PC-HELP.CZ

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:42:36, on 31.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\documents and settings\jitka\local settings\temp\pb1e9c\spoolvsf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14672&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Jitka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Jitka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Intel i386] C:\servces.exe
O4 - HKLM\..\Run: [test] Windows2.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [msngers] c:\documents and settings\jitka\local settings\temp\pb1e9c\spoolvsf.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jitka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate1ca49bdfba8f4f0) (gupdate1ca49bdfba8f4f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 13542 bytes

Vítej na fóru

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Odinstaluj přes Přidat nebo odebrat programy, pokud nutně nepotřebuješ tyto toolbary:
Ask Toolbar
free-downloads.net Toolbar
Winamp Toolbar
ICQ ToolBar

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4373

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.7.2010 17:49:45
mbam-log-2010-07-31 (17-49-45).txt

Typ skenu: Rychlý sken
Skenované objekty: 127890
Uplynulý čas: 23 minuta(y), 18 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 2
Infikované klíče registru: 31
Infikované hodnoty registru: 6
Infikované datové položky registru: 3
Infikované složky: 19
Infikované soubory: 39

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.

Infikované klíče registru:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intel i386 (Backdoor.IRCBot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> No action taken.

Infikované soubory:
C:\servces.exe (Backdoor.IRCBot) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\cqsgf.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\insnts.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\mqpp.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\vdolew.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\7149.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Jitka\Data aplikací\uzso.exe (Trojan.FakeAlert) -> No action taken.
C:\mirc.ini (Malware.Trace) -> No action taken.
C:\remote.ini (Malware.Trace) -> No action taken.
C:\update.exe (Trojan.Agent) -> No action taken.

Odinstaluj přes Přidat nebo odebrat programy:
Internet Saving Optimizer
Media Access Startup
System Search Dispatcher

pokud by jsi je nenašel v seznamu, tak udělej toto.
Jdi postupně do těchto složek a spusť soubory označené modře, tím spustíš odinstalační rutinu.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Pokud používáš program mIRC, tak zruš zatřžení u položky Malware.Trace
C:\mirc.ini (Malware.Trace) -> No action taken.
C:\remote.ini (Malware.Trace) -> No action taken.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vypni rez. ochranu u antiviru a antispywaru, před spuštěním ComboFixu

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4373

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.7.2010 22:43:02
mbam-log-2010-07-31 (22-43-02).txt

Typ skenu: Rychlý sken
Skenované objekty: 127720
Uplynulý čas: 22 minuta(y), 58 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 24
Infikované hodnoty registru: 4
Infikované datové položky registru: 3
Infikované složky: 2
Infikované soubory: 10

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intel i386 (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované soubory:
C:\servces.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\cqsgf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\insnts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\mqpp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\vdolew.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\7149.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jitka\Data aplikací\uzso.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\mirc.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\remote.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\update.exe (Trojan.Agent) -> Quarantined and deleted successfully.

a tady ten druhej log po te modre obrazovce:

