PC-HELP.CZ

Ahoj, prosím o kontrolu, už mám poměrně dlouho jeden systém a bez nějakých větších problémů tak se mi to zdá trošku divný Jen pro kontrolu jestli tam není něco zbytečně a tak. Díky

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:11, on 28.12.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
E:\Program Files (x86)\RocketDock\RocketDock.exe
E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
E:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\CrasherKill\Desktop\hijackthis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avgnt] "E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Správce úloh aplikace Autodesk Moldflow Inventor Tool Suite Integration 2011 (mitsijm2011) - Unknown owner - C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10607 bytes

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

ATF vyčištěno, Dr. Web CureIt nic nenašel, log z Malwarebytes' Anti-Malware taky v pořádku...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5408

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.12.2010 18:28:13
mbam-log-2010-12-28 (18-28-13).txt

Typ kontroly: Rychlý test
Testované objekty: 162929
Uplynulý čas: 2 minut, 29 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

ComboFix 10-12-26.01 - CrasherKill 28.12.2010 19:24:53.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.2197 [GMT 1:00]
Spuštěný z: c:\users\CrasherKill\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\ST6UNST.000
c:\windows\system32\office.exe
c:\windows\SysWow64\office.exe
c:\windows\XSxS

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-28 do 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-28 18:28 . 2010-12-28 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-28 17:24 . 2010-12-28 17:24 -------- d-----w- c:\users\CrasherKill\AppData\Roaming\Malwarebytes
2010-12-28 17:24 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-28 17:24 . 2010-12-28 17:24 -------- d-----w- c:\programdata\Malwarebytes
2010-12-28 17:18 . 2010-12-28 17:18 -------- d-----w- c:\users\CrasherKill\DoctorWeb
2010-12-28 16:21 . 2010-12-28 16:21 -------- d-----w- c:\programdata\Electronic Arts
2010-12-28 08:43 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04CE72AE-DE7B-4873-AB50-1276B043B341}\mpengine.dll
2010-12-26 14:10 . 2010-12-26 14:10 -------- d-----w- c:\users\CrasherKill\Můj film
2010-12-25 19:38 . 2010-12-25 19:38 -------- d-----w- c:\users\CrasherKill\AppData\Local\4A Games
2010-12-25 10:53 . 2010-12-25 11:02 -------- d-----w- c:\program files (x86)\Vietcong
2010-12-24 20:44 . 2010-12-24 20:45 -------- d-----w- c:\users\CrasherKill\AppData\Roaming\TrueCrypt
2010-12-21 15:09 . 2010-12-21 15:09 -------- d-----w- c:\users\CrasherKill\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-12-21 15:09 . 2010-12-21 15:09 -------- d-----w- c:\users\CrasherKill\AppData\Roaming\Adobe Mini Bridge CS5
2010-12-16 17:26 . 2003-04-16 00:10 110592 ----a-w- c:\windows\SysWow64\tsccvid.dll
2010-12-16 17:26 . 2010-12-16 17:26 -------- d-----w- c:\program files (x86)\CDVPlayer
2010-12-16 17:26 . 2010-12-22 17:50 466944 ------w- c:\windows\Setup1.exe
2010-12-16 17:26 . 2010-12-22 17:50 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-12-11 18:09 . 2010-12-11 18:09 -------- d--h--r- c:\users\CrasherKill\AppData\Roaming\SecuROM
2010-12-11 16:07 . 2010-12-11 16:07 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2010-12-07 15:34 . 2010-12-07 15:34 15823872 ----a-w- c:\users\CrasherKill\AppData\Roaming\Microsoft\Windows\Templates\Office 2010 Toolkit.exe
2010-12-07 15:34 . 2010-12-07 15:34 786492 ----a-w- c:\users\CrasherKill\AppData\Roaming\Microsoft\Windows\Templates\cryptedcybertoirrent.exe
2010-12-07 15:34 . 2010-12-07 15:34 107008 ----a-w- c:\users\CrasherKill\AppData\Roaming\Microsoft\Windows\Templates\Torrant.exe
2010-12-04 16:09 . 2010-12-04 16:09 -------- d-----w- c:\program files (x86)\Ubisoft
2010-11-30 20:22 . 2010-11-30 20:22 -------- d-----w- c:\users\CrasherKill\AppData\Local\Xenocode
2010-11-30 20:22 . 2010-11-30 20:22 -------- d-----w- c:\program files (x86)\Xenocode
2010-11-30 19:39 . 2010-11-30 19:39 75776 ----a-w- c:\windows\cadkasdeinst01e.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 08:39 . 2010-09-16 17:47 25640 ----a-w- c:\windows\gdrv.sys
2010-12-13 17:42 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-12-13 17:42 . 2009-08-18 10:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-23 19:27 . 2010-10-21 19:46 234984 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-11-23 19:27 . 2010-10-21 18:56 234984 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2010-11-23 19:27 . 2010-10-21 18:56 234984 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-23 18:41 . 2010-10-21 18:56 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-11-17 06:53 . 2010-11-17 06:53 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-12 15:12 . 2010-11-12 15:13 737280 ----a-w- c:\windows\iun6002.exe
2010-10-31 20:49 . 2010-11-05 19:58 6291456 ----a-w- c:\users\CrasherKill\AppData\Roaming\Microsoft\Internet Explorer\Call of Duty Black Ops.exe
2010-10-20 21:59 . 2010-10-20 11:15 112116 ----a-w- c:\users\CrasherKill\AppData\Roaming\mdbu.bin
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2010-10-01 18:05 . 2010-09-18 14:35 5018 --sha-w- c:\programdata\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\program files (x86)\RocketDock\RocketDock.exe" [2007-03-18 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Reader Speed Launcher"="e:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AVerFx2hbtv64;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys [2009-05-05 508672]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-18 1436424]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-16 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-16 834544]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 mitsijm2011;Správce úloh aplikace Autodesk Moldflow Inventor Tool Suite Integration 2011;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-04-19 1401672]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 7767040]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 279040]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - DWPROT

