Zásek a restart PC Vyřešeno

[R.P.]

Zdravím, během hraní STALKER Call Of Pripyat a COD MW2 se stává že se hra zasekne a pak se restartuje PC bez nějaké chybové hlášky, mimo hry běží v pořádku, teploty jsou v pořádku, prach odstraněn. Prosím o pomoc se řešením problému. Přidávám logy z HJ a Malwarebytes' Anti-Malware.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:53, on 30.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\DOCUME~1\ROMANP~1\LOCALS~1\Temp\Rar$EX00.781\DeskSave.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SpeedMenus v2\speedmenus.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Roman Pícha\Plocha\Programy\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Roman Pícha\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: QIPBHO - {a55f9c95-2bb1-4ea2-bc77-dfaab78832ce} - C:\Documents and Settings\Roman Pícha\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodEnabler] C:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe /s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DeskSave] C:\DOCUME~1\ROMANP~1\LOCALS~1\Temp\Rar$EX00.781\DeskSave.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpeedMenus v1.lnk = C:\Program Files\SpeedMenus v2\speedmenus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Stáhnout Star Downloaderem - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: QIP 2005 - {1ef681f7-a04b-4d6d-9012-a307cca55610} - C:\Program Files\QIP\qip.exe (HKCU)
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service (flexnet licensing service) - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 11032 bytes


Malwarebytes' Anti-Malware 1.42
Verze databáze: 3454
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

30.12.2009 14:08:08
mbam-log-2009-12-30 (14-08-05).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 108283
Uplynulý čas: 3 minute(s), 28 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 2
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\system32\drivers\c443d75c.sys (Rootkit.Rustock) -> No action taken.
C:\Documents and Settings\Roman Pícha\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.

[Reklama]

[miso1999]

1. Čo našiel MBAM všetko zmaž.
2. Fixni toto: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
3. Fixni toto: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
4. Fixni toto: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ruKind
5. Fixni toto: R3 - URLSearchHook: (no name) - - (no file)
6. Fixni toto: O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

[R.P.]

hotovo, nový log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:29, on 3.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\DOCUME~1\ROMANP~1\LOCALS~1\Temp\Rar$EX00.781\DeskSave.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedMenus v2\speedmenus.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Roman Pícha\Plocha\Programy\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Roman Pícha\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: QIPBHO - {a55f9c95-2bb1-4ea2-bc77-dfaab78832ce} - C:\Documents and Settings\Roman Pícha\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodEnabler] C:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe /s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DeskSave] C:\DOCUME~1\ROMANP~1\LOCALS~1\Temp\Rar$EX00.781\DeskSave.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpeedMenus v1.lnk = C:\Program Files\SpeedMenus v2\speedmenus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Stáhnout Star Downloaderem - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: QIP 2005 - {1ef681f7-a04b-4d6d-9012-a307cca55610} - C:\Program Files\QIP\qip.exe (HKCU)
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service (flexnet licensing service) - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9758 bytes

[miso1999]

Vyzerá to čisté. Problém pretrváva?

[R.P.]

dneska nemám možnost zkusit, až zítra, zatím díky

[miso1999]

A skús aj nainštalovať SP3.

[R.P.]

chvilku to vypadalo ok ale padlo to zase, problém bude zřejmě jinde

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[R.P.]

Malwarebytes' Anti-Malware 1.43
Verze databáze: 3477
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

17.1.2010 18:23:12
mbam-log-2010-01-17 (18-23-08).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 108435
Uplynulý čas: 3 minute(s), 7 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[Damned]

Ten DeskSave co tam byl spuštěný z archívu byl proč spuštěn?

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[R.P.]

Malwarebytes' Anti-Malware 1.43
Verze databáze: 3477
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

17.1.2010 18:45:41
mbam-log-2010-01-17 (18-45-41).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 108375
Uplynulý čas: 2 minute(s), 53 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[R.P.]

