hlášení o infekci v PC

[waterresist]

Nejedná se o můj PC ale o PC známé, řešíme to zrovna tedka po icq. vyskakuje jí toto
http://www.ukazto.com/?img=974695,32c0v.jpg

a udělala po malém tutoriálu i log hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:35, on 23.9.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\SecurePCCleaner\UGDCcw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Documents and Settings\terezka\Dokumenty\ICQ\345059758\ReceivedFiles\390462603 šM\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AE65072-5D99-4A3C-AD6F-75034E44C013} - C:\WINDOWS\System32\khfgebx.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)
O2 - BHO: MSVPS System - {31CBB13B-244D-4C44-AED5-DCAD70F66281} - C:\WINDOWS\nsduo.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5DDDFAB5-2E9B-4674-A8DB-958576F9CDEA} - C:\WINDOWS\System32\awtsr.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F93C5BFF-16F9-4DC5-B78C-EC46F896EE56} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu3\AOL_security_toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Documents and Settings\1\Plocha\Prográmky\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\eqywvttv.dll",realset
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SecurePCCleaner] "C:\Program Files\SecurePCCleaner\GDC.exe"
O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\SECURE~1\UGDCcw.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SecurePCCleaner] C:\Program Files\SecurePCCleaner\GDC.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7414192265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtsr - C:\WINDOWS\System32\awtsr.dll (file missing)
O20 - Winlogon Notify: khfgebx - khfgebx.dll (file missing)
O21 - SSODL: msmhost - {B09D0FFC-C7BF-4971-838D-91D241ACDF3C} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {0E31E1C1-BDBE-4ABB-8A1B-5612835F0B97} - C:\WINDOWS\msmdev.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Kaspersky Lab - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 11958 bytes

[Reklama]

[fredik]

Stáhni si SmitFraudFix (by S!Ri)

Restartuj PC do nouzového režimu:
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskni libovolnou klávesu, tím se dostaneš do menu.
Zde zvol volbu číslo 2
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.

Pak restartuj PC do normálního režimu, vlož sem z něho log který najdeš v souboru na C:\rapport.txt a udělej nový log z HijackThis a dej ho taky sem.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[waterresist]

Tak to kámoška zvládla, říká že jí varovná hlášení už vůbec nevyskakují, tady je log ze
SmitfraudFix
SmitFraudFix v2.227

Scan done at 16:41:44,40, ne 23.09.2007
Run from C:\Documents and Settings\terezka\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\msmdev.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{0E31E1C1-BDBE-4ABB-8A1B-5612835F0B97}]
C:\WINDOWS\msmhost.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{B09D0FFC-C7BF-4971-838D-91D241ACDF3C}]
C:\WINDOWS\nsduo.dll Deleted
C:\Program Files\VideoAccessCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A25B04A-EE77-4D2F-9D28-685D6EAA1DE3}: DhcpNameServer=213.46.172.36 213.46.172.37
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A25B04A-EE77-4D2F-9D28-685D6EAA1DE3}: DhcpNameServer=213.46.172.36 213.46.172.37
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7A25B04A-EE77-4D2F-9D28-685D6EAA1DE3}: DhcpNameServer=213.46.172.36 213.46.172.37
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.46.172.36 213.46.172.37
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.46.172.36 213.46.172.37
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=213.46.172.36 213.46.172.37


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


HjackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:14, on 23.9.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\SecurePCCleaner\GDC.exe
C:\PROGRA~1\SECURE~1\UGDCcw.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Documents and Settings\terezka\Dokumenty\ICQ\345059758\ReceivedFiles\390462603 šM\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AE65072-5D99-4A3C-AD6F-75034E44C013} - C:\WINDOWS\System32\khfgebx.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)
O2 - BHO: MSVPS System - {31CBB13B-244D-4C44-AED5-DCAD70F66281} - C:\WINDOWS\nsduo.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5DDDFAB5-2E9B-4674-A8DB-958576F9CDEA} - C:\WINDOWS\System32\awtsr.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F93C5BFF-16F9-4DC5-B78C-EC46F896EE56} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu3\AOL_security_toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Documents and Settings\1\Plocha\Prográmky\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\eqywvttv.dll",realset
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SecurePCCleaner] "C:\Program Files\SecurePCCleaner\GDC.exe"
O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\SECURE~1\UGDCcw.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SecurePCCleaner] C:\Program Files\SecurePCCleaner\GDC.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7414192265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtsr - C:\WINDOWS\System32\awtsr.dll (file missing)
O20 - Winlogon Notify: khfgebx - khfgebx.dll (file missing)
O21 - SSODL: msmhost - {B09D0FFC-C7BF-4971-838D-91D241ACDF3C} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {0E31E1C1-BDBE-4ABB-8A1B-5612835F0B97} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Kaspersky Lab - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 11875 bytes

a ComboFix
ComboFix 07-09-21.2 - "terezka" 2007-09-23 17:01:11.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.111 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\terezka\Plocha\Error Cleaner.url
C:\DOCUME~1\terezka\Plocha\Privacy Protector.url
C:\DOCUME~1\terezka\Plocha\Spyware&Malware Protection.url
C:\Program Files\install provider
C:\Program Files\install provider\data.ini
C:\Program Files\install provider\InstallProvider_1.dlldat
C:\Program Files\internet explorer\msimg32.dll
C:\WA6P
C:\WINDOWS\dat.txt
C:\WINDOWS\DOWNLO~1\UWA6P_0001_N93M2712InstallProvider.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\av.cpl
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\UpMedia

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK


((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))
.