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 07:40]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 07:40]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\program files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3199945752-1232938285-4007699256-1000\Software\SecuROM\License information*]
"datasecu"=hex:ef,82,56,5d,0c,2a,49,c5,d8,02,72,f1,41,48,23,44,f4,d1,5a,00,ca,
45,f2,df,f9,2e,dd,8c,25,07,1f,14,34,ca,a0,27,09,0f,64,34,93,44,4c,57,8a,3a,\
"rkeysecu"=hex:27,49,52,9a,85,ae,e3,e5,f1,c8,c0,10,6c,a0,9a,95

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-12-28 19:31:15
ComboFix-quarantined-files.txt 2010-12-28 18:31

Před spuštěním: Volných bajtů: 84 591 656 960
Po spuštění: Volných bajtů: 84 093 501 440

- - End Of File - - BE5CD0AE014B44C614BC6EFBF74496F4

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

ComboFix 10-12-26.01 - CrasherKill 28.12.2010 23:00:00.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.2396 [GMT 1:00]
Spuštěný z: c:\users\CrasherKill\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\CrasherKill\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe"
"c:\windows\iun6002.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\ICQ6Toolbar
c:\program files (x86)\ICQ6Toolbar\config.xml
c:\program files (x86)\ICQ6Toolbar\Icons.bmp
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\program files (x86)\ICQ6Toolbar\icq6Toolbar.ico
c:\program files (x86)\ICQ6Toolbar\ICQToolBar.dll
c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files (x86)\ICQ6Toolbar\logo_small.gif
c:\program files (x86)\ICQ6Toolbar\ServiceStarter.exe
c:\program files (x86)\ICQ6Toolbar\short.wav
c:\program files (x86)\ICQ6Toolbar\Version.txt
c:\program files (x86)\ICQ6Toolbar\voucher.bmp
c:\program files (x86)\ICQ6Toolbar\voucher2.bmp
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_bg.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_cz.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_de.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_en.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_es.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_fr.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_he.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_it.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_ru.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_sk.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_tr.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_uk.html
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\windows\iun6002.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-28 do 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-28 17:24 . 2010-12-28 17:24 -------- d-----w- c:\users\CrasherKill\AppData\Roaming\Malwarebytes
2010-12-28 17:24 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-28 17:24 . 2010-12-28 17:24 -------- d-----w- c:\programdata\Malwarebytes
2010-12-28 17:18 . 2010-12-28 17:18 -------- d-----w- c:\users\CrasherKill\DoctorWeb
2010-12-28 16:21 . 2010-12-28 16:21 -------- d-----w- c:\programdata\Electronic Arts
2010-12-28 08:43 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04CE72AE-DE7B-4873-AB50-1276B043B341}\mpengine.dll
2010-12-26 14:10 . 2010-12-26 14:10 -------- d-----w- c:\users\CrasherKill\Můj film
2010-12-25 19:38 . 2010-12-25 19:38 -------- d-----w- c:\users\CrasherKill\AppData\Local\4A Games
2010-12-25 10:53 . 2010-12-25 11:02 -------- d-----w- c:\program files (x86)\Vietcong
2010-12-24 20:44 . 2010-12-24 20:45 -------- d-----w- c:\users\CrasherKill\AppData\Roaming\TrueCrypt
2010-12-21 15:09 . 2010-12-21 15:09 -------- d-----w- c:\users\CrasherKill\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-12-21 15:09 . 2010-12-21 15:09 -------- d-----w- c:\users\CrasherKill\AppData\Roaming\Adobe Mini Bridge CS5
2010-12-16 17:26 . 2003-04-16 00:10 110592 ----a-w- c:\windows\SysWow64\tsccvid.dll
2010-12-16 17:26 . 2010-12-16 17:26 -------- d-----w- c:\program files (x86)\CDVPlayer
2010-12-16 17:26 . 2010-12-22 17:50 466944 ------w- c:\windows\Setup1.exe
2010-12-16 17:26 . 2010-12-22 17:50 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-12-11 18:09 . 2010-12-11 18:09 -------- d--h--r- c:\users\CrasherKill\AppData\Roaming\SecuROM
2010-12-11 16:07 . 2010-12-11 16:07 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2010-12-07 15:34 . 2010-12-07 15:34 15823872 ----a-w- c:\users\CrasherKill\AppData\Roaming\Microsoft\Windows\Templates\Office 2010 Toolkit.exe
2010-12-07 15:34 . 2010-12-07 15:34 786492 ----a-w- c:\users\CrasherKill\AppData\Roaming\Microsoft\Windows\Templates\cryptedcybertoirrent.exe
2010-12-07 15:34 . 2010-12-07 15:34 107008 ----a-w- c:\users\CrasherKill\AppData\Roaming\Microsoft\Windows\Templates\Torrant.exe
2010-12-04 16:09 . 2010-12-04 16:09 -------- d-----w- c:\program files (x86)\Ubisoft
2010-11-30 20:22 . 2010-11-30 20:22 -------- d-----w- c:\users\CrasherKill\AppData\Local\Xenocode
2010-11-30 20:22 . 2010-11-30 20:22 -------- d-----w- c:\program files (x86)\Xenocode
2010-11-30 19:39 . 2010-11-30 19:39 75776 ----a-w- c:\windows\cadkasdeinst01e.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 22:04 . 2010-09-16 17:47 25640 ----a-w- c:\windows\gdrv.sys
2010-12-13 17:42 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-12-13 17:42 . 2009-08-18 10:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-23 19:27 . 2010-10-21 19:46 234984 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-11-23 19:27 . 2010-10-21 18:56 234984 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2010-11-23 19:27 . 2010-10-21 18:56 234984 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-23 18:41 . 2010-10-21 18:56 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-11-17 06:53 . 2010-11-17 06:53 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-10-31 20:49 . 2010-11-05 19:58 6291456 ----a-w- c:\users\CrasherKill\AppData\Roaming\Microsoft\Internet Explorer\Call of Duty Black Ops.exe
2010-10-20 21:59 . 2010-10-20 11:15 112116 ----a-w- c:\users\CrasherKill\AppData\Roaming\mdbu.bin
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2010-10-01 18:05 . 2010-09-18 14:35 5018 --sha-w- c:\programdata\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\DEA314C409294250BC9298E4C105F28D.TMP ----