ComboFix 10-01-16.04 - Roman Pícha 17.01.2010 18:55:34.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1663 [GMT 1:00]
Spuštěný z: c:\documents and settings\Roman Pícha\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\QIP
c:\program files\QIP\LI\current.cfg
c:\program files\QIP\LI\Czech\_cntry.lng
c:\program files\QIP\LI\Czech\_intrsts.lng
c:\program files\QIP\LI\Czech\_langs.lng
c:\program files\QIP\LI\Czech\_marital.lng
c:\program files\QIP\LI\Czech\_occup.lng
c:\program files\QIP\LI\Czech\_orgs.lng
c:\program files\QIP\LI\Czech\_past.lng
c:\program files\QIP\LI\Czech\_rndchat.lng
c:\program files\QIP\LI\Czech\desc.txt
c:\program files\QIP\LI\Czech\chars_r.ini
c:\program files\QIP\LI\Czech\chars_t.ini
c:\program files\QIP\LI\Czech\lang.ini
c:\program files\QIP\LI\English\_cntry.lng
c:\program files\QIP\LI\English\_intrsts.lng
c:\program files\QIP\LI\English\_langs.lng
c:\program files\QIP\LI\English\_marital.lng
c:\program files\QIP\LI\English\_occup.lng
c:\program files\QIP\LI\English\_orgs.lng
c:\program files\QIP\LI\English\_past.lng
c:\program files\QIP\LI\English\_rndchat.lng
c:\program files\QIP\LI\English\desc.txt
c:\program files\QIP\LI\English\chars_r.ini
c:\program files\QIP\LI\English\chars_t.ini
c:\program files\QIP\LI\English\lang.ini
c:\program files\QIP\LI\langs.cfg
c:\program files\QIP\LI\Russian\_cntry.lng
c:\program files\QIP\LI\Russian\_intrsts.lng
c:\program files\QIP\LI\Russian\_langs.lng
c:\program files\QIP\LI\Russian\_marital.lng
c:\program files\QIP\LI\Russian\_occup.lng
c:\program files\QIP\LI\Russian\_orgs.lng
c:\program files\QIP\LI\Russian\_past.lng
c:\program files\QIP\LI\Russian\_rndchat.lng
c:\program files\QIP\LI\Russian\desc.txt
c:\program files\QIP\LI\Russian\chars_r.ini
c:\program files\QIP\LI\Russian\chars_t.ini
c:\program files\QIP\LI\Russian\lang.ini
c:\program files\QIP\LI\Slovak\_cntry.lng
c:\program files\QIP\LI\Slovak\_intrsts.lng
c:\program files\QIP\LI\Slovak\_langs.lng
c:\program files\QIP\LI\Slovak\_marital.lng
c:\program files\QIP\LI\Slovak\_occup.lng
c:\program files\QIP\LI\Slovak\_orgs.lng
c:\program files\QIP\LI\Slovak\_past.lng
c:\program files\QIP\LI\Slovak\_rndchat.lng
c:\program files\QIP\LI\Slovak\desc.txt
c:\program files\QIP\LI\Slovak\chars_r.ini
c:\program files\QIP\LI\Slovak\chars_t.ini
c:\program files\QIP\LI\Slovak\lang.ini
c:\program files\QIP\Plugins\docking.dll
c:\program files\QIP\qip.exe
c:\program files\QIP\QIP.license
c:\program files\QIP\Skins\current.cfg
c:\program files\QIP\Skins\ICQ5\addopt.bmp
c:\program files\QIP\Skins\ICQ5\allicons.bmp
c:\program files\QIP\Skins\ICQ5\clbg.bmp
c:\program files\QIP\Skins\ICQ5\clevent.bmp
c:\program files\QIP\Skins\ICQ5\clstatus.bmp
c:\program files\QIP\Skins\ICQ5\Colors.ini
c:\program files\QIP\Skins\ICQ5\desc.txt
c:\program files\QIP\Skins\ICQ5\downbutton1.bmp
c:\program files\QIP\Skins\ICQ5\fadehlp.bmp
c:\program files\QIP\Skins\ICQ5\fadehlpt.bmp
c:\program files\QIP\Skins\ICQ5\fademsg.bmp
c:\program files\QIP\Skins\ICQ5\fademsgt.bmp
c:\program files\QIP\Skins\ICQ5\fadesrv.bmp
c:\program files\QIP\Skins\ICQ5\fadesrvt.bmp
c:\program files\QIP\Skins\ICQ5\msgbg.bmp
c:\program files\QIP\Skins\ICQ5\msgbge.bmp
c:\program files\QIP\Skins\ICQ5\noimage.jpg
c:\program files\QIP\Skins\ICQ5\qipbtn.bmp
c:\program files\QIP\Skins\ICQ5\signs.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\_define.ini
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aa.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ab.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ac.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ad.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ae.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\af.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ag.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ah.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ai.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aj.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ak.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\al.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\am.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\an.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ao.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ap.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aq.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ar.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\as.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\at.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\au.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\av.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aw.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ax.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ay.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\az.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ba.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bb.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bc.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bd.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\be.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bf.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bg.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bh.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bi.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bj.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bk.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bl.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bm.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bn.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bo.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bp.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bq.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\br.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bs.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bt.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bu.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bv.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bw.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\Copyright(eng).txt
