Users\218507493\_st_away.txt
c:\program files\QIP\Users\218507493\_st_cust.txt
c:\program files\QIP\Users\218507493\218507493.cl
c:\program files\QIP\Users\218507493\218507493.clg
c:\program files\QIP\Users\218507493\218507493.cli
c:\program files\QIP\Users\218507493\218507493.clv
c:\program files\QIP\Users\218507493\218507493.lcl
c:\program files\QIP\Users\218507493\218507493.nil
c:\program files\QIP\Users\218507493\BackupCL\218507493_2009_09.cl
c:\program files\QIP\Users\218507493\BackupCL\218507493_2009_09.clg
c:\program files\QIP\Users\218507493\BackupCL\218507493_2009_09.cli
c:\program files\QIP\Users\218507493\BackupCL\218507493_2009_09.clv
c:\program files\QIP\Users\218507493\Config.ini
c:\program files\QIP\Users\218507493\Devils\199433939.jpg
c:\program files\QIP\Users\218507493\Devils\202736981.jpg
c:\program files\QIP\Users\218507493\Devils\206371023.jpg
c:\program files\QIP\Users\218507493\Devils\209224439.jpg
c:\program files\QIP\Users\218507493\Devils\211037088.jpg
c:\program files\QIP\Users\218507493\Devils\213647982.jpg
c:\program files\QIP\Users\218507493\Devils\218507493.jpg
c:\program files\QIP\Users\218507493\Devils\222798243.jpg
c:\program files\QIP\Users\218507493\Devils\236058665.jpg
c:\program files\QIP\Users\218507493\Devils\237372203.jpg
c:\program files\QIP\Users\218507493\Devils\238386044.jpg
c:\program files\QIP\Users\218507493\Devils\241490295.jpg
c:\program files\QIP\Users\218507493\Devils\244791603.jpg
c:\program files\QIP\Users\218507493\Devils\246606962.jpg
c:\program files\QIP\Users\218507493\Devils\251003198.gif
c:\program files\QIP\Users\218507493\Devils\251577633.jpg
c:\program files\QIP\Users\218507493\Devils\252386914.jpg
c:\program files\QIP\Users\218507493\Devils\261639292.jpg
c:\program files\QIP\Users\218507493\Devils\263406305.jpg
c:\program files\QIP\Users\218507493\Devils\266886611.jpg
c:\program files\QIP\Users\218507493\Devils\269993197.jpg
c:\program files\QIP\Users\218507493\Devils\273812815.jpg
c:\program files\QIP\Users\218507493\Devils\284033308.jpg
c:\program files\QIP\Users\218507493\Devils\286138849.jpg
c:\program files\QIP\Users\218507493\Devils\286273888.jpg
c:\program files\QIP\Users\218507493\Devils\286933175.jpg
c:\program files\QIP\Users\218507493\Devils\292932494.jpg
c:\program files\QIP\Users\218507493\Devils\294881566.jpg
c:\program files\QIP\Users\218507493\Devils\295552278.jpg
c:\program files\QIP\Users\218507493\Devils\299115010.jpg
c:\program files\QIP\Users\218507493\Devils\302930935.jpg
c:\program files\QIP\Users\218507493\Devils\311786827.jpg
c:\program files\QIP\Users\218507493\Devils\318088451.jpg
c:\program files\QIP\Users\218507493\Devils\320731457.jpg
c:\program files\QIP\Users\218507493\Devils\321809574.jpg
c:\program files\QIP\Users\218507493\Devils\335465827.jpg
c:\program files\QIP\Users\218507493\Devils\339167757.jpg
c:\program files\QIP\Users\218507493\Devils\353840760.gif
c:\program files\QIP\Users\218507493\Devils\367938589.jpg
c:\program files\QIP\Users\218507493\Devils\370725420.jpg
c:\program files\QIP\Users\218507493\Devils\390698191.jpg
c:\program files\QIP\Users\218507493\Devils\397380520.jpg
c:\program files\QIP\Users\218507493\Devils\398638483.gif
c:\program files\QIP\Users\218507493\Devils\401570270.jpg
c:\program files\QIP\Users\218507493\Devils\405890266.jpg
c:\program files\QIP\Users\218507493\Devils\440189904.jpg
c:\program files\QIP\Users\218507493\Devils\440596506.jpg
c:\program files\QIP\Users\218507493\Devils\498305286.gif
c:\program files\QIP\Users\218507493\Devils\499307304.jpg
c:\program files\QIP\Users\218507493\History\_srvlog.txt
c:\program files\QIP\Users\218507493\History\237372203.txt
c:\program files\QIP\Users\218507493\History\320084012.txt
c:\program files\QIP\Users\218507493\History\498305286.txt
c:\program files\QIP\Users\228491965\_birth.txt
c:\program files\QIP\Users\228491965\_botq.txt
c:\program files\QIP\Users\228491965\_events.txt
c:\program files\QIP\Users\228491965\_eye.txt
c:\program files\QIP\Users\228491965\_groups.txt
c:\program files\QIP\Users\228491965\_m_away.txt
c:\program files\QIP\Users\228491965\_m_depr.txt
c:\program files\QIP\Users\228491965\_m_dnd.txt
c:\program files\QIP\Users\228491965\_m_evil.txt
c:\program files\QIP\Users\228491965\_m_ffc.txt
c:\program files\QIP\Users\228491965\_m_home.txt
c:\program files\QIP\Users\228491965\_m_lunch.txt
c:\program files\QIP\Users\228491965\_m_na.txt
c:\program files\QIP\Users\228491965\_m_occup.txt
c:\program files\QIP\Users\228491965\_m_work.txt
c:\program files\QIP\Users\228491965\_premsg.txt
c:\program files\QIP\Users\228491965\_st_away.txt
c:\program files\QIP\Users\228491965\_st_cust.txt
c:\program files\QIP\Users\228491965\228491965.cl
c:\program files\QIP\Users\228491965\228491965.clg
c:\program files\QIP\Users\228491965\228491965.cli
c:\program files\QIP\Users\228491965\228491965.clv
c:\program files\QIP\Users\228491965\228491965.lcl
c:\program files\QIP\Users\228491965\228491965.nil
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_05.cl
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_05.clg
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_05.cli
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_05.clv
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_06.cl
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_06.clg
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_06.cli
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_06.clv
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_09.cl
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_09.clg
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_09.cli
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_09.clv
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_10.cl
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_10.clg
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_10.cli
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_10.clv
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_12.cl
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_12.clg
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_12.cli
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_12.clv
c:\program files\QIP\Users\228491965\Config.ini
c:\program files\QIP\Users\228491965\Devils\200313772.jpg
c:\program files\QIP\Users\228491965\Devils\212074615.jpg
c:\program files\QIP\Users\228491965\Devils\213097480.jpg
c:\program files\QIP\Users\228491965\Devils\218408961.gif
c:\program files\QIP\Users\228491965\Devils\218509197.jpg
c:\program files\QIP\Users\228491965\Devils\228204374.jpg
c:\program files\QIP\Users\228491965\Devils\228207184.jpg
c:\program files\QIP\Users\228491965\Devils\228491965.jpg
c:\program files\QIP\Users\228491965\Devils\233505451.jpg
c:\program files\QIP\Users\228491965\Devils\235411695.jpg
c:\program files\QIP\Users\228491965\Devils\244619116.jpg
c:\program files\QIP\Users\228491965\Devils\248187804.jpg
c:\program files\QIP\Users\228491965\Devils\248258391.jpg
c:\program files\QIP\Users\228491965\Devils\266691514.jpg
c:\program files\QIP\Users\228491965\Devils\271764332.jpg
c:\program files\QIP\Users\228491965\Devils\275334831.jpg
c:\program files\QIP\Users\228491965\Devils\276383379.jpg
c:\program files\QIP\Users\228491965\Devils\278492565.jpg
c:\program files\QIP\Users\228491965\Devils\283459264.jpg
c:\program files\QIP\Users\228491965\Devils\286353576.jpg
c:\program files\QIP\Users\228491965\Devils\292174539.jpg
c:\program files\QIP\Users\228491965\Devils\293914536.gif
c:\program files\QIP\Users\228491965\Devils\301337044.jpg
c:\program files\QIP\Users\228491965\Devils\302853091.jpg
c:\program files\QIP\Users\228491965\Devils\311186014.jpg
c:\program files\QIP\Users\228491965\Devils\315159466.jpg
c:\program files\QIP\Users\228491965\Devils\319504609.jpg
c:\program files\QIP\Users\228491965\Devils\336274241.gif
c:\program files\QIP\Users\228491965\Devils\337977367.jpg
c:\program files\QIP\Users\228491965\Devils\344324344.jpg
c:\program files\QIP\Users\228491965\Devils\360427252.jpg
c:\program files\QIP\Users\228491965\Devils\364943484.jpg
c:\program files\QIP\Users\228491965\Devils\396806300.jpg
c:\program files\QIP\Users\228491965\Devils\417133213.jpg
c:\program files\QIP\Users\228491965\Devils\418638709.jpg
c:\program files\QIP\Users\228491965\Devils\553252027.jpg
c:\program files\QIP\Users\228491965\Devils\580317014.jpg
c:\program files\QIP\Users\228491965\History\_srvlog.txt
c:\program files\QIP\Users\228491965\History\212074615.txt
c:\program files\QIP\Users\228491965\History\214871903.txt
c:\program files\QIP\Users\228491965\History\218509197.txt
c:\program files\QIP\Users\228491965\History\219386993.txt
c:\program files\QIP\Users\228491965\History\228204374.txt
c:\program files\QIP\Users\228491965\History\228207184.txt
c:\program files\QIP\Users\228491965\History\233853935.txt
c:\program files\QIP\Users\228491965\History\248187804.txt
c:\program files\QIP\Users\228491965\History\262212112.txt
c:\program files\QIP\Users\228491965\History\301337044.txt
c:\program files\QIP\Users\228491965\History\308990207.txt
c:\program files\QIP\Users\228491965\History\311186014.txt
c:\program files\QIP\Users\228491965\History\315159466.txt
c:\program files\QIP\Users\228491965\History\344324344.txt
c:\program files\QIP\Users\228491965\History\344654993.txt
c:\program files\QIP\Users\228491965\History\417133213.txt
c:\program files\QIP\Users\228491965\History\418638709.txt
c:\program files\QIP\Users\228491965\History\469317990.txt
c:\program files\QIP\Users\228491965\History\561306174.txt
c:\program files\QIP\Users\228491965\History\573555008.txt
c:\program files\QIP\Users\269727042\_birth.txt
c:\program files\QIP\Users\269727042\_botq.txt
c:\program files\QIP\Users\269727042\_events.txt
c:\program files\QIP\Users\269727042\_eye.txt
c:\program files\QIP\Users\269727042\_groups.txt
c:\program files\QIP\Users\269727042\_m_away.txt
c:\program files\QIP\Users\269727042\_m_depr.txt
c:\program files\QIP\Users\269727042\_m_dnd.txt
c:\program files\QIP\Users\269727042\_m_evil.txt
c:\program files\QIP\Users\269727042\_m_ffc.txt
c:\program files\QIP\Users\269727042\_m_home.txt
c:\program files\QIP\Users\269727042\_m_lunch.txt
c:\program files\QIP\Users\269727042\_m_na.txt
c:\program files\QIP\Users\269727042\_m_occup.txt
c:\program files\QIP\Users\269727042\_m_work.txt
c:\program files\QIP\Users\269727042\_premsg.txt
c:\program files\QIP\Users\269727042\_st_away.txt
c:\program files\QIP\Users\269727042\_st_cust.txt
c:\program files\QIP\Users\269727042\269727042.cl
c:\program files\QIP\Users\269727042\269727042.clg
c:\program files\QIP\Users\269727042\269727042.cli
c:\program files\QIP\Users\269727042\269727042.clv
c:\program files\QIP\Users\269727042\269727042.lcl
c:\program files\QIP\Users\269727042\269727042.nil
c:\program files\QIP\Users\269727042\BackupCL\269727042_2009_10.cl
c:\program files\QIP\Users\269727042\BackupCL\269727042_2009_10.clg
c:\program files\QIP\Users\269727042\BackupCL\269727042_2009_10.cli
c:\program files\QIP\Users\269727042\BackupCL\269727042_2009_10.clv
c:\program files\QIP\Users\269727042\Config.ini
c:\program files\QIP\Users\269727042\Devils\228207184.jpg
c:\program files\QIP\Users\269727042\Devils\240349490.jpg
c:\program files\QIP\Users\269727042\Devils\269727042.jpg
c:\program files\QIP\Users\269727042\Devils\361041965.jpg
c:\program files\QIP\Users\269727042\Devils\443444279.jpg
c:\program files\QIP\Users\269727042\Devils\459957539.jpg
c:\program files\QIP\Users\269727042\History\240349490.txt
c:\program files\QIP\Users\269727042\History\361041965.txt
c:\program files\QIP\Users\269727042\History\556014993.txt
c:\program files\QIP\Users\319504609\_birth.txt
c:\program files\QIP\Users\319504609\_botq.txt
c:\program files\QIP\Users\319504609\_events.txt
c:\program files\QIP\Users\319504609\_eye.txt
c:\program files\QIP\Users\319504609\_groups.txt
c:\program files\QIP\Users\319504609\_m_away.txt
c:\program files\QIP\Users\319504609\_m_depr.txt
c:\program files\QIP\Users\319504609\_m_dnd.txt
c:\program files\QIP\Users\319504609\_m_evil.txt
c:\program files\QIP\Users\319504609\_m_ffc.txt
c:\program files\QIP\Users\319504609\_m_home.txt
c:\program files\QIP\Users\319504609\_m_lunch.txt
c:\program files\QIP\Users\319504609\_m_na.txt
c:\program files\QIP\Users\319504609\_m_occup.txt
c:\program files\QIP\Users\319504609\_m_work.txt
c:\program files\QIP\Users\319504609\_premsg.txt
c:\program files\QIP\Users\319504609\_st_away.txt
c:\program files\QIP\Users\319504609\_st_cust.txt
c:\program files\QIP\Users\319504609\319504609.cl
c:\program files\QIP\Users\319504609\319504609.clg
c:\program files\QIP\Users\319504609\319504609.cli
c:\program files\QIP\Users\319504609\319504609.clv
c:\program files\QIP\Users\319504609\319504609.lcl
c:\program files\QIP\Users\319504609\319504609.nil
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_03.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_03.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_03.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_03.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_04.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_04.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_04.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_04.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_05.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_05.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_05.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_05.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_06.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_06.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_06.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_06.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_07.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_07.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_07.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_07.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_08.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_08.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_08.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_08.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_09.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_09.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_09.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_09.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_10.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_10.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_10.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_10.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_11.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_11.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_11.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_11.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_12.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_12.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_12.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_12.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2010_01.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2010_01.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2010_01.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2010_01.clv
c:\program files\QIP\Users\319504609\Config.ini
c:\program files\QIP\Users\319504609\Devils\196634762.jpg
c:\program files\QIP\Users\319504609\Devils\199566071.jpg
c:\program files\QIP\Users\319504609\Devils\200313772.jpg
c:\program files\QIP\Users\319504609\Devils\205523008.jpg
c:\program files\QIP\Users\319504609\Devils\208889661.jpg
c:\program files\QIP\Users\319504609\Devils\211037088.jpg
c:\program files\QIP\Users\319504609\Devils\216938053.jpg
c:\program files\QIP\Users\319504609\Devils\218507493.jpg
c:\program files\QIP\Users\319504609\Devils\221307279.jpg
c:\program files\QIP\Users\319504609\Devils\226632194.jpg
c:\program files\QIP\Users\319504609\Devils\228207184.jpg
c:\program files\QIP\Users\319504609\Devils\228491965.jpg
c:\program files\QIP\Users\319504609\Devils\233566015.jpg
c:\program files\QIP\Users\319504609\Devils\244560448.jpg
c:\program files\QIP\Users\319504609\Devils\255108790.jpg
c:\program files\QIP\Users\319504609\Devils\255624569.jpg
c:\program files\QIP\Users\319504609\Devils\258401418.jpg
c:\program files\QIP\Users\319504609\Devils\263377056.jpg
c:\program files\QIP\Users\319504609\Devils\269727042.jpg
c:\program files\QIP\Users\319504609\Devils\286933175.jpg
c:\program files\QIP\Users\319504609\Devils\292174539.jpg
c:\program files\QIP\Users\319504609\Devils\294881566.jpg
c:\program files\QIP\Users\319504609\Devils\304878195.jpg
c:\program files\QIP\Users\319504609\Devils\315432278.jpg
c:\program files\QIP\Users\319504609\Devils\316561655.jpg
c:\program files\QIP\Users\319504609\Devils\319504609.jpg
c:\program files\QIP\Users\319504609\Devils\322294802.jpg
c:\program files\QIP\Users\319504609\Devils\323452551.jpg
c:\program files\QIP\Users\319504609\Devils\328733321.jpg
c:\program files\QIP\Users\319504609\Devils\330952581.jpg
c:\program files\QIP\Users\319504609\Devils\333667324.jpg
c:\program files\QIP\Users\319504609\Devils\340709315.gif
c:\program files\QIP\Users\319504609\Devils\341202290.jpg
c:\program files\QIP\Users\319504609\Devils\342383767.jpg
c:\program files\QIP\Users\319504609\Devils\348313636.jpg
c:\program files\QIP\Users\319504609\Devils\361352055.jpg
c:\program files\QIP\Users\319504609\Devils\383866010.jpg
c:\program files\QIP\Users\319504609\Devils\396806300.jpg
c:\program files\QIP\Users\319504609\Devils\396955656.jpg
c:\program files\QIP\Users\319504609\Devils\406082880.jpg
c:\program files\QIP\Users\319504609\Devils\411321303.jpg
c:\program files\QIP\Users\319504609\Devils\470645651.jpg
c:\program files\QIP\Users\319504609\Devils\483199507.jpg
c:\program files\QIP\Users\319504609\Devils\487021829.jpg
c:\program files\QIP\Users\319504609\Devils\490161097.gif
c:\program files\QIP\Users\319504609\Devils\498305286.gif
c:\program files\QIP\Users\319504609\Devils\585830824.jpg
c:\program files\QIP\Users\319504609\Devils\588858006.jpg
c:\program files\QIP\Users\319504609\Devils\590244472.jpg
c:\program files\QIP\Users\319504609\History\_srvlog.txt
c:\program files\QIP\Users\319504609\History\137540882.txt
c:\program files\QIP\Users\319504609\History\196634762.txt
c:\program files\QIP\Users\319504609\History\199566071.txt
c:\program files\QIP\Users\319504609\History\205523008.txt
c:\program files\QIP\Users\319504609\History\207901299.txt
c:\program files\QIP\Users\319504609\History\208889661.txt
c:\program files\QIP\Users\319504609\History\211075113.txt