2010-12-11 16:07 . 2010-12-11 16:07 200704 ----a-w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP\WiseCustomCalla.dll


((((((((((((((((((((((((((((( SnapShot@2010-12-28_18.28.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2010-12-28 08:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2010-12-28 22:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-28 08:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-28 22:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-28 08:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-28 22:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-16 19:54 . 2010-12-28 08:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-16 19:54 . 2010-12-28 22:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-16 19:54 . 2010-12-28 22:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-16 19:54 . 2010-12-28 08:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-16 19:54 . 2010-12-28 22:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-16 19:54 . 2010-12-28 08:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-16 18:18 . 2010-12-28 22:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-16 18:18 . 2010-12-28 08:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-16 18:18 . 2010-12-28 22:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-16 18:18 . 2010-12-28 08:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-28 08:39 . 2010-12-28 08:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-28 22:04 . 2010-12-28 22:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-28 08:39 . 2010-12-28 08:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-28 22:04 . 2010-12-28 22:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2010-12-27 19:42 618714 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2010-12-28 20:45 618714 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2010-12-27 19:42 634308 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2010-12-28 20:45 634308 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2010-12-28 20:45 107034 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2010-12-27 19:42 107034 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2010-12-27 19:42 122898 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2010-12-28 20:45 122898 c:\windows\system32\perfc005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\program files (x86)\RocketDock\RocketDock.exe" [2007-03-18 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Reader Speed Launcher"="e:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AVerFx2hbtv64;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys [2009-05-05 508672]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-18 1436424]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-16 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-16 834544]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 mitsijm2011;Správce úloh aplikace Autodesk Moldflow Inventor Tool Suite Integration 2011;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-04-19 1401672]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 7767040]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 279040]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 07:40]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 07:40]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF12842.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\program files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-WYSIWYG_Web_Builder_7 - c:\windows\iun6002.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3199945752-1232938285-4007699256-1000\Software\SecuROM\License information*]
"datasecu"=hex:ef,82,56,5d,0c,2a,49,c5,d8,02,72,f1,41,48,23,44,f4,d1,5a,00,ca,
45,f2,df,f9,2e,dd,8c,25,07,1f,14,34,ca,a0,27,09,0f,64,34,93,44,4c,57,8a,3a,\
"rkeysecu"=hex:27,49,52,9a,85,ae,e3,e5,f1,c8,c0,10,6c,a0,9a,95
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\TeamViewer\Version5\TeamViewer.exe
.
**************************************************************************
.
Celkový čas: 2010-12-28 23:07:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-28 22:07
ComboFix2.txt 2010-12-28 18:31

Před spuštěním: Volných bajtů: 84 262 162 432
Po spuštění: Volných bajtů: 83 676 069 888

- - End Of File - - DB6BBC38C2F178B2D34C2DB4EF3024EB

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Tady to je, ale nějak mi to mění moje nastavení při použití toho scriptu mi to změnilo například výchozí prohlížeč a řízení uživatelských účtů, ale jestli je to normální tak ok....