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\Copyright.txt
c:\program files\QIP\Skins\ICQ5\Smilies\Static\_define.ini
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aa.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ab.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ac.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ad.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ae.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\af.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ag.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ah.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ai.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aj.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ak.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\al.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\am.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\an.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ao.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ap.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aq.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ar.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\as.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\at.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\au.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\av.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aw.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ax.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ay.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ba.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\bb.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\bc.bmp
c:\program files\QIP\Skins\ICQ5\splash.bmp
c:\program files\QIP\Skins\ICQ5\st_custom.bmp
c:\program files\QIP\Skins\ICQ5\statuses.bmp
c:\program files\QIP\Skins\ICQ5\title.bmp
c:\program files\QIP\Skins\ICQ5\tray.bmp
c:\program files\QIP\Skins\ICQ5\tray2k.bmp
c:\program files\QIP\Skins\ICQ5\upbutton1.bmp
c:\program files\QIP\Skins\ICQ5\upbutton2.bmp
c:\program files\QIP\Skins\ICQ5\upbutton3.bmp
c:\program files\QIP\Skins\ICQ5\userinfo.bmp
c:\program files\QIP\Skins\ICQ5\vis.bmp
c:\program files\QIP\Skins\skins.cfg
c:\program files\QIP\Sounds\sndAuth.wav
c:\program files\QIP\Sounds\sndGlobal.wav
c:\program files\QIP\Sounds\sndMsg.wav
c:\program files\QIP\Sounds\sndMsgSent.wav
c:\program files\QIP\Sounds\sndPlugin.wav
c:\program files\QIP\Sounds\sndRemSelf.wav
c:\program files\QIP\Sounds\sndSrvMsg.wav
c:\program files\QIP\Sounds\sndStartup.wav
c:\program files\QIP\Sounds\sndSystem.wav
c:\program files\QIP\unins000.dat
c:\program files\QIP\unins000.exe
c:\program files\QIP\unins001.dat
c:\program files\QIP\unins001.exe
c:\program files\QIP\unqip.exe
c:\program files\QIP\Users\227946869\_birth.txt
c:\program files\QIP\Users\227946869\_botq.txt
c:\program files\QIP\Users\227946869\_events.txt
c:\program files\QIP\Users\227946869\_eye.txt
c:\program files\QIP\Users\227946869\_groups.txt
c:\program files\QIP\Users\227946869\_m_away.txt
c:\program files\QIP\Users\227946869\_m_depr.txt
c:\program files\QIP\Users\227946869\_m_dnd.txt
c:\program files\QIP\Users\227946869\_m_evil.txt
c:\program files\QIP\Users\227946869\_m_ffc.txt
c:\program files\QIP\Users\227946869\_m_home.txt
c:\program files\QIP\Users\227946869\_m_lunch.txt
c:\program files\QIP\Users\227946869\_m_na.txt
c:\program files\QIP\Users\227946869\_m_occup.txt
c:\program files\QIP\Users\227946869\_m_work.txt
c:\program files\QIP\Users\227946869\_premsg.txt
c:\program files\QIP\Users\227946869\_st_away.txt
c:\program files\QIP\Users\227946869\_st_cust.txt
c:\program files\QIP\Users\227946869\227946869.cl
c:\program files\QIP\Users\227946869\227946869.clg
c:\program files\QIP\Users\227946869\227946869.cli
c:\program files\QIP\Users\227946869\227946869.clv
c:\program files\QIP\Users\227946869\227946869.lcl
c:\program files\QIP\Users\227946869\227946869.nil
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_05.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_05.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_05.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_05.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_06.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_06.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_06.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_06.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_07.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_07.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_07.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_07.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_08.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_08.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_08.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_08.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_09.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_09.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_09.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_09.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_10.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_10.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_10.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_10.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_11.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_11.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_11.