2007-09-23 17:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-23 16:41 3,832 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-23 16:38 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Data aplikacˇ
2007-09-23 16:38 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Nabˇdka Start
2007-09-23 16:38 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\ćablony
2007-09-23 16:38 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Okolnˇ tisk rny
2007-09-23 16:38 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Okolnˇ sˇś
2007-09-23 16:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Plocha
2007-09-23 16:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Oblˇben‚ polo§ky
2007-09-23 16:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Dokumenty
2007-09-23 16:11 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-23 16:11 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-23 16:11 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-23 16:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-23 16:10 <DIR> d-------- C:\DOCUME~1\terezka\SmitfraudFix
2007-09-23 15:18 <DIR> d-------- C:\Program Files\SecurePCCleaner
2007-09-22 18:32 <DIR> d-------- C:\Program Files\Core Design
2007-09-22 09:58 339,968 --a------ C:\WINDOWS\system32\cdintf.dll
2007-09-20 21:39 <DIR> d-------- C:\DOCUME~1\terezka\Graphisoft
2007-09-20 21:36 <DIR> d-------- C:\Program Files\QuickTime
2007-09-20 21:35 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-20 21:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Apple Computer
2007-09-18 14:16 <DIR> d-------- C:\Program Files\MotoGP2
2007-09-15 14:05 102,400 --a------ C:\WINDOWS\system32\unzip32.dll
2007-09-15 14:05 <DIR> d-------- C:\Program Files\Weather Watcher
2007-09-15 14:05 <DIR> d-------- C:\Program Files\VVSN
2007-09-15 13:26 <DIR> d-------- C:\Program Files\Krteźek 1.7
2007-09-15 12:52 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-15 12:46 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-09-15 12:44 <DIR> d-------- C:\Program Files\THQ
2007-09-15 12:40 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-09-15 12:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\DFX
2007-09-15 12:33 <DIR> d-------- C:\Program Files\DFX
2007-09-15 12:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-10 14:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Bluetooth
2007-09-10 14:02 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
2007-09-10 14:02 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-09-10 14:02 57,856 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-09-10 14:02 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-09-10 14:02 50,176 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-09-10 14:02 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
2007-09-10 14:02 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-09-10 14:02 134,272 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2007-09-10 14:02 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-09-10 14:01 28,271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys
2007-09-10 14:01 20,480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys
2007-09-10 13:31 77,824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll
2007-09-10 13:31 63,488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys
2007-09-10 13:31 51,169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS
2007-09-10 13:31 48,556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys
2007-09-10 13:31 48,076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys
2007-09-10 13:31 40,960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe
2007-09-10 13:30 <DIR> d-------- C:\Program Files\IVT Corporation
2007-09-09 20:47 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-09-08 14:36 <DIR> dr-h----- C:\DOCUME~1\MAMKA~1.2-K\Data aplikacˇ
2007-09-08 14:36 <DIR> dr------- C:\DOCUME~1\MAMKA~1.2-K\Oblˇben‚ polo§ky
2007-09-08 14:36 <DIR> dr------- C:\DOCUME~1\MAMKA~1.2-K\Nabˇdka Start
2007-09-08 14:36 <DIR> dr------- C:\DOCUME~1\MAMKA~1.2-K\Dokumenty
2007-09-08 14:36 <DIR> d--h----- C:\DOCUME~1\MAMKA~1.2-K\ćablony
2007-09-08 14:36 <DIR> d--h----- C:\DOCUME~1\MAMKA~1.2-K\Okolnˇ tisk rny
2007-09-08 14:36 <DIR> d--h----- C:\DOCUME~1\MAMKA~1.2-K\Okolnˇ sˇś
2007-09-08 14:36 <DIR> d-------- C:\DOCUME~1\MAMKA~1.2-K\Plocha
2007-08-31 18:59 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-08-30 11:50 241,664 --a--c--- C:\WINDOWS\system32\dllcache\mpg4dmod.dll
2007-08-30 11:50 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-08-30 11:49 9,728 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2007-08-30 11:49 217,600 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2007-08-30 11:49 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-08-30 11:48 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-08-30 11:48 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-08-30 11:47 <DIR> d-------- C:\Program Files\Samsung
2007-08-27 14:52 <DIR> d-------- C:\Program Files\MediaCoder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 17:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\AOL
2007-09-23 17:06 429856 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-23 17:06 41060 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-23 17:06 230228 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-23 17:06 17267744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-20 21:30 --------- d-------- C:\Program Files\Graphisoft
2007-09-15 10:10 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-06 20:45 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-06 15:56 --------- d-------- C:\Program Files\BitComet
2007-09-06 15:55 --------- d-------- C:\Program Files\Oberon Media
2007-09-05 14:46 --------- d-------- C:\Program Files\ICQ6
2007-09-03 19:00 82061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-03 19:00 81549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-02 19:51 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
2007-08-31 18:59 --------- d-------- C:\Program Files\Skype
2007-08-31 18:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Skype
2007-08-30 21:28 --------- d-------- C:\Program Files\Opera
2007-08-30 21:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ESTsoft
2007-08-30 21:27 --------- d-------- C:\Program Files\QIP
2007-08-27 13:27 323 ---h----- C:\Program Files\desktop.ini
2007-08-20 19:16 --------- d-------- C:\Program Files\LimeWire
2007-08-15 12:12 --------- d-------- C:\Program Files\Coding Workshop Polyphonic Wizard
2007-08-15 12:10 --------- d-------- C:\Program Files\MOBILedit!
2007-08-11 18:23 --------- d-------- C:\Program Files\AOL Security Toolbar
2007-08-09 21:20 253952 --------- C:\WINDOWS\Setup1.exe
2007-08-07 14:03 --------- d-------- C:\Program Files\Google
2007-08-06 20:05 --------- d-------- C:\Program Files\EA GAMES
2007-08-06 20:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Google
2007-08-06 20:03 --------- d-------- C:\Program Files\VPHoldem
2007-08-05 13:33 --------- d-------- C:\Program Files\hp deskjet 3320 series
2007-07-30 16:28 --------- d-------- C:\Program Files\Canon
2007-07-30 16:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ScanSoft
2007-07-30 16:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallShield
2007-07-30 16:26 --------- d-------- C:\Program Files\ScanSoft
2007-07-30 16:26 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-30 16:26 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-30 16:24 --------- d-------- C:\Program Files\ArcSoft
2007-07-30 16:22 --------- d--h----- C:\DOCUME~1\ALLUSE~1\DATAAP~1\CanonBJ
2007-07-30 16:21 --------- d--h----- C:\Program Files\CanonBJ
2007-07-29 20:20 --------- d-------- C:\Program Files\Webteh
2007-07-26 17:29 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-07-26 17:28 --------- d-------- C:\Program Files\vso
2007-03-09 20:02 11079 ---h----- C:\Program Files\folder.htt
--------- C:\Program Files\Malá módní návrhářka
--------- C:\Program Files\Krteček 1.7
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31CBB13B-244D-4C44-AED5-DCAD70F66281}]
C:\WINDOWS\nsduo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DDDFAB5-2E9B-4674-A8DB-958576F9CDEA}]
C:\WINDOWS\System32\awtsr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F93C5BFF-16F9-4DC5-B78C-EC46F896EE56}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 02:07]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2005-12-05 18:04]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-05-11 21:58]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-11-03 09:25]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-11-03 09:22]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-11-03 09:26]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2006-05-29 19:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-09-20 21:28]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 14:03]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 12:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-04 21:14]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 C:\WINDOWS\soundman.exe]
"DAEMON Tools"="C:\Documents and Settings\1\Plocha\Prográmky\DAEMON Tools\daemon.exe" []
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]
"AVP"="C:\Program Files\AOL\Active Virus Shield\avp.exe" [2007-04-03 11:37]
"SecurePCCleaner"="C:\Program Files\SecurePCCleaner\GDC.exe" [2007-09-07 17:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 01:11]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-08-08 17:03]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-01-25 22:31]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09]
"SecurePCCleaner"="C:\Program Files\SecurePCCleaner\GDC.exe" [2007-09-07 17:32]

C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 15:44:06]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-09-10 13:30:53]
Hlavnˇ panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 02:07:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsr]
C:\WINDOWS\System32\awtsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfgebx]
khfgebx.dll

R2 mp3m2pls;mp3m2pls;\??\C:\WINDOWS\System32\drivers\mp3m2pls.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\System32\DRIVERS\3xHybrid.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\System32\DRIVERS\usbhub.sys
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe
S3 FreshIO;FreshIO;\??\C:\PPK\FreshDiagnose\FreshIO.sys
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\System32\Drivers\usb2vcom.sys
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\System32\DRIVERS\usbccgp.sys
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 19:35:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-23 17:09:23
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-23 17:12:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-23 17:12
.
--- E O F ---

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\System32\eqywvttv.dll

Folder::
C:\Program Files\SecurePCCleaner

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31CBB13B-244D-4C44-AED5-DCAD70F66281}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DDDFAB5-2E9B-4674-A8DB-958576F9CDEA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F93C5BFF-16F9-4DC5-B78C-EC46F896EE56}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurePCCleaner"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurePCCleaner"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfgebx]

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/ju.....&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {1AE65072-5D99-4A3C-AD6F-75034E44C013} - C:\WINDOWS\System32\khfgebx.dll (file missing)
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\eqywvttv.dll",realset
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O21 - SSODL: msmhost - {B09D0FFC-C7BF-4971-838D-91D241ACDF3C} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {0E31E1C1-BDBE-4ABB-8A1B-5612835F0B97} - C:\WINDOWS\msmdev.dll (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked

Dej sem pak nový log z HJT.

[waterresist]

OK vlitnem na to hned jak bude kamška on line.

[waterresist]