ComboFix 10-07-31.01 - Jitka 31.07.2010 23:29:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.277 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jitka\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
ADS - WINDOWS: deleted 29176816 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jitka\Data aplikací\ibyqnm.exe
c:\documents and settings\Jitka\Data aplikací\tlxz.exe
C:\l4m3r.exe
C:\MediaTube_ver1.1573.0.exe
C:\StarCodec_ver1.5897.0.exe
c:\windows\1350.exe
c:\windows\37086.exe
c:\windows\435260.exe
c:\windows\system32\_000000_.tmp.dll
c:\windows\system32\_000001_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\vbzlib1.dll
c:\windows\Windows2.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 15:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 15:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 15:20 . 2010-07-31 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 15:04 . 2010-07-31 15:04 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-07-18 14:58 . 2010-07-18 14:58 -------- d-----w- c:\program files\EA GAMES
2010-07-14 09:07 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-04 13:45 . 2010-07-04 13:45 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 20:47 . 2008-05-17 22:23 -------- d-----w- c:\program files\Steam
2010-07-31 15:04 . 2009-07-07 12:24 -------- d-----w- c:\program files\free-downloads.net
2010-07-31 15:01 . 2009-10-05 07:02 -------- d-----w- c:\program files\QIP
2010-07-28 12:59 . 2008-05-17 21:21 -------- d-----w- c:\program files\TrackMania Nations ESWC
2010-07-28 12:53 . 2009-07-30 17:34 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-28 12:43 . 2009-07-30 17:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-03 20:49 . 2009-02-28 23:37 -------- d-----w- c:\program files\Opera
2010-06-24 13:47 . 2006-03-02 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2010-06-24 13:47 . 2006-03-02 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2010-06-14 14:31 . 2008-05-17 15:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 15:55 . 2009-07-09 11:02 -------- d-----w- c:\program files\Valve
2010-05-06 10:35 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-09 39408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Google Update"="c:\documents and settings\Jitka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-07-03 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-04-13 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-02 10:47 120056 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"Firewalboverride"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman123\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fuzzzkicek\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fuzzzkicek\\condition zero\\hl.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kominzir94\\condition zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kominzir94\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [1.9.2008 14:28 17408]
S2 gupdate1ca49bdfba8f4f0;Služba Google Update (gupdate1ca49bdfba8f4f0);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 17:26 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [22.7.2009 20:53 26736]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp --> c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [1.9.2008 14:28 16384]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [1.9.2008 14:28 9856]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2008 15:38 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 15:25]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 15:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=14672&l=dis
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://seznam.cz/
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
HKLM-Run-test - Windows2.exe
AddRemove-EAX Unified - c:\program files\Creative\EAX Unified\Uninst.isu
AddRemove-mIRC - c:\documents and settings\jitka\local settings\temp\pb1e9c\spoolvsf.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 23:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-448539723-484763869-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Celkový čas: 2010-07-31 23:49:24
ComboFix-quarantined-files.txt 2010-07-31 21:49

Před spuštěním: Volných bajtů: 18 701 361 152
Po spuštění: Volných bajtů: 18 800 058 368

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8CA368C98DD61ABDEBFE5DFD7D457C58

V logu CF je vidět, že nemáš aktualizovaný Nod, proto ho zkus aktualizovat ručně, před tím než bude dále postupovat.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna a vypni opět po dobu běhu ComboFixu rezidentní ochranu u anitiviru.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... a napiš/zkopíruj do okna tento příkaz označený modře
cmd /c Find /i /n "Adobe" "%systemdrive%\Qoobox\Add-Remove Programs.txt">>Jlog.txt&Jlog.txt&del Jlog.txt
a dej Ok.
Vlož sem pak obsah souboru, který se ti zobrazí.

a jště pak tento příkaz a vlož sem výsledek:
cmd /c Find /i /n "Java" "%systemdrive%\Qoobox\Add-Remove Programs.txt">>Jlog.txt&Jlog.txt&del Jlog.txt

dneska uz to nestiham..prijedu za tyden.tak to udelam.jinak zatim dekuju za rady

1/2 -cele se to sem neveslo
ComboFix 10-08-20.01 - Jitka 21.08.2010 15:01:01.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.212 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jitka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jitka\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-21 do 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-07-31 15:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 15:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 15:20 . 2010-07-31 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 15:04 . 2010-07-31 15:04 2560 ----a-w- c:\windows\_MSRSTRT.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 12:55 . 2008-05-17 22:23 -------- d-----w- c:\program files\Steam
2010-08-12 12:48 . 2006-03-02 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:48 . 2006-03-02 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2010-07-31 15:04 . 2009-07-07 12:24 -------- d-----w- c:\program files\free-downloads.net
2010-07-31 15:01 . 2009-10-05 07:02 -------- d-----w- c:\program files\QIP
2010-07-28 12:59 . 2008-05-17 21:21 -------- d-----w- c:\program files\TrackMania Nations ESWC
2010-07-28 12:53 . 2009-07-30 17:34 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-28 12:43 . 2009-07-30 17:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-18 14:58 . 2010-07-18 14:58 -------- d-----w- c:\program files\EA GAMES
2010-07-04 13:45 . 2010-07-04 13:45 -------- d-----w- c:\program files\Common Files\Skype
2010-07-03 20:49 . 2009-02-28 23:37 -------- d-----w- c:\program files\Opera
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-05-17 15:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\program files\Winamp\winamp.exe ---
Company: Nullsoft, Inc.
File Description: Winamp
File Version: 5,5,7,2830
Product Name: Winamp
Copyright: Copyright © 1997-2010, Nullsoft, Inc.
Original Filename: Winamp.exe
File size: 1552736
Created time: 2010-01-12 20:03
Modified time: 2010-01-12 20:03
MD5: 57C3C2E607488858CDBD26A3E168D9B5
SHA1: A60748761AAA6A68ADD9D0B948C55436005E07B5