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_11.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_12.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_12.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_12.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2008_12.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_01.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_01.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_01.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_01.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_02.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_02.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_02.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_02.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_03.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_03.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_03.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_03.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_04.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_04.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_04.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_04.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_05.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_05.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_05.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_05.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_06.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_06.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_06.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_06.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_07.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_07.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_07.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_07.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_08.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_08.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_08.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_08.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_09.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_09.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_09.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_09.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_10.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_10.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_10.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_10.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_11.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_11.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_11.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_11.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_12.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_12.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_12.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2009_12.clv
c:\program files\QIP\Users\227946869\BackupCL\227946869_2010_01.cl
c:\program files\QIP\Users\227946869\BackupCL\227946869_2010_01.clg
c:\program files\QIP\Users\227946869\BackupCL\227946869_2010_01.cli
c:\program files\QIP\Users\227946869\BackupCL\227946869_2010_01.clv
c:\program files\QIP\Users\227946869\Config.ini
c:\program files\QIP\Users\227946869\Devils\214834752.jpg
c:\program files\QIP\Users\227946869\Devils\215329867.jpg
c:\program files\QIP\Users\227946869\Devils\216257412.jpg
c:\program files\QIP\Users\227946869\Devils\220036004.jpg
c:\program files\QIP\Users\227946869\Devils\227946869.gif
c:\program files\QIP\Users\227946869\Devils\230709634.jpg
c:\program files\QIP\Users\227946869\Devils\233327950.jpg
c:\program files\QIP\Users\227946869\Devils\243854431.jpg
c:\program files\QIP\Users\227946869\Devils\245920339.jpg
c:\program files\QIP\Users\227946869\Devils\253231552.jpg
c:\program files\QIP\Users\227946869\Devils\273628940.jpg
c:\program files\QIP\Users\227946869\Devils\304578996.jpg
c:\program files\QIP\Users\227946869\Devils\323123308.jpg
c:\program files\QIP\Users\227946869\Devils\330302190.gif
c:\program files\QIP\Users\227946869\Devils\337510360.gif
c:\program files\QIP\Users\227946869\Devils\340762027.jpg
c:\program files\QIP\Users\227946869\Devils\350989310.jpg
c:\program files\QIP\Users\227946869\Devils\359107566.jpg
c:\program files\QIP\Users\227946869\Devils\388047612.jpg
c:\program files\QIP\Users\227946869\Devils\394134567.jpg
c:\program files\QIP\Users\227946869\Devils\397506009.jpg
c:\program files\QIP\Users\227946869\Devils\398320037.jpg
c:\program files\QIP\Users\227946869\Devils\420258553.jpg
c:\program files\QIP\Users\227946869\Devils\426588683.jpg
c:\program files\QIP\Users\227946869\Devils\431934717.jpg
c:\program files\QIP\Users\227946869\Devils\440124348.jpg
c:\program files\QIP\Users\227946869\Devils\453001669.jpg
c:\program files\QIP\Users\227946869\Devils\454076272.jpg
c:\program files\QIP\Users\227946869\Devils\464628912.jpg
c:\program files\QIP\Users\227946869\Devils\467434984.jpg
c:\program files\QIP\Users\227946869\Devils\473088193.jpg
c:\program files\QIP\Users\227946869\Devils\483073793.jpg
c:\program files\QIP\Users\227946869\Devils\489934623.jpg
c:\program files\QIP\Users\227946869\Devils\490797428.jpg
c:\program files\QIP\Users\227946869\Devils\499587725.jpg
c:\program files\QIP\Users\227946869\Devils\557333769.jpg
c:\program files\QIP\Users\227946869\History\_srvlog.txt
c:\program files\QIP\Users\227946869\History\1.txt
c:\program files\QIP\Users\227946869\History\208867393.txt
c:\program files\QIP\Users\227946869\History\209568950.txt
c:\program files\QIP\Users\227946869\History\216257412.txt
c:\program files\QIP\Users\227946869\History\220036004.txt
c:\program files\QIP\Users\227946869\History\230207687.txt