tady je log z combofixu s tím scriptem

ComboFix 07-09-21.2 - "terezka" 2007-09-23 20:21:55.2 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.92 [GMT 2:00]
Command switches used :: C:\Documents and Settings\terezka\Plocha\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\System32\eqywvttv.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SecurePCCleaner
C:\Program Files\SecurePCCleaner\config.ini
C:\Program Files\SecurePCCleaner\data\application\7-Zip Compression Pgm.scr
C:\Program Files\SecurePCCleaner\data\application\AbsoluteFTP.scr
C:\Program Files\SecurePCCleaner\data\application\ACDSee32.scr
C:\Program Files\SecurePCCleaner\data\application\Acoustica CD Label Maker.scr
C:\Program Files\SecurePCCleaner\data\application\Ad-aware SE.scr
C:\Program Files\SecurePCCleaner\data\application\Adaptec's Audio CD.scr
C:\Program Files\SecurePCCleaner\data\application\Adaptec Easy CD Creator v4.scr
C:\Program Files\SecurePCCleaner\data\application\Addsoft.scr
C:\Program Files\SecurePCCleaner\data\application\AddWeb 3.0.scr
C:\Program Files\SecurePCCleaner\data\application\Adobe Acrobat Reader v3.0.scr
C:\Program Files\SecurePCCleaner\data\application\Adobe Acrobat Reader v3.1.scr
C:\Program Files\SecurePCCleaner\data\application\Adobe Acrobat Reader v4.0.scr
C:\Program Files\SecurePCCleaner\data\application\Adobe Acrobat Reader v5.0.scr
C:\Program Files\SecurePCCleaner\data\application\Adobe Acrobat Reader v6.0.scr
C:\Program Files\SecurePCCleaner\data\application\Adobe Acrobat Reader v7.0.scr
C:\Program Files\SecurePCCleaner\data\application\Adobe Photoshop v5.0 LE.scr
C:\Program Files\SecurePCCleaner\data\application\Adobe Photoshop v5.5.scr
C:\Program Files\SecurePCCleaner\data\application\Adobe Photoshop v6.0.scr
C:\Program Files\SecurePCCleaner\data\application\Adobe Photoshop v7.0.scr
C:\Program Files\SecurePCCleaner\data\application\Advanced Disk Catalog.scr
C:\Program Files\SecurePCCleaner\data\application\Advanced MP3 Catalog.scr
C:\Program Files\SecurePCCleaner\data\application\Advanced Password Recovery.scr
C:\Program Files\SecurePCCleaner\data\application\ahead cover designer.scr
C:\Program Files\SecurePCCleaner\data\application\Albatros ADGaspect.scr
C:\Program Files\SecurePCCleaner\data\application\Albatros ADGpano.scr
C:\Program Files\SecurePCCleaner\data\application\Albatros ADGview.scr
C:\Program Files\SecurePCCleaner\data\application\Alcohol MRU List.scr
C:\Program Files\SecurePCCleaner\data\application\Animation Shop 1.x.scr
C:\Program Files\SecurePCCleaner\data\application\Animation Shop 3.x.scr
C:\Program Files\SecurePCCleaner\data\application\AOL - Spool.scr
C:\Program Files\SecurePCCleaner\data\application\ASPack.scr
C:\Program Files\SecurePCCleaner\data\application\Avant Browser.scr
C:\Program Files\SecurePCCleaner\data\application\AX-Icons 4.x.scr
C:\Program Files\SecurePCCleaner\data\application\Axialis Icon Workshop 5.x.scr
C:\Program Files\SecurePCCleaner\data\application\Axialis Media Browser.scr
C:\Program Files\SecurePCCleaner\data\application\Babylon Builder 2.2.scr
C:\Program Files\SecurePCCleaner\data\application\Babylon Translator.scr
C:\Program Files\SecurePCCleaner\data\application\BlazeDVD 2.0.scr
C:\Program Files\SecurePCCleaner\data\application\Bookreader.scr
C:\Program Files\SecurePCCleaner\data\application\C++ Builder.scr
C:\Program Files\SecurePCCleaner\data\application\Cabinet Manager.scr
C:\Program Files\SecurePCCleaner\data\application\Classify 98.scr
C:\Program Files\SecurePCCleaner\data\application\Clicktionary 2000.scr
C:\Program Files\SecurePCCleaner\data\application\CoffeeCup DirectFTP.scr
C:\Program Files\SecurePCCleaner\data\application\CoffeeCup GIF Animator.scr
C:\Program Files\SecurePCCleaner\data\application\Cool Edit 2000 1.1.scr
C:\Program Files\SecurePCCleaner\data\application\Cool Edit Pro.scr
C:\Program Files\SecurePCCleaner\data\application\Corel PhotoPaint 8.scr
C:\Program Files\SecurePCCleaner\data\application\CrissCross.scr
C:\Program Files\SecurePCCleaner\data\application\CRT 2.x.scr
C:\Program Files\SecurePCCleaner\data\application\Cute FTP v3.0.scr
C:\Program Files\SecurePCCleaner\data\application\Cute FTP v4.0.scr
C:\Program Files\SecurePCCleaner\data\application\Cute MX.scr
C:\Program Files\SecurePCCleaner\data\application\CuteFTP.scr
C:\Program Files\SecurePCCleaner\data\application\CuteHTML.scr
C:\Program Files\SecurePCCleaner\data\application\DataRescue_IDA.scr
C:\Program Files\SecurePCCleaner\data\application\Delphi v3.scr
C:\Program Files\SecurePCCleaner\data\application\Delphi v4.scr
C:\Program Files\SecurePCCleaner\data\application\Delphi v5.scr
C:\Program Files\SecurePCCleaner\data\application\Delphi v7.scr
C:\Program Files\SecurePCCleaner\data\application\Disk Explorer Professional 3.scr
C:\Program Files\SecurePCCleaner\data\application\Diskeeper 5.0.scr
C:\Program Files\SecurePCCleaner\data\application\DivX Player.scr
C:\Program Files\SecurePCCleaner\data\application\Download Accelerator.scr
C:\Program Files\SecurePCCleaner\data\application\Ebay Toolbar.scr
C:\Program Files\SecurePCCleaner\data\application\EditPad.scr
C:\Program Files\SecurePCCleaner\data\application\EditPlus 2.scr
C:\Program Files\SecurePCCleaner\data\application\edonkey2000.scr
C:\Program Files\SecurePCCleaner\data\application\eMule.scr
C:\Program Files\SecurePCCleaner\data\application\Enfish Onespace.scr
C:\Program Files\SecurePCCleaner\data\application\Enigma Browser.scr
C:\Program Files\SecurePCCleaner\data\application\F-Secure SSH 2.x.scr
C:\Program Files\SecurePCCleaner\data\application\Fix-It 2000.scr
C:\Program Files\SecurePCCleaner\data\application\FlashGet.scr
C:\Program Files\SecurePCCleaner\data\application\FotoCanvas 2.0.scr
C:\Program Files\SecurePCCleaner\data\application\Fotostation 4.0.scr
C:\Program Files\SecurePCCleaner\data\application\foxit reader.scr
C:\Program Files\SecurePCCleaner\data\application\Free Download Manager 1.x.scr
C:\Program Files\SecurePCCleaner\data\application\FTP Explorer.scr
C:\Program Files\SecurePCCleaner\data\application\FTP Voyager.scr
C:\Program Files\SecurePCCleaner\data\application\Fun CD.scr
C:\Program Files\SecurePCCleaner\data\application\Gator.scr
C:\Program Files\SecurePCCleaner\data\application\GeoVid Video to Flash Batch Converter.scr
C:\Program Files\SecurePCCleaner\data\application\GetRight ExplorerBar.scr
C:\Program Files\SecurePCCleaner\data\application\GetRight.scr
C:\Program Files\SecurePCCleaner\data\application\Go!Zilla.scr
C:\Program Files\SecurePCCleaner\data\application\Google Deskbar.scr
C:\Program Files\SecurePCCleaner\data\application\Google Desktop Search History.scr
C:\Program Files\SecurePCCleaner\data\application\Google Toolbar.scr
C:\Program Files\SecurePCCleaner\data\application\Google Video Player 1.x.scr
C:\Program Files\SecurePCCleaner\data\application\GoZilla.scr
C:\Program Files\SecurePCCleaner\data\application\Gravity Newsreader.scr
C:\Program Files\SecurePCCleaner\data\application\hardcopy.scr
C:\Program Files\SecurePCCleaner\data\application\Helios TextPad v3.scr
C:\Program Files\SecurePCCleaner\data\application\Helios TextPad v4.scr
C:\Program Files\SecurePCCleaner\data\application\HelpWriter.scr
C:\Program Files\SecurePCCleaner\data\application\hexworkshop.scr
C:\Program Files\SecurePCCleaner\data\application\Homesite 4.0.scr
C:\Program Files\SecurePCCleaner\data\application\Hotbar 3.0.scr
C:\Program Files\SecurePCCleaner\data\application\HotJava Browser.scr
C:\Program Files\SecurePCCleaner\data\application\HTML Help Workshop.scr
C:\Program Files\SecurePCCleaner\data\application\Chameleon Web Browser.scr
C:\Program Files\SecurePCCleaner\data\application\Icon Extractor.scr
C:\Program Files\SecurePCCleaner\data\application\iMesh.scr
C:\Program Files\SecurePCCleaner\data\application\InoculatelT PE Antivirus.scr
C:\Program Files\SecurePCCleaner\data\application\InstallShield Express.scr
C:\Program Files\SecurePCCleaner\data\application\InterQuick.scr
C:\Program Files\SecurePCCleaner\data\application\Irfanview.scr
C:\Program Files\SecurePCCleaner\data\application\Iso Buster.scr
C:\Program Files\SecurePCCleaner\data\application\Jasc Animation Shop 3.scr
