Prosím o preventivní kontrolu logu. Vďaka :D Vyřešeno

[M4RTY]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:30, on 17.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\QIP Infium30\infium.exe
C:\WINDOWS\system32\winlogon.exe
C:\Martin\Opera\opera.exe
C:\Documents and Settings\Martin.MARTIN-PC\Plocha\PC-HELP.cz\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 75.101.138.128 we9stun.winning-eleven.net
O1 - Hosts: 5.210.60.81 pes6gate-ec.winning-eleven.net
O1 - Hosts: 74.125.39.103 http://www.sreality.cz/
O1 - Hosts: 74.125.39.103 sreality.cz
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\WINDOWS\TEMP\E_S1F54.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-21-448539723-926492609-1801674531-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ostatní')
O4 - HKUS\S-1-5-21-448539723-926492609-1801674531-1005\..\Run: [EPSON SX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\DOCUME~1\OSTATN~1\LOCALS~1\Temp\E_S94C.tmp" /EF "HKCU" (User 'Ostatní')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46F288FA-1A35-4FA6-AFC1-24F703C2B251}: NameServer = 10.10.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 8715 bytes

[Reklama]

[Damned]

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O1 - Hosts: 75.101.138.128 we9stun.winning-eleven.net
O1 - Hosts: 5.210.60.81 pes6gate-ec.winning-eleven.net
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[M4RTY]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3584
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.1.2010 20:23:24
mbam-log-2010-01-17 (20-23-24).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 181133
Uplynulý čas: 12 minute(s), 6 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)


A to 01 Hosts sreality.cz můžu tky smazat , že ?

[Damned]

Pokud sis je nepřidal sám (nebo již nepotřebuješ), tak ano.

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[M4RTY]

OK, Tady ComboFix

ComboFix 10-01-17.02 - Martin 18.01.2010 15:45:08.13.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1628 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin.MARTIN-PC\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Martin.MARTIN-PC\Dokumenty\cc_20091219_173451.reg
c:\documents and settings\Martin.MARTIN-PC\Dokumenty\cc_20091222_092646.reg
c:\documents and settings\Martin.MARTIN-PC\Dokumenty\cc_20100111_202242.reg
c:\program files\QIP
c:\program files\QIP\LI\current.cfg
c:\program files\QIP\LI\English\_cntry.lng
c:\program files\QIP\LI\English\_intrsts.lng
c:\program files\QIP\LI\English\_langs.lng
c:\program files\QIP\LI\English\_marital.lng
c:\program files\QIP\LI\English\_occup.lng
c:\program files\QIP\LI\English\_orgs.lng
c:\program files\QIP\LI\English\_past.lng
c:\program files\QIP\LI\English\_rndchat.lng
c:\program files\QIP\LI\English\desc.txt
c:\program files\QIP\LI\English\chars_r.ini
c:\program files\QIP\LI\English\chars_t.ini
c:\program files\QIP\LI\English\lang.ini
c:\program files\QIP\LI\langs.cfg
c:\program files\QIP\LI\Russian\_cntry.lng
c:\program files\QIP\LI\Russian\_intrsts.lng
c:\program files\QIP\LI\Russian\_langs.lng
c:\program files\QIP\LI\Russian\_marital.lng
c:\program files\QIP\LI\Russian\_occup.lng
c:\program files\QIP\LI\Russian\_orgs.lng
c:\program files\QIP\LI\Russian\_past.lng
c:\program files\QIP\LI\Russian\_rndchat.lng
c:\program files\QIP\LI\Russian\desc.txt
c:\program files\QIP\LI\Russian\chars_r.ini
c:\program files\QIP\LI\Russian\chars_t.ini
c:\program files\QIP\LI\Russian\lang.ini
c:\program files\QIP\Plugins\docking.dll
c:\program files\QIP\qip.exe
c:\program files\QIP\Skins\current.cfg
c:\program files\QIP\Skins\ICQ5\addopt.bmp
c:\program files\QIP\Skins\ICQ5\allicons.bmp
c:\program files\QIP\Skins\ICQ5\clbg.bmp
c:\program files\QIP\Skins\ICQ5\clevent.bmp
c:\program files\QIP\Skins\ICQ5\clstatus.bmp
c:\program files\QIP\Skins\ICQ5\Colors.ini
c:\program files\QIP\Skins\ICQ5\desc.txt
c:\program files\QIP\Skins\ICQ5\downbutton1.bmp
c:\program files\QIP\Skins\ICQ5\fadehlp.bmp
c:\program files\QIP\Skins\ICQ5\fadehlpt.bmp
c:\program files\QIP\Skins\ICQ5\fademsg.bmp
c:\program files\QIP\Skins\ICQ5\fademsgt.bmp
c:\program files\QIP\Skins\ICQ5\fadesrv.bmp
c:\program files\QIP\Skins\ICQ5\fadesrvt.bmp
c:\program files\QIP\Skins\ICQ5\msgbg.bmp
c:\program files\QIP\Skins\ICQ5\msgbge.bmp
c:\program files\QIP\Skins\ICQ5\noimage.jpg
c:\program files\QIP\Skins\ICQ5\qipbtn.bmp
c:\program files\QIP\Skins\ICQ5\signs.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\_define.ini