c:\program files\QIP\Users\227946869\History\230709634.txt
c:\program files\QIP\Users\227946869\History\233327950.txt
c:\program files\QIP\Users\227946869\History\233991664.txt
c:\program files\QIP\Users\227946869\History\238682530.txt
c:\program files\QIP\Users\227946869\History\245920339.txt
c:\program files\QIP\Users\227946869\History\250872400.txt
c:\program files\QIP\Users\227946869\History\250880935.txt
c:\program files\QIP\Users\227946869\History\250890656.txt
c:\program files\QIP\Users\227946869\History\253231552.txt
c:\program files\QIP\Users\227946869\History\257102537.txt
c:\program files\QIP\Users\227946869\History\261003439.txt
c:\program files\QIP\Users\227946869\History\261556736.txt
c:\program files\QIP\Users\227946869\History\261821478.txt
c:\program files\QIP\Users\227946869\History\269806074.txt
c:\program files\QIP\Users\227946869\History\273628940.txt
c:\program files\QIP\Users\227946869\History\293739066.txt
c:\program files\QIP\Users\227946869\History\304578996.txt
c:\program files\QIP\Users\227946869\History\306637783.txt
c:\program files\QIP\Users\227946869\History\307684385.txt
c:\program files\QIP\Users\227946869\History\312536299.txt
c:\program files\QIP\Users\227946869\History\317763268.txt
c:\program files\QIP\Users\227946869\History\330302190.txt
c:\program files\QIP\Users\227946869\History\331294899.txt
c:\program files\QIP\Users\227946869\History\337510360.txt
c:\program files\QIP\Users\227946869\History\340762027.txt
c:\program files\QIP\Users\227946869\History\342524602.txt
c:\program files\QIP\Users\227946869\History\348979385.txt
c:\program files\QIP\Users\227946869\History\349391339.txt
c:\program files\QIP\Users\227946869\History\350234757.txt
c:\program files\QIP\Users\227946869\History\350866936.txt
c:\program files\QIP\Users\227946869\History\350989310.txt
c:\program files\QIP\Users\227946869\History\351164694.txt
c:\program files\QIP\Users\227946869\History\352157161.txt
c:\program files\QIP\Users\227946869\History\352306267.txt
c:\program files\QIP\Users\227946869\History\352386112.txt
c:\program files\QIP\Users\227946869\History\352392817.txt
c:\program files\QIP\Users\227946869\History\353760083.txt
c:\program files\QIP\Users\227946869\History\353880972.txt
c:\program files\QIP\Users\227946869\History\354134720.txt
c:\program files\QIP\Users\227946869\History\355668850.txt
c:\program files\QIP\Users\227946869\History\358272511.txt
c:\program files\QIP\Users\227946869\History\358304893.txt
c:\program files\QIP\Users\227946869\History\358581234.txt
c:\program files\QIP\Users\227946869\History\358652063.txt
c:\program files\QIP\Users\227946869\History\358667161.txt
c:\program files\QIP\Users\227946869\History\358675665.txt
c:\program files\QIP\Users\227946869\History\359181622.txt
c:\program files\QIP\Users\227946869\History\361056862.txt
c:\program files\QIP\Users\227946869\History\363794234.txt
c:\program files\QIP\Users\227946869\History\367931505.txt
c:\program files\QIP\Users\227946869\History\368248151.txt
c:\program files\QIP\Users\227946869\History\373700626.txt
c:\program files\QIP\Users\227946869\History\374145637.txt
c:\program files\QIP\Users\227946869\History\380781204.txt
c:\program files\QIP\Users\227946869\History\384656136.txt
c:\program files\QIP\Users\227946869\History\388047612.txt
c:\program files\QIP\Users\227946869\History\388595571.txt
c:\program files\QIP\Users\227946869\History\390510493.txt
c:\program files\QIP\Users\227946869\History\392391864.txt
c:\program files\QIP\Users\227946869\History\392953537.txt
c:\program files\QIP\Users\227946869\History\394134567.txt
c:\program files\QIP\Users\227946869\History\395342329.txt
c:\program files\QIP\Users\227946869\History\397105634.txt
c:\program files\QIP\Users\227946869\History\397506009.txt
c:\program files\QIP\Users\227946869\History\398320037.txt
c:\program files\QIP\Users\227946869\History\398688868.txt
c:\program files\QIP\Users\227946869\History\400057127.txt
c:\program files\QIP\Users\227946869\History\401545588.txt
c:\program files\QIP\Users\227946869\History\401623654.txt
c:\program files\QIP\Users\227946869\History\402872729.txt
c:\program files\QIP\Users\227946869\History\403453969.txt
c:\program files\QIP\Users\227946869\History\405214781.txt
c:\program files\QIP\Users\227946869\History\406258122.txt
c:\program files\QIP\Users\227946869\History\411180857.txt
c:\program files\QIP\Users\227946869\History\411182158.txt
c:\program files\QIP\Users\227946869\History\411211202.txt
c:\program files\QIP\Users\227946869\History\411233176.txt
c:\program files\QIP\Users\227946869\History\411243242.txt
c:\program files\QIP\Users\227946869\History\411314479.txt
c:\program files\QIP\Users\227946869\History\411329129.txt
c:\program files\QIP\Users\227946869\History\411337569.txt
c:\program files\QIP\Users\227946869\History\411398887.txt
c:\program files\QIP\Users\227946869\History\412076670.txt
c:\program files\QIP\Users\227946869\History\414268697.txt
c:\program files\QIP\Users\227946869\History\422307367.txt
c:\program files\QIP\Users\227946869\History\423495543.txt
c:\program files\QIP\Users\227946869\History\423526532.txt
c:\program files\QIP\Users\227946869\History\423759898.txt
c:\program files\QIP\Users\227946869\History\423840514.txt
c:\program files\QIP\Users\227946869\History\424110261.txt
c:\program files\QIP\Users\227946869\History\425675340.txt
c:\program files\QIP\Users\227946869\History\425773408.txt
c:\program files\QIP\Users\227946869\History\426397168.txt
c:\program files\QIP\Users\227946869\History\426588683.txt
c:\program files\QIP\Users\227946869\History\430807427.txt
c:\program files\QIP\Users\227946869\History\431934717.txt
c:\program files\QIP\Users\227946869\History\432417279.txt
c:\program files\QIP\Users\227946869\History\435735523.txt
c:\program files\QIP\Users\227946869\History\437037062.txt