C:\Program Files\SecurePCCleaner\data\application\JASC Paintshop Pro v5.scr
C:\Program Files\SecurePCCleaner\data\application\JASC Paintshop Pro v6.scr
C:\Program Files\SecurePCCleaner\data\application\JASC Paintshop Pro v7.scr
C:\Program Files\SecurePCCleaner\data\application\JASC Paintshop Pro v8.scr
C:\Program Files\SecurePCCleaner\data\application\Jet Photo Shell.scr
C:\Program Files\SecurePCCleaner\data\application\juno.scr
C:\Program Files\SecurePCCleaner\data\application\K-Lite Codec Pack.scr
C:\Program Files\SecurePCCleaner\data\application\Kazaa Media Desktop.scr
C:\Program Files\SecurePCCleaner\data\application\Kodak Imaging.scr
C:\Program Files\SecurePCCleaner\data\application\LeapFTP 2.6.scr
C:\Program Files\SecurePCCleaner\data\application\LeechFTP.scr
C:\Program Files\SecurePCCleaner\data\application\Letterbox.scr
C:\Program Files\SecurePCCleaner\data\application\LViewPro 2.x.scr
C:\Program Files\SecurePCCleaner\data\application\Macromedia Dreamweaver MX.scr
C:\Program Files\SecurePCCleaner\data\application\Macromedia Dreamweaver Ultradev 4.scr
C:\Program Files\SecurePCCleaner\data\application\Macromedia Firework MX.scr
C:\Program Files\SecurePCCleaner\data\application\Macromedia Fireworks 3.scr
C:\Program Files\SecurePCCleaner\data\application\Macromedia Flash MX.scr
C:\Program Files\SecurePCCleaner\data\application\Macromedia Flash Player.scr
C:\Program Files\SecurePCCleaner\data\application\Macromedia Flash v4.0.scr
C:\Program Files\SecurePCCleaner\data\application\Magic ISO Maker 4.6.scr
C:\Program Files\SecurePCCleaner\data\application\mapinfo mapmarker.scr
C:\Program Files\SecurePCCleaner\data\application\Mass Download.scr
C:\Program Files\SecurePCCleaner\data\application\MasterSplitter v2.1.scr
C:\Program Files\SecurePCCleaner\data\application\McAfee Virus Scan.scr
C:\Program Files\SecurePCCleaner\data\application\MEDA MP3 Splitter.scr
C:\Program Files\SecurePCCleaner\data\application\Metapad.scr
C:\Program Files\SecurePCCleaner\data\application\MGI PHOTOSUITE SE 1.x.scr
C:\Program Files\SecurePCCleaner\data\application\MGUSOFT Setup Builder.scr
C:\Program Files\SecurePCCleaner\data\application\Microangelo 98.scr
C:\Program Files\SecurePCCleaner\data\application\MicroAngelo.scr
C:\Program Files\SecurePCCleaner\data\application\Micrografx Picture Publisher v7.scr
C:\Program Files\SecurePCCleaner\data\application\Micrografx Picture Publisher v8.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft FrontPage Express.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft FrontPage.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Help Workshop.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft HTML Help.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Imaging.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Managemant Console.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Netmeeting.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Office 2000.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Office 2003.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Office 97.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Office InfoPath 2003.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Office XP.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Office.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Outlook Express 5.0.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Photo Editor 3.x.scr
C:\Program Files\SecurePCCleaner\data\application\MicroSoft PhotoDraw.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Picture It Publishing.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Publisher 2000.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Visual Studio 6.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Windows Paint.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Windows WordPad.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Word 2000.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Word Backup Files.scr
C:\Program Files\SecurePCCleaner\data\application\Microsoft Works 4.0.scr
C:\Program Files\SecurePCCleaner\data\application\Mijenix Powerdesk 4.0.scr
C:\Program Files\SecurePCCleaner\data\application\MIRC.scr
C:\Program Files\SecurePCCleaner\data\application\miroMEDIA PCTV.scr
C:\Program Files\SecurePCCleaner\data\application\mixmeister.scr
C:\Program Files\SecurePCCleaner\data\application\Morpheus.scr
C:\Program Files\SecurePCCleaner\data\application\MovieXone 1.0.scr
C:\Program Files\SecurePCCleaner\data\application\Mozart 4.0.scr
C:\Program Files\SecurePCCleaner\data\application\ms autoroute express.scr
C:\Program Files\SecurePCCleaner\data\application\MS WORD.scr
C:\Program Files\SecurePCCleaner\data\application\MSE.scr
C:\Program Files\SecurePCCleaner\data\application\MSN Toolbar.scr
C:\Program Files\SecurePCCleaner\data\application\Music Match Jukebox.scr
C:\Program Files\SecurePCCleaner\data\application\MyWay Advertising.scr
C:\Program Files\SecurePCCleaner\data\application\Napster Music Community.scr
C:\Program Files\SecurePCCleaner\data\application\Naviscope.scr
C:\Program Files\SecurePCCleaner\data\application\NEATO Labels.scr
C:\Program Files\SecurePCCleaner\data\application\nero burning rom.scr
C:\Program Files\SecurePCCleaner\data\application\Nero Vision.scr
C:\Program Files\SecurePCCleaner\data\application\Net Vampire 3.x.scr
C:\Program Files\SecurePCCleaner\data\application\netants.scr
C:\Program Files\SecurePCCleaner\data\application\NetCaptor.scr
C:\Program Files\SecurePCCleaner\data\application\netmeeting.scr
C:\Program Files\SecurePCCleaner\data\application\Netsonic.scr
C:\Program Files\SecurePCCleaner\data\application\Netzip Download Demon 3.x.scr
C:\Program Files\SecurePCCleaner\data\application\NewsBin Pro 4.scr
C:\Program Files\SecurePCCleaner\data\application\Norton AntiVirus 2000 (v6).scr
C:\Program Files\SecurePCCleaner\data\application\Norton AntiVirus 2003.scr
C:\Program Files\SecurePCCleaner\data\application\Norton Commander.scr
C:\Program Files\SecurePCCleaner\data\application\Norton File Manager.scr
C:\Program Files\SecurePCCleaner\data\application\Norton Firewall.scr
C:\Program Files\SecurePCCleaner\data\application\Norton Internet Security.scr
C:\Program Files\SecurePCCleaner\data\application\Norton LiveUpdate.scr
C:\Program Files\SecurePCCleaner\data\application\Norton Utilities 2000.scr
C:\Program Files\SecurePCCleaner\data\application\NotePad Plus.scr
C:\Program Files\SecurePCCleaner\data\application\notetab lite.scr
C:\Program Files\SecurePCCleaner\data\application\NoteTab Pro.scr
C:\Program Files\SecurePCCleaner\data\application\Object Rescue.scr
C:\Program Files\SecurePCCleaner\data\application\OmniPage 10.0.scr
C:\Program Files\SecurePCCleaner\data\application\OnTrack Powerdesk 4.scr
C:\Program Files\SecurePCCleaner\data\application\Ontrack PowerDesk 5.scr
C:\Program Files\SecurePCCleaner\data\application\PackageForTheWeb.scr
C:\Program Files\SecurePCCleaner\data\application\Paint Shop Pro 5.0.scr
C:\Program Files\SecurePCCleaner\data\application\Paint Shop Pro 7.0.scr
C:\Program Files\SecurePCCleaner\data\application\Password Safe.scr
C:\Program Files\SecurePCCleaner\data\application\PE Explorer 1.95.scr
C:\Program Files\SecurePCCleaner\data\application\Personal Ancestral File.scr
C:\Program Files\SecurePCCleaner\data\application\photo magic 4.0.scr
C:\Program Files\SecurePCCleaner\data\application\PhotoCanvas 2.0.scr
C:\Program Files\SecurePCCleaner\data\application\Photodex Compupic Pro.scr
C:\Program Files\SecurePCCleaner\data\application\PhotoDraw 2000.scr
C:\Program Files\SecurePCCleaner\data\application\PhotoImpact 8.0.scr
C:\Program Files\SecurePCCleaner\data\application\PhotoImpact Viewer 4.0.scr
C:\Program Files\SecurePCCleaner\data\application\PicoZip.scr
C:\Program Files\SecurePCCleaner\data\application\PictureIt Digital Image Pro 7.0.scr
C:\Program Files\SecurePCCleaner\data\application\PKZip for Windows v2.60.03+.scr
C:\Program Files\SecurePCCleaner\data\application\PolyView.scr
C:\Program Files\SecurePCCleaner\data\application\Popup Purger.scr
C:\Program Files\SecurePCCleaner\data\application\PopUpCop.scr
C:\Program Files\SecurePCCleaner\data\application\Power archiver.scr