((((((((((((((((((((((((((((( SnapShot@2010-07-31_21.41.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-21 12:53 . 2010-08-21 12:53 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat
- 2006-03-02 12:00 . 2010-06-24 13:47 71138 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-08-12 12:48 71138 c:\windows\system32\perfc009.dat
- 2009-03-08 02:31 . 2010-05-06 10:35 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 02:31 . 2010-06-24 12:27 55296 c:\windows\system32\msfeedsbs.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 25600 c:\windows\system32\jsproxy.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-25 21:26 . 2010-06-24 12:27 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-25 21:26 . 2010-05-06 10:35 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-07-29 08:52 . 2010-06-24 12:27 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-07-29 08:52 . 2010-05-06 10:35 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 02:33 . 2010-05-06 10:35 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 02:33 . 2010-06-24 12:27 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2010-08-12 13:09 . 2010-08-12 13:09 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-12 12:56 . 2010-08-12 12:56 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-08-12 12:52 . 2010-08-12 12:52 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 13:55 . 2010-08-12 13:55 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-12 13:52 . 2010-08-12 13:52 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-24 13:46 . 2010-06-24 13:46 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-24 13:46 . 2010-06-24 13:46 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-03-02 12:00 . 2010-08-12 12:48 440820 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2010-06-24 13:47 440820 c:\windows\system32\perfh009.dat
+ 2006-03-02 12:00 . 2010-06-24 12:27 206848 c:\windows\system32\occache.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 206848 c:\windows\system32\occache.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 611840 c:\windows\system32\mstime.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 611840 c:\windows\system32\mstime.dll
- 2009-03-08 02:32 . 2010-05-06 10:35 599040 c:\windows\system32\msfeeds.dll
+ 2009-03-08 02:32 . 2010-06-24 12:27 599040 c:\windows\system32\msfeeds.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 184320 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 184320 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 387584 c:\windows\system32\iedkcs32.dll
- 2006-03-02 12:00 . 2010-05-06 10:35 387584 c:\windows\system32\iedkcs32.dll
+ 2006-03-02 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
- 2006-03-02 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2008-05-17 17:27 . 2010-06-11 11:59 118152 c:\windows\system32\FNTCACHE.DAT
+ 2008-05-17 17:27 . 2010-08-12 18:04 118152 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-21 06:45 . 2010-06-24 12:27 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-21 06:45 . 2010-05-06 10:35 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 12:27 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:57 . 2010-06-30 12:33 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-03-08 02:34 . 2010-06-24 12:27 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 02:34 . 2010-05-06 10:35 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 02:32 . 2010-05-06 10:35 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 02:32 . 2010-06-24 12:27 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-07-29 08:52 . 2010-05-06 10:35 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-07-29 08:52 . 2010-06-24 12:27 599040 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-25 21:26 . 2010-05-06 10:35 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-25 21:26 . 2010-06-24 12:27 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 02:31 . 2010-05-06 10:35 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 02:31 . 2010-06-24 12:27 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 07:29 . 2010-06-24 12:27 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 07:29 . 2010-05-06 10:35 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 12:09 . 2010-06-24 12:27 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 12:09 . 2010-05-06 10:35 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 02:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 02:32 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-05-11 04:40 . 2010-05-11 04:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-08-07 21:51 . 2009-08-07 21:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-08-12 12:33 . 2010-02-22 14:21 391032 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-08-12 12:33 . 2009-05-26 09:01 233848 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-08-12 12:32 . 2010-05-06 10:35 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-08-12 12:32 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2010-08-12 13:56 . 2010-08-12 13:56 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-12 13:09 . 2010-08-12 13:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-08-12 13:09 . 2010-08-12 13:09 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-08-12 13:08 . 2010-08-12 13:08 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-08-13 11:27 . 2010-08-13 11:27 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-12 13:53 . 2010-08-12 13:53 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-12 13:53 . 2010-08-12 13:53 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-08-12 13:05 . 2010-08-12 13:05 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-13 11:23 . 2010-08-13 11:23 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-08-13 11:23 . 2010-08-13 11:23 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-08-12 13:58 . 2010-08-12 13:58 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-12 13:56 . 2010-08-12 13:56 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-08-12 13:00 . 2010-08-12 13:00 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-08-12 13:00 . 2010-08-12 13:00 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-08-12 13:00 . 2010-08-12 13:00 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-08-12 13:00 . 2010-08-12 13:00 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-12 13:56 . 2010-08-12 13:56 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-12 13:55 . 2010-08-12 13:55 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-08-12 13:53 . 2010-08-12 13:53 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2006-03-02 12:00 . 2010-06-24 12:27 1210368 c:\windows\system32\urlmon.dll