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aa.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ab.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ac.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ad.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ae.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\af.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ag.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ah.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ai.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aj.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ak.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\al.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\am.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\an.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ao.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ap.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aq.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ar.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\as.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\at.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\au.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\av.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aw.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ax.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ay.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\az.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ba.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bb.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bc.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bd.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\be.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bf.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bg.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bh.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bi.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bj.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bk.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bl.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bm.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bn.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bo.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bp.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bq.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\br.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bs.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bt.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bu.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bv.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bw.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\Copyright(eng).txt
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\Copyright.txt
c:\program files\QIP\Skins\ICQ5\Smilies\Static\_define.ini
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aa.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ab.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ac.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ad.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ae.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\af.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ag.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ah.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ai.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aj.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ak.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\al.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\am.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\an.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ao.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ap.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aq.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ar.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\as.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\at.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\au.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\av.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aw.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ax.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ay.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ba.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\bb.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\bc.bmp
c:\program files\QIP\Skins\ICQ5\splash.bmp
c:\program files\QIP\Skins\ICQ5\st_custom.bmp
c:\program files\QIP\Skins\ICQ5\statuses.bmp
c:\program files\QIP\Skins\ICQ5\title.bmp
c:\program files\QIP\Skins\ICQ5\tray.bmp
c:\program files\QIP\Skins\ICQ5\tray2k.bmp
c:\program files\QIP\Skins\ICQ5\upbutton1.bmp
c:\program files\QIP\Skins\ICQ5\upbutton2.bmp
c:\program files\QIP\Skins\ICQ5\upbutton3.bmp
c:\program files\QIP\Skins\ICQ5\userinfo.bmp
c:\program files\QIP\Skins\ICQ5\vis.bmp
c:\program files\QIP\Skins\skins.cfg
c:\program files\QIP\Sounds\sndAuth.wav
c:\program files\QIP\Sounds\sndGlobal.wav
c:\program files\QIP\Sounds\sndMsg.wav
c:\program files\QIP\Sounds\sndMsgSent.wav
c:\program files\QIP\Sounds\sndPlugin.wav
c:\program files\QIP\Sounds\sndRemSelf.wav
c:\program files\QIP\Sounds\sndSrvMsg.wav
c:\program files\QIP\Sounds\sndStartup.wav
c:\program files\QIP\Sounds\sndSystem.wav
c:\program files\QIP\unins000.dat
c:\program files\QIP\unins000.exe
c:\program files\QIP\Users\356490023\_birth.txt
c:\program files\QIP\Users\356490023\_botq.txt
c:\program files\QIP\Users\356490023\_events.txt
c:\program files\QIP\Users\356490023\_eye.txt
c:\program files\QIP\Users\356490023\_groups.txt