ComboFix 10-12-26.01 - CrasherKill 28.12.2010 23:19:25.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.2725 [GMT 1:00]
Spuštěný z: c:\users\CrasherKill\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\CrasherKill\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfc009.dat"
"c:\windows\system32\perfh005.dat"
"c:\windows\system32\perfh009.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
c:\program files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de\chrome.manifest
c:\program files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de\chrome\quickstorestoolbar.jar
c:\program files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de\install.rdf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-28 do 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-28 22:21 . 2010-12-28 22:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-28 22:17 . 2010-12-28 22:18 -------- d-----r- C:\32788R22FWJFW
2010-12-28 17:24 . 2010-12-28 17:24 -------- d-----w- c:\users\CrasherKill\AppData\Roaming\Malwarebytes
2010-12-28 17:24 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-28 17:24 . 2010-12-28 17:24 -------- d-----w- c:\programdata\Malwarebytes
2010-12-28 17:18 . 2010-12-28 17:18 -------- d-----w- c:\users\CrasherKill\DoctorWeb
2010-12-28 16:21 . 2010-12-28 16:21 -------- d-----w- c:\programdata\Electronic Arts
2010-12-28 08:43 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04CE72AE-DE7B-4873-AB50-1276B043B341}\mpengine.dll
2010-12-26 14:10 . 2010-12-26 14:10 -------- d-----w- c:\users\CrasherKill\Můj film
2010-12-25 19:38 . 2010-12-25 19:38 -------- d-----w- c:\users\CrasherKill\AppData\Local\4A Games
2010-12-25 10:53 . 2010-12-25 11:02 -------- d-----w- c:\program files (x86)\Vietcong
2010-12-24 20:44 . 2010-12-24 20:45 -------- d-----w- c:\users\CrasherKill\AppData\Roaming\TrueCrypt
2010-12-21 15:09 . 2010-12-21 15:09 -------- d-----w- c:\users\CrasherKill\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-12-21 15:09 . 2010-12-21 15:09 -------- d-----w- c:\users\CrasherKill\AppData\Roaming\Adobe Mini Bridge CS5
2010-12-16 17:26 . 2003-04-16 00:10 110592 ----a-w- c:\windows\SysWow64\tsccvid.dll
2010-12-16 17:26 . 2010-12-16 17:26 -------- d-----w- c:\program files (x86)\CDVPlayer
2010-12-16 17:26 . 2010-12-22 17:50 466944 ------w- c:\windows\Setup1.exe
2010-12-16 17:26 . 2010-12-22 17:50 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-12-11 18:09 . 2010-12-11 18:09 -------- d--h--r- c:\users\CrasherKill\AppData\Roaming\SecuROM
2010-12-11 16:07 . 2010-12-11 16:07 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2010-12-07 15:34 . 2010-12-07 15:34 15823872 ----a-w- c:\users\CrasherKill\AppData\Roaming\Microsoft\Windows\Templates\Office 2010 Toolkit.exe
2010-12-07 15:34 . 2010-12-07 15:34 786492 ----a-w- c:\users\CrasherKill\AppData\Roaming\Microsoft\Windows\Templates\cryptedcybertoirrent.exe
2010-12-07 15:34 . 2010-12-07 15:34 107008 ----a-w- c:\users\CrasherKill\AppData\Roaming\Microsoft\Windows\Templates\Torrant.exe
2010-12-04 16:09 . 2010-12-04 16:09 -------- d-----w- c:\program files (x86)\Ubisoft
2010-11-30 20:22 . 2010-11-30 20:22 -------- d-----w- c:\users\CrasherKill\AppData\Local\Xenocode
2010-11-30 20:22 . 2010-11-30 20:22 -------- d-----w- c:\program files (x86)\Xenocode
2010-11-30 19:39 . 2010-11-30 19:39 75776 ----a-w- c:\windows\cadkasdeinst01e.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 22:23 . 2010-09-16 17:47 25640 ----a-w- c:\windows\gdrv.sys
2010-12-13 17:42 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-12-13 17:42 . 2009-08-18 10:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-23 19:27 . 2010-10-21 19:46 234984 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-11-23 19:27 . 2010-10-21 18:56 234984 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2010-11-23 19:27 . 2010-10-21 18:56 234984 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-23 18:41 . 2010-10-21 18:56 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-11-17 06:53 . 2010-11-17 06:53 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-10-31 20:49 . 2010-11-05 19:58 6291456 ----a-w- c:\users\CrasherKill\AppData\Roaming\Microsoft\Internet Explorer\Call of Duty Black Ops.exe