c:\program files\QIP\Users\319504609\History\216938053.txt
c:\program files\QIP\Users\319504609\History\218285950.txt
c:\program files\QIP\Users\319504609\History\218507493.txt
c:\program files\QIP\Users\319504609\History\221307279.txt
c:\program files\QIP\Users\319504609\History\223394794.txt
c:\program files\QIP\Users\319504609\History\226632194.txt
c:\program files\QIP\Users\319504609\History\228207184.txt
c:\program files\QIP\Users\319504609\History\228491965.txt
c:\program files\QIP\Users\319504609\History\232120037.txt
c:\program files\QIP\Users\319504609\History\235429237.txt
c:\program files\QIP\Users\319504609\History\238519753.txt
c:\program files\QIP\Users\319504609\History\238528698.txt
c:\program files\QIP\Users\319504609\History\238554111.txt
c:\program files\QIP\Users\319504609\History\238606379.txt
c:\program files\QIP\Users\319504609\History\244635174.txt
c:\program files\QIP\Users\319504609\History\246214331.txt
c:\program files\QIP\Users\319504609\History\250859928.txt
c:\program files\QIP\Users\319504609\History\250864114.txt
c:\program files\QIP\Users\319504609\History\250873076.txt
c:\program files\QIP\Users\319504609\History\250890094.txt
c:\program files\QIP\Users\319504609\History\250925571.txt
c:\program files\QIP\Users\319504609\History\250952837.txt
c:\program files\QIP\Users\319504609\History\250966198.txt
c:\program files\QIP\Users\319504609\History\250987863.txt
c:\program files\QIP\Users\319504609\History\252369128.txt
c:\program files\QIP\Users\319504609\History\252378623.txt
c:\program files\QIP\Users\319504609\History\252461043.txt
c:\program files\QIP\Users\319504609\History\252590081.txt
c:\program files\QIP\Users\319504609\History\255624569.txt
c:\program files\QIP\Users\319504609\History\259650047.txt
c:\program files\QIP\Users\319504609\History\262005366.txt
c:\program files\QIP\Users\319504609\History\263377056.txt
c:\program files\QIP\Users\319504609\History\268419004.txt
c:\program files\QIP\Users\319504609\History\269727042.txt
c:\program files\QIP\Users\319504609\History\282863110.txt
c:\program files\QIP\Users\319504609\History\286933175.txt
c:\program files\QIP\Users\319504609\History\292174539.txt
c:\program files\QIP\Users\319504609\History\293498393.txt
c:\program files\QIP\Users\319504609\History\293527504.txt
c:\program files\QIP\Users\319504609\History\295773008.txt
c:\program files\QIP\Users\319504609\History\301810616.txt
c:\program files\QIP\Users\319504609\History\304878195.txt
c:\program files\QIP\Users\319504609\History\308768461.txt
c:\program files\QIP\Users\319504609\History\308990207.txt
c:\program files\QIP\Users\319504609\History\310134691.txt
c:\program files\QIP\Users\319504609\History\320185670.txt
c:\program files\QIP\Users\319504609\History\322294802.txt
c:\program files\QIP\Users\319504609\History\323084119.txt
c:\program files\QIP\Users\319504609\History\323452551.txt
c:\program files\QIP\Users\319504609\History\326017848.txt
c:\program files\QIP\Users\319504609\History\326052466.txt
c:\program files\QIP\Users\319504609\History\326157328.txt
c:\program files\QIP\Users\319504609\History\326218094.txt
c:\program files\QIP\Users\319504609\History\326272899.txt
c:\program files\QIP\Users\319504609\History\326512573.txt
c:\program files\QIP\Users\319504609\History\326526297.txt
c:\program files\QIP\Users\319504609\History\326758987.txt
c:\program files\QIP\Users\319504609\History\326761865.txt
c:\program files\QIP\Users\319504609\History\326779466.txt
c:\program files\QIP\Users\319504609\History\327396640.txt
c:\program files\QIP\Users\319504609\History\328733321.txt
c:\program files\QIP\Users\319504609\History\330952581.txt
c:\program files\QIP\Users\319504609\History\340709315.txt
c:\program files\QIP\Users\319504609\History\342383767.txt
c:\program files\QIP\Users\319504609\History\348788735.txt
c:\program files\QIP\Users\319504609\History\348898364.txt
c:\program files\QIP\Users\319504609\History\349078482.txt
c:\program files\QIP\Users\319504609\History\349091522.txt
c:\program files\QIP\Users\319504609\History\349141588.txt
c:\program files\QIP\Users\319504609\History\349214471.txt
c:\program files\QIP\Users\319504609\History\349221458.txt
c:\program files\QIP\Users\319504609\History\349234229.txt
c:\program files\QIP\Users\319504609\History\349562734.txt
c:\program files\QIP\Users\319504609\History\349601114.txt
c:\program files\QIP\Users\319504609\History\349645339.txt
c:\program files\QIP\Users\319504609\History\349661510.txt
c:\program files\QIP\Users\319504609\History\349757264.txt
c:\program files\QIP\Users\319504609\History\350213212.txt
c:\program files\QIP\Users\319504609\History\350683206.txt
c:\program files\QIP\Users\319504609\History\350703016.txt
c:\program files\QIP\Users\319504609\History\350720713.txt
c:\program files\QIP\Users\319504609\History\350778406.txt
c:\program files\QIP\Users\319504609\History\351745511.txt
c:\program files\QIP\Users\319504609\History\351939822.txt
c:\program files\QIP\Users\319504609\History\352538257.txt
c:\program files\QIP\Users\319504609\History\352752187.txt
c:\program files\QIP\Users\319504609\History\353199657.txt
c:\program files\QIP\Users\319504609\History\353362306.txt
c:\program files\QIP\Users\319504609\History\353395430.txt
c:\program files\QIP\Users\319504609\History\353709509.txt
c:\program files\QIP\Users\319504609\History\353914887.txt
c:\program files\QIP\Users\319504609\History\354061645.txt
c:\program files\QIP\Users\319504609\History\354080981.txt
c:\program files\QIP\Users\319504609\History\355191904.txt
c:\program files\QIP\Users\319504609\History\356239708.txt
c:\program files\QIP\Users\319504609\History\358189325.txt
c:\program files\QIP\Users\319504609\History\358297103.txt
c:\program files\QIP\Users\319504609\History\358313110.txt
c:\program files\QIP\Users\319504609\History\358342087.txt
c:\program files\QIP\Users\319504609\History\358460353.txt
c:\program files\QIP\Users\319504609\History\358506678.txt
c:\program files\QIP\Users\319504609\History\358537286.txt
c:\program files\QIP\Users\319504609\History\358592665.txt
c:\program files\QIP\Users\319504609\History\358600317.txt
c:\program files\QIP\Users\319504609\History\358605691.txt
c:\program files\QIP\Users\319504609\History\358614209.txt
c:\program files\QIP\Users\319504609\History\358619905.txt
c:\program files\QIP\Users\319504609\History\358652063.txt
c:\program files\QIP\Users\319504609\History\358654229.txt
c:\program files\QIP\Users\319504609\History\358685173.txt
c:\program files\QIP\Users\319504609\History\360642363.txt
c:\program files\QIP\Users\319504609\History\361352055.txt
c:\program files\QIP\Users\319504609\History\375077607.txt
c:\program files\QIP\Users\319504609\History\375948471.txt
c:\program files\QIP\Users\319504609\History\388101786.txt
c:\program files\QIP\Users\319504609\History\389703546.txt
c:\program files\QIP\Users\319504609\History\391822382.txt
c:\program files\QIP\Users\319504609\History\396806300.txt
c:\program files\QIP\Users\319504609\History\396955656.txt
c:\program files\QIP\Users\319504609\History\400220049.txt
c:\program files\QIP\Users\319504609\History\401203573.txt
c:\program files\QIP\Users\319504609\History\402392516.txt
c:\program files\QIP\Users\319504609\History\402412091.txt
c:\program files\QIP\Users\319504609\History\406082880.txt
c:\program files\QIP\Users\319504609\History\406839866.txt
c:\program files\QIP\Users\319504609\History\408245422.txt
c:\program files\QIP\Users\319504609\History\410060443.txt
c:\program files\QIP\Users\319504609\History\411222922.txt
c:\program files\QIP\Users\319504609\History\411237900.txt
c:\program files\QIP\Users\319504609\History\411247360.txt
c:\program files\QIP\Users\319504609\History\411281926.txt
c:\program files\QIP\Users\319504609\History\411284512.txt
c:\program files\QIP\Users\319504609\History\411321255.txt
c:\program files\QIP\Users\319504609\History\411323003.txt
c:\program files\QIP\Users\319504609\History\411331980.txt
c:\program files\QIP\Users\319504609\History\411336993.txt
c:\program files\QIP\Users\319504609\History\411343808.txt
c:\program files\QIP\Users\319504609\History\411350138.txt
c:\program files\QIP\Users\319504609\History\411364295.txt
c:\program files\QIP\Users\319504609\History\411365849.txt
c:\program files\QIP\Users\319504609\History\411393259.txt
c:\program files\QIP\Users\319504609\History\411412092.txt
c:\program files\QIP\Users\319504609\History\411418124.txt
c:\program files\QIP\Users\319504609\History\411567598.txt
c:\program files\QIP\Users\319504609\History\411589841.txt
c:\program files\QIP\Users\319504609\History\411612660.txt
c:\program files\QIP\Users\319504609\History\411810422.txt
c:\program files\QIP\Users\319504609\History\412158222.txt
c:\program files\QIP\Users\319504609\History\413030714.txt
c:\program files\QIP\Users\319504609\History\414079704.txt
c:\program files\QIP\Users\319504609\History\415775550.txt
c:\program files\QIP\Users\319504609\History\417510071.txt
c:\program files\QIP\Users\319504609\History\418618785.txt
c:\program files\QIP\Users\319504609\History\419904196.txt
c:\program files\QIP\Users\319504609\History\429995977.txt
c:\program files\QIP\Users\319504609\History\431714077.txt
c:\program files\QIP\Users\319504609\History\431846349.txt
c:\program files\QIP\Users\319504609\History\432458873.txt
c:\program files\QIP\Users\319504609\History\433385199.txt
c:\program files\QIP\Users\319504609\History\434170490.txt
c:\program files\QIP\Users\319504609\History\436005823.txt
c:\program files\QIP\Users\319504609\History\436558763.txt
c:\program files\QIP\Users\319504609\History\441195604.txt
c:\program files\QIP\Users\319504609\History\442293198.txt
c:\program files\QIP\Users\319504609\History\442568115.txt
c:\program files\QIP\Users\319504609\History\442847514.txt
c:\program files\QIP\Users\319504609\History\442941983.txt
c:\program files\QIP\Users\319504609\History\443192179.txt
c:\program files\QIP\Users\319504609\History\444797322.txt
c:\program files\QIP\Users\319504609\History\448292931.txt
c:\program files\QIP\Users\319504609\History\448817565.txt
c:\program files\QIP\Users\319504609\History\451369967.txt
c:\program files\QIP\Users\319504609\History\451954400.txt
c:\program files\QIP\Users\319504609\History\454968701.txt
c:\program files\QIP\Users\319504609\History\455303699.txt
c:\program files\QIP\Users\319504609\History\455329924.txt
c:\program files\QIP\Users\319504609\History\457723247.txt
c:\program files\QIP\Users\319504609\History\459056376.txt
c:\program files\QIP\Users\319504609\History\460095610.txt
c:\program files\QIP\Users\319504609\History\460117165.txt
c:\program files\QIP\Users\319504609\History\461965056.txt
c:\program files\QIP\Users\319504609\History\470645651.txt
c:\program files\QIP\Users\319504609\History\473246030.txt
c:\program files\QIP\Users\319504609\History\474650741.txt
c:\program files\QIP\Users\319504609\History\479991629.txt
c:\program files\QIP\Users\319504609\History\480774669.txt
c:\program files\QIP\Users\319504609\History\483199507.txt
c:\program files\QIP\Users\319504609\History\485598648.txt
c:\program files\QIP\Users\319504609\History\488107270.txt
c:\program files\QIP\Users\319504609\History\490161097.txt
c:\program files\QIP\Users\319504609\History\490191465.txt
c:\program files\QIP\Users\319504609\History\490377357.txt
c:\program files\QIP\Users\319504609\History\490520531.txt
c:\program files\QIP\Users\319504609\History\494345877.txt
c:\program files\QIP\Users\319504609\History\495642718.txt
c:\program files\QIP\Users\319504609\History\495813448.txt
c:\program files\QIP\Users\319504609\History\551202807.txt
c:\program files\QIP\Users\319504609\History\553136242.txt
c:\program files\QIP\Users\319504609\History\553158103.txt
c:\program files\QIP\Users\319504609\History\554995302.txt
c:\program files\QIP\Users\319504609\History\555684690.txt
c:\program files\QIP\Users\319504609\History\556443632.txt
c:\program files\QIP\Users\319504609\History\556485682.txt
c:\program files\QIP\Users\319504609\History\556527128.txt
c:\program files\QIP\Users\319504609\History\556538607.txt
c:\program files\QIP\Users\319504609\History\556704872.txt
c:\program files\QIP\Users\319504609\History\569844156.txt
c:\program files\QIP\Users\319504609\History\574674232.txt
c:\program files\QIP\Users\319504609\History\583025171.txt
c:\program files\QIP\Users\319504609\History\585675475.txt
c:\program files\QIP\Users\319504609\History\585830824.txt
c:\program files\QIP\Users\319504609\History\586260211.txt
c:\program files\QIP\Users\319504609\History\586959829.txt
c:\program files\QIP\Users\319504609\History\586968444.txt
c:\program files\QIP\Users\319504609\History\588138019.txt
c:\program files\QIP\Users\319504609\History\588858006.txt
c:\program files\QIP\Users\319504609\History\590244472.txt
c:\program files\QIP\Users\319504609\History\591124233.txt
c:\program files\QIP\Users\319504609\RcvdFiles\196634762_Cucko\ccsetup226.exe
c:\program files\QIP\Users\327396640\_birth.txt
c:\program files\QIP\Users\327396640\_botq.txt
c:\program files\QIP\Users\327396640\_events.txt
c:\program files\QIP\Users\327396640\_eye.txt
c:\program files\QIP\Users\327396640\_groups.txt
c:\program files\QIP\Users\327396640\_m_away.txt
c:\program files\QIP\Users\327396640\_m_depr.txt
c:\program files\QIP\Users\327396640\_m_dnd.txt
c:\program files\QIP\Users\327396640\_m_evil.txt
c:\program files\QIP\Users\327396640\_m_ffc.txt
c:\program files\QIP\Users\327396640\_m_home.txt
c:\program files\QIP\Users\327396640\_m_lunch.txt
c:\program files\QIP\Users\327396640\_m_na.txt
c:\program files\QIP\Users\327396640\_m_occup.txt
c:\program files\QIP\Users\327396640\_m_work.txt
c:\program files\QIP\Users\327396640\_premsg.txt
c:\program files\QIP\Users\327396640\_st_away.txt
c:\program files\QIP\Users\327396640\_st_cust.txt
c:\program files\QIP\Users\327396640\327396640.cl
c:\program files\QIP\Users\327396640\327396640.clg
c:\program files\QIP\Users\327396640\327396640.cli
c:\program files\QIP\Users\327396640\327396640.clv
c:\program files\QIP\Users\327396640\327396640.lcl
c:\program files\QIP\Users\327396640\327396640.nil
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_05.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_05.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_05.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_05.clv
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_06.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_06.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_06.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_06.clv
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_08.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_08.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_08.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_08.clv
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_09.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_09.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_09.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_09.clv
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_10.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_10.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_10.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_10.clv
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_11.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_11.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_11.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_11.clv
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_12.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_12.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_12.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_12.clv
c:\program files\QIP\Users\327396640\Config.ini
c:\program files\QIP\Users\327396640\Devils\202473775.jpg
c:\program files\QIP\Users\327396640\Devils\207901299.jpg
c:\program files\QIP\Users\327396640\Devils\208889661.jpg
c:\program files\QIP\Users\327396640\Devils\219703006.jpg
c:\program files\QIP\Users\327396640\Devils\247799263.jpg
c:\program files\QIP\Users\327396640\Devils\253253862.jpg
c:\program files\QIP\Users\327396640\Devils\255038073.jpg
c:\program files\QIP\Users\327396640\Devils\256446065.jpg
c:\program files\QIP\Users\327396640\Devils\258789339.jpg
c:\program files\QIP\Users\327396640\Devils\262539260.jpg
c:\program files\QIP\Users\327396640\Devils\270795571.gif
c:\program files\QIP\Users\327396640\Devils\275806405.jpg
c:\program files\QIP\Users\327396640\Devils\283398608.jpg
c:\program files\QIP\Users\327396640\Devils\287207790.jpg
c:\program files\QIP\Users\327396640\Devils\290701352.jpg
c:\program files\QIP\Users\327396640\Devils\291741281.jpg
c:\program files\QIP\Users\327396640\Devils\293914536.gif
c:\program files\QIP\Users\327396640\Devils\298584516.jpg
c:\program files\QIP\Users\327396640\Devils\301773991.jpg
c:\program files\QIP\Users\327396640\Devils\305067396.jpg
c:\program files\QIP\Users\327396640\Devils\316561659.jpg
c:\program files\QIP\Users\327396640\Devils\320216099.jpg
c:\program files\QIP\Users\327396640\Devils\325202722.jpg
c:\program files\QIP\Users\327396640\Devils\336946734.jpg
c:\program files\QIP\Users\327396640\Devils\342383767.jpg
c:\program files\QIP\Users\327396640\Devils\349037136.jpg
c:\program files\QIP\Users\327396640\Devils\358070568.jpg
c:\program files\QIP\Users\327396640\Devils\368490577.jpg
c:\program files\QIP\Users\327396640\Devils\372427839.jpg
c:\program files\QIP\Users\327396640\Devils\386331194.jpg
c:\program files\QIP\Users\327396640\Devils\413734462.jpg
c:\program files\QIP\Users\327396640\Devils\434542345.jpg
c:\program files\QIP\Users\327396640\Devils\434973578.gif
c:\program files\QIP\Users\327396640\Devils\435962674.jpg
c:\program files\QIP\Users\327396640\Devils\446874762.jpg
c:\program files\QIP\Users\327396640\Devils\477425524.jpg
c:\program files\QIP\Users\327396640\Devils\598255641.jpg
c:\program files\QIP\Users\327396640\History\_srvlog.txt
c:\program files\QIP\Users\327396640\History\262539260.txt
c:\program files\QIP\Users\327396640\History\290701352.txt
c:\program files\QIP\Users\327396640\History\320216099.txt
c:\program files\QIP\Users\327396640\History\342383767.txt
c:\program files\QIP\Users\327396640\History\349037136.txt
c:\program files\QIP\Users\327396640\History\372427839.txt
c:\program files\QIP\Users\327396640\History\434973578.txt
c:\program files\QIP\Users\327396640\History\466257968.txt
c:\program files\QIP\Users\327396640\History\555217362.txt
c:\program files\QIP\Users\327396640\History\570301128.txt
c:\program files\QIP\Users\Accounts.cfg
c:\program files\QIP\Users\Config.ini
c:\program files\QIP\Users\Default.cfg
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.