c:\program files\QIP\Users\356490023\_m_away.txt
c:\program files\QIP\Users\356490023\_m_depr.txt
c:\program files\QIP\Users\356490023\_m_dnd.txt
c:\program files\QIP\Users\356490023\_m_evil.txt
c:\program files\QIP\Users\356490023\_m_ffc.txt
c:\program files\QIP\Users\356490023\_m_home.txt
c:\program files\QIP\Users\356490023\_m_lunch.txt
c:\program files\QIP\Users\356490023\_m_na.txt
c:\program files\QIP\Users\356490023\_m_occup.txt
c:\program files\QIP\Users\356490023\_m_work.txt
c:\program files\QIP\Users\356490023\_premsg.txt
c:\program files\QIP\Users\356490023\_st_away.txt
c:\program files\QIP\Users\356490023\_st_cust.txt
c:\program files\QIP\Users\356490023\356490023.cl
c:\program files\QIP\Users\356490023\356490023.clg
c:\program files\QIP\Users\356490023\356490023.cli
c:\program files\QIP\Users\356490023\356490023.clv
c:\program files\QIP\Users\356490023\356490023.lcl
c:\program files\QIP\Users\356490023\356490023.nil
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_07.cl
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_07.clg
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_07.cli
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_07.clv
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_08.cl
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_08.clg
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_08.cli
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_08.clv
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_09.cl
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_09.clg
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_09.cli
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_09.clv
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_12.cl
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_12.clg
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_12.cli
c:\program files\QIP\Users\356490023\BackupCL\356490023_2009_12.clv
c:\program files\QIP\Users\356490023\Config.ini
c:\program files\QIP\Users\356490023\Devils\176386346.jpg
c:\program files\QIP\Users\356490023\Devils\225931676.gif
c:\program files\QIP\Users\356490023\Devils\290736102.jpg
c:\program files\QIP\Users\356490023\Devils\299410191.gif
c:\program files\QIP\Users\356490023\Devils\299516016.jpg
c:\program files\QIP\Users\356490023\Devils\320567828.jpg
c:\program files\QIP\Users\356490023\Devils\335426356.jpg
c:\program files\QIP\Users\356490023\Devils\350111754.jpg
c:\program files\QIP\Users\356490023\Devils\350851260.jpg
c:\program files\QIP\Users\356490023\Devils\355114204.jpg
c:\program files\QIP\Users\356490023\Devils\356134066.gif
c:\program files\QIP\Users\356490023\Devils\356490023.jpg
c:\program files\QIP\Users\356490023\Devils\361786210.jpg
c:\program files\QIP\Users\356490023\Devils\363000126.jpg
c:\program files\QIP\Users\356490023\Devils\371281179.jpg
c:\program files\QIP\Users\356490023\Devils\374563847.jpg
c:\program files\QIP\Users\356490023\Devils\375725158.jpg
c:\program files\QIP\Users\356490023\Devils\376446297.jpg
c:\program files\QIP\Users\356490023\Devils\377372752.jpg
c:\program files\QIP\Users\356490023\Devils\381918428.jpg
c:\program files\QIP\Users\356490023\Devils\389505082.jpg
c:\program files\QIP\Users\356490023\Devils\390244007.jpg
c:\program files\QIP\Users\356490023\Devils\391927771.jpg
c:\program files\QIP\Users\356490023\Devils\392280451.jpg
c:\program files\QIP\Users\356490023\Devils\398556119.jpg
c:\program files\QIP\Users\356490023\Devils\405901536.jpg
c:\program files\QIP\Users\356490023\Devils\408161756.jpg
c:\program files\QIP\Users\356490023\Devils\409580780.jpg
c:\program files\QIP\Users\356490023\Devils\412638707.jpg
c:\program files\QIP\Users\356490023\Devils\417343677.jpg
c:\program files\QIP\Users\356490023\Devils\423882436.jpg
c:\program files\QIP\Users\356490023\Devils\427422923.jpg
c:\program files\QIP\Users\356490023\Devils\429528170.jpg
c:\program files\QIP\Users\356490023\Devils\429813439.jpg
c:\program files\QIP\Users\356490023\Devils\437435558.jpg
c:\program files\QIP\Users\356490023\Devils\438159493.jpg
c:\program files\QIP\Users\356490023\Devils\440268079.jpg
c:\program files\QIP\Users\356490023\Devils\444485740.bmp
c:\program files\QIP\Users\356490023\Devils\445126863.jpg
c:\program files\QIP\Users\356490023\Devils\450610805.jpg
c:\program files\QIP\Users\356490023\Devils\454715169.jpg
c:\program files\QIP\Users\356490023\Devils\456800517.jpg
c:\program files\QIP\Users\356490023\Devils\462980239.jpg
c:\program files\QIP\Users\356490023\Devils\471598097.jpg
c:\program files\QIP\Users\356490023\Devils\484461410.jpg
c:\program files\QIP\Users\356490023\Devils\486237848.jpg
c:\program files\QIP\Users\356490023\Devils\486799220.jpg
c:\program files\QIP\Users\356490023\Devils\492521978.jpg
c:\program files\QIP\Users\356490023\Devils\495062412.jpg
c:\program files\QIP\Users\356490023\Devils\495503346.jpg
c:\program files\QIP\Users\356490023\Devils\497953128.jpg
c:\program files\QIP\Users\356490023\Devils\498227097.jpg
c:\program files\QIP\Users\356490023\Devils\499967252.jpg
c:\program files\QIP\Users\356490023\Devils\573398855.jpg