2010-10-20 21:59 . 2010-10-20 11:15 112116 ----a-w- c:\users\CrasherKill\AppData\Roaming\mdbu.bin
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2010-10-01 18:05 . 2010-09-18 14:35 5018 --sha-w- c:\programdata\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-28_18.28.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2010-12-28 08:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2010-12-28 22:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-28 08:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-28 22:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-28 08:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-28 22:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2010-12-28 22:06 32146 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-16 22:04 . 2010-12-28 22:06 12174 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3199945752-1232938285-4007699256-1000_UserData.bin
+ 2010-09-16 19:54 . 2010-12-28 22:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-16 19:54 . 2010-12-28 08:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-16 19:54 . 2010-12-28 08:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-16 19:54 . 2010-12-28 22:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-16 19:54 . 2010-12-28 22:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-16 19:54 . 2010-12-28 08:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-16 18:18 . 2010-12-28 08:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-16 18:18 . 2010-12-28 22:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-16 18:18 . 2010-12-28 22:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-16 18:18 . 2010-12-28 08:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-28 22:22 . 2010-12-28 22:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-28 08:39 . 2010-12-28 08:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-28 22:22 . 2010-12-28 22:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-28 08:39 . 2010-12-28 08:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2010-12-27 19:42 618714 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2010-12-28 20:45 618714 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2010-12-27 19:42 634308 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2010-12-28 20:45 634308 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2010-12-28 20:45 107034 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2010-12-27 19:42 107034 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2010-12-27 19:42 122898 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2010-12-28 20:45 122898 c:\windows\system32\perfc005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\program files (x86)\RocketDock\RocketDock.exe" [2007-03-18 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Reader Speed Launcher"="e:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Slu×ba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 AVerFx2hbtv64;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-18 1436424]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 mitsijm2011;Sprßvce ˙loh aplikace Autodesk Moldflow Inventor Tool Suite Integration 2011;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-04-19 1401672]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 07:40]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 07:40]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\CrasherKill\AppData\Roaming\Mozilla\Firefox\Profiles\8mumv3li.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Nový Robinson - d:\program files (x86)\Nikita\Nový Robinson\Uninst.isu