2010-01-19 12:22 . 2010-01-19 12:22 53248 ----a-w- c:\temp\catchme.dll
2010-01-19 12:12 . 2010-01-19 12:12 16384 ----atw- c:\temp\Perflib_Perfdata_17c.dat
2010-01-19 08:38 . 2010-01-19 08:38 -------- d-----w- c:\program files\Lavalys
2010-01-19 06:47 . 2010-01-19 06:47 -------- d-----w- c:\temp\OIS
2010-01-19 05:12 . 2010-01-19 12:19 -------- d-----w- c:\temp\.jpf-shadow
2010-01-19 05:12 . 2010-01-19 06:21 -------- d-----w- c:\temp\hsperfdata_lukas
2010-01-18 18:56 . 2010-01-18 18:56 -------- d-s---w- c:\documents and settings\Hynek\UserData
2010-01-18 16:29 . 2010-01-18 16:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-18 14:18 . 2010-01-18 14:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-18 14:15 . 2010-01-18 14:15 -------- d-----w- c:\program files\Common Files\Skype
2010-01-18 14:14 . 2010-01-18 14:15 -------- d-----r- c:\program files\Skype
2010-01-15 12:09 . 2010-01-15 12:09 -------- d-----w- c:\program files\CCleaner
2010-01-15 07:05 . 2010-01-15 07:07 -------- d-----w- c:\program files\The KMPlayer
2010-01-13 01:43 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 17:38 . 2010-01-19 06:25 -------- d-----w- c:\program files\trend micro
2010-01-12 17:38 . 2010-01-12 17:38 -------- d-----w- C:\rsit
2010-01-12 09:13 . 2010-01-18 18:59 -------- d-----w- c:\program files\Opera
2010-01-05 09:30 . 2010-01-05 09:30 -------- d-----w- c:\program files\GamePark
2009-12-29 19:04 . 2009-12-29 19:04 -------- d-----w- c:\program files\Sony Ericsson
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 07:13 . 2009-01-29 21:23 -------- d-----w- c:\program files\SpeedFan
2010-01-18 16:40 . 2009-01-07 18:19 -------- d-----w- c:\program files\PokerStars
2010-01-18 14:33 . 2008-10-23 11:42 -------- d-----w- c:\program files\DivX
2010-01-14 17:43 . 2009-02-13 12:00 -------- d-----w- c:\program files\OTTD
2010-01-08 16:37 . 2008-11-21 10:45 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-08 16:06 . 2008-11-21 10:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-08 16:06 . 2008-11-21 10:45 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-05 09:29 . 2008-10-08 06:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 22:29 . 2008-11-10 10:35 -------- d-----w- c:\program files\Java
2010-01-04 11:38 . 2008-10-08 11:01 -------- d-----w- c:\program files\totalcmd
2010-01-02 23:39 . 2009-03-10 06:07 -------- d-----w- c:\program files\ICQ6.5
2009-12-29 19:04 . 2009-01-08 11:08 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-12-29 19:04 . 2009-01-08 11:08 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-12-20 16:57 . 2008-10-22 13:52 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2009-12-17 21:16 . 2008-11-02 14:08 -------- d-----w- c:\program files\Canon
2009-11-29 20:25 . 2009-11-29 20:25 -------- d-----w- c:\program files\LS
2009-11-28 21:13 . 2009-11-28 09:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-28 10:59 . 2009-11-28 10:58 -------- d-----w- c:\program files\BitLord2
2009-11-28 07:10 . 2009-11-28 07:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:49 . 2008-10-09 16:32 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-07 23:47 . 2001-10-25 11:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2009-11-07 23:47 . 2001-10-25 11:00 432278 ----a-w- c:\windows\system32\perfh005.dat
2009-10-29 05:26 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2009-10-05 17:34 . 2010-01-17 21:19 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.640 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hynek\Plocha\ComboFix.exe
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\QIP
c:\program files\QIP\LI\current.cfg
c:\program files\QIP\LI\Czech\_cntry.lng
c:\program files\QIP\LI\Czech\_intrsts.lng
c:\program files\QIP\LI\Czech\_langs.lng
c:\program files\QIP\LI\Czech\_marital.lng
c:\program files\QIP\LI\Czech\_occup.lng
c:\program files\QIP\LI\Czech\_orgs.lng
c:\program files\QIP\LI\Czech\_past.lng
c:\program files\QIP\LI\Czech\_rndchat.lng
c:\program files\QIP\LI\Czech\desc.txt
c:\program files\QIP\LI\Czech\chars_r.ini
c:\program files\QIP\LI\Czech\chars_t.ini
c:\program files\QIP\LI\Czech\lang.ini
c:\program files\QIP\LI\English\_cntry.lng
c:\program files\QIP\LI\English\_intrsts.lng
c:\program files\QIP\LI\English\_langs.lng
c:\program files\QIP\LI\English\_marital.lng
c:\program files\QIP\LI\English\_occup.lng
c:\program files\QIP\LI\English\_orgs.lng
c:\program files\QIP\LI\English\_past.lng
c:\program files\QIP\LI\English\_rndchat.lng
c:\program files\QIP\LI\English\desc.txt
c:\program files\QIP\LI\English\chars_r.ini
c:\program files\QIP\LI\English\chars_t.ini
c:\program files\QIP\LI\English\lang.ini
c:\program files\QIP\LI\langs.cfg
c:\program files\QIP\LI\Russian\_cntry.lng
c:\program files\QIP\LI\Russian\_intrsts.lng
c:\program files\QIP\LI\Russian\_langs.lng
c:\program files\QIP\LI\Russian\_marital.lng
c:\program files\QIP\LI\Russian\_occup.lng
c:\program files\QIP\LI\Russian\_orgs.lng
c:\program files\QIP\LI\Russian\_past.lng
c:\program files\QIP\LI\Russian\_rndchat.lng
c:\program files\QIP\LI\Russian\desc.txt
c:\program files\QIP\LI\Russian\chars_r.ini
c:\program files\QIP\LI\Russian\chars_t.ini
c:\program files\QIP\LI\Russian\lang.ini
c:\program files\QIP\Plugins\docking.dll
c:\program files\QIP\qip.exe
c:\program files\QIP\Skins\current.cfg
c:\program files\QIP\Skins\ICQ5\addopt.bmp
c:\program files\QIP\Skins\ICQ5\allicons.bmp
c:\program files\QIP\Skins\ICQ5\clbg.bmp
c:\program files\QIP\Skins\ICQ5\clevent.bmp
c:\program files\QIP\Skins\ICQ5\clstatus.bmp
c:\program files\QIP\Skins\ICQ5\Colors.ini
c:\program files\QIP\Skins\ICQ5\desc.txt
c:\program files\QIP\Skins\ICQ5\downbutton1.bmp
c:\program files\QIP\Skins\ICQ5\fadehlp.bmp
c:\program files\QIP\Skins\ICQ5\fadehlpt.bmp
c:\program files\QIP\Skins\ICQ5\fademsg.bmp
c:\program files\QIP\Skins\ICQ5\fademsgt.bmp
c:\program files\QIP\Skins\ICQ5\fadesrv.bmp
c:\program files\QIP\Skins\ICQ5\fadesrvt.bmp
c:\program files\QIP\Skins\ICQ5\msgbg.bmp
c:\program files\QIP\Skins\ICQ5\msgbge.bmp
c:\program files\QIP\Skins\ICQ5\noimage.jpg
c:\program files\QIP\Skins\ICQ5\qipbtn.bmp
c:\program files\QIP\Skins\ICQ5\signs.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\_define.ini
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aa.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ab.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ac.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ad.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ae.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\af.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ag.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ah.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ai.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aj.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ak.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\al.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\am.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\an.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ao.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ap.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aq.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ar.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\as.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\at.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\au.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\av.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aw.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ax.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ay.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\az.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ba.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bb.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bc.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bd.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\be.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bf.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bg.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bh.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bi.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bj.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bk.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bl.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bm.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bn.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bo.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bp.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bq.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\br.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bs.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bt.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bu.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bv.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bw.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\Copyright(eng).txt
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\Copyright.txt
c:\program files\QIP\Skins\ICQ5\Smilies\Static\_define.ini
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aa.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ab.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ac.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ad.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ae.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\af.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ag.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ah.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ai.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aj.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ak.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\al.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\am.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\an.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ao.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ap.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aq.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ar.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\as.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\at.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\au.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\av.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aw.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ax.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ay.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ba.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\bb.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\bc.bmp
c:\program files\QIP\Skins\ICQ5\splash.bmp
c:\program files\QIP\Skins\ICQ5\st_custom.bmp
c:\program files\QIP\Skins\ICQ5\statuses.bmp
c:\program files\QIP\Skins\ICQ5\title.bmp
c:\program files\QIP\Skins\ICQ5\tray.bmp
c:\program files\QIP\Skins\ICQ5\tray2k.bmp
c:\program files\QIP\Skins\ICQ5\upbutton1.bmp
c:\program files\QIP\Skins\ICQ5\upbutton2.bmp
c:\program files\QIP\Skins\ICQ5\upbutton3.bmp
c:\program files\QIP\Skins\ICQ5\userinfo.bmp
c:\program files\QIP\Skins\ICQ5\vis.bmp
c:\program files\QIP\Skins\skins.cfg
c:\program files\QIP\Sounds\sndAuth.wav
c:\program files\QIP\Sounds\sndGlobal.wav
c:\program files\QIP\Sounds\sndMsg.wav
c:\program files\QIP\Sounds\sndMsgSent.wav
c:\program files\QIP\Sounds\sndPlugin.wav
c:\program files\QIP\Sounds\sndRemSelf.wav
c:\program files\QIP\Sounds\sndSrvMsg.wav
c:\program files\QIP\Sounds\sndStartup.wav
c:\program files\QIP\Sounds\sndSystem.wav
c:\program files\QIP\unins000.dat
c:\program files\QIP\unins000.exe
c:\program files\QIP\Users\196634762\_birth.txt
c:\program files\QIP\Users\196634762\_botq.txt
c:\program files\QIP\Users\196634762\_events.txt
c:\program files\QIP\Users\196634762\_eye.txt
c:\program files\QIP\Users\196634762\_groups.txt
c:\program files\QIP\Users\196634762\_m_away.txt
c:\program files\QIP\Users\196634762\_m_depr.txt
c:\program files\QIP\Users\196634762\_m_dnd.txt
c:\program files\QIP\Users\196634762\_m_evil.txt
c:\program files\QIP\Users\196634762\_m_ffc.txt
c:\program files\QIP\Users\196634762\_m_home.txt
c:\program files\QIP\Users\196634762\_m_lunch.txt
c:\program files\QIP\Users\196634762\_m_na.txt
c:\program files\QIP\Users\196634762\_m_occup.txt
c:\program files\QIP\Users\196634762\_m_work.txt
c:\program files\QIP\Users\196634762\_premsg.txt
c:\program files\QIP\Users\196634762\_st_away.txt
c:\program files\QIP\Users\196634762\_st_cust.txt
c:\program files\QIP\Users\196634762\196634762.cl
c:\program files\QIP\Users\196634762\196634762.clg
c:\program files\QIP\Users\196634762\196634762.cli
c:\program files\QIP\Users\196634762\196634762.clv
c:\program files\QIP\Users\196634762\196634762.lcl
c:\program files\QIP\Users\196634762\196634762.nil
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_05.cl
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_05.clg
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_05.cli
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_05.clv
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_06.cl
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_06.clg
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_06.cli
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_06.clv
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_09.cl
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_09.clg
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_09.cli
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_09.clv
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_10.cl
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_10.clg
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_10.cli
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_10.clv
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_12.cl
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_12.clg
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_12.cli
c:\program files\QIP\Users\196634762\BackupCL\196634762_2009_12.clv
c:\program files\QIP\Users\196634762\Config.ini
c:\program files\QIP\Users\196634762\Devils\190279455.jpg
c:\program files\QIP\Users\196634762\Devils\192568689.jpg
c:\program files\QIP\Users\196634762\Devils\194633876.jpg
c:\program files\QIP\Users\196634762\Devils\196634762.jpg
c:\program files\QIP\Users\196634762\Devils\196832210.jpg
c:\program files\QIP\Users\196634762\Devils\197903309.jpg
c:\program files\QIP\Users\196634762\Devils\199589375.jpg
c:\program files\QIP\Users\196634762\Devils\201051294.gif
c:\program files\QIP\Users\196634762\Devils\207260820.jpg
c:\program files\QIP\Users\196634762\Devils\208072017.jpg
c:\program files\QIP\Users\196634762\Devils\211037088.jpg
c:\program files\QIP\Users\196634762\Devils\211763137.jpg
c:\program files\QIP\Users\196634762\Devils\218507493.jpg
c:\program files\QIP\Users\196634762\Devils\219782928.jpg
c:\program files\QIP\Users\196634762\Devils\225560421.jpg
c:\program files\QIP\Users\196634762\Devils\228343311.jpg
c:\program files\QIP\Users\196634762\Devils\231653301.jpg
c:\program files\QIP\Users\196634762\Devils\232732564.jpg
c:\program files\QIP\Users\196634762\Devils\238833324.jpg
c:\program files\QIP\Users\196634762\Devils\243574131.jpg
c:\program files\QIP\Users\196634762\Devils\248788527.jpg
c:\program files\QIP\Users\196634762\Devils\249834439.jpg
c:\program files\QIP\Users\196634762\Devils\253539585.jpg
c:\program files\QIP\Users\196634762\Devils\258749556.jpg
c:\program files\QIP\Users\196634762\Devils\260246434.jpg
c:\program files\QIP\Users\196634762\Devils\263750042.jpg
c:\program files\QIP\Users\196634762\Devils\264270750.jpg
c:\program files\QIP\Users\196634762\Devils\267493870.jpg
c:\program files\QIP\Users\196634762\Devils\270419451.jpg
c:\program files\QIP\Users\196634762\Devils\271724152.jpg
c:\program files\QIP\Users\196634762\Devils\273911950.jpg
c:\program files\QIP\Users\196634762\Devils\281056601.jpg
c:\program files\QIP\Users\196634762\Devils\281883471.jpg
c:\program files\QIP\Users\196634762\Devils\282837531.jpg
c:\program files\QIP\Users\196634762\Devils\286933175.jpg
c:\program files\QIP\Users\196634762\Devils\289386286.jpg
c:\program files\QIP\Users\196634762\Devils\294881566.jpg
c:\program files\QIP\Users\196634762\Devils\306724754.jpg
c:\program files\QIP\Users\196634762\Devils\308221608.jpg
c:\program files\QIP\Users\196634762\Devils\319504609.jpg