c:\program files\QIP\Users\227946869\History\437827457.txt
c:\program files\QIP\Users\227946869\History\440124348.txt
c:\program files\QIP\Users\227946869\History\441100419.txt
c:\program files\QIP\Users\227946869\History\442196923.txt
c:\program files\QIP\Users\227946869\History\443196803.txt
c:\program files\QIP\Users\227946869\History\443548062.txt
c:\program files\QIP\Users\227946869\History\445186733.txt
c:\program files\QIP\Users\227946869\History\446712752.txt
c:\program files\QIP\Users\227946869\History\450543493.txt
c:\program files\QIP\Users\227946869\History\452381306.txt
c:\program files\QIP\Users\227946869\History\453001669.txt
c:\program files\QIP\Users\227946869\History\454076272.txt
c:\program files\QIP\Users\227946869\History\456656998.txt
c:\program files\QIP\Users\227946869\History\456688615.txt
c:\program files\QIP\Users\227946869\History\458016843.txt
c:\program files\QIP\Users\227946869\History\458881928.txt
c:\program files\QIP\Users\227946869\History\460811017.txt
c:\program files\QIP\Users\227946869\History\461868807.txt
c:\program files\QIP\Users\227946869\History\463680108.txt
c:\program files\QIP\Users\227946869\History\465057220.txt
c:\program files\QIP\Users\227946869\History\465681063.txt
c:\program files\QIP\Users\227946869\History\466889629.txt
c:\program files\QIP\Users\227946869\History\467073481.txt
c:\program files\QIP\Users\227946869\History\467434984.txt
c:\program files\QIP\Users\227946869\History\470428302.txt
c:\program files\QIP\Users\227946869\History\471150108.txt
c:\program files\QIP\Users\227946869\History\471191960.txt
c:\program files\QIP\Users\227946869\History\473593063.txt
c:\program files\QIP\Users\227946869\History\473950662.txt
c:\program files\QIP\Users\227946869\History\474104728.txt
c:\program files\QIP\Users\227946869\History\474146608.txt
c:\program files\QIP\Users\227946869\History\477385719.txt
c:\program files\QIP\Users\227946869\History\477662329.txt
c:\program files\QIP\Users\227946869\History\478514318.txt
c:\program files\QIP\Users\227946869\History\481438140.txt
c:\program files\QIP\Users\227946869\History\481852693.txt
c:\program files\QIP\Users\227946869\History\483073793.txt
c:\program files\QIP\Users\227946869\History\483705950.txt
c:\program files\QIP\Users\227946869\History\484905696.txt
c:\program files\QIP\Users\227946869\History\488377946.txt
c:\program files\QIP\Users\227946869\History\489934623.txt
c:\program files\QIP\Users\227946869\History\490074875.txt
c:\program files\QIP\Users\227946869\History\494078439.txt
c:\program files\QIP\Users\227946869\History\494406006.txt
c:\program files\QIP\Users\227946869\History\495356119.txt
c:\program files\QIP\Users\227946869\History\495685866.txt
c:\program files\QIP\Users\227946869\History\496841113.txt
c:\program files\QIP\Users\227946869\History\497772415.txt
c:\program files\QIP\Users\227946869\History\499587725.txt
c:\program files\QIP\Users\227946869\History\552067221.txt
c:\program files\QIP\Users\227946869\History\553991133.txt
c:\program files\QIP\Users\227946869\History\557333769.txt
c:\program files\QIP\Users\227946869\History\560501799.txt
c:\program files\QIP\Users\227946869\History\566257723.txt
c:\program files\QIP\Users\227946869\History\567100438.txt
c:\program files\QIP\Users\227946869\History\582517728.txt
c:\program files\QIP\Users\227946869\History\582534230.txt
c:\program files\QIP\Users\227946869\History\586004882.txt
c:\program files\QIP\Users\227946869\History\586335073.txt
c:\program files\QIP\Users\227946869\History\78630442.txt
c:\program files\QIP\Users\227946869\RcvdFiles\317763268_Jitka\Obhajoba.ppt
c:\program files\QIP\Users\227946869\RcvdFiles\368248151_Petr.sniper\BP1.doc
c:\program files\QIP\Users\227946869\RcvdFiles\368248151_Petr.sniper\pc.doc
c:\program files\QIP\Users\227946869\RcvdFiles\368248151_Petr.sniper\REKL.doc
c:\program files\QIP\Users\227946869\RcvdFiles\368248151_Petr.sniper\šlechtění ryb.doc
c:\program files\QIP\Users\227946869\RcvdFiles\398320037_E.ye91\a.gabonensis,.jpg
c:\program files\QIP\Users\227946869\RcvdFiles\440124348_piškot\15032009405.jpg
c:\program files\QIP\Users\227946869\RcvdFiles\440124348_piškot\15032009406.jpg
c:\program files\QIP\Users\227946869\RcvdFiles\440124348_piškot\15032009407.jpg
c:\program files\QIP\Users\227946869\RcvdFiles\483073793_Deevi\Ivana Frejlachová, Kreativita a její rozvoj, 1. úfřp.doc
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\ati.JPG
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\avast.JPG
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\cx.JPG
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\ddd.JPG
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\ddddjjj.JPG
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\How to intall.txt
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\lllllll.JPG
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\Obraz011.jpg
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\Obraz015.jpg
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\Obraz017.jpg
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\Obraz021.jpg
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\readme.txt
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\Report.htm
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\sdsd.JPG
c:\program files\QIP\Users\227946869\RcvdFiles\496841113_(L)_(I)_(B)_(O)_(R)\www.JPG
c:\program files\QIP\Users\Accounts.cfg
c:\program files\QIP\Users\Config.ini
c:\program files\QIP\Users\Default.cfg
c:\program files\QIP\Users\r.p\Config.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ieuinit.inf