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3199945752-1232938285-4007699256-1000\Software\SecuROM\License information*]
"datasecu"=hex:ef,82,56,5d,0c,2a,49,c5,d8,02,72,f1,41,48,23,44,f4,d1,5a,00,ca,
45,f2,df,f9,2e,dd,8c,25,07,1f,14,34,ca,a0,27,09,0f,64,34,93,44,4c,57,8a,3a,\
"rkeysecu"=hex:27,49,52,9a,85,ae,e3,e5,f1,c8,c0,10,6c,a0,9a,95
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\TeamViewer\Version5\TeamViewer.exe
c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
**************************************************************************
.
Celkový čas: 2010-12-28 23:25:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-28 22:25
ComboFix2.txt 2010-12-28 22:07
ComboFix3.txt 2010-12-28 18:31

P°ed spuÜtýnÝm: Volněch bajt…: 83˙733˙417˙984
Po spuÜtýnÝ: Volněch bajt…: 83˙433˙848˙832

- - End Of File - - B377B1949E1A3F9FBEF753A03E70DF3F

A mám tu další problémy... Mám pocit že mi combofix nějak poškodil rocketdock viz příloha...
http://img254.imageshack.us/img254/1759/problm.jpg
Žádná ikona z té lišty mi nejde spustit viz ty hlášky. Ikony samostatně fungují ale v liště ne. Tak se ptám co to je? Mám přeinstalovat celou lištu nebo to půjde vyřešit nějak jinak. Díky

O tom nastavení vím a dávám je automaticky na defaultní, protože když se každého zeptám jestli si to nastavoval sám, tak stejně neví o co jde a tak to dělám už automaticky. S tím Object Dockem na to mrknu, ale zpětně jsem se díval a CF nic takového nemazal

Už jsem na to neměl nervy, tak jsem šel spát Teď jsem vztal zapnul to a už to funguje tak nevím no:D