c:\program files\QIP\Users\196634762\Devils\321809574.jpg
c:\program files\QIP\Users\196634762\Devils\332989228.jpg
c:\program files\QIP\Users\196634762\Devils\335465827.jpg
c:\program files\QIP\Users\196634762\Devils\347508089.jpg
c:\program files\QIP\Users\196634762\Devils\351835648.jpg
c:\program files\QIP\Users\196634762\Devils\375977283.jpg
c:\program files\QIP\Users\196634762\Devils\394905250.jpg
c:\program files\QIP\Users\196634762\Devils\396806300.jpg
c:\program files\QIP\Users\196634762\Devils\405724579.jpg
c:\program files\QIP\Users\196634762\Devils\406082880.jpg
c:\program files\QIP\Users\196634762\Devils\408306820.jpg
c:\program files\QIP\Users\196634762\Devils\418453428.jpg
c:\program files\QIP\Users\196634762\Devils\436747569.jpg
c:\program files\QIP\Users\196634762\Devils\445206196.jpg
c:\program files\QIP\Users\196634762\Devils\449372073.jpg
c:\program files\QIP\Users\196634762\Devils\450079940.jpg
c:\program files\QIP\Users\196634762\Devils\486559025.jpg
c:\program files\QIP\Users\196634762\Devils\489704702.jpg
c:\program files\QIP\Users\196634762\Devils\498305286.gif
c:\program files\QIP\Users\196634762\History\_srvlog.txt
c:\program files\QIP\Users\196634762\History\194762354.txt
c:\program files\QIP\Users\196634762\History\218507493.txt
c:\program files\QIP\Users\196634762\History\232732564.txt
c:\program files\QIP\Users\196634762\History\251741815.txt
c:\program files\QIP\Users\196634762\History\282304405.txt
c:\program files\QIP\Users\196634762\History\306724754.txt
c:\program files\QIP\Users\196634762\History\308221608.txt
c:\program files\QIP\Users\196634762\History\319504609.txt
c:\program files\QIP\Users\196634762\History\320084012.txt
c:\program files\QIP\Users\196634762\History\365880350.txt
c:\program files\QIP\Users\196634762\History\394855655.txt
c:\program files\QIP\Users\196634762\History\394905250.txt
c:\program files\QIP\Users\196634762\History\396806300.txt
c:\program files\QIP\Users\196634762\History\405724579.txt
c:\program files\QIP\Users\196634762\History\418618785.txt
c:\program files\QIP\Users\196634762\History\489704702.txt
c:\program files\QIP\Users\196634762\History\498305286.txt
c:\program files\QIP\Users\218507493\_birth.txt
c:\program files\QIP\Users\218507493\_botq.txt
c:\program files\QIP\Users\218507493\_events.txt
c:\program files\QIP\Users\218507493\_eye.txt
c:\program files\QIP\Users\218507493\_groups.txt
c:\program files\QIP\Users\218507493\_m_away.txt
c:\program files\QIP\Users\218507493\_m_depr.txt
c:\program files\QIP\Users\218507493\_m_dnd.txt
c:\program files\QIP\Users\218507493\_m_evil.txt
c:\program files\QIP\Users\218507493\_m_ffc.txt
c:\program files\QIP\Users\218507493\_m_home.txt
c:\program files\QIP\Users\218507493\_m_lunch.txt
c:\program files\QIP\Users\218507493\_m_na.txt
c:\program files\QIP\Users\218507493\_m_occup.txt
c:\program files\QIP\Users\218507493\_m_work.txt
c:\program files\QIP\Users\218507493\_premsg.txt
c:\program files\QIP\Users\218507493\_st_away.txt
c:\program files\QIP\Users\218507493\_st_cust.txt
c:\program files\QIP\Users\218507493\218507493.cl
c:\program files\QIP\Users\218507493\218507493.clg
c:\program files\QIP\Users\218507493\218507493.cli
c:\program files\QIP\Users\218507493\218507493.clv
c:\program files\QIP\Users\218507493\218507493.lcl
c:\program files\QIP\Users\218507493\218507493.nil
c:\program files\QIP\Users\218507493\BackupCL\218507493_2009_09.cl
c:\program files\QIP\Users\218507493\BackupCL\218507493_2009_09.clg
c:\program files\QIP\Users\218507493\BackupCL\218507493_2009_09.cli
c:\program files\QIP\Users\218507493\BackupCL\218507493_2009_09.clv
c:\program files\QIP\Users\218507493\Config.ini
c:\program files\QIP\Users\218507493\Devils\199433939.jpg
c:\program files\QIP\Users\218507493\Devils\202736981.jpg
c:\program files\QIP\Users\218507493\Devils\206371023.jpg
c:\program files\QIP\Users\218507493\Devils\209224439.jpg
c:\program files\QIP\Users\218507493\Devils\211037088.jpg
c:\program files\QIP\Users\218507493\Devils\213647982.jpg
c:\program files\QIP\Users\218507493\Devils\218507493.jpg
c:\program files\QIP\Users\218507493\Devils\222798243.jpg
c:\program files\QIP\Users\218507493\Devils\236058665.jpg
c:\program files\QIP\Users\218507493\Devils\237372203.jpg
c:\program files\QIP\Users\218507493\Devils\238386044.jpg
c:\program files\QIP\Users\218507493\Devils\241490295.jpg
c:\program files\QIP\Users\218507493\Devils\244791603.jpg
c:\program files\QIP\Users\218507493\Devils\246606962.jpg
c:\program files\QIP\Users\218507493\Devils\251003198.gif
c:\program files\QIP\Users\218507493\Devils\251577633.jpg
c:\program files\QIP\Users\218507493\Devils\252386914.jpg
c:\program files\QIP\Users\218507493\Devils\261639292.jpg
c:\program files\QIP\Users\218507493\Devils\263406305.jpg
c:\program files\QIP\Users\218507493\Devils\266886611.jpg
c:\program files\QIP\Users\218507493\Devils\269993197.jpg
c:\program files\QIP\Users\218507493\Devils\273812815.jpg
c:\program files\QIP\Users\218507493\Devils\284033308.jpg
c:\program files\QIP\Users\218507493\Devils\286138849.jpg
c:\program files\QIP\Users\218507493\Devils\286273888.jpg
c:\program files\QIP\Users\218507493\Devils\286933175.jpg
c:\program files\QIP\Users\218507493\Devils\292932494.jpg
c:\program files\QIP\Users\218507493\Devils\294881566.jpg
c:\program files\QIP\Users\218507493\Devils\295552278.jpg
c:\program files\QIP\Users\218507493\Devils\299115010.jpg
c:\program files\QIP\Users\218507493\Devils\302930935.jpg
c:\program files\QIP\Users\218507493\Devils\311786827.jpg
c:\program files\QIP\Users\218507493\Devils\318088451.jpg
c:\program files\QIP\Users\218507493\Devils\320731457.jpg
c:\program files\QIP\Users\218507493\Devils\321809574.jpg
c:\program files\QIP\Users\218507493\Devils\335465827.jpg
c:\program files\QIP\Users\218507493\Devils\339167757.jpg
c:\program files\QIP\Users\218507493\Devils\353840760.gif
c:\program files\QIP\Users\218507493\Devils\367938589.jpg
c:\program files\QIP\Users\218507493\Devils\370725420.jpg
c:\program files\QIP\Users\218507493\Devils\390698191.jpg
c:\program files\QIP\Users\218507493\Devils\397380520.jpg
c:\program files\QIP\Users\218507493\Devils\398638483.gif
c:\program files\QIP\Users\218507493\Devils\401570270.jpg
c:\program files\QIP\Users\218507493\Devils\405890266.jpg
c:\program files\QIP\Users\218507493\Devils\440189904.jpg
c:\program files\QIP\Users\218507493\Devils\440596506.jpg
c:\program files\QIP\Users\218507493\Devils\498305286.gif
c:\program files\QIP\Users\218507493\Devils\499307304.jpg
c:\program files\QIP\Users\218507493\History\_srvlog.txt
c:\program files\QIP\Users\218507493\History\237372203.txt
c:\program files\QIP\Users\218507493\History\320084012.txt
c:\program files\QIP\Users\218507493\History\498305286.txt
c:\program files\QIP\Users\228491965\_birth.txt
c:\program files\QIP\Users\228491965\_botq.txt
c:\program files\QIP\Users\228491965\_events.txt
c:\program files\QIP\Users\228491965\_eye.txt
c:\program files\QIP\Users\228491965\_groups.txt
c:\program files\QIP\Users\228491965\_m_away.txt
c:\program files\QIP\Users\228491965\_m_depr.txt
c:\program files\QIP\Users\228491965\_m_dnd.txt
c:\program files\QIP\Users\228491965\_m_evil.txt
c:\program files\QIP\Users\228491965\_m_ffc.txt
c:\program files\QIP\Users\228491965\_m_home.txt
c:\program files\QIP\Users\228491965\_m_lunch.txt
c:\program files\QIP\Users\228491965\_m_na.txt
c:\program files\QIP\Users\228491965\_m_occup.txt
c:\program files\QIP\Users\228491965\_m_work.txt
c:\program files\QIP\Users\228491965\_premsg.txt
c:\program files\QIP\Users\228491965\_st_away.txt
c:\program files\QIP\Users\228491965\_st_cust.txt
c:\program files\QIP\Users\228491965\228491965.cl
c:\program files\QIP\Users\228491965\228491965.clg
c:\program files\QIP\Users\228491965\228491965.cli
c:\program files\QIP\Users\228491965\228491965.clv
c:\program files\QIP\Users\228491965\228491965.lcl
c:\program files\QIP\Users\228491965\228491965.nil
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_05.cl
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_05.clg
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_05.cli
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_05.clv
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_06.cl
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_06.clg
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_06.cli
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_06.clv
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_09.cl
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_09.clg
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_09.cli
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_09.clv
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_10.cl
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_10.clg
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_10.cli
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_10.clv
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_12.cl
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_12.clg
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_12.cli
c:\program files\QIP\Users\228491965\BackupCL\228491965_2009_12.clv
c:\program files\QIP\Users\228491965\Config.ini
c:\program files\QIP\Users\228491965\Devils\200313772.jpg
c:\program files\QIP\Users\228491965\Devils\212074615.jpg
c:\program files\QIP\Users\228491965\Devils\213097480.jpg
c:\program files\QIP\Users\228491965\Devils\218408961.gif
c:\program files\QIP\Users\228491965\Devils\218509197.jpg
c:\program files\QIP\Users\228491965\Devils\228204374.jpg
c:\program files\QIP\Users\228491965\Devils\228207184.jpg
c:\program files\QIP\Users\228491965\Devils\228491965.jpg
c:\program files\QIP\Users\228491965\Devils\233505451.jpg
c:\program files\QIP\Users\228491965\Devils\235411695.jpg
c:\program files\QIP\Users\228491965\Devils\244619116.jpg
c:\program files\QIP\Users\228491965\Devils\248187804.jpg
c:\program files\QIP\Users\228491965\Devils\248258391.jpg
c:\program files\QIP\Users\228491965\Devils\266691514.jpg
c:\program files\QIP\Users\228491965\Devils\271764332.jpg
c:\program files\QIP\Users\228491965\Devils\275334831.jpg
c:\program files\QIP\Users\228491965\Devils\276383379.jpg
c:\program files\QIP\Users\228491965\Devils\278492565.jpg
c:\program files\QIP\Users\228491965\Devils\283459264.jpg
c:\program files\QIP\Users\228491965\Devils\286353576.jpg
c:\program files\QIP\Users\228491965\Devils\292174539.jpg
c:\program files\QIP\Users\228491965\Devils\293914536.gif
c:\program files\QIP\Users\228491965\Devils\301337044.jpg
c:\program files\QIP\Users\228491965\Devils\302853091.jpg
c:\program files\QIP\Users\228491965\Devils\311186014.jpg
c:\program files\QIP\Users\228491965\Devils\315159466.jpg
c:\program files\QIP\Users\228491965\Devils\319504609.jpg
c:\program files\QIP\Users\228491965\Devils\336274241.gif
c:\program files\QIP\Users\228491965\Devils\337977367.jpg
c:\program files\QIP\Users\228491965\Devils\344324344.jpg
c:\program files\QIP\Users\228491965\Devils\360427252.jpg
c:\program files\QIP\Users\228491965\Devils\364943484.jpg
c:\program files\QIP\Users\228491965\Devils\396806300.jpg
c:\program files\QIP\Users\228491965\Devils\417133213.jpg
c:\program files\QIP\Users\228491965\Devils\418638709.jpg
c:\program files\QIP\Users\228491965\Devils\553252027.jpg
c:\program files\QIP\Users\228491965\Devils\580317014.jpg
c:\program files\QIP\Users\228491965\History\_srvlog.txt
c:\program files\QIP\Users\228491965\History\212074615.txt
c:\program files\QIP\Users\228491965\History\214871903.txt
c:\program files\QIP\Users\228491965\History\218509197.txt
c:\program files\QIP\Users\228491965\History\219386993.txt
c:\program files\QIP\Users\228491965\History\228204374.txt
c:\program files\QIP\Users\228491965\History\228207184.txt
c:\program files\QIP\Users\228491965\History\233853935.txt
c:\program files\QIP\Users\228491965\History\248187804.txt
c:\program files\QIP\Users\228491965\History\262212112.txt
c:\program files\QIP\Users\228491965\History\301337044.txt
c:\program files\QIP\Users\228491965\History\308990207.txt
c:\program files\QIP\Users\228491965\History\311186014.txt
c:\program files\QIP\Users\228491965\History\315159466.txt
c:\program files\QIP\Users\228491965\History\344324344.txt
c:\program files\QIP\Users\228491965\History\344654993.txt
c:\program files\QIP\Users\228491965\History\417133213.txt
c:\program files\QIP\Users\228491965\History\418638709.txt
c:\program files\QIP\Users\228491965\History\469317990.txt
c:\program files\QIP\Users\228491965\History\561306174.txt
c:\program files\QIP\Users\228491965\History\573555008.txt
c:\program files\QIP\Users\269727042\_birth.txt
c:\program files\QIP\Users\269727042\_botq.txt
c:\program files\QIP\Users\269727042\_events.txt
c:\program files\QIP\Users\269727042\_eye.txt
c:\program files\QIP\Users\269727042\_groups.txt
c:\program files\QIP\Users\269727042\_m_away.txt
c:\program files\QIP\Users\269727042\_m_depr.txt
c:\program files\QIP\Users\269727042\_m_dnd.txt
c:\program files\QIP\Users\269727042\_m_evil.txt
c:\program files\QIP\Users\269727042\_m_ffc.txt
c:\program files\QIP\Users\269727042\_m_home.txt
c:\program files\QIP\Users\269727042\_m_lunch.txt
c:\program files\QIP\Users\269727042\_m_na.txt
c:\program files\QIP\Users\269727042\_m_occup.txt
c:\program files\QIP\Users\269727042\_m_work.txt
c:\program files\QIP\Users\269727042\_premsg.txt
c:\program files\QIP\Users\269727042\_st_away.txt
c:\program files\QIP\Users\269727042\_st_cust.txt
c:\program files\QIP\Users\269727042\269727042.cl
c:\program files\QIP\Users\269727042\269727042.clg
c:\program files\QIP\Users\269727042\269727042.cli
c:\program files\QIP\Users\269727042\269727042.clv
c:\program files\QIP\Users\269727042\269727042.lcl
c:\program files\QIP\Users\269727042\269727042.nil
c:\program files\QIP\Users\269727042\BackupCL\269727042_2009_10.cl
c:\program files\QIP\Users\269727042\BackupCL\269727042_2009_10.clg
c:\program files\QIP\Users\269727042\BackupCL\269727042_2009_10.cli
c:\program files\QIP\Users\269727042\BackupCL\269727042_2009_10.clv
c:\program files\QIP\Users\269727042\Config.ini
c:\program files\QIP\Users\269727042\Devils\228207184.jpg
c:\program files\QIP\Users\269727042\Devils\240349490.jpg
c:\program files\QIP\Users\269727042\Devils\269727042.jpg
c:\program files\QIP\Users\269727042\Devils\361041965.jpg
c:\program files\QIP\Users\269727042\Devils\443444279.jpg
c:\program files\QIP\Users\269727042\Devils\459957539.jpg
c:\program files\QIP\Users\269727042\History\240349490.txt
c:\program files\QIP\Users\269727042\History\361041965.txt
c:\program files\QIP\Users\269727042\History\556014993.txt
c:\program files\QIP\Users\319504609\_birth.txt
c:\program files\QIP\Users\319504609\_botq.txt
c:\program files\QIP\Users\319504609\_events.txt
c:\program files\QIP\Users\319504609\_eye.txt
c:\program files\QIP\Users\319504609\_groups.txt
c:\program files\QIP\Users\319504609\_m_away.txt
c:\program files\QIP\Users\319504609\_m_depr.txt
c:\program files\QIP\Users\319504609\_m_dnd.txt
c:\program files\QIP\Users\319504609\_m_evil.txt
c:\program files\QIP\Users\319504609\_m_ffc.txt
c:\program files\QIP\Users\319504609\_m_home.txt
c:\program files\QIP\Users\319504609\_m_lunch.txt
c:\program files\QIP\Users\319504609\_m_na.txt
c:\program files\QIP\Users\319504609\_m_occup.txt
c:\program files\QIP\Users\319504609\_m_work.txt
c:\program files\QIP\Users\319504609\_premsg.txt
c:\program files\QIP\Users\319504609\_st_away.txt
c:\program files\QIP\Users\319504609\_st_cust.txt
c:\program files\QIP\Users\319504609\319504609.cl
c:\program files\QIP\Users\319504609\319504609.clg
c:\program files\QIP\Users\319504609\319504609.cli
c:\program files\QIP\Users\319504609\319504609.clv
c:\program files\QIP\Users\319504609\319504609.lcl
c:\program files\QIP\Users\319504609\319504609.nil