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-17 do 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-04 20:41 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-01-04 20:41 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-01-04 20:41 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-01-04 20:41 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-01-04 20:41 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-04 20:41 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2009-12-30 15:58 . 2010-01-03 11:24 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-12-30 15:44 . 2009-12-30 15:45 -------- d-----w- C:\2602a0eb0703c154cd91bda0fb3c26
2009-12-30 15:44 . 2010-01-03 13:56 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-30 13:02 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:02 . 2010-01-02 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 13:02 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 12:33 . 2009-12-30 12:33 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-28 19:32 . 2009-12-28 19:32 -------- d-----w- c:\windows\system32\NtmsData
2009-12-28 13:05 . 2009-12-28 13:05 -------- d-----w- c:\program files\CCleaner
2009-12-28 10:20 . 2009-12-28 10:21 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-28 10:19 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-12-28 10:19 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-12-26 19:52 . 2009-12-26 19:52 -------- d-----w- c:\program files\GSC World Publishing
2009-12-25 11:43 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-25 11:43 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-25 11:43 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-25 11:43 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-25 11:43 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-25 11:43 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-25 11:43 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 18:01 . 2009-12-15 20:23 -------- d-----w- c:\program files\Steam
2010-01-17 09:32 . 2003-04-16 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-01-17 09:32 . 2003-04-16 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-01-16 18:25 . 2008-04-09 17:58 -------- d-----w- c:\program files\Futuremark
2010-01-16 18:25 . 2008-04-09 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 20:41 . 2009-05-03 12:36 -------- d-----w- c:\program files\MediaCoder
2010-01-04 18:49 . 2008-04-10 05:38 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-01-03 20:41 . 2008-07-19 14:04 -------- d-----w- c:\program files\RybyDB
2010-01-03 14:05 . 2008-12-25 10:58 -------- d-----w- c:\program files\Google
2010-01-03 13:24 . 2008-04-16 04:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-29 10:39 . 2008-04-09 15:23 -------- d-----w- c:\program files\Lavalys
2009-12-15 17:41 . 2008-05-21 09:42 -------- d-----w- c:\program files\Easy CD-DA Extractor 9
2009-12-10 21:54 . 2008-04-10 05:53 -------- d-----w- c:\program files\fishsim2
2009-12-05 11:05 . 2009-12-05 11:05 -------- d-----w- c:\program files\CS 1.6
2009-11-21 02:34 . 2009-06-10 16:33 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-11-21 02:34 . 2009-06-10 16:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-21 02:34 . 2009-06-10 16:33 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34 . 2008-04-09 15:03 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2008-04-09 15:03 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2008-04-09 15:03 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2008-04-09 15:03 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2008-04-09 15:03 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2008-04-09 15:03 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2008-04-09 15:03 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-21 02:34 . 2007-12-04 23:41 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-19 20:42 . 2008-04-09 18:23 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Steam"="c:\program files\Steam\Steam.exe" [2009-12-15 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"NodEnabler"="c:\program files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe" [2009-04-08 357521]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2008-4-10 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SpeedMenus v1.lnk - c:\program files\SpeedMenus v2\speedmenus.exe [2008-4-25 2186752]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.4.2008 17:09 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19.3.2009 10:44 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [19.3.2009 10:44 731840]
S1 c443d75c;c443d75c;c:\windows\system32\drivers\c443d75c.sys --> c:\windows\system32\drivers\c443d75c.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout Star Downloaderem - c:\program files\Star Downloader\sdie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Roman Pícha\Data aplikací\Mozilla\Firefox\Profiles\7viaj467.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-OEXPRESS - (no file)
HKCU-Run-WEBTRAN - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-NWEReboot - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-nvidia display control panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-QIP2005 - c:\program files\QIP\unqip.exe
AddRemove-qip 2005 - c:\program files\QIP\unins001.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 19:01
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys >>UNKNOWN [0x89E4C1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb811cfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e7dcb8
\Driver\atapi -> prosync1.sys @ 0xb85b06c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7d1cba0
PacketIndicateHandler -> NDIS.sys @ 0xb7d29b21
SendHandler -> NDIS.sys @ 0xb7d0787b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1965331169-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,5c,29,1f,f0,06,f6,f5,91,90,c8,dc,dc,cb,91,44,79,7c,d3,a8,79,c5,fd,
3a,3f,2d,63,30,1d,35,d0,c7,c1,cc,1b,67,51,be,9f,f8,c9,1c,8d,f2,d0,0b,ac,56,\
"??"=hex:46,cf,a5,41,c4,25,78,8d,d0,71,83,dc,da,b4,d8,c3