c:\program files\QIP\Users\356490023\Devils\581110244.jpg
c:\program files\QIP\Users\356490023\Devils\585641694.jpg
c:\program files\QIP\Users\356490023\Devils\590846005.jpg
c:\program files\QIP\Users\356490023\History\_srvlog.txt
c:\program files\QIP\Users\356490023\History\101281205.txt
c:\program files\QIP\Users\356490023\History\176386346.txt
c:\program files\QIP\Users\356490023\History\260900019.txt
c:\program files\QIP\Users\356490023\History\290736102.txt
c:\program files\QIP\Users\356490023\History\299410191.txt
c:\program files\QIP\Users\356490023\History\299516016.txt
c:\program files\QIP\Users\356490023\History\302017283.txt
c:\program files\QIP\Users\356490023\History\304148667.txt
c:\program files\QIP\Users\356490023\History\320567828.txt
c:\program files\QIP\Users\356490023\History\336013127.txt
c:\program files\QIP\Users\356490023\History\345659078.txt
c:\program files\QIP\Users\356490023\History\350851260.txt
c:\program files\QIP\Users\356490023\History\355114204.txt
c:\program files\QIP\Users\356490023\History\356134066.txt
c:\program files\QIP\Users\356490023\History\356305666.txt
c:\program files\QIP\Users\356490023\History\362239221.txt
c:\program files\QIP\Users\356490023\History\363000126.txt
c:\program files\QIP\Users\356490023\History\371281179.txt
c:\program files\QIP\Users\356490023\History\374563847.txt
c:\program files\QIP\Users\356490023\History\375725158.txt
c:\program files\QIP\Users\356490023\History\376446297.txt
c:\program files\QIP\Users\356490023\History\377372752.txt
c:\program files\QIP\Users\356490023\History\381918428.txt
c:\program files\QIP\Users\356490023\History\387445255.txt
c:\program files\QIP\Users\356490023\History\389505082.txt
c:\program files\QIP\Users\356490023\History\390244007.txt
c:\program files\QIP\Users\356490023\History\392280451.txt
c:\program files\QIP\Users\356490023\History\398556119.txt
c:\program files\QIP\Users\356490023\History\403297712.txt
c:\program files\QIP\Users\356490023\History\409580780.txt
c:\program files\QIP\Users\356490023\History\410828593.txt
c:\program files\QIP\Users\356490023\History\412638707.txt
c:\program files\QIP\Users\356490023\History\417343677.txt
c:\program files\QIP\Users\356490023\History\422009579.txt
c:\program files\QIP\Users\356490023\History\423882436.txt
c:\program files\QIP\Users\356490023\History\437435558.txt
c:\program files\QIP\Users\356490023\History\438159493.txt
c:\program files\QIP\Users\356490023\History\440268079.txt
c:\program files\QIP\Users\356490023\History\444485740.txt
c:\program files\QIP\Users\356490023\History\445126863.txt
c:\program files\QIP\Users\356490023\History\447959490.txt
c:\program files\QIP\Users\356490023\History\450610805.txt
c:\program files\QIP\Users\356490023\History\454043290.txt
c:\program files\QIP\Users\356490023\History\454715169.txt
c:\program files\QIP\Users\356490023\History\471598097.txt
c:\program files\QIP\Users\356490023\History\477628539.txt
c:\program files\QIP\Users\356490023\History\485765464.txt
c:\program files\QIP\Users\356490023\History\486799220.txt
c:\program files\QIP\Users\356490023\History\492521978.txt
c:\program files\QIP\Users\356490023\History\495062412.txt
c:\program files\QIP\Users\356490023\History\497953128.txt
c:\program files\QIP\Users\356490023\History\498227097.txt
c:\program files\QIP\Users\356490023\History\498443773.txt
c:\program files\QIP\Users\356490023\History\499967252.txt
c:\program files\QIP\Users\356490023\History\550006417.txt
c:\program files\QIP\Users\356490023\History\581110244.txt
c:\program files\QIP\Users\356490023\History\581374739.txt
c:\program files\QIP\Users\356490023\History\585641694.txt
c:\program files\QIP\Users\356490023\History\590846005.txt
c:\program files\QIP\Users\356490023\History\596946738.txt
c:\program files\QIP\Users\356490023\History\7613253.txt
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite01.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite02.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite03.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite04.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite05.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite06.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite07.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite08.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite09.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite10.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite11.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite12.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite13.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite14.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite15.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite16.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite17.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite18.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite19.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite20.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite21.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite22.