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_03.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_03.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_03.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_03.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_04.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_04.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_04.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_04.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_05.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_05.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_05.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_05.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_06.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_06.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_06.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_06.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_07.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_07.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_07.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_07.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_08.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_08.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_08.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_08.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_09.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_09.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_09.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_09.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_10.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_10.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_10.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_10.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_11.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_11.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_11.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_11.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_12.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_12.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_12.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2009_12.clv
c:\program files\QIP\Users\319504609\BackupCL\319504609_2010_01.cl
c:\program files\QIP\Users\319504609\BackupCL\319504609_2010_01.clg
c:\program files\QIP\Users\319504609\BackupCL\319504609_2010_01.cli
c:\program files\QIP\Users\319504609\BackupCL\319504609_2010_01.clv
c:\program files\QIP\Users\319504609\Config.ini
c:\program files\QIP\Users\319504609\Devils\196634762.jpg
c:\program files\QIP\Users\319504609\Devils\199566071.jpg
c:\program files\QIP\Users\319504609\Devils\200313772.jpg
c:\program files\QIP\Users\319504609\Devils\205523008.jpg
c:\program files\QIP\Users\319504609\Devils\208889661.jpg
c:\program files\QIP\Users\319504609\Devils\211037088.jpg
c:\program files\QIP\Users\319504609\Devils\216938053.jpg
c:\program files\QIP\Users\319504609\Devils\218507493.jpg
c:\program files\QIP\Users\319504609\Devils\221307279.jpg
c:\program files\QIP\Users\319504609\Devils\226632194.jpg
c:\program files\QIP\Users\319504609\Devils\228207184.jpg
c:\program files\QIP\Users\319504609\Devils\228491965.jpg
c:\program files\QIP\Users\319504609\Devils\233566015.jpg
c:\program files\QIP\Users\319504609\Devils\244560448.jpg
c:\program files\QIP\Users\319504609\Devils\255108790.jpg
c:\program files\QIP\Users\319504609\Devils\255624569.jpg
c:\program files\QIP\Users\319504609\Devils\258401418.jpg
c:\program files\QIP\Users\319504609\Devils\263377056.jpg
c:\program files\QIP\Users\319504609\Devils\269727042.jpg
c:\program files\QIP\Users\319504609\Devils\286933175.jpg
c:\program files\QIP\Users\319504609\Devils\292174539.jpg
c:\program files\QIP\Users\319504609\Devils\294881566.jpg
c:\program files\QIP\Users\319504609\Devils\304878195.jpg
c:\program files\QIP\Users\319504609\Devils\315432278.jpg
c:\program files\QIP\Users\319504609\Devils\316561655.jpg
c:\program files\QIP\Users\319504609\Devils\319504609.jpg
c:\program files\QIP\Users\319504609\Devils\322294802.jpg
c:\program files\QIP\Users\319504609\Devils\323452551.jpg
c:\program files\QIP\Users\319504609\Devils\328733321.jpg
c:\program files\QIP\Users\319504609\Devils\330952581.jpg
c:\program files\QIP\Users\319504609\Devils\333667324.jpg
c:\program files\QIP\Users\319504609\Devils\340709315.gif
c:\program files\QIP\Users\319504609\Devils\341202290.jpg
c:\program files\QIP\Users\319504609\Devils\342383767.jpg
c:\program files\QIP\Users\319504609\Devils\348313636.jpg
c:\program files\QIP\Users\319504609\Devils\361352055.jpg
c:\program files\QIP\Users\319504609\Devils\383866010.jpg
c:\program files\QIP\Users\319504609\Devils\396806300.jpg
c:\program files\QIP\Users\319504609\Devils\396955656.jpg
c:\program files\QIP\Users\319504609\Devils\406082880.jpg
c:\program files\QIP\Users\319504609\Devils\411321303.jpg
c:\program files\QIP\Users\319504609\Devils\470645651.jpg
c:\program files\QIP\Users\319504609\Devils\483199507.jpg
c:\program files\QIP\Users\319504609\Devils\487021829.jpg
c:\program files\QIP\Users\319504609\Devils\490161097.gif
c:\program files\QIP\Users\319504609\Devils\498305286.gif
c:\program files\QIP\Users\319504609\Devils\585830824.jpg
c:\program files\QIP\Users\319504609\Devils\588858006.jpg
c:\program files\QIP\Users\319504609\Devils\590244472.jpg
c:\program files\QIP\Users\319504609\History\_srvlog.txt
c:\program files\QIP\Users\319504609\History\137540882.txt
c:\program files\QIP\Users\319504609\History\196634762.txt
c:\program files\QIP\Users\319504609\History\199566071.txt
c:\program files\QIP\Users\319504609\History\205523008.txt
c:\program files\QIP\Users\319504609\History\207901299.txt
c:\program files\QIP\Users\319504609\History\208889661.txt
c:\program files\QIP\Users\319504609\History\211075113.txt
c:\program files\QIP\Users\319504609\History\216938053.txt
c:\program files\QIP\Users\319504609\History\218285950.txt
c:\program files\QIP\Users\319504609\History\218507493.txt
c:\program files\QIP\Users\319504609\History\221307279.txt
c:\program files\QIP\Users\319504609\History\223394794.txt
c:\program files\QIP\Users\319504609\History\226632194.txt
c:\program files\QIP\Users\319504609\History\228207184.txt
c:\program files\QIP\Users\319504609\History\228491965.txt
c:\program files\QIP\Users\319504609\History\232120037.txt
c:\program files\QIP\Users\319504609\History\235429237.txt
c:\program files\QIP\Users\319504609\History\238519753.txt
c:\program files\QIP\Users\319504609\History\238528698.txt
c:\program files\QIP\Users\319504609\History\238554111.txt
c:\program files\QIP\Users\319504609\History\238606379.txt
c:\program files\QIP\Users\319504609\History\244635174.txt
c:\program files\QIP\Users\319504609\History\246214331.txt
c:\program files\QIP\Users\319504609\History\250859928.txt
c:\program files\QIP\Users\319504609\History\250864114.txt
c:\program files\QIP\Users\319504609\History\250873076.txt
c:\program files\QIP\Users\319504609\History\250890094.txt
c:\program files\QIP\Users\319504609\History\250925571.txt
c:\program files\QIP\Users\319504609\History\250952837.txt
c:\program files\QIP\Users\319504609\History\250966198.txt
c:\program files\QIP\Users\319504609\History\250987863.txt
c:\program files\QIP\Users\319504609\History\252369128.txt
c:\program files\QIP\Users\319504609\History\252378623.txt
c:\program files\QIP\Users\319504609\History\252461043.txt
c:\program files\QIP\Users\319504609\History\252590081.txt
c:\program files\QIP\Users\319504609\History\255624569.txt
c:\program files\QIP\Users\319504609\History\259650047.txt
c:\program files\QIP\Users\319504609\History\262005366.txt
c:\program files\QIP\Users\319504609\History\263377056.txt
c:\program files\QIP\Users\319504609\History\268419004.txt
c:\program files\QIP\Users\319504609\History\269727042.txt
c:\program files\QIP\Users\319504609\History\282863110.txt
c:\program files\QIP\Users\319504609\History\286933175.txt
c:\program files\QIP\Users\319504609\History\292174539.txt
c:\program files\QIP\Users\319504609\History\293498393.txt
c:\program files\QIP\Users\319504609\History\293527504.txt
c:\program files\QIP\Users\319504609\History\295773008.txt
c:\program files\QIP\Users\319504609\History\301810616.txt
c:\program files\QIP\Users\319504609\History\304878195.txt
c:\program files\QIP\Users\319504609\History\308768461.txt
c:\program files\QIP\Users\319504609\History\308990207.txt
c:\program files\QIP\Users\319504609\History\310134691.txt
c:\program files\QIP\Users\319504609\History\320185670.txt
c:\program files\QIP\Users\319504609\History\322294802.txt
c:\program files\QIP\Users\319504609\History\323084119.txt
c:\program files\QIP\Users\319504609\History\323452551.txt
c:\program files\QIP\Users\319504609\History\326017848.txt
c:\program files\QIP\Users\319504609\History\326052466.txt
c:\program files\QIP\Users\319504609\History\326157328.txt
c:\program files\QIP\Users\319504609\History\326218094.txt
c:\program files\QIP\Users\319504609\History\326272899.txt
c:\program files\QIP\Users\319504609\History\326512573.txt
c:\program files\QIP\Users\319504609\History\326526297.txt
c:\program files\QIP\Users\319504609\History\326758987.txt
c:\program files\QIP\Users\319504609\History\326761865.txt
c:\program files\QIP\Users\319504609\History\326779466.txt
c:\program files\QIP\Users\319504609\History\327396640.txt
c:\program files\QIP\Users\319504609\History\328733321.txt
c:\program files\QIP\Users\319504609\History\330952581.txt
c:\program files\QIP\Users\319504609\History\340709315.txt
c:\program files\QIP\Users\319504609\History\342383767.txt
c:\program files\QIP\Users\319504609\History\348788735.txt
c:\program files\QIP\Users\319504609\History\348898364.txt
c:\program files\QIP\Users\319504609\History\349078482.txt
c:\program files\QIP\Users\319504609\History\349091522.txt
c:\program files\QIP\Users\319504609\History\349141588.txt
c:\program files\QIP\Users\319504609\History\349214471.txt
c:\program files\QIP\Users\319504609\History\349221458.txt
c:\program files\QIP\Users\319504609\History\349234229.txt
c:\program files\QIP\Users\319504609\History\349562734.txt
c:\program files\QIP\Users\319504609\History\349601114.txt
c:\program files\QIP\Users\319504609\History\349645339.txt
c:\program files\QIP\Users\319504609\History\349661510.txt
c:\program files\QIP\Users\319504609\History\349757264.txt
c:\program files\QIP\Users\319504609\History\350213212.txt
c:\program files\QIP\Users\319504609\History\350683206.txt
c:\program files\QIP\Users\319504609\History\350703016.txt
c:\program files\QIP\Users\319504609\History\350720713.txt
c:\program files\QIP\Users\319504609\History\350778406.txt
c:\program files\QIP\Users\319504609\History\351745511.txt
c:\program files\QIP\Users\319504609\History\351939822.txt
c:\program files\QIP\Users\319504609\History\352538257.txt
c:\program files\QIP\Users\319504609\History\352752187.txt
c:\program files\QIP\Users\319504609\History\353199657.txt
c:\program files\QIP\Users\319504609\History\353362306.txt
c:\program files\QIP\Users\319504609\History\353395430.txt
c:\program files\QIP\Users\319504609\History\353709509.txt
c:\program files\QIP\Users\319504609\History\353914887.txt
c:\program files\QIP\Users\319504609\History\354061645.txt
c:\program files\QIP\Users\319504609\History\354080981.txt
c:\program files\QIP\Users\319504609\History\355191904.txt
c:\program files\QIP\Users\319504609\History\356239708.txt
c:\program files\QIP\Users\319504609\History\358189325.txt
c:\program files\QIP\Users\319504609\History\358297103.txt
c:\program files\QIP\Users\319504609\History\358313110.txt
c:\program files\QIP\Users\319504609\History\358342087.txt
c:\program files\QIP\Users\319504609\History\358460353.txt
c:\program files\QIP\Users\319504609\History\358506678.txt
c:\program files\QIP\Users\319504609\History\358537286.txt
c:\program files\QIP\Users\319504609\History\358592665.txt
c:\program files\QIP\Users\319504609\History\358600317.txt
c:\program files\QIP\Users\319504609\History\358605691.txt
c:\program files\QIP\Users\319504609\History\358614209.txt
c:\program files\QIP\Users\319504609\History\358619905.txt
c:\program files\QIP\Users\319504609\History\358652063.txt
c:\program files\QIP\Users\319504609\History\358654229.txt
c:\program files\QIP\Users\319504609\History\358685173.txt
c:\program files\QIP\Users\319504609\History\360642363.txt
c:\program files\QIP\Users\319504609\History\361352055.txt
c:\program files\QIP\Users\319504609\History\375077607.txt
c:\program files\QIP\Users\319504609\History\375948471.txt
c:\program files\QIP\Users\319504609\History\388101786.txt
c:\program files\QIP\Users\319504609\History\389703546.txt
c:\program files\QIP\Users\319504609\History\391822382.txt
c:\program files\QIP\Users\319504609\History\396806300.txt
c:\program files\QIP\Users\319504609\History\396955656.txt
c:\program files\QIP\Users\319504609\History\400220049.txt
c:\program files\QIP\Users\319504609\History\401203573.txt
c:\program files\QIP\Users\319504609\History\402392516.txt
c:\program files\QIP\Users\319504609\History\402412091.txt
c:\program files\QIP\Users\319504609\History\406082880.txt
c:\program files\QIP\Users\319504609\History\406839866.txt
c:\program files\QIP\Users\319504609\History\408245422.txt
c:\program files\QIP\Users\319504609\History\410060443.txt
c:\program files\QIP\Users\319504609\History\411222922.txt
c:\program files\QIP\Users\319504609\History\411237900.txt
c:\program files\QIP\Users\319504609\History\411247360.txt
c:\program files\QIP\Users\319504609\History\411281926.txt
c:\program files\QIP\Users\319504609\History\411284512.txt
c:\program files\QIP\Users\319504609\History\411321255.txt
c:\program files\QIP\Users\319504609\History\411323003.txt
c:\program files\QIP\Users\319504609\History\411331980.txt
c:\program files\QIP\Users\319504609\History\411336993.txt
c:\program files\QIP\Users\319504609\History\411343808.txt
c:\program files\QIP\Users\319504609\History\411350138.txt
c:\program files\QIP\Users\319504609\History\411364295.txt
c:\program files\QIP\Users\319504609\History\411365849.txt
c:\program files\QIP\Users\319504609\History\411393259.txt
c:\program files\QIP\Users\319504609\History\411412092.txt
c:\program files\QIP\Users\319504609\History\411418124.txt
c:\program files\QIP\Users\319504609\History\411567598.txt
c:\program files\QIP\Users\319504609\History\411589841.txt
c:\program files\QIP\Users\319504609\History\411612660.txt
c:\program files\QIP\Users\319504609\History\411810422.txt
c:\program files\QIP\Users\319504609\History\412158222.txt
c:\program files\QIP\Users\319504609\History\413030714.txt
c:\program files\QIP\Users\319504609\History\414079704.txt
c:\program files\QIP\Users\319504609\History\415775550.txt
c:\program files\QIP\Users\319504609\History\417510071.txt
c:\program files\QIP\Users\319504609\History\418618785.txt
c:\program files\QIP\Users\319504609\History\419904196.txt
c:\program files\QIP\Users\319504609\History\429995977.txt
c:\program files\QIP\Users\319504609\History\431714077.txt
c:\program files\QIP\Users\319504609\History\431846349.txt
c:\program files\QIP\Users\319504609\History\432458873.txt
c:\program files\QIP\Users\319504609\History\433385199.txt
c:\program files\QIP\Users\319504609\History\434170490.txt
c:\program files\QIP\Users\319504609\History\436005823.txt
c:\program files\QIP\Users\319504609\History\436558763.txt
c:\program files\QIP\Users\319504609\History\441195604.txt
c:\program files\QIP\Users\319504609\History\442293198.txt
c:\program files\QIP\Users\319504609\History\442568115.txt
c:\program files\QIP\Users\319504609\History\442847514.txt
c:\program files\QIP\Users\319504609\History\442941983.txt
c:\program files\QIP\Users\319504609\History\443192179.txt
c:\program files\QIP\Users\319504609\History\444797322.txt
c:\program files\QIP\Users\319504609\History\448292931.txt
c:\program files\QIP\Users\319504609\History\448817565.txt
c:\program files\QIP\Users\319504609\History\451369967.txt
c:\program files\QIP\Users\319504609\History\451954400.txt
c:\program files\QIP\Users\319504609\History\454968701.txt
c:\program files\QIP\Users\319504609\History\455303699.txt
c:\program files\QIP\Users\319504609\History\455329924.txt
c:\program files\QIP\Users\319504609\History\457723247.txt
c:\program files\QIP\Users\319504609\History\459056376.txt
c:\program files\QIP\Users\319504609\History\460095610.txt
c:\program files\QIP\Users\319504609\History\460117165.txt
c:\program files\QIP\Users\319504609\History\461965056.txt
c:\program files\QIP\Users\319504609\History\470645651.txt
c:\program files\QIP\Users\319504609\History\473246030.txt
c:\program files\QIP\Users\319504609\History\474650741.txt
c:\program files\QIP\Users\319504609\History\479991629.txt
c:\program files\QIP\Users\319504609\History\480774669.txt
c:\program files\QIP\Users\319504609\History\483199507.txt
c:\program files\QIP\Users\319504609\History\485598648.txt
c:\program files\QIP\Users\319504609\History\488107270.txt
c:\program files\QIP\Users\319504609\History\490161097.txt
c:\program files\QIP\Users\319504609\History\490191465.txt