C:\Program Files\SecurePCCleaner\data\application\PowerArc.scr
C:\Program Files\SecurePCCleaner\data\application\PowerDVD.scr
C:\Program Files\SecurePCCleaner\data\application\PowerZip.scr
C:\Program Files\SecurePCCleaner\data\application\Privacy Eraser Pro.scr
C:\Program Files\SecurePCCleaner\data\application\Putty hostkeys.scr
C:\Program Files\SecurePCCleaner\data\application\PYTHON.scr
C:\Program Files\SecurePCCleaner\data\application\QuickTime.scr
C:\Program Files\SecurePCCleaner\data\application\Real Audio Player v6 v7 v8.scr
C:\Program Files\SecurePCCleaner\data\application\Real Download v4.scr
C:\Program Files\SecurePCCleaner\data\application\RealNetworks Real Download.scr
C:\Program Files\SecurePCCleaner\data\application\RealOne & RealPlayer.scr
C:\Program Files\SecurePCCleaner\data\application\RealVNC.scr
C:\Program Files\SecurePCCleaner\data\application\RegEdit.scr
C:\Program Files\SecurePCCleaner\data\application\Roxio Easy CD Creator.scr
C:\Program Files\SecurePCCleaner\data\application\Save Now.scr
C:\Program Files\SecurePCCleaner\data\application\Scour Exchange.scr
C:\Program Files\SecurePCCleaner\data\application\Seal Module Mlayer.scr
C:\Program Files\SecurePCCleaner\data\application\SearchAndBrowse.scr
C:\Program Files\SecurePCCleaner\data\application\SearchAnt.scr
C:\Program Files\SecurePCCleaner\data\application\SearchV.scr
C:\Program Files\SecurePCCleaner\data\application\SearchWolf.scr
C:\Program Files\SecurePCCleaner\data\application\SearchWWW.scr
C:\Program Files\SecurePCCleaner\data\application\SideStep.scr
C:\Program Files\SecurePCCleaner\data\application\Skype.scr
C:\Program Files\SecurePCCleaner\data\application\Smart Explorer.scr
C:\Program Files\SecurePCCleaner\data\application\SmartDraw 6.scr
C:\Program Files\SecurePCCleaner\data\application\smartftp.scr
C:\Program Files\SecurePCCleaner\data\application\SmartPops.scr
C:\Program Files\SecurePCCleaner\data\application\Sonic Foundry's Acid 2.0.scr
C:\Program Files\SecurePCCleaner\data\application\Sonique Player.scr
C:\Program Files\SecurePCCleaner\data\application\Spinner Plus.scr
C:\Program Files\SecurePCCleaner\data\application\SpotOn Browser plugin.scr
C:\Program Files\SecurePCCleaner\data\application\Staff-FTP.scr
C:\Program Files\SecurePCCleaner\data\application\Star Downloader.scr
C:\Program Files\SecurePCCleaner\data\application\Stardialer.scr
C:\Program Files\SecurePCCleaner\data\application\StarOffice 5.x.scr
C:\Program Files\SecurePCCleaner\data\application\SubmitWolf Pro.scr
C:\Program Files\SecurePCCleaner\data\application\Sun Java Cache.scr
C:\Program Files\SecurePCCleaner\data\application\SureThing CD Labeler.scr
C:\Program Files\SecurePCCleaner\data\application\SVAPlayer.scr
C:\Program Files\SecurePCCleaner\data\application\SWiSH 2.0.scr
C:\Program Files\SecurePCCleaner\data\application\Teleport Pro.scr
C:\Program Files\SecurePCCleaner\data\application\Telnet.scr
C:\Program Files\SecurePCCleaner\data\application\Text Pad 4.x.scr
C:\Program Files\SecurePCCleaner\data\application\The Playa.scr
C:\Program Files\SecurePCCleaner\data\application\Third Voice 1.x.scr
C:\Program Files\SecurePCCleaner\data\application\Thumbs Plus 4.scr
C:\Program Files\SecurePCCleaner\data\application\Timesink.scr
C:\Program Files\SecurePCCleaner\data\application\TinyBar.scr
C:\Program Files\SecurePCCleaner\data\application\TOPicks.scr
C:\Program Files\SecurePCCleaner\data\application\Total Commander.scr
C:\Program Files\SecurePCCleaner\data\application\transponder.scr
C:\Program Files\SecurePCCleaner\data\application\Trellians Classify 98.scr
C:\Program Files\SecurePCCleaner\data\application\Tribal Voice's PowWow.scr
C:\Program Files\SecurePCCleaner\data\application\Trojan Remover.scr
C:\Program Files\SecurePCCleaner\data\application\TSADBOT.scr
C:\Program Files\SecurePCCleaner\data\application\UCmore toolbar.scr
C:\Program Files\SecurePCCleaner\data\application\Ulead Gif Animator v4.0.scr
C:\Program Files\SecurePCCleaner\data\application\Ulead GIF Animator v5.0.scr
C:\Program Files\SecurePCCleaner\data\application\Ulead Photo Explorer v4.2.scr
C:\Program Files\SecurePCCleaner\data\application\Ulead Photo Express.scr
C:\Program Files\SecurePCCleaner\data\application\Ulead PhotoImpact v5.scr
C:\Program Files\SecurePCCleaner\data\application\Ulead VideoStudio 4.0.scr
C:\Program Files\SecurePCCleaner\data\application\Ultimate Paint.scr
C:\Program Files\SecurePCCleaner\data\application\ULTImate Technology BV v5.5.scr
C:\Program Files\SecurePCCleaner\data\application\UltraEdit v4.scr
C:\Program Files\SecurePCCleaner\data\application\UltraEdit v7.scr
C:\Program Files\SecurePCCleaner\data\application\UltraEdit.scr
C:\Program Files\SecurePCCleaner\data\application\UltraISO 7.x.scr
C:\Program Files\SecurePCCleaner\data\application\uTorrent 1.x.scr
C:\Program Files\SecurePCCleaner\data\application\VBoxEdit.scr
C:\Program Files\SecurePCCleaner\data\application\VirtualDub.scr
C:\Program Files\SecurePCCleaner\data\application\VMWARE.scr
C:\Program Files\SecurePCCleaner\data\application\Vueprint.scr
C:\Program Files\SecurePCCleaner\data\application\VX2 Respondmiter.scr
C:\Program Files\SecurePCCleaner\data\application\W32Dasm.scr
C:\Program Files\SecurePCCleaner\data\application\Web Ferret v3.scr
C:\Program Files\SecurePCCleaner\data\application\WebFerret.scr
C:\Program Files\SecurePCCleaner\data\application\webhancer.scr
C:\Program Files\SecurePCCleaner\data\application\Wildstylz.scr
C:\Program Files\SecurePCCleaner\data\application\WildTangent.scr
C:\Program Files\SecurePCCleaner\data\application\WinAce.scr
C:\Program Files\SecurePCCleaner\data\application\winamp.scr
C:\Program Files\SecurePCCleaner\data\application\Windows Commander.scr
C:\Program Files\SecurePCCleaner\data\application\WinHTTrack Website Copier.scr
C:\Program Files\SecurePCCleaner\data\application\WinOnCD.scr
C:\Program Files\SecurePCCleaner\data\application\WinRar.scr
C:\Program Files\SecurePCCleaner\data\application\Winshow.scr
C:\Program Files\SecurePCCleaner\data\application\WinUAE.scr
C:\Program Files\SecurePCCleaner\data\application\Winupie.scr
C:\Program Files\SecurePCCleaner\data\application\WinVNC.scr
C:\Program Files\SecurePCCleaner\data\application\WinZip v8.scr
C:\Program Files\SecurePCCleaner\data\application\Wise Installer.scr
C:\Program Files\SecurePCCleaner\data\application\Worm.Sobig.scr
C:\Program Files\SecurePCCleaner\data\application\WurldMedia.scr
C:\Program Files\SecurePCCleaner\data\application\Xara 3D v4.x.scr
C:\Program Files\SecurePCCleaner\data\application\Xara Webstyle.scr
C:\Program Files\SecurePCCleaner\data\application\XDialer.scr
C:\Program Files\SecurePCCleaner\data\application\XING MP3 PLAYER.scr
C:\Program Files\SecurePCCleaner\data\application\XLoader.scr
C:\Program Files\SecurePCCleaner\data\application\Xolox.scr
C:\Program Files\SecurePCCleaner\data\application\Xrenoder.scr
C:\Program Files\SecurePCCleaner\data\application\Xupiter toolbar.scr
C:\Program Files\SecurePCCleaner\data\application\Xzoomy.scr
C:\Program Files\SecurePCCleaner\data\application\Yahoo Player.scr
C:\Program Files\SecurePCCleaner\data\application\Yahoo! Toolbar.scr
C:\Program Files\SecurePCCleaner\data\application\Yamaha S-YXG100.scr
C:\Program Files\SecurePCCleaner\data\application\ZeroPopup.scr
C:\Program Files\SecurePCCleaner\data\application\ZipMagic 2000.scr
C:\Program Files\SecurePCCleaner\data\application\Zone Alarm.scr
C:\Program Files\SecurePCCleaner\data\brand.dat
C:\Program Files\SecurePCCleaner\data\firefox\firefox - cache.scr
C:\Program Files\SecurePCCleaner\data\firefox\firefox - cookies.scr
C:\Program Files\SecurePCCleaner\data\firefox\firefox - history.scr
C:\Program Files\SecurePCCleaner\data\ie\ie cookies.scr
C:\Program Files\SecurePCCleaner\data\ie\ie internet cache.scr
C:\Program Files\SecurePCCleaner\data\ie\ie privacy history.scr
C:\Program Files\SecurePCCleaner\data\ie\ie typed urls.scr
C:\Program Files\SecurePCCleaner\data\ie\ie url history.scr
C:\Program Files\SecurePCCleaner\data\ie\windows autocomplete.scr
C:\Program Files\SecurePCCleaner\data\ie\windows downloaded files.scr
C:\Program Files\SecurePCCleaner\data\ie\windows favorites order.scr