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite23.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite24.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite25.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite26.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite27.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite28.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite29.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite30.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite31.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite32.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite33.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite34.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite35.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite36.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite37.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite38.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite39.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite40.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite41.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite42.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite43.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite44.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite45.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite46.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite47.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite48.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite49.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite50.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite51.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite52.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite53.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite54.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite55.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite56.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite57.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite58.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite59.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite60.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite61.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite62.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite63.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Seite64.png
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Facepreview\Thumbs.db
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Sheva.jpg
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Shevchenko.jpg
c:\program files\QIP\Users\356490023\RcvdFiles\260900019_Tom\Thumbs.db
c:\program files\QIP\Users\356490023\RcvdFiles\356134066___Dadushka__\Fabregas.rtf
c:\program files\QIP\Users\356490023\RcvdFiles\356305666_zdenek\valtice new.cmp
c:\program files\QIP\Users\356490023\RcvdFiles\363000126_Rhino\jdHy_5IGZs.jpg
c:\program files\QIP\Users\356490023\RcvdFiles\363000126_Rhino\Thumbs.db
c:\program files\QIP\Users\356490023\RcvdFiles\374563847_katrin\PICT0317.JPG
c:\program files\QIP\Users\356490023\RcvdFiles\374563847_katrin\Thumbs.db
c:\program files\QIP\Users\356490023\RcvdFiles\417343677_krausis\~$doc2.doc
c:\program files\QIP\Users\356490023\RcvdFiles\417343677_krausis\doc2.doc
c:\program files\QIP\Users\356490023\RcvdFiles\454715169_Drogba\crissycity.jpg
c:\program files\QIP\Users\356490023\RcvdFiles\454715169_Drogba\oedit-0.2a.zip
c:\program files\QIP\Users\356490023\RcvdFiles\454715169_Drogba\oedit-install-0.2ar.exe
c:\program files\QIP\Users\356490023\RcvdFiles\454715169_Drogba\Readme.txt
c:\program files\QIP\Users\356490023\RcvdFiles\454715169_Drogba\x2ph1j.gif
c:\program files\QIP\Users\Accounts.cfg
c:\program files\QIP\Users\Config.ini
c:\program files\QIP\Users\Default.cfg
c:\windows\system32\Ijl11.dll
c:\windows\system32\vbpng1.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-18 do 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-17 21:09 . 2010-01-17 21:09 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-17 21:08 . 2010-01-17 21:10 -------- d-----w- c:\program files\ICQ7.0
2010-01-17 16:03 . 2010-01-17 16:03 -------- d-----w- C:\Freegames
2010-01-16 21:23 . 2010-01-16 21:24 -------- d-----w- c:\program files\IconUtils
2010-01-15 17:28 . 2010-01-15 17:28 -------- d-sh--w- c:\documents and settings\NeaPhetyx\PrivacIE
2010-01-12 14:57 . 2010-01-11 19:18 188417 ----a-w- c:\windows\system32\unnamed_1594.bin
2010-01-11 20:09 . 2010-01-11 20:09 -------- d-----w- c:\program files\MSBuild
2010-01-11 19:25 . 2010-01-15 20:29 -------- d-----w- C:\POC 2010
2010-01-09 19:23 . 2010-01-09 19:23 -------- d-----w- c:\program files\RAR Password Cracker
2010-01-09 17:18 . 2010-01-09 17:29 7 ----a-w- c:\windows\sbacknt.bin
2010-01-09 17:18 . 2010-01-09 17:18 152904 ----a-w- c:\windows\system32\vghd.scr
2010-01-09 10:42 . 2010-01-09 10:42 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-01-02 16:16 . 2010-01-02 16:16 -------- d-----w- c:\program files\MOBILedit!