+ 2006-03-02 12:00 . 2010-07-27 06:30 8466432 c:\windows\system32\shell32.dll
+ 2006-03-02 12:00 . 2010-04-28 18:15 2192128 c:\windows\system32\ntoskrnl.exe
- 2006-03-02 12:00 . 2010-02-17 12:09 2192128 c:\windows\system32\ntoskrnl.exe
+ 2004-08-17 15:45 . 2010-04-28 05:45 2068992 c:\windows\system32\ntkrnlpa.exe
- 2004-08-17 15:45 . 2010-02-16 19:09 2068992 c:\windows\system32\ntkrnlpa.exe
+ 2006-03-02 12:00 . 2010-06-24 12:27 5951488 c:\windows\system32\mshtml.dll
+ 2009-03-08 02:32 . 2010-06-24 12:27 1986560 c:\windows\system32\iertutil.dll
+ 2008-10-16 12:27 . 2010-06-24 09:02 1851904 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:14 . 2010-06-24 12:27 1210368 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8466432 c:\windows\system32\dllcache\shell32.dll
+ 2008-10-16 12:27 . 2010-04-28 18:15 2192128 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-16 12:27 . 2010-02-17 12:09 2192128 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 12:27 . 2010-02-16 19:08 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 12:27 . 2010-02-16 19:09 2068992 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2068992 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-16 12:27 . 2010-02-16 19:08 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-13 13:08 . 2010-06-14 07:43 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-11-13 13:08 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-04-21 06:45 . 2010-06-24 12:27 5951488 c:\windows\system32\dllcache\mshtml.dll
- 2010-03-10 04:41 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-03-10 04:41 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-06-25 21:26 . 2010-06-24 12:27 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2009-08-07 21:51 . 2009-08-07 21:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-08-12 12:32 . 2010-05-06 10:35 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
- 2008-10-16 12:27 . 2010-02-17 12:09 2192128 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 12:27 . 2010-04-28 18:15 2192128 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-16 12:27 . 2010-02-16 19:08 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 12:27 . 2010-02-16 19:09 2068992 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2068992 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 12:27 . 2010-02-16 19:08 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-16 12:27 . 2010-04-28 05:45 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-08-12 12:52 . 2010-08-12 12:52 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-08-12 13:09 . 2010-08-12 13:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-08-12 12:52 . 2010-08-12 12:52 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-08-12 13:08 . 2010-08-12 13:08 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-08-13 11:27 . 2010-08-13 11:27 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-08-13 11:26 . 2010-08-13 11:26 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-08-12 13:06 . 2010-08-12 13:06 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-08-12 13:53 . 2010-08-12 13:53 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-12 13:06 . 2010-08-12 13:06 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-08-12 13:53 . 2010-08-12 13:53 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-08-12 13:05 . 2010-08-12 13:05 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-08-12 13:03 . 2010-08-12 13:03 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-08-13 11:23 . 2010-08-13 11:23 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-08-12 13:03 . 2010-08-12 13:03 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-08-13 11:23 . 2010-08-13 11:23 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-12 13:01 . 2010-08-12 13:01 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-08-12 13:01 . 2010-08-12 13:01 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-08-12 13:01 . 2010-08-12 13:01 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-08-12 12:52 . 2010-08-12 12:52 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-13 11:24 . 2010-08-13 11:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-12 13:57 . 2010-08-12 13:57 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-12 13:56 . 2010-08-12 13:56 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-12 12:46 . 2010-08-12 12:46 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-06-24 13:46 . 2010-06-24 13:46 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-08-12 12:47 . 2010-08-12 12:47 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-05-17 18:00 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe
+ 2009-03-08 02:39 . 2010-06-24 15:57 11077120 c:\windows\system32\ieframe.dll
+ 2009-06-25 21:26 . 2010-06-24 15:57 11077120 c:\windows\system32\dllcache\ieframe.dll
+ 2010-05-19 11:08 . 2010-05-19 11:08 11408896 c:\windows\Installer\b6e59.msp
+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\38216.msp
+ 2010-08-12 12:32 . 2010-05-06 10:35 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
+ 2010-08-12 13:07 . 2010-08-12 13:07 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-08-13 11:25 . 2010-08-13 11:25 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2010-08-12 13:55 . 2010-08-12 13:55 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
+ 2010-08-12 13:05 . 2010-08-12 13:05 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-08-12 12:59 . 2010-08-12 12:59 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-08-12 12:55 . 2010-08-12 12:55 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-08-12 12:51 . 2010-08-12 12:51 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.