C:\Program Files\SecurePCCleaner\data\ie\windows passwords.scr
C:\Program Files\SecurePCCleaner\data\messanger\aim.scr
C:\Program Files\SecurePCCleaner\data\messanger\AOL Bart.scr
C:\Program Files\SecurePCCleaner\data\messanger\AOL Instant Messenger.scr
C:\Program Files\SecurePCCleaner\data\messanger\aolim.scr
C:\Program Files\SecurePCCleaner\data\messanger\icq - download.scr
C:\Program Files\SecurePCCleaner\data\messanger\icq - logs.scr
C:\Program Files\SecurePCCleaner\data\messanger\Miranda ICQ.scr
C:\Program Files\SecurePCCleaner\data\messanger\MSN Messenger User Account.scr
C:\Program Files\SecurePCCleaner\data\messanger\Trillian cache.scr
C:\Program Files\SecurePCCleaner\data\messanger\trillian downloads.scr
C:\Program Files\SecurePCCleaner\data\messanger\trillian logs.scr
C:\Program Files\SecurePCCleaner\data\messanger\yahoo messenger logs.scr
C:\Program Files\SecurePCCleaner\data\messanger\Yahoo! Messenger.scr
C:\Program Files\SecurePCCleaner\data\mozilla\mozilla - autocomplete.scr
C:\Program Files\SecurePCCleaner\data\mozilla\mozilla - cache.scr
C:\Program Files\SecurePCCleaner\data\mozilla\mozilla - cookies.scr
C:\Program Files\SecurePCCleaner\data\mozilla\Mozilla - history.scr
C:\Program Files\SecurePCCleaner\data\mozilla\mozilla - saved passwords.scr
C:\Program Files\SecurePCCleaner\data\mozilla\Mozilla - typed urls.scr
C:\Program Files\SecurePCCleaner\data\netscape\netscape - cache.scr
C:\Program Files\SecurePCCleaner\data\netscape\netscape - cookies.scr
C:\Program Files\SecurePCCleaner\data\netscape\netscape - history.scr
C:\Program Files\SecurePCCleaner\data\netscape\Netscape Navigator - last trusted apps.scr
C:\Program Files\SecurePCCleaner\data\opera\Opera Browser - cache.scr
C:\Program Files\SecurePCCleaner\data\opera\Opera Browser - cookies.scr
C:\Program Files\SecurePCCleaner\data\opera\Opera Browser - Download.scr
C:\Program Files\SecurePCCleaner\data\opera\Opera Browser - history.scr
C:\Program Files\SecurePCCleaner\data\opera\Opera Browser - misc.scr
C:\Program Files\SecurePCCleaner\data\opera\Opera Browser - mru.scr
C:\Program Files\SecurePCCleaner\data\opera\Opera Browser - visited.scr
C:\Program Files\SecurePCCleaner\data\sfl.dat
C:\Program Files\SecurePCCleaner\data\skin.skn
C:\Program Files\SecurePCCleaner\data\srl.dat
C:\Program Files\SecurePCCleaner\data\windows\Direct Draw.scr
C:\Program Files\SecurePCCleaner\data\windows\direct input.scr
C:\Program Files\SecurePCCleaner\data\windows\last files.scr
C:\Program Files\SecurePCCleaner\data\windows\Microsoft Send-To Extensions.scr
C:\Program Files\SecurePCCleaner\data\windows\windows applog.scr
C:\Program Files\SecurePCCleaner\data\windows\windows documents.scr
C:\Program Files\SecurePCCleaner\data\windows\Windows Downloaded Installations.scr
C:\Program Files\SecurePCCleaner\data\windows\windows empty recylcing bin.scr
C:\Program Files\SecurePCCleaner\data\windows\Windows Explorer User Assistant history.scr
C:\Program Files\SecurePCCleaner\data\windows\windows findfile.scr
C:\Program Files\SecurePCCleaner\data\windows\Windows FTP Accounts.scr
C:\Program Files\SecurePCCleaner\data\windows\windows hotfix uninstall.scr
C:\Program Files\SecurePCCleaner\data\windows\windows logfiles.scr
C:\Program Files\SecurePCCleaner\data\windows\Windows Mapped Drives.scr
C:\Program Files\SecurePCCleaner\data\windows\windows media player 7.scr
C:\Program Files\SecurePCCleaner\data\windows\windows minidump.scr
C:\Program Files\SecurePCCleaner\data\windows\windows MUICache.scr
C:\Program Files\SecurePCCleaner\data\windows\windows network links.scr
C:\Program Files\SecurePCCleaner\data\windows\windows opensave.scr
C:\Program Files\SecurePCCleaner\data\windows\windows openwith.scr
C:\Program Files\SecurePCCleaner\data\windows\windows prefetch.scr
C:\Program Files\SecurePCCleaner\data\windows\windows reg history.scr
C:\Program Files\SecurePCCleaner\data\windows\windows run history.scr
C:\Program Files\SecurePCCleaner\data\windows\windows search.scr
C:\Program Files\SecurePCCleaner\data\windows\windows start menu order.scr
C:\Program Files\SecurePCCleaner\data\windows\windows stream history.scr
C:\Program Files\SecurePCCleaner\data\windows\windows temp.scr
C:\Program Files\SecurePCCleaner\data\windows\windows update.scr
C:\Program Files\SecurePCCleaner\data\windows\windows usb.scr
C:\Program Files\SecurePCCleaner\data\windows\Windows XP Unread Mail Count.scr
C:\Program Files\SecurePCCleaner\GDC.exe
C:\Program Files\SecurePCCleaner\GDC.url
C:\Program Files\SecurePCCleaner\GDCPatch.exe
C:\Program Files\SecurePCCleaner\gfx\button_arrow.bmp
C:\Program Files\SecurePCCleaner\gfx\button_arrow2.bmp
C:\Program Files\SecurePCCleaner\gfx\buy.bmp
C:\Program Files\SecurePCCleaner\gfx\custom.bmp
C:\Program Files\SecurePCCleaner\gfx\customcleanup.bmp
C:\Program Files\SecurePCCleaner\gfx\header.bmp
C:\Program Files\SecurePCCleaner\gfx\checked.bmp
C:\Program Files\SecurePCCleaner\gfx\icon.ico
C:\Program Files\SecurePCCleaner\gfx\icon_about.ico
C:\Program Files\SecurePCCleaner\gfx\icon_grayed.ico
C:\Program Files\SecurePCCleaner\gfx\icon_checked.ico
C:\Program Files\SecurePCCleaner\gfx\icon_link.ico
C:\Program Files\SecurePCCleaner\gfx\icon_manual.ico
C:\Program Files\SecurePCCleaner\gfx\icon_quit.ico
C:\Program Files\SecurePCCleaner\gfx\icon_support.ico
C:\Program Files\SecurePCCleaner\gfx\icon_unchecked.ico
C:\Program Files\SecurePCCleaner\gfx\icon_uncheked.ico
C:\Program Files\SecurePCCleaner\gfx\icon_uninstall.ico
C:\Program Files\SecurePCCleaner\gfx\icon_update.ico
C:\Program Files\SecurePCCleaner\gfx\log.bmp
C:\Program Files\SecurePCCleaner\gfx\logo.bmp
C:\Program Files\SecurePCCleaner\gfx\register.bmp
C:\Program Files\SecurePCCleaner\gfx\settings.bmp
C:\Program Files\SecurePCCleaner\gfx\sign_green.bmp
C:\Program Files\SecurePCCleaner\gfx\sign_green_big.bmp
C:\Program Files\SecurePCCleaner\gfx\sign_red.bmp
C:\Program Files\SecurePCCleaner\gfx\sign_red_big.bmp
C:\Program Files\SecurePCCleaner\gfx\sign_yellow.bmp
C:\Program Files\SecurePCCleaner\gfx\splash.bmp
C:\Program Files\SecurePCCleaner\gfx\status_good.bmp
C:\Program Files\SecurePCCleaner\gfx\status_risk.bmp
C:\Program Files\SecurePCCleaner\gfx\support.bmp
C:\Program Files\SecurePCCleaner\gfx\sys_shield.bmp
C:\Program Files\SecurePCCleaner\gfx\sys_update.bmp
C:\Program Files\SecurePCCleaner\gfx\sysstatus.bmp
C:\Program Files\SecurePCCleaner\gfx\unchecked.bmp
C:\Program Files\SecurePCCleaner\gfx\update.bmp
C:\Program Files\SecurePCCleaner\IH.exe
C:\Program Files\SecurePCCleaner\lang\Arabic.lng
C:\Program Files\SecurePCCleaner\lang\Brazilian.lng
C:\Program Files\SecurePCCleaner\lang\Catalan.lng
C:\Program Files\SecurePCCleaner\lang\Czech.lng
C:\Program Files\SecurePCCleaner\lang\Danish.lng
C:\Program Files\SecurePCCleaner\lang\Dutch.lng
C:\Program Files\SecurePCCleaner\lang\English.lng
C:\Program Files\SecurePCCleaner\lang\Finnish.lng
C:\Program Files\SecurePCCleaner\lang\French.lng
C:\Program Files\SecurePCCleaner\lang\German.lng
C:\Program Files\SecurePCCleaner\lang\Greek.lng
C:\Program Files\SecurePCCleaner\lang\Hebrew.lng
C:\Program Files\SecurePCCleaner\lang\Chinese.lng
C:\Program Files\SecurePCCleaner\lang\Italian.lng
C:\Program Files\SecurePCCleaner\lang\Japanese.lng
C:\Program Files\SecurePCCleaner\lang\Malayan.lng
C:\Program Files\SecurePCCleaner\lang\Norwegian.lng
C:\Program Files\SecurePCCleaner\lang\Polish.lng
C:\Program Files\SecurePCCleaner\lang\Portuguese.lng
C:\Program Files\SecurePCCleaner\lang\Russian.lng
C:\Program Files\SecurePCCleaner\lang\Slovenian.lng
C:\Program Files\SecurePCCleaner\lang\Spanish.lng
C:\Program Files\SecurePCCleaner\lang\Swedish.lng
C:\Program Files\SecurePCCleaner\lang\Thai.lng
C:\Program Files\SecurePCCleaner\lang\Turkish.lng
C:\Program Files\SecurePCCleaner\License.rtf
C:\Program Files\SecurePCCleaner\Readme.rtf
C:\Program Files\SecurePCCleaner\secure_del.dll
C:\Program Files\SecurePCCleaner\sr.log
C:\Program Files\SecurePCCleaner\support.url
C:\Program Files\SecurePCCleaner\UGDCcw.exe
C:\Program Files\SecurePCCleaner\unins000.dat
C:\Program Files\SecurePCCleaner\unins000.exe
C:\Program Files\SecurePCCleaner\updater.dat
C:\Program Files\SecurePCCleaner\updater.exe
C:\Program Files\SecurePCCleaner\ver.dat