2010-01-01 12:19 . 2010-01-01 12:21 -------- d-----w- c:\program files\The KMPlayer
2010-01-01 09:01 . 2010-01-01 09:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikac
2010-01-01 09:01 . 2010-01-01 09:01 -------- d-----w- c:\program files\Pando Networks
2009-12-29 17:21 . 2009-12-29 17:21 -------- d-----w- c:\program files\r2 Studios
2009-12-29 16:25 . 2009-12-29 16:25 -------- d-----w- c:\program files\MKVTOAVI
2009-12-28 16:01 . 2009-12-28 16:01 -------- d-----w- c:\program files\Desktop Sidebar
2009-12-27 17:58 . 1998-10-01 14:22 299520 ----a-w- c:\windows\uninst.exe
2009-12-27 17:58 . 2009-12-27 17:58 -------- d-----w- c:\documents and settings\Martin.MARTIN-PC\WINDOWS
2009-12-27 14:15 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-27 14:15 . 2008-04-14 07:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-26 17:39 . 2009-12-26 17:39 -------- d-----w- c:\program files\ColorStudio 1 Trial
2009-12-26 17:28 . 2009-12-26 17:29 -------- d-----w- c:\program files\blackmagic
2009-12-25 22:10 . 2009-12-26 08:40 -------- d-----w- c:\program files\Trillian
2009-12-24 17:33 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-24 17:33 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-24 17:18 . 2009-12-24 17:20 -------- d-----w- c:\program files\Epson Software
2009-12-24 17:16 . 2009-12-24 17:17 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2009-12-24 17:14 . 2007-04-10 09:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2009-12-24 17:14 . 2008-08-08 10:09 86528 ----a-w- c:\windows\system32\E_FLBFDE.DLL
2009-12-24 17:14 . 2007-12-07 10:01 78848 ----a-w- c:\windows\system32\E_FD4BFDE.DLL
2009-12-24 17:14 . 2008-11-16 23:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2009-12-24 17:14 . 2006-08-25 08:00 9216 ----a-w- c:\windows\system32\escdev.dll
2009-12-24 17:14 . 2009-12-24 17:19 -------- d-----w- c:\program files\epson
2009-12-24 17:11 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-24 17:11 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-24 17:10 . 2008-04-13 23:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-12-24 17:10 . 2008-04-13 23:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-23 20:48 . 2009-12-23 20:48 -------- d-----w- c:\program files\ScreenShots
2009-12-22 19:35 . 2009-12-22 19:35 -------- d-----w- c:\windows\system32\QuickTime
2009-12-22 19:35 . 2006-04-30 20:10 102400 ----a-w- c:\windows\system32\tsccvid.dll
2009-12-22 19:34 . 2009-12-22 19:34 -------- d-----w- c:\program files\TechSmith
2009-12-22 12:00 . 2009-12-22 12:00 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-20 19:29 . 2009-12-21 18:25 -------- d-----w- c:\program files\AIMP2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 21:09 . 2009-07-28 14:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 19:10 . 2009-08-05 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 17:19 . 2009-10-17 08:42 287760 ----a-w- C:\bin0.bin
2010-01-15 17:19 . 2009-10-17 08:42 190697 ----a-w- C:\subafsfile0.bin
2010-01-13 08:15 . 2008-04-14 12:00 78746 ----a-w- c:\windows\system32\perfc005.dat
2010-01-13 08:15 . 2008-04-14 12:00 430694 ----a-w- c:\windows\system32\perfh005.dat
2010-01-09 10:45 . 2009-08-01 16:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-07 15:07 . 2009-08-05 21:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-08-05 21:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 17:06 . 2009-07-28 20:22 -------- d-----w- c:\program files\ICQ6.5
2010-01-03 18:05 . 2009-07-28 18:01 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-03 18:05 . 2009-07-28 18:00 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-29 11:25 . 2009-08-09 14:07 -------- d-----w- c:\program files\DivX
2009-12-29 11:25 . 2009-08-09 14:07 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-28 14:18 . 2009-08-01 14:08 -------- d-----w- c:\program files\Fifa Master
2009-12-26 09:02 . 2009-11-06 20:55 -------- d-----w- c:\program files\Miranda IM