c:\program files\QIP\Users\319504609\History\490377357.txt
c:\program files\QIP\Users\319504609\History\490520531.txt
c:\program files\QIP\Users\319504609\History\494345877.txt
c:\program files\QIP\Users\319504609\History\495642718.txt
c:\program files\QIP\Users\319504609\History\495813448.txt
c:\program files\QIP\Users\319504609\History\551202807.txt
c:\program files\QIP\Users\319504609\History\553136242.txt
c:\program files\QIP\Users\319504609\History\553158103.txt
c:\program files\QIP\Users\319504609\History\554995302.txt
c:\program files\QIP\Users\319504609\History\555684690.txt
c:\program files\QIP\Users\319504609\History\556443632.txt
c:\program files\QIP\Users\319504609\History\556485682.txt
c:\program files\QIP\Users\319504609\History\556527128.txt
c:\program files\QIP\Users\319504609\History\556538607.txt
c:\program files\QIP\Users\319504609\History\556704872.txt
c:\program files\QIP\Users\319504609\History\569844156.txt
c:\program files\QIP\Users\319504609\History\574674232.txt
c:\program files\QIP\Users\319504609\History\583025171.txt
c:\program files\QIP\Users\319504609\History\585675475.txt
c:\program files\QIP\Users\319504609\History\585830824.txt
c:\program files\QIP\Users\319504609\History\586260211.txt
c:\program files\QIP\Users\319504609\History\586959829.txt
c:\program files\QIP\Users\319504609\History\586968444.txt
c:\program files\QIP\Users\319504609\History\588138019.txt
c:\program files\QIP\Users\319504609\History\588858006.txt
c:\program files\QIP\Users\319504609\History\590244472.txt
c:\program files\QIP\Users\319504609\History\591124233.txt
c:\program files\QIP\Users\319504609\RcvdFiles\196634762_Cucko\ccsetup226.exe
c:\program files\QIP\Users\327396640\_birth.txt
c:\program files\QIP\Users\327396640\_botq.txt
c:\program files\QIP\Users\327396640\_events.txt
c:\program files\QIP\Users\327396640\_eye.txt
c:\program files\QIP\Users\327396640\_groups.txt
c:\program files\QIP\Users\327396640\_m_away.txt
c:\program files\QIP\Users\327396640\_m_depr.txt
c:\program files\QIP\Users\327396640\_m_dnd.txt
c:\program files\QIP\Users\327396640\_m_evil.txt
c:\program files\QIP\Users\327396640\_m_ffc.txt
c:\program files\QIP\Users\327396640\_m_home.txt
c:\program files\QIP\Users\327396640\_m_lunch.txt
c:\program files\QIP\Users\327396640\_m_na.txt
c:\program files\QIP\Users\327396640\_m_occup.txt
c:\program files\QIP\Users\327396640\_m_work.txt
c:\program files\QIP\Users\327396640\_premsg.txt
c:\program files\QIP\Users\327396640\_st_away.txt
c:\program files\QIP\Users\327396640\_st_cust.txt
c:\program files\QIP\Users\327396640\327396640.cl
c:\program files\QIP\Users\327396640\327396640.clg
c:\program files\QIP\Users\327396640\327396640.cli
c:\program files\QIP\Users\327396640\327396640.clv
c:\program files\QIP\Users\327396640\327396640.lcl
c:\program files\QIP\Users\327396640\327396640.nil
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_05.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_05.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_05.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_05.clv
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_06.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_06.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_06.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_06.clv
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_08.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_08.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_08.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_08.clv
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_09.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_09.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_09.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_09.clv
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_10.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_10.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_10.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_10.clv
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_11.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_11.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_11.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_11.clv
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_12.cl
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_12.clg
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_12.cli
c:\program files\QIP\Users\327396640\BackupCL\327396640_2009_12.clv
c:\program files\QIP\Users\327396640\Config.ini
c:\program files\QIP\Users\327396640\Devils\202473775.jpg
c:\program files\QIP\Users\327396640\Devils\207901299.jpg
c:\program files\QIP\Users\327396640\Devils\208889661.jpg
c:\program files\QIP\Users\327396640\Devils\219703006.jpg
c:\program files\QIP\Users\327396640\Devils\247799263.jpg
c:\program files\QIP\Users\327396640\Devils\253253862.jpg
c:\program files\QIP\Users\327396640\Devils\255038073.jpg
c:\program files\QIP\Users\327396640\Devils\256446065.jpg
c:\program files\QIP\Users\327396640\Devils\258789339.jpg
c:\program files\QIP\Users\327396640\Devils\262539260.jpg
c:\program files\QIP\Users\327396640\Devils\270795571.gif
c:\program files\QIP\Users\327396640\Devils\275806405.jpg
c:\program files\QIP\Users\327396640\Devils\283398608.jpg
c:\program files\QIP\Users\327396640\Devils\287207790.jpg
c:\program files\QIP\Users\327396640\Devils\290701352.jpg
c:\program files\QIP\Users\327396640\Devils\291741281.jpg
c:\program files\QIP\Users\327396640\Devils\293914536.gif
c:\program files\QIP\Users\327396640\Devils\298584516.jpg
c:\program files\QIP\Users\327396640\Devils\301773991.jpg
c:\program files\QIP\Users\327396640\Devils\305067396.jpg
c:\program files\QIP\Users\327396640\Devils\316561659.jpg
c:\program files\QIP\Users\327396640\Devils\320216099.jpg
c:\program files\QIP\Users\327396640\Devils\325202722.jpg
c:\program files\QIP\Users\327396640\Devils\336946734.jpg
c:\program files\QIP\Users\327396640\Devils\342383767.jpg
c:\program files\QIP\Users\327396640\Devils\349037136.jpg
c:\program files\QIP\Users\327396640\Devils\358070568.jpg
c:\program files\QIP\Users\327396640\Devils\368490577.jpg
c:\program files\QIP\Users\327396640\Devils\372427839.jpg
c:\program files\QIP\Users\327396640\Devils\386331194.jpg
c:\program files\QIP\Users\327396640\Devils\413734462.jpg
c:\program files\QIP\Users\327396640\Devils\434542345.jpg
c:\program files\QIP\Users\327396640\Devils\434973578.gif
c:\program files\QIP\Users\327396640\Devils\435962674.jpg
c:\program files\QIP\Users\327396640\Devils\446874762.jpg
c:\program files\QIP\Users\327396640\Devils\477425524.jpg
c:\program files\QIP\Users\327396640\Devils\598255641.jpg
c:\program files\QIP\Users\327396640\History\_srvlog.txt
c:\program files\QIP\Users\327396640\History\262539260.txt
c:\program files\QIP\Users\327396640\History\290701352.txt
c:\program files\QIP\Users\327396640\History\320216099.txt
c:\program files\QIP\Users\327396640\History\342383767.txt
c:\program files\QIP\Users\327396640\History\349037136.txt
c:\program files\QIP\Users\327396640\History\372427839.txt
c:\program files\QIP\Users\327396640\History\434973578.txt
c:\program files\QIP\Users\327396640\History\466257968.txt
c:\program files\QIP\Users\327396640\History\555217362.txt
c:\program files\QIP\Users\327396640\History\570301128.txt
c:\program files\QIP\Users\Accounts.cfg
c:\program files\QIP\Users\Config.ini
c:\program files\QIP\Users\Default.cfg
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.
2010-01-19 12:22 . 2010-01-19 12:22 53248 ----a-w- c:\temp\catchme.dll
2010-01-19 12:12 . 2010-01-19 12:12 16384 ----atw- c:\temp\Perflib_Perfdata_17c.dat
2010-01-19 08:38 . 2010-01-19 08:38 -------- d-----w- c:\program files\Lavalys
2010-01-19 06:47 . 2010-01-19 06:47 -------- d-----w- c:\temp\OIS
2010-01-19 05:12 . 2010-01-19 12:19 -------- d-----w- c:\temp\.jpf-shadow
2010-01-19 05:12 . 2010-01-19 06:21 -------- d-----w- c:\temp\hsperfdata_lukas
2010-01-18 18:56 . 2010-01-18 18:56 -------- d-s---w- c:\documents and settings\Hynek\UserData
2010-01-18 16:29 . 2010-01-18 16:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-18 14:18 . 2010-01-18 14:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-18 14:15 . 2010-01-18 14:15 -------- d-----w- c:\program files\Common Files\Skype
2010-01-18 14:14 . 2010-01-18 14:15 -------- d-----r- c:\program files\Skype
2010-01-15 12:09 . 2010-01-15 12:09 -------- d-----w- c:\program files\CCleaner
2010-01-15 07:05 . 2010-01-15 07:07 -------- d-----w- c:\program files\The KMPlayer
2010-01-13 01:43 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 17:38 . 2010-01-19 06:25 -------- d-----w- c:\program files\trend micro
2010-01-12 17:38 . 2010-01-12 17:38 -------- d-----w- C:\rsit
2010-01-12 09:13 . 2010-01-18 18:59 -------- d-----w- c:\program files\Opera
2010-01-05 09:30 . 2010-01-05 09:30 -------- d-----w- c:\program files\GamePark
2009-12-29 19:04 . 2009-12-29 19:04 -------- d-----w- c:\program files\Sony Ericsson
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 07:13 . 2009-01-29 21:23 -------- d-----w- c:\program files\SpeedFan
2010-01-18 16:40 . 2009-01-07 18:19 -------- d-----w- c:\program files\PokerStars
2010-01-18 14:33 . 2008-10-23 11:42 -------- d-----w- c:\program files\DivX
2010-01-14 17:43 . 2009-02-13 12:00 -------- d-----w- c:\program files\OTTD
2010-01-08 16:37 . 2008-11-21 10:45 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-08 16:06 . 2008-11-21 10:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-08 16:06 . 2008-11-21 10:45 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-05 09:29 . 2008-10-08 06:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 22:29 . 2008-11-10 10:35 -------- d-----w- c:\program files\Java
2010-01-04 11:38 . 2008-10-08 11:01 -------- d-----w- c:\program files\totalcmd
2010-01-02 23:39 . 2009-03-10 06:07 -------- d-----w- c:\program files\ICQ6.5
2009-12-29 19:04 . 2009-01-08 11:08 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-12-29 19:04 . 2009-01-08 11:08 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-12-20 16:57 . 2008-10-22 13:52 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2009-12-17 21:16 . 2008-11-02 14:08 -------- d-----w- c:\program files\Canon
2009-11-29 20:25 . 2009-11-29 20:25 -------- d-----w- c:\program files\LS
2009-11-28 21:13 . 2009-11-28 09:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-28 10:59 . 2009-11-28 10:58 -------- d-----w- c:\program files\BitLord2
2009-11-28 07:10 . 2009-11-28 07:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:49 . 2008-10-09 16:32 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-07 23:47 . 2001-10-25 11:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2009-11-07 23:47 . 2001-10-25 11:00 432278 ----a-w- c:\windows\system32\perfh005.dat
2009-10-29 05:26 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2009-10-05 17:34 . 2010-01-17 21:19 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
Re: Prosím o kontrolu...
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CHotkey"="mHotkey.exe" [2002-07-05 491008]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-03-05 2573536]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Hynek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.83u1.lnk - d:\freerapid-0.83u1\FreeRapid-0.83u1\frd.exe [2009-11-11 35840]
siszyd32.exe [2008-4-14 23040]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sremcon.exe\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\most wanted\\speed.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 7:21 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 7:21 468224]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [28.10.2008 16:42 156968]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27.8.2009 16:05 92008]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [28.11.2008 8:41 113896]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.10.2008 15:55 716272]
S2 gupdate1ca45312f42830;Google Update Service (gupdate1ca45312f42830);c:\program files\Google\Update\GoogleUpdate.exe [4.10.2009 21:26 133104]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 cpuz130;cpuz130;\??\c:\temp\cpuz130\cpuz_x32.sys --> c:\temp\cpuz130\cpuz_x32.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\temp\WQZ1B8A.tmp --> c:\temp\WQZ1B8A.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8.1.2009 12:08 13224]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [25.5.2007 14:55 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [11.10.2008 15:33 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [11.10.2008 15:33 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [11.10.2008 15:33 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [11.10.2008 15:33 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [11.10.2008 15:33 98568]
S3 TVicHW32;TVicHW32;c:\windows\system32\drivers\TVicHW32.sys [18.12.2008 13:02 24656]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 20:26]
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 20:26]
2010-01-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Clean Traces
IE: Download &all with DAP
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Poslat jako SMS
IE: Poslat MMS na
IE: Poslat SMS na
TCP: {DFDD9398-0988-4894-B809-CB8FAC75BBFF} = 213.46.172.36,213.46.172.37
FF - ProfilePath - c:\documents and settings\Hynek\Data aplikací\Mozilla\Firefox\Profiles\1mln2mod.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\Hynek\Data aplikací\Mozilla\Firefox\Profiles\1mln2mod.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-QIP 2005_is1 - c:\program files\QIP\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 13:22
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\temp\WQZ1B8A.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1202660629-2049760794-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1202660629-2049760794-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:25,04,ac,18,d2,03,9a,74,cd,0f,42,4f,5f,5c,73,ec,ef,7b,ba,f5,05,fd,28,
c2,ae,2c,5d,34,d9,e8,2b,0d,1a,f4,87,10,f6,9a,a5,94,ba,37,d2,b4,05,05,22,4f,\
"??"=hex:e7,0c,aa,9b,9b,92,75,66,f5,90,9e,c9,76,4f,d6,fe
[HKEY_USERS\S-1-5-21-1202660629-2049760794-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:3b,2c,56,bb,ad,c9,82,4d,14,68,95,8d,71,44,f6,18,6c,cd,ee,6a,4e,
55,bc,a8,50,bb,18,d8,97,48,59,08,27,02,9e,47,ed,82,a8,43,94,02,5b,40,6c,5c,\
"rkeysecu"=hex:20,7b,64,69,09,50,78,ba,b1,c5,13,3a,7e,b8,6c,d7
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="0F6022E998309BAD7E9C6475D442CE10A37E2F867F2AF3D6C5F667D0BD9E610A1D6A9CE33AA31889E98897EB56DEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5CA9C6AECB7A5D1407831B96BC3A7D1056053C366D072A28A1AC688E873DC1E0F06424C9CAD0CBEBDDD67D9054A85301B89F829372AAA41E5DC64F7002A926051A8AA3E3D813399D260014C048F5281B287E3ECD2AD42FF1CC5895D87FD00AA26DECC0B3A0161AD2C681FE6AF7251635BE6EA6DAD3E54C40BB9CAE90C20EF7BA88D2C57885D1A38FCFCC82DE086B17781E309AC3F3F0DF797A422EF4D0F1DE220D76A005ACF4ECADD34B85095D368E6669799AA6543DB460DF69CEF972418F02200765427FE071DAE75A15E226213F4FC7734A347EC5788CC2A970A4B375C1D56C29CAA9ADAB0F9927C65F7DCD00D15B65B9F2B1C33CBA6B7F0D9210683910EF1F70ABCBA89D0BBFB2D63A7C8A595204F05F82783902F1BAF7905BEAA26EF674696C85C926358C7529439C1A5268B19A1FE689F5B62FF78F8FA69575BEA95BDB02187D5EA0239E3B3535A1A0DF1A44BE284CBCAA57108A5131B52F8756B281F321E8D95257CD30DF7D4F0BF03491C169C5F974ACFAA3C83B4618388BCD8616DC85C484854ACE168BB4A4BB000F2547E4B8D22E26479C3A5EC11B697FC8D5A58A70878EEAC17306B68ABDBBD5FBE0D4CF442B0B512464489D18801BF5AF8422C6A7FE288AC63D1C303616B60DC181CF9D314B5003BC153EB0C07F4B1431AB642EF36F297E27E0D718741D7C59F2797F134A71E41F827ECFA3B9BF1C15BD1825B1A4100DF7F5481D6580B7817BE0F010CCDE4E571E28A3125604E2D3C78A4882160B0A73388912B1E19F3EDCCDA2C19339C207590EA6BD7DFBA2F75B8C917400F27BFD1D187A0F432B97FB4B3C94797C1BCE333D103BB6EF9C1E86C05B0E818337D07FF20229C3603334B1ADC555DBA4095DE1FE59E32FAA94850836BE030ED6226893FD7535EB7ABF42120501C7DE486D4E13393465F85493E6E9925335E9A9C7A3B6EE050772EBE91446FA1413AC0688063CAC7BC81E741DD88F4E4C2D990E13E858185AC67B6E2082EA5CBCA225E46B6A4640A3D9D7F809F14E88703756F840215970AD645A2224670E17CA2559CBFD690D7BAFA817348251EF8199E70C465E391311CF121A888BA0B5C0A20E90877970E38B3909FED90A1633A0B510DAB4D3A44FBBA444770CBF9159903B1544C8EEF48EC1EC936685F26449EF474C98E45958CDD121B6E47600A0E361A335A4A23F6D45128EA4D932E5E5D89B64F64C5FFA4D41DAD36607F7DBB836B479AC930F2356B595F05C98C3DDC7FAF6B734338D9902CF01591637A23B47A42E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\SSSensor.dll
.