.
((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))
.

2007-09-23 17:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-23 16:41 3,832 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-23 16:38 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Data aplikacˇ
2007-09-23 16:38 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Nabˇdka Start
2007-09-23 16:38 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\ćablony
2007-09-23 16:38 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Okolnˇ tisk rny
2007-09-23 16:38 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Okolnˇ sˇś
2007-09-23 16:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Plocha
2007-09-23 16:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Oblˇben‚ polo§ky
2007-09-23 16:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Dokumenty
2007-09-23 16:11 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-23 16:11 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-23 16:11 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-23 16:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-23 16:10 <DIR> d-------- C:\DOCUME~1\terezka\SmitfraudFix
2007-09-22 18:32 <DIR> d-------- C:\Program Files\Core Design
2007-09-22 09:58 339,968 --a------ C:\WINDOWS\system32\cdintf.dll
2007-09-20 21:39 <DIR> d-------- C:\DOCUME~1\terezka\Graphisoft
2007-09-20 21:36 <DIR> d-------- C:\Program Files\QuickTime
2007-09-20 21:35 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-20 21:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Apple Computer
2007-09-18 14:16 <DIR> d-------- C:\Program Files\MotoGP2
2007-09-15 14:05 102,400 --a------ C:\WINDOWS\system32\unzip32.dll
2007-09-15 14:05 <DIR> d-------- C:\Program Files\Weather Watcher
2007-09-15 14:05 <DIR> d-------- C:\Program Files\VVSN
2007-09-15 13:26 <DIR> d-------- C:\Program Files\Krteźek 1.7
2007-09-15 12:52 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-15 12:46 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-09-15 12:44 <DIR> d-------- C:\Program Files\THQ
2007-09-15 12:40 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-09-15 12:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\DFX
2007-09-15 12:33 <DIR> d-------- C:\Program Files\DFX
2007-09-15 12:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-10 14:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Bluetooth
2007-09-10 14:02 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
2007-09-10 14:02 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-09-10 14:02 57,856 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-09-10 14:02 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-09-10 14:02 50,176 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-09-10 14:02 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
2007-09-10 14:02 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-09-10 14:02 134,272 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2007-09-10 14:02 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-09-10 14:01 28,271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys
2007-09-10 14:01 20,480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys
2007-09-10 13:31 77,824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll
2007-09-10 13:31 63,488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys
2007-09-10 13:31 51,169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS
2007-09-10 13:31 48,556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys
2007-09-10 13:31 48,076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys
2007-09-10 13:31 40,960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe
2007-09-10 13:30 <DIR> d-------- C:\Program Files\IVT Corporation
2007-09-09 20:47 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-09-08 14:36 <DIR> dr-h----- C:\DOCUME~1\MAMKA~1.2-K\Data aplikacˇ
2007-09-08 14:36 <DIR> dr------- C:\DOCUME~1\MAMKA~1.2-K\Oblˇben‚ polo§ky
2007-09-08 14:36 <DIR> dr------- C:\DOCUME~1\MAMKA~1.2-K\Nabˇdka Start
2007-09-08 14:36 <DIR> dr------- C:\DOCUME~1\MAMKA~1.2-K\Dokumenty
2007-09-08 14:36 <DIR> d--h----- C:\DOCUME~1\MAMKA~1.2-K\ćablony
2007-09-08 14:36 <DIR> d--h----- C:\DOCUME~1\MAMKA~1.2-K\Okolnˇ tisk rny
2007-09-08 14:36 <DIR> d--h----- C:\DOCUME~1\MAMKA~1.2-K\Okolnˇ sˇś
2007-09-08 14:36 <DIR> d-------- C:\DOCUME~1\MAMKA~1.2-K\Plocha
2007-08-31 18:59 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-08-30 11:50 241,664 --a--c--- C:\WINDOWS\system32\dllcache\mpg4dmod.dll
2007-08-30 11:50 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-08-30 11:49 9,728 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2007-08-30 11:49 217,600 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2007-08-30 11:49 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-08-30 11:48 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-08-30 11:48 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-08-30 11:47 <DIR> d-------- C:\Program Files\Samsung
2007-08-27 14:52 <DIR> d-------- C:\Program Files\MediaCoder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 20:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\AOL
2007-09-23 20:29 437024 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-23 20:28 41996 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-23 20:28 231572 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-23 20:28 17267744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-23 17:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spybot - Search & Destroy
2007-09-20 21:30 --------- d-------- C:\Program Files\Graphisoft
2007-09-15 10:10 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-06 20:45 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-06 15:56 --------- d-------- C:\Program Files\BitComet
2007-09-06 15:55 --------- d-------- C:\Program Files\Oberon Media
2007-09-05 14:46 --------- d-------- C:\Program Files\ICQ6
2007-09-03 19:00 82061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-03 19:00 81549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-02 19:51 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
2007-08-31 18:59 --------- d-------- C:\Program Files\Skype
2007-08-31 18:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Skype
2007-08-30 21:28 --------- d-------- C:\Program Files\Opera
2007-08-30 21:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ESTsoft
2007-08-30 21:27 --------- d-------- C:\Program Files\QIP
2007-08-27 13:27 323 ---h----- C:\Program Files\desktop.ini
2007-08-20 19:16 --------- d-------- C:\Program Files\LimeWire
2007-08-15 12:12 --------- d-------- C:\Program Files\Coding Workshop Polyphonic Wizard
2007-08-15 12:10 --------- d-------- C:\Program Files\MOBILedit!
2007-08-11 18:23 --------- d-------- C:\Program Files\AOL Security Toolbar
2007-08-09 21:20 253952 --------- C:\WINDOWS\Setup1.exe
2007-08-07 14:03 --------- d-------- C:\Program Files\Google
2007-08-06 20:05 --------- d-------- C:\Program Files\EA GAMES
2007-08-06 20:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Google
2007-08-06 20:03 --------- d-------- C:\Program Files\VPHoldem
2007-08-05 13:33 --------- d-------- C:\Program Files\hp deskjet 3320 series
2007-07-30 16:28 --------- d-------- C:\Program Files\Canon
2007-07-30 16:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ScanSoft
2007-07-30 16:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallShield
2007-07-30 16:26 --------- d-------- C:\Program Files\ScanSoft
2007-07-30 16:26 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-30 16:26 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-30 16:24 --------- d-------- C:\Program Files\ArcSoft
2007-07-30 16:22 --------- d--h----- C:\DOCUME~1\ALLUSE~1\DATAAP~1\CanonBJ
2007-07-30 16:21 --------- d--h----- C:\Program Files\CanonBJ
2007-07-29 20:20 --------- d-------- C:\Program Files\Webteh
2007-07-26 17:29 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-07-26 17:28 --------- d-------- C:\Program Files\vso
2007-03-09 20:02 11079 ---h----- C:\Program Files\folder.htt
--------- C:\Program Files\Malá módní návrhářka
--------- C:\Program Files\Krteček 1.7
.