2/2

-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-09 39408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Google Update"="c:\documents and settings\Jitka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-07-03 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-04-13 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\documents and settings\Jitka\Data aplikací\djjqs.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-02 10:47 120056 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"Firewalboverride"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman456\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\SteamApps\\matyman123\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fuzzzkicek\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fuzzzkicek\\condition zero\\hl.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kominzir94\\condition zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kominzir94\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [1.9.2008 14:28 17408]
S2 gupdate1ca49bdfba8f4f0;Služba Google Update (gupdate1ca49bdfba8f4f0);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 17:26 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [22.7.2009 20:53 26736]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp --> c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [1.9.2008 14:28 16384]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [1.9.2008 14:28 9856]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2008 15:38 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 15:25]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 15:25]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\oj1xsgft.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 15:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Jitka\LOCALS~1\Temp\JNG18A9.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-448539723-484763869-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(3560)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\TGTSoft\StyleXP\TGT_BHO.dll
c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Celkový čas: 2010-08-21 15:27:50
ComboFix-quarantined-files.txt 2010-08-21 13:27
ComboFix2.txt 2010-07-31 21:49

Před spuštěním: Volných bajtů: 18 238 812 160
Po spuštění: Volných bajtů: 18 300 633 088

- - End Of File - - 9F14BE07914999EAFC9761667F69B3D6

---------- C:\QOOBOX\ADD-REMOVE PROGRAMS.TXT
[3]Adobe Flash Player 10 ActiveX
[4]Adobe Flash Player 10 Plugin
[5]Adobe Reader 9.3.4 - Czech


*******************************************



---------- C:\QOOBOX\ADD-REMOVE PROGRAMS.TXT
[156]Java(TM) 6 Update 15

Z logu se ti úplně vytratil antivir, tak si ho tam doinstaluj.

Objevila se ti tam část červa co se šíří přes výměnná zařízení, tak pokud jsi měl k tomu PC připojený nějaký externí disk, flešku, tak si ji nachystej.

Zatím si stáhni:
Flash Disinfector (by sUBs)
AVPTool

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
regedit /e "C:\RegLog.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
a dej Ok.
- na disku C se ti objeví soubor RegLog.txt tak sem vlož jeho obsah. Zajímá mě jen ta část co bude hned na začátku přímo pod klíčem (včetně všech values které k němu patří)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
zbytek logu sem nemusíš vkládat.

Po vložení logu, ti napíši další postup.