Celkový čas: 2010-01-19 13:23:47
ComboFix-quarantined-files.txt 2010-01-19 12:23
Před spuštěním: 8 866 848 768
Po spuštění: 8 836 763 648
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - ACC249FB6B311194057F56F6BF11AF6D
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CHotkey"="mHotkey.exe" [2002-07-05 491008]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-03-05 2573536]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Hynek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.83u1.lnk - d:\freerapid-0.83u1\FreeRapid-0.83u1\frd.exe [2009-11-11 35840]
siszyd32.exe [2008-4-14 23040]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sremcon.exe\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\most wanted\\speed.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 7:21 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 7:21 468224]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [28.10.2008 16:42 156968]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27.8.2009 16:05 92008]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [28.11.2008 8:41 113896]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.10.2008 15:55 716272]
S2 gupdate1ca45312f42830;Google Update Service (gupdate1ca45312f42830);c:\program files\Google\Update\GoogleUpdate.exe [4.10.2009 21:26 133104]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 cpuz130;cpuz130;\??\c:\temp\cpuz130\cpuz_x32.sys --> c:\temp\cpuz130\cpuz_x32.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\temp\WQZ1B8A.tmp --> c:\temp\WQZ1B8A.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8.1.2009 12:08 13224]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [25.5.2007 14:55 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [11.10.2008 15:33 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [11.10.2008 15:33 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [11.10.2008 15:33 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [11.10.2008 15:33 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [11.10.2008 15:33 98568]
S3 TVicHW32;TVicHW32;c:\windows\system32\drivers\TVicHW32.sys [18.12.2008 13:02 24656]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 20:26]
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 20:26]
2010-01-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Clean Traces
IE: Download &all with DAP
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Poslat jako SMS
IE: Poslat MMS na
IE: Poslat SMS na
TCP: {DFDD9398-0988-4894-B809-CB8FAC75BBFF} = 213.46.172.36,213.46.172.37
FF - ProfilePath - c:\documents and settings\Hynek\Data aplikací\Mozilla\Firefox\Profiles\1mln2mod.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\Hynek\Data aplikací\Mozilla\Firefox\Profiles\1mln2mod.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-QIP 2005_is1 - c:\program files\QIP\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 13:22
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\temp\WQZ1B8A.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1202660629-2049760794-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1202660629-2049760794-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:25,04,ac,18,d2,03,9a,74,cd,0f,42,4f,5f,5c,73,ec,ef,7b,ba,f5,05,fd,28,
c2,ae,2c,5d,34,d9,e8,2b,0d,1a,f4,87,10,f6,9a,a5,94,ba,37,d2,b4,05,05,22,4f,\
"??"=hex:e7,0c,aa,9b,9b,92,75,66,f5,90,9e,c9,76,4f,d6,fe
[HKEY_USERS\S-1-5-21-1202660629-2049760794-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:3b,2c,56,bb,ad,c9,82,4d,14,68,95,8d,71,44,f6,18,6c,cd,ee,6a,4e,
55,bc,a8,50,bb,18,d8,97,48,59,08,27,02,9e,47,ed,82,a8,43,94,02,5b,40,6c,5c,\
"rkeysecu"=hex:20,7b,64,69,09,50,78,ba,b1,c5,13,3a,7e,b8,6c,d7
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="0F6022E998309BAD7E9C6475D442CE10A37E2F867F2AF3D6C5F667D0BD9E610A1D6A9CE33AA31889E98897EB56DEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5CA9C6AECB7A5D1407831B96BC3A7D1056053C366D072A28A1AC688E873DC1E0F06424C9CAD0CBEBDDD67D9054A85301B89F829372AAA41E5DC64F7002A926051A8AA3E3D813399D260014C048F5281B287E3ECD2AD42FF1CC5895D87FD00AA26DECC0B3A0161AD2C681FE6AF7251635BE6EA6DAD3E54C40BB9CAE90C20EF7BA88D2C57885D1A38FCFCC82DE086B17781E309AC3F3F0DF797A422EF4D0F1DE220D76A005ACF4ECADD34B85095D368E6669799AA6543DB460DF69CEF972418F02200765427FE071DAE75A15E226213F4FC7734A347EC5788CC2A970A4B375C1D56C29CAA9ADAB0F9927C65F7DCD00D15B65B9F2B1C33CBA6B7F0D9210683910EF1F70ABCBA89D0BBFB2D63A7C8A595204F05F82783902F1BAF7905BEAA26EF674696C85C926358C7529439C1A5268B19A1FE689F5B62FF78F8FA69575BEA95BDB02187D5EA0239E3B3535A1A0DF1A44BE284CBCAA57108A5131B52F8756B281F321E8D95257CD30DF7D4F0BF03491C169C5F974ACFAA3C83B4618388BCD8616DC85C484854ACE168BB4A4BB000F2547E4B8D22E26479C3A5EC11B697FC8D5A58A70878EEAC17306B68ABDBBD5FBE0D4CF442B0B512464489D18801BF5AF8422C6A7FE288AC63D1C303616B60DC181CF9D314B5003BC153EB0C07F4B1431AB642EF36F297E27E0D718741D7C59F2797F134A71E41F827ECFA3B9BF1C15BD1825B1A4100DF7F5481D6580B7817BE0F010CCDE4E571E28A3125604E2D3C78A4882160B0A73388912B1E19F3EDCCDA2C19339C207590EA6BD7DFBA2F75B8C917400F27BFD1D187A0F432B97FB4B3C94797C1BCE333D103BB6EF9C1E86C05B0E818337D07FF20229C3603334B1ADC555DBA4095DE1FE59E32FAA94850836BE030ED6226893FD7535EB7ABF42120501C7DE486D4E13393465F85493E6E9925335E9A9C7A3B6EE050772EBE91446FA1413AC0688063CAC7BC81E741DD88F4E4C2D990E13E858185AC67B6E2082EA5CBCA225E46B6A4640A3D9D7F809F14E88703756F840215970AD645A2224670E17CA2559CBFD690D7BAFA817348251EF8199E70C465E391311CF121A888BA0B5C0A20E90877970E38B3909FED90A1633A0B510DAB4D3A44FBBA444770CBF9159903B1544C8EEF48EC1EC936685F26449EF474C98E45958CDD121B6E47600A0E361A335A4A23F6D45128EA4D932E5E5D89B64F64C5FFA4D41DAD36607F7DBB836B479AC930F2356B595F05C98C3DDC7FAF6B734338D9902CF01591637A23B47A42E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\SSSensor.dll
.
Celkový čas: 2010-01-19 13:23:47
ComboFix-quarantined-files.txt 2010-01-19 12:23
Před spuštěním: 8 866 848 768
Po spuštění: 8 836 763 648
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - ACC249FB6B311194057F56F6BF11AF6D
Re: Prosím o kontrolu...
Tak Qip si budete muset nainstalovat znovu , můžu vědět kterou verzi qipu jste měl?
Ten virus jste chytl asi kde? Byl jste na nějakých ruských stránkách nebo při instalaci qipu?
Garenu používáte?
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
, můžu vědět kterou verzi qipu jste měl?Ten virus jste chytl asi kde? Byl jste na nějakých ruských stránkách nebo při instalaci qipu?
Garenu používáte?
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
File::
c:\documents and settings\Hynek\Nabídka Start\Programy\Po spuštění\siszyd32.exe
c:\program files\Mozilla Firefox\components\qippipe.dll
Extra::
DDS::
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
FF - ProfilePath - c:\documents and settings\Hynek\Data aplikací\Mozilla\Firefox\Profiles\1mln2mod.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... -us&query=
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu...
verzi qipu nevím ale stahnul jsem to asi na stánkách qip v opeře... poslední verzi jsem stahoval qip infinitum Jadris pack... po spuštění combofix mi nešel ukončit eset nod po restartu a po kontrole se mi nespustil nod a cpu je v normálu ...
zde log z combofix...
ComboFix 10-01-18.02 - lukas 19.01.2010 17:53:21.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.647 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hynek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hynek\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
SP: Spy Emergency *disabled* (Updated) {773EE130-7EFF-422a-B0FB-8A71604A2FF9}
* Rezidentní štít AV je zapnutý
FILE ::
"c:\documents and settings\Hynek\Nabídka Start\Programy\Po spuštění\siszyd32.exe"
"c:\program files\Mozilla Firefox\components\qippipe.dll"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Hynek\Nabídka Start\Programy\Po spuštění\siszyd32.exe
c:\program files\Mozilla Firefox\components\qippipe.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.
2010-01-19 16:57 . 2010-01-19 16:57 53248 ----a-w- c:\temp\catchme.dll
2010-01-19 16:52 . 2010-01-19 16:52 16384 ----atw- c:\temp\Perflib_Perfdata_c8.dat
2010-01-19 13:22 . 2010-01-19 13:24 -------- d-----w- c:\program files\German Truck Simulator
2010-01-19 08:38 . 2010-01-19 08:38 -------- d-----w- c:\program files\Lavalys
2010-01-19 06:47 . 2010-01-19 06:47 -------- d-----w- c:\temp\OIS
2010-01-19 05:12 . 2010-01-19 16:56 -------- d-----w- c:\temp\.jpf-shadow
2010-01-19 05:12 . 2010-01-19 06:21 -------- d-----w- c:\temp\hsperfdata_lukas
2010-01-18 18:56 . 2010-01-18 18:56 -------- d-s---w- c:\documents and settings\Hynek\UserData
2010-01-18 16:29 . 2010-01-18 16:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-18 14:18 . 2010-01-18 14:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-18 14:15 . 2010-01-18 14:15 -------- d-----w- c:\program files\Common Files\Skype
2010-01-18 14:14 . 2010-01-18 14:15 -------- d-----r- c:\program files\Skype
2010-01-15 12:09 . 2010-01-15 12:09 -------- d-----w- c:\program files\CCleaner
2010-01-15 07:05 . 2010-01-15 07:07 -------- d-----w- c:\program files\The KMPlayer
2010-01-13 01:43 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 17:38 . 2010-01-19 06:25 -------- d-----w- c:\program files\trend micro
2010-01-12 17:38 . 2010-01-12 17:38 -------- d-----w- C:\rsit
2010-01-12 09:13 . 2010-01-18 18:59 -------- d-----w- c:\program files\Opera
2010-01-05 09:30 . 2010-01-05 09:30 -------- d-----w- c:\program files\GamePark
2009-12-29 19:04 . 2009-12-29 19:04 -------- d-----w- c:\program files\Sony Ericsson
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 07:13 . 2009-01-29 21:23 -------- d-----w- c:\program files\SpeedFan
2010-01-18 16:40 . 2009-01-07 18:19 -------- d-----w- c:\program files\PokerStars
2010-01-18 14:33 . 2008-10-23 11:42 -------- d-----w- c:\program files\DivX
2010-01-14 17:43 . 2009-02-13 12:00 -------- d-----w- c:\program files\OTTD
2010-01-08 16:37 . 2008-11-21 10:45 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-08 16:06 . 2008-11-21 10:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-08 16:06 . 2008-11-21 10:45 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-05 09:29 . 2008-10-08 06:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 22:29 . 2008-11-10 10:35 -------- d-----w- c:\program files\Java
2010-01-04 11:38 . 2008-10-08 11:01 -------- d-----w- c:\program files\totalcmd
2010-01-02 23:39 . 2009-03-10 06:07 -------- d-----w- c:\program files\ICQ6.5
2009-12-29 19:04 . 2009-01-08 11:08 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-12-29 19:04 . 2009-01-08 11:08 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-12-20 16:57 . 2008-10-22 13:52 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2009-12-17 21:16 . 2008-11-02 14:08 -------- d-----w- c:\program files\Canon
2009-11-29 20:25 . 2009-11-29 20:25 -------- d-----w- c:\program files\LS
2009-11-28 21:13 . 2009-11-28 09:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-28 10:59 . 2009-11-28 10:58 -------- d-----w- c:\program files\BitLord2
2009-11-28 07:10 . 2009-11-28 07:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:49 . 2008-10-09 16:32 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-07 23:47 . 2001-10-25 11:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2009-11-07 23:47 . 2001-10-25 11:00 432278 ----a-w- c:\windows\system32\perfh005.dat
2009-10-29 05:26 . 2004-08-17 13:49 668160 ------w- c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CHotkey"="mHotkey.exe" [2002-07-05 491008]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-03-05 2573536]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Hynek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.83u1.lnk - d:\freerapid-0.83u1\FreeRapid-0.83u1\frd.exe [2009-11-11 35840]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sremcon.exe\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\most wanted\\speed.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 7:21 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 7:21 468224]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [28.10.2008 16:42 156968]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27.8.2009 16:05 92008]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [28.11.2008 8:41 113896]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.10.2008 15:55 716272]
S2 gupdate1ca45312f42830;Google Update Service (gupdate1ca45312f42830);c:\program files\Google\Update\GoogleUpdate.exe [4.10.2009 21:26 133104]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 cpuz130;cpuz130;\??\c:\temp\cpuz130\cpuz_x32.sys --> c:\temp\cpuz130\cpuz_x32.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\temp\WQZ1B8A.tmp --> c:\temp\WQZ1B8A.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8.1.2009 12:08 13224]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [25.5.2007 14:55 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [11.10.2008 15:33 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [11.10.2008 15:33 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [11.10.2008 15:33 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [11.10.2008 15:33 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [11.10.2008 15:33 98568]
S3 TVicHW32;TVicHW32;c:\windows\system32\drivers\TVicHW32.sys [18.12.2008 13:02 24656]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 20:26]
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 20:26]
2010-01-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces
IE: Download &all with DAP
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Poslat jako SMS
IE: Poslat MMS na
IE: Poslat SMS na
TCP: {DFDD9398-0988-4894-B809-CB8FAC75BBFF} = 213.46.172.36,213.46.172.37
FF - ProfilePath - c:\documents and settings\Hynek\Data aplikací\Mozilla\Firefox\Profiles\1mln2mod.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\Hynek\Data aplikací\Mozilla\Firefox\Profiles\1mln2mod.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 17:57
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\temp\WQZ1B8A.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1202660629-2049760794-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1202660629-2049760794-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:25,04,ac,18,d2,03,9a,74,cd,0f,42,4f,5f,5c,73,ec,ef,7b,ba,f5,05,fd,28,
c2,ae,2c,5d,34,d9,e8,2b,0d,1a,f4,87,10,f6,9a,a5,94,ba,37,d2,b4,05,05,22,4f,\
"??"=hex:e7,0c,aa,9b,9b,92,75,66,f5,90,9e,c9,76,4f,d6,fe
[HKEY_USERS\S-1-5-21-1202660629-2049760794-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:3b,2c,56,bb,ad,c9,82,4d,14,68,95,8d,71,44,f6,18,6c,cd,ee,6a,4e,
55,bc,a8,50,bb,18,d8,97,48,59,08,27,02,9e,47,ed,82,a8,43,94,02,5b,40,6c,5c,\
"rkeysecu"=hex:20,7b,64,69,09,50,78,ba,b1,c5,13,3a,7e,b8,6c,d7
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="0F6022E998309BAD7E9C6475D442CE10A37E2F867F2AF3D6C5F667D0BD9E610A1D6A9CE33AA31889E98897EB56DEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5CA9C6AECB7A5D1407831B96BC3A7D1056053C366D072A28A1AC688E873DC1E0F06424C9CAD0CBEBDDD67D9054A85301B89F829372AAA41E5DC64F7002A926051A8AA3E3D813399D260014C048F5281B287E3ECD2AD42FF1CC5895D87FD00AA26DECC0B3A0161AD2C681FE6AF7251635BE6EA6DAD3E54C40BB9CAE90C20EF7BA88D2C57885D1A38FCFCC82DE086B17781E309AC3F3F0DF797A422EF4D0F1DE220D76A005ACF4ECADD34B85095D368E6669799AA6543DB460DF69CEF972418F02200765427FE071DAE75A15E226213F4FC7734A347EC5788CC2A970A4B375C1D56C29CAA9ADAB0F9927C65F7DCD00D15B65B9F2B1C33CBA6B7F0D9210683910EF1F70ABCBA89D0BBFB2D63A7C8A595204F05F82783902F1BAF7905BEAA26EF674696C85C926358C7529439C1A5268B19A1FE689F5B62FF78F8FA69575BEA95BDB02187D5EA0239E3B3535A1A0DF1A44BE284CBCAA57108A5131B52F8756B281F321E8D95257CD30DF7D4F0BF03491C169C5F974ACFAA3C83B4618388BCD8616DC85C484854ACE168BB4A4BB000F2547E4B8D22E26479C3A5EC11B697FC8D5A58A70878EEAC17306B68ABDBBD5FBE0D4CF442B0B512464489D18801BF5AF8422C6A7FE288AC63D1C303616B60DC181CF9D314B5003BC153EB0C07F4B1431AB642EF36F297E27E0D718741D7C59F2797F134A71E41F827ECFA3B9BF1C15BD1825B1A4100DF7F5481D6580B7817BE0F010CCDE4E571E28A3125604E2D3C78A4882160B0A73388912B1E19F3EDCCDA2C19339C207590EA6BD7DFBA2F75B8C917400F27BFD1D187A0F432B97FB4B3C94797C1BCE333D103BB6EF9C1E86C05B0E818337D07FF20229C3603334B1ADC555DBA4095DE1FE59E32FAA94850836BE030ED6226893FD7535EB7ABF42120501C7DE486D4E13393465F85493E6E9925335E9A9C7A3B6EE050772EBE91446FA1413AC0688063CAC7BC81E741DD88F4E4C2D990E13E858185AC67B6E2082EA5CBCA225E46B6A4640A3D9D7F809F14E88703756F840215970AD645A2224670E17CA2559CBFD690D7BAFA817348251EF8199E70C465E391311CF121A888BA0B5C0A20E90877970E38B3909FED90A1633A0B510DAB4D3A44FBBA444770CBF9159903B1544C8EEF48EC1EC936685F26449EF474C98E45958CDD121B6E47600A0E361A335A4A23F6D45128EA4D932E5E5D89B64F64C5FFA4D41DAD36607F7DBB836B479AC930F2356B595F05C98C3DDC7FAF6B734338D9902CF01591637A23B47A42E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\SSSensor.dll
.