((((((((((((((((((((((((((((( snapshot_2007-09-23_171154.50 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 192,512 2005-01-28 14:15:24 C:\WINDOWS\inf\unregmp2.exe
----a-w 192,512 2003-02-01 11:18:30 C:\WINDOWS\LastGood\INF\unregmp2.exe
----a-w 7,680 2003-02-01 11:19:24 C:\WINDOWS\LastGood\System32\asferror.dll
----a-w 172,544 2003-02-01 11:19:26 C:\WINDOWS\LastGood\System32\wmerror.dll
----a-w 4,730,880 2006-04-24 13:40:00 C:\WINDOWS\LastGood\System32\wmp.dll
----a-w 106,496 2002-12-12 00:34:40 C:\WINDOWS\LastGood\System32\wmpasf.dll
----a-w 20,480 2002-12-11 22:09:24 C:\WINDOWS\LastGood\System32\wmpcd.dll
----a-w 20,480 2002-12-11 22:09:24 C:\WINDOWS\LastGood\System32\wmpcore.dll
----a-w 225,280 2002-12-12 00:34:40 C:\WINDOWS\LastGood\System32\wmpdxm.dll
----a-w 2,957,312 2003-02-01 11:18:40 C:\WINDOWS\LastGood\System32\wmploc.dll
----a-w 98,304 2003-02-01 11:18:42 C:\WINDOWS\LastGood\System32\wmpshell.dll
----a-w 20,480 2002-12-11 22:09:24 C:\WINDOWS\LastGood\System32\wmpui.dll
----a-w 823,296 2005-01-28 14:15:24 C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe
----a-w 749,568 2003-02-01 11:18:28 C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
----a-w 20,480 2005-01-28 06:52:52 C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\wmpcore.dll
----a-w 20,480 2005-01-28 06:52:52 C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\wmpui.dll
----a-w 20,480 2002-12-11 22:09:24 C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\wmpcore.dll
----a-w 20,480 2002-12-11 22:09:24 C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\wmpui.dll
----a-w 20,480 2005-01-28 06:52:52 C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\wmpcd.dll
----a-w 20,480 2002-12-11 22:09:24 C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\wmpcd.dll
----a-w 8,192 2005-01-28 14:15:34 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\asferror.dll
----a-w 484,864 2005-01-28 14:15:24 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\Audiodev.dll
----a-w 28,672 2004-12-21 10:14:24 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\custsat.dll
----a-w 991,232 2005-01-27 23:26:42 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe
----a-w 352,256 2005-01-28 14:15:24 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\mpvis.dll
----a-w 192,512 2005-01-28 14:15:24 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
----a-w 197,120 2005-01-28 14:15:34 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmerror.dll
----a-w 122,880 2005-01-27 23:26:30 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe
----a-w 5,525,504 2005-01-28 06:53:16 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmp.dll
----a-w 135,168 2005-01-28 06:53:20 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpasf.dll
----a-w 77,824 2005-01-28 14:15:24 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpband.dll
----a-w 282,624 2005-01-28 06:53:20 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpdxm.dll
----a-w 28,672 2005-01-27 23:26:30 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpenc.exe
----a-w 1,594,880 2005-01-28 06:53:18 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpencen.dll
----a-w 73,728 2005-01-28 14:15:24 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe
----a-w 3,391,488 2005-01-28 14:15:26 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmploc.dll
----a-w 86,016 2005-01-28 14:15:28 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpshell.dll
----a-w 175,104 2005-01-28 06:53:18 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpsrcwp.dll
----a-w 7,680 2003-02-01 11:19:24 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\asferror.dll
----a-w 114,688 2002-07-07 01:01:46 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\custsat.dll
----a-w 782,336 2002-12-11 22:08:46 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe
----a-w 352,256 2003-02-01 11:18:26 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\mpvis.dll
----a-w 192,512 2003-02-01 11:18:30 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
----a-w 172,544 2003-02-01 11:19:26 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmerror.dll
----a-w 4,730,880 2006-04-24 13:40:00 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmp.dll
----a-w 106,496 2002-12-12 00:34:40 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpasf.dll
----a-w 94,208 2003-02-01 11:18:30 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpband.dll
----a-w 225,280 2002-12-12 00:34:40 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpdxm.dll
----a-w 73,728 2003-02-01 11:18:30 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
----a-w 2,957,312 2003-02-01 11:18:40 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmploc.dll
----a-w 98,304 2003-02-01 11:18:42 C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpshell.dll
----a-w 8,192 2005-01-28 14:15:34 C:\WINDOWS\system32\asferror.dll
----a-w 484,864 2005-01-28 14:15:24 C:\WINDOWS\system32\Audiodev.dll
----a-w 197,120 2005-01-28 14:15:34 C:\WINDOWS\system32\wmerror.dll
----a-w 5,525,504 2005-01-28 06:53:16 C:\WINDOWS\system32\wmp.dll
----a-w 135,168 2005-01-28 06:53:20 C:\WINDOWS\system32\wmpasf.dll
----a-w 20,480 2005-01-28 06:52:52 C:\WINDOWS\system32\wmpcd.dll
----a-w 20,480 2005-01-28 06:52:52 C:\WINDOWS\system32\wmpcore.dll
----a-w 282,624 2005-01-28 06:53:20 C:\WINDOWS\system32\wmpdxm.dll
----a-w 1,594,880 2005-01-28 06:53:18 C:\WINDOWS\system32\wmpencen.dll
----a-w 3,391,488 2005-01-28 14:15:26 C:\WINDOWS\system32\wmploc.dll
----a-w 86,016 2005-01-28 14:15:28 C:\WINDOWS\system32\wmpshell.dll
----a-w 175,104 2005-01-28 06:53:18 C:\WINDOWS\system32\wmpsrcwp.dll
----a-w 20,480 2005-01-28 06:52:52 C:\WINDOWS\system32\wmpui.dll
-c--a-w 8,192 2005-01-28 14:15:34 C:\WINDOWS\system32\dllcache\asferror.dll
-c--a-w 823,296 2005-01-28 14:15:24 C:\WINDOWS\system32\dllcache\setup_wm.exe
-c--a-w 192,512 2005-01-28 14:15:24 C:\WINDOWS\system32\dllcache\unregmp2.exe
-c--a-w 20,480 2005-01-28 06:52:52 C:\WINDOWS\system32\dllcache\wmpcd.dll
-c--a-w 20,480 2005-01-28 06:52:52 C:\WINDOWS\system32\dllcache\wmpcore.dll
-c--a-w 73,728 2005-01-28 14:15:24 C:\WINDOWS\system32\dllcache\wmplayer.exe
-c--a-w 3,391,488 2005-01-28 14:15:26 C:\WINDOWS\system32\dllcache\wmploc.dll
-c--a-w 86,016 2005-01-28 14:15:28 C:\WINDOWS\system32\dllcache\wmpshell.dll
-c--a-w 20,480 2005-01-28 06:52:52 C:\WINDOWS\system32\dllcache\wmpui.dll
.
----a-w 192,512 2003-02-01 11:18:30 C:\WINDOWS\inf\unregmp2.exe
----a-w 7,680 2003-02-01 11:19:24 C:\WINDOWS\system32\asferror.dll
----a-w 172,544 2003-02-01 11:19:26 C:\WINDOWS\system32\wmerror.dll
----a-w 4,730,880 2006-04-24 13:40:00 C:\WINDOWS\system32\wmp.dll
----a-w 106,496 2002-12-12 00:34:40 C:\WINDOWS\system32\wmpasf.dll
----a-w 20,480 2002-12-11 22:09:24 C:\WINDOWS\system32\wmpcd.dll
----a-w 20,480 2002-12-11 22:09:24 C:\WINDOWS\system32\wmpcore.dll
----a-w 225,280 2002-12-12 00:34:40 C:\WINDOWS\system32\wmpdxm.dll
----a-w 2,957,312 2003-02-01 11:18:40 C:\WINDOWS\system32\wmploc.dll
----a-w 98,304 2003-02-01 11:18:42 C:\WINDOWS\system32\wmpshell.dll
----a-w 20,480 2002-12-11 22:09:24 C:\WINDOWS\system32\wmpui.dll
-c--a-w 7,680 2003-02-01 11:19:24 C:\WINDOWS\system32\dllcache\asferror.dll
-c--a-w 749,568 2003-02-01 11:18:28 C:\WINDOWS\system32\dllcache\setup_wm.exe
-c--a-w 192,512 2003-02-01 11:18:30 C:\WINDOWS\system32\dllcache\unregmp2.exe
-c--a-w 20,480 2002-12-11 22:09:24 C:\WINDOWS\system32\dllcache\wmpcd.dll
-c--a-w 20,480 2002-12-11 22:09:24 C:\WINDOWS\system32\dllcache\wmpcore.dll
-c--a-w 73,728 2003-02-01 11:18:30 C:\WINDOWS\system32\dllcache\wmplayer.exe
-c--a-w 2,957,312 2003-02-01 11:18:40 C:\WINDOWS\system32\dllcache\wmploc.dll
-c--a-w 98,304 2003-02-01 11:18:42 C:\WINDOWS\system32\dllcache\wmpshell.dll
-c--a-w 20,480 2002-12-11 22:09:24 C:\WINDOWS\system32\dllcache\wmpui.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 02:07]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2005-12-05 18:04]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-05-11 21:58]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-11-03 09:25]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-11-03 09:22]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-11-03 09:26]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2006-05-29 19:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-09-20 21:28]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 14:03]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 12:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-04 21:14]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 C:\WINDOWS\soundman.exe]
"DAEMON Tools"="C:\Documents and Settings\1\Plocha\Prográmky\DAEMON Tools\daemon.exe" []
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]
"AVP"="C:\Program Files\AOL\Active Virus Shield\avp.exe" [2007-04-03 11:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 01:11]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-08-08 17:03]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-01-25 22:31]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 15:44:06]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-09-10 13:30:53]
Hlavnˇ panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 02:07:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04]

R2 mp3m2pls;mp3m2pls;\??\C:\WINDOWS\System32\drivers\mp3m2pls.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\System32\DRIVERS\3xHybrid.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\System32\DRIVERS\usbhub.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe
S3 FreshIO;FreshIO;\??\C:\PPK\FreshDiagnose\FreshIO.sys
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\System32\Drivers\usb2vcom.sys
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\System32\DRIVERS\usbccgp.sys
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 19:35:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-23 20:30:21
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-23 20:33:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-23 20:32
C:\ComboFix2.txt ... 2007-09-23 17:12
.
--- E O F ---

a tady new hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:29, on 23.9.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Documents and Settings\terezka\Plocha\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu3\AOL_security_toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Documents and Settings\1\Plocha\Prográmky\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... /client/wu

[fredik]

Log z HJT se sem nevešel celý, ať provede update javy a pošle nový log z HJT

Update Javy:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6u2
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6u2 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u2-windows-i586-p.exe, který sis stáhl na začátku.

Taky ať si překontroluje jestli se jí provádí update antiviru, protože před nějakou dobou byla zrušena podpora a teď si nejsem jistý jestli probíhají aktualizace.