[HKEY_USERS\S-1-5-21-1177238915-1965331169-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:d7,8c,c6,d0,85,c7,6d,1d,8f,07,5e,d4,82,f5,3a,89,24,f1,12,bb,62,
19,77,69,e1,79,59,59,b1,c8,ed,a8,d1,5b,54,22,e4,08,7b,20,25,ac,bd,1d,cc,e8,\
"rkeysecu"=hex:a2,05,c7,b3,8a,a1,39,c8,41,d8,bf,f6,ba,a3,fd,9c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="11BD396CAFA16AF515D743F601A4ABCC4D4AB19E672A65C648F8241987018695FD637EA081D2744FC52B475854789AD2AB33D734935E3B420744DF7A6C739D0668CC34537B300564D52AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC7933A9C6AECB7A5D1407C8CD10DBE934C871C88A78C0F7F9ABAFDE49667AA51927C1E86F1F6661B50817231CC50FA0251AED78B8B4AC6004E4969F92A1BA68D640550D900F17614A25C7356A94B646F163629AFC6EE592A09979AF25E9A0D351025A06B010EAF89A14FAD1D9B14D8439652DB7DAB9D1FD20746E6B85CF983D26A942A6764FF701B83C99E2D30A335B1ED6CE6C9ADCB8665999B0467B18F54D7E669E55CAADBB28B97A2E6202392E1E4B5E6A6BC755C8E3A11E9CC6153CEF8202D8258DDD4115ED399F6AE1D39366F0E89ACB7AB44F1461D80CB586A36721AB5E9A335FA054C62BD6EEA0847D9F6751299B5EEF72B18E1FDD629FB4BC7A06ED4635C6EDC863F887B49F4A05F418220DBE67333CDB1313B11590A691B88A8343EEA802EFD1213681785E022D746A6A4660767E5F8B3D5D006801B7F435DF5D7791672CB078F1EE6A4E4C87DE7D3979744BB69AEDE1329046448964491476C02B6C58B08F406F756864FC408D525B6BE2BE87031283A4B013187A638CF8003A5340569D006D6702F56CF63342F85CC0AF7D3F590958FAA84BD9158D51CCDF3CB8D331A70A8C5BB0601DB70C983E795ECD4FA563240CD1C4A6811061BC3EAE1E78F0AB23C76901FE48B2AE1B4030250B03817908C71078B6310C94800B3E399903E3FB8C6818415125EAC0547EA287F36B626A556F17F214CAFA41B00801804D9D7FCE0331ED3B6FBF08C3CEAB2D792B75451EFCA51AF7D5A5D027DC188039BBDF1842C776053E0436510648B3298923E303ADD10D55F259CB17CD91AF79CACAB7086944A53C511FF891C79E17B77B34CD75A54F5B480460175C2E035BEC524565AE4A803C342E34D095BBD5693A451C1D7E078F5937FE10B82E3604372120DA7E6B61AD50544119D43389185358907A1280C7D5E3AA6A72B2A34910761EB81BEAA41D1E06462C8BF33E4E2E91FEBDD23D63CF066C6F82F45F533CC5DFB0D5FDE7C3E0C79B78C5A9EF93990B74DB5D0F87137C29F8143767E75CD8664DEA625F853683C65E9D16775E8FEEBFDFE0B67BA9FD9F6B22ED2B81CEDD5E562D22FE7A29EFCFD9B0AA5B5B29174886CB4744C7B499FB9E9595B55A657BFDA1806E02F38BE205638CDA86218D0F0FBAC50A35880ADC4EB793E5E371D3DF5DF5DE2EF152B98B556AFA2B3E789DE2A55B6CE66B366042404F737E73A517B79723F2828BFE93E6E8999DDE5BF4BF015E8BF4E17EAC434A"
"OODEFRAG11.00.00.01WORKSTATION"="CC5D2E44F979BDF785E5AA6A883B4BFB70B976A2B153B26C81FC2147D6C6EF407F28D22C7A034866763CA53117E9C34DEC11BB593CDA791376B13A820E59A2398BC0821A7F4003673AF845736D84A9489D3462208005EC6D30879AE460EC4EC2E46B0FB1BE2C1C1A917B123620EF6BBDB0B9C77B0D416199EA6E1593FC1BCE70F211E25A22A50FA133C22C4276774C8249D95FB3A76280BF55F89178C4DDCFD912BB78BE49733028C675C1A36B4666EEFBF32F56471EC6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6171C11EC38DE3DBA7FD869164D6794729319093CE4055A56DB60DAC00DF24C8E5DEADEC3470BF19E47FD5A4D047175491AB60E3BB90BD0A8E4D9D9610B8B1DD151AEAC3DB79DA50FFC65C0AFE00E52A0AC1332C7A317629AC33FDC2CF5AB70C4127B0BFE5F5DD0956F0E77E2FCCC32B72B2BA086D4B09D1C4545E1C3FCE13CA77ADF6E4E0C02ECE6A77E0770E0AD33D06BA013DFB640E622AAC57B12869FC741DB8F5DB4C0A6C93820E58AA34D96C73435375C7F6313F6252B3F4EC42A3B305BF660F201B14C8844CB91B40B34CCB82F47D9E255AA59D822F0D216CCB4EFE64284CDDF4548531D4A8B77C6F83A009E8ED1921E95112B6C1999C622DEA6DBAFC72D7765582306530CB92D1B053CBDE82979159C39CB80658FB7055174B481A4C3129E5C53130DC851A06F1D0B48FC5BD3D8B3FEFAC9B6CA0ECF9C9D4A4647B10DC62CAF151DFA6E63019ECC2A9F938A6BFA69FA5CA79079205E3D8F6279F697834FA8DE3FFBBF0A920F3F40443A40E3CFE151D9A13AB02158CEBD45021EC06B872945FB389CB5B5AFF2F69D02C2A2A46403AEF7D109A245498419F0B039B416FDC2D2B02A209760924894A14D953D5F90C664C8B94ED23D0DD56BD93C81C9D25200CAB583DC83C9969F059D56C7FBFBC0897BCEE8FB9336BF8B78D9B7655CB57136C55B76DAFD08987CDE758F1EA8B4631E222534B3992E0265A45FF4062820CD310405785AED077C56D720B094F4986D472877334DFEF97913F9EB9035D1CCDAB0E7A943C91F02281B4D2CB4D87409D5410389C2D43FC1CC3D271664FD5DC614E5F75557D0C00C07293F38DACC203E98354B2E030ABE7FA9FBFD08941CB771777A5F26F448E58B085450F8A508D44234473ECF57DEC085425E7401847F2E7F86076D50223D86B79C66C9B5DCD451F42D8A3D6CE8FC6E7548E5A3D25D4DF17B449B151BA9F17DA13B1996CC8BB1BA878C094B14A2BED6487789C9E20D5D1B403E3B6DE199DB0C285F9FC6AC00D01A825BBF92ECB433EA490A32C82CC4BD247E7FDCAF124425D204881A0EDB4F99DB3FAB9FDF2F151E7F18413EA63E78AD6ABC1BEB3C31BF295B3CB7"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1784)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
.
**************************************************************************
.
Celkový čas: 2010-01-17 19:06:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-17 18:06

Před spuštěním: Volných bajtů: 54 958 854 144
Po spuštění: Volných bajtů: 54 826 840 064

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 4D30A02CC49064F98B366D4B2B819037