Celkový čas: 2010-01-19 17:58:43
ComboFix-quarantined-files.txt 2010-01-19 16:58
ComboFix2.txt 2010-01-19 12:23
Před spuštěním: 8 509 472 768
Po spuštění: 8 475 975 680
- - End Of File - - CF79EE652280D285F10B0D8F90B1E283
zde log z combofix...
ComboFix 10-01-18.02 - lukas 19.01.2010 17:53:21.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.647 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hynek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hynek\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
SP: Spy Emergency *disabled* (Updated) {773EE130-7EFF-422a-B0FB-8A71604A2FF9}
* Rezidentní štít AV je zapnutý
FILE ::
"c:\documents and settings\Hynek\Nabídka Start\Programy\Po spuštění\siszyd32.exe"
"c:\program files\Mozilla Firefox\components\qippipe.dll"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Hynek\Nabídka Start\Programy\Po spuštění\siszyd32.exe
c:\program files\Mozilla Firefox\components\qippipe.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.
2010-01-19 16:57 . 2010-01-19 16:57 53248 ----a-w- c:\temp\catchme.dll
2010-01-19 16:52 . 2010-01-19 16:52 16384 ----atw- c:\temp\Perflib_Perfdata_c8.dat
2010-01-19 13:22 . 2010-01-19 13:24 -------- d-----w- c:\program files\German Truck Simulator
2010-01-19 08:38 . 2010-01-19 08:38 -------- d-----w- c:\program files\Lavalys
2010-01-19 06:47 . 2010-01-19 06:47 -------- d-----w- c:\temp\OIS
2010-01-19 05:12 . 2010-01-19 16:56 -------- d-----w- c:\temp\.jpf-shadow
2010-01-19 05:12 . 2010-01-19 06:21 -------- d-----w- c:\temp\hsperfdata_lukas
2010-01-18 18:56 . 2010-01-18 18:56 -------- d-s---w- c:\documents and settings\Hynek\UserData
2010-01-18 16:29 . 2010-01-18 16:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-18 14:18 . 2010-01-18 14:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-18 14:15 . 2010-01-18 14:15 -------- d-----w- c:\program files\Common Files\Skype
2010-01-18 14:14 . 2010-01-18 14:15 -------- d-----r- c:\program files\Skype
2010-01-15 12:09 . 2010-01-15 12:09 -------- d-----w- c:\program files\CCleaner
2010-01-15 07:05 . 2010-01-15 07:07 -------- d-----w- c:\program files\The KMPlayer
2010-01-13 01:43 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 17:38 . 2010-01-19 06:25 -------- d-----w- c:\program files\trend micro
2010-01-12 17:38 . 2010-01-12 17:38 -------- d-----w- C:\rsit
2010-01-12 09:13 . 2010-01-18 18:59 -------- d-----w- c:\program files\Opera
2010-01-05 09:30 . 2010-01-05 09:30 -------- d-----w- c:\program files\GamePark
2009-12-29 19:04 . 2009-12-29 19:04 -------- d-----w- c:\program files\Sony Ericsson
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 07:13 . 2009-01-29 21:23 -------- d-----w- c:\program files\SpeedFan
2010-01-18 16:40 . 2009-01-07 18:19 -------- d-----w- c:\program files\PokerStars
2010-01-18 14:33 . 2008-10-23 11:42 -------- d-----w- c:\program files\DivX
2010-01-14 17:43 . 2009-02-13 12:00 -------- d-----w- c:\program files\OTTD
2010-01-08 16:37 . 2008-11-21 10:45 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-08 16:06 . 2008-11-21 10:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-08 16:06 . 2008-11-21 10:45 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-05 09:29 . 2008-10-08 06:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 22:29 . 2008-11-10 10:35 -------- d-----w- c:\program files\Java
2010-01-04 11:38 . 2008-10-08 11:01 -------- d-----w- c:\program files\totalcmd
2010-01-02 23:39 . 2009-03-10 06:07 -------- d-----w- c:\program files\ICQ6.5
2009-12-29 19:04 . 2009-01-08 11:08 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-12-29 19:04 . 2009-01-08 11:08 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-12-20 16:57 . 2008-10-22 13:52 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2009-12-17 21:16 . 2008-11-02 14:08 -------- d-----w- c:\program files\Canon
2009-11-29 20:25 . 2009-11-29 20:25 -------- d-----w- c:\program files\LS
2009-11-28 21:13 . 2009-11-28 09:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-28 10:59 . 2009-11-28 10:58 -------- d-----w- c:\program files\BitLord2
2009-11-28 07:10 . 2009-11-28 07:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:49 . 2008-10-09 16:32 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-07 23:47 . 2001-10-25 11:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2009-11-07 23:47 . 2001-10-25 11:00 432278 ----a-w- c:\windows\system32\perfh005.dat
2009-10-29 05:26 . 2004-08-17 13:49 668160 ------w- c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CHotkey"="mHotkey.exe" [2002-07-05 491008]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-03-05 2573536]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Hynek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.83u1.lnk - d:\freerapid-0.83u1\FreeRapid-0.83u1\frd.exe [2009-11-11 35840]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sremcon.exe\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\most wanted\\speed.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 7:21 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 7:21 468224]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [28.10.2008 16:42 156968]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27.8.2009 16:05 92008]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [28.11.2008 8:41 113896]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.10.2008 15:55 716272]
S2 gupdate1ca45312f42830;Google Update Service (gupdate1ca45312f42830);c:\program files\Google\Update\GoogleUpdate.exe [4.10.2009 21:26 133104]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 cpuz130;cpuz130;\??\c:\temp\cpuz130\cpuz_x32.sys --> c:\temp\cpuz130\cpuz_x32.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\temp\WQZ1B8A.tmp --> c:\temp\WQZ1B8A.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8.1.2009 12:08 13224]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [25.5.2007 14:55 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [11.10.2008 15:33 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [11.10.2008 15:33 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [11.10.2008 15:33 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [11.10.2008 15:33 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [11.10.2008 15:33 98568]
S3 TVicHW32;TVicHW32;c:\windows\system32\drivers\TVicHW32.sys [18.12.2008 13:02 24656]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 20:26]
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 20:26]
2010-01-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces
IE: Download &all with DAP
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Poslat jako SMS
IE: Poslat MMS na
IE: Poslat SMS na
TCP: {DFDD9398-0988-4894-B809-CB8FAC75BBFF} = 213.46.172.36,213.46.172.37
FF - ProfilePath - c:\documents and settings\Hynek\Data aplikací\Mozilla\Firefox\Profiles\1mln2mod.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\Hynek\Data aplikací\Mozilla\Firefox\Profiles\1mln2mod.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 17:57
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\temp\WQZ1B8A.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1202660629-2049760794-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1202660629-2049760794-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:25,04,ac,18,d2,03,9a,74,cd,0f,42,4f,5f,5c,73,ec,ef,7b,ba,f5,05,fd,28,
c2,ae,2c,5d,34,d9,e8,2b,0d,1a,f4,87,10,f6,9a,a5,94,ba,37,d2,b4,05,05,22,4f,\
"??"=hex:e7,0c,aa,9b,9b,92,75,66,f5,90,9e,c9,76,4f,d6,fe
[HKEY_USERS\S-1-5-21-1202660629-2049760794-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:3b,2c,56,bb,ad,c9,82,4d,14,68,95,8d,71,44,f6,18,6c,cd,ee,6a,4e,
55,bc,a8,50,bb,18,d8,97,48,59,08,27,02,9e,47,ed,82,a8,43,94,02,5b,40,6c,5c,\
"rkeysecu"=hex:20,7b,64,69,09,50,78,ba,b1,c5,13,3a,7e,b8,6c,d7
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="0F6022E998309BAD7E9C6475D442CE10A37E2F867F2AF3D6C5F667D0BD9E610A1D6A9CE33AA31889E98897EB56DEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5CA9C6AECB7A5D1407831B96BC3A7D1056053C366D072A28A1AC688E873DC1E0F06424C9CAD0CBEBDDD67D9054A85301B89F829372AAA41E5DC64F7002A926051A8AA3E3D813399D260014C048F5281B287E3ECD2AD42FF1CC5895D87FD00AA26DECC0B3A0161AD2C681FE6AF7251635BE6EA6DAD3E54C40BB9CAE90C20EF7BA88D2C57885D1A38FCFCC82DE086B17781E309AC3F3F0DF797A422EF4D0F1DE220D76A005ACF4ECADD34B85095D368E6669799AA6543DB460DF69CEF972418F02200765427FE071DAE75A15E226213F4FC7734A347EC5788CC2A970A4B375C1D56C29CAA9ADAB0F9927C65F7DCD00D15B65B9F2B1C33CBA6B7F0D9210683910EF1F70ABCBA89D0BBFB2D63A7C8A595204F05F82783902F1BAF7905BEAA26EF674696C85C926358C7529439C1A5268B19A1FE689F5B62FF78F8FA69575BEA95BDB02187D5EA0239E3B3535A1A0DF1A44BE284CBCAA57108A5131B52F8756B281F321E8D95257CD30DF7D4F0BF03491C169C5F974ACFAA3C83B4618388BCD8616DC85C484854ACE168BB4A4BB000F2547E4B8D22E26479C3A5EC11B697FC8D5A58A70878EEAC17306B68ABDBBD5FBE0D4CF442B0B512464489D18801BF5AF8422C6A7FE288AC63D1C303616B60DC181CF9D314B5003BC153EB0C07F4B1431AB642EF36F297E27E0D718741D7C59F2797F134A71E41F827ECFA3B9BF1C15BD1825B1A4100DF7F5481D6580B7817BE0F010CCDE4E571E28A3125604E2D3C78A4882160B0A73388912B1E19F3EDCCDA2C19339C207590EA6BD7DFBA2F75B8C917400F27BFD1D187A0F432B97FB4B3C94797C1BCE333D103BB6EF9C1E86C05B0E818337D07FF20229C3603334B1ADC555DBA4095DE1FE59E32FAA94850836BE030ED6226893FD7535EB7ABF42120501C7DE486D4E13393465F85493E6E9925335E9A9C7A3B6EE050772EBE91446FA1413AC0688063CAC7BC81E741DD88F4E4C2D990E13E858185AC67B6E2082EA5CBCA225E46B6A4640A3D9D7F809F14E88703756F840215970AD645A2224670E17CA2559CBFD690D7BAFA817348251EF8199E70C465E391311CF121A888BA0B5C0A20E90877970E38B3909FED90A1633A0B510DAB4D3A44FBBA444770CBF9159903B1544C8EEF48EC1EC936685F26449EF474C98E45958CDD121B6E47600A0E361A335A4A23F6D45128EA4D932E5E5D89B64F64C5FFA4D41DAD36607F7DBB836B479AC930F2356B595F05C98C3DDC7FAF6B734338D9902CF01591637A23B47A42E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\SSSensor.dll
.
Celkový čas: 2010-01-19 17:58:43
ComboFix-quarantined-files.txt 2010-01-19 16:58
ComboFix2.txt 2010-01-19 12:23
Před spuštěním: 8 509 472 768
Po spuštění: 8 475 975 680
- - End Of File - - CF79EE652280D285F10B0D8F90B1E283
Re: Prosím o kontrolu...
Garenu používáte?
Jak to vypadá s počítačem?
Jak to vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu...
dobrý ráno:)
garenu mám odinstalovanou... odinstaloval jsem eset nod a počítač beží normálně asi se nepohodly nějaké programy.... mám dotaz na složku v dokumentech (all users a také složka hynek) , která ukazuje 1.25 GB ale složky v ní mají velikost jen 403 MB existuje program kterej by to pročistil ?
garenu mám odinstalovanou... odinstaloval jsem eset nod a počítač beží normálně asi se nepohodly nějaké programy.... mám dotaz na složku v dokumentech (all users a také složka hynek) , která ukazuje 1.25 GB ale složky v ní mají velikost jen 403 MB existuje program kterej by to pročistil ?
Re: Prosím o kontrolu...
Máte odkryté skryté a systémové soubory?
Ale možná máte jen binec v tempech, trochu to pročistíme.
Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
Z mého podpisu stahněte Ccleaner
-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy udělat zálohu registrů - nemusíte
-kliknete opravit všechny problémy ok zavřít
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Smažte cache Opery bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/
- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
-zatrhněte Select All a pak klikněte na Empty Selected
pozor - přijdete o všechna hesla uložená ve FF /Opere!
-Na záložce main zaškrtněte All users temp a potvrdte Empty selected
Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)
Dívám se že návod na pročištění disku jsem Vám už dávala, použil jste ten CCleaner?
Poprosím o nový log ze Rsitu
Ale možná máte jen binec v tempech, trochu to pročistíme.
Odinstalujte combofix přesStart >> Spustit zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
Z mého podpisu stahněte Ccleaner-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy
udělat zálohu registrů - nemusíte-kliknete opravit všechny problémy
ok zavřítCcleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Smažte cache Opery bud ručně nebo ATF Cleaneremhttp://www.slunecnice.cz/sw/atf-cleaner/
- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
-zatrhněte Select All a pak klikněte na Empty Selected
pozor - přijdete o všechna hesla uložená ve FF /Opere!
-Na záložce main zaškrtněte All users temp a potvrdte Empty selected
Stahněte TFC a použijteTFC (http://oldtimer.geekstogo.com/TFC.exe)
Dívám se že návod na pročištění disku jsem Vám už dávala, použil jste ten CCleaner? Poprosím o nový log ze Rsitu Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?