2009-12-24 17:19 . 2009-07-28 14:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-22 11:59 . 2009-09-02 18:28 -------- d-----w- c:\program files\Hamachi
2009-12-16 16:37 . 2009-12-16 16:37 -------- d-----w- c:\program files\MirandaPack
2009-12-11 13:21 . 2009-12-11 13:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-11 13:21 . 2009-07-28 17:31 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-06 15:53 . 2009-07-29 12:32 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-06 10:50 . 2009-12-06 10:50 -------- d-----w- c:\program files\Image-Line
2009-12-06 10:50 . 2009-12-06 10:50 -------- d-----w- c:\program files\Outsim
2009-12-06 10:44 . 2009-12-06 10:44 -------- d-----w- c:\program files\Common Files\Program4Pc
2009-12-06 10:44 . 2009-12-06 10:44 274523 ----a-w- c:\windows\DJ Music Mixer Uninstaller.exe
2009-12-06 09:05 . 2009-11-27 11:35 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-05 17:06 . 2009-12-05 17:06 -------- d-----w- c:\program files\FIFAMANIA
2009-12-05 14:18 . 2009-12-05 14:18 0 ----a-w- c:\windows\nsreg.dat
2009-12-01 19:44 . 2009-12-01 19:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-29 21:10 . 2009-11-29 21:10 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-11-28 21:57 . 2009-11-28 21:56 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-11-28 21:46 . 2009-11-28 20:10 -------- d-----w- c:\program files\FlashGet
2009-11-28 13:13 . 2009-11-28 13:13 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-11-27 15:54 . 2009-11-27 15:54 -------- d-----w- c:\program files\EASEUS
2009-11-26 18:12 . 2009-11-26 18:10 -------- d-----w- c:\program files\UnderCoverXP
2009-11-26 16:02 . 2009-08-13 18:46 -------- d-----w- c:\program files\Game Cam V2
2009-11-26 15:58 . 2009-07-28 18:19 -------- d-----w- c:\program files\Opera
2009-11-26 15:11 . 2009-11-26 15:11 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-11-23 18:26 . 2009-11-23 18:26 -------- d-----w- c:\program files\Lavalys
2009-11-23 15:56 . 2009-11-23 15:55 -------- d-----w- c:\program files\PhotoFiltre Studio X
2009-11-21 16:03 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 19:32 . 2009-11-20 19:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-19 20:42 . 2009-07-28 16:08 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-18 13:29 . 2009-11-18 13:29 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-11-17 11:25 . 2009-10-29 10:09 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-17 11:25 . 2009-10-29 10:09 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-17 11:25 . 2009-10-29 10:09 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-17 11:25 . 2009-10-29 10:09 132808 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-08 11:46 . 2009-10-25 09:34 63 ----a-w- c:\documents and settings\Martin.MARTIN-PC\jagex_runescape_preferences2.dat
2009-11-08 11:44 . 2009-10-25 09:33 38 ----a-w- c:\documents and settings\Martin.MARTIN-PC\jagex_runescape_preferences.dat
2009-11-05 15:38 . 2009-11-27 15:54 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-10-30 14:08 . 2009-11-28 21:57 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-10-30 14:01 . 2009-08-04 20:14 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-29 07:43 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-01 2935480]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-01-12 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-17 1800464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Martin.MARTIN-PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Martin\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Martin\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Martin\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Martin\\EA Sports\\FIFA 08\\FIFA08.exe"=
"c:\\Program Files\\QIP Infium30\\infium.exe"=
"c:\\Martin\\Opera\\opera.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 10\\pes2010.exe.exe"=
"c:\\Python25\\pythonw.exe"=
"e:\\Program Files\\VirtualDJ\\virtualdj_trial.exe"=
"e:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"e:\\Program Files\\2K Sports\\NBA 2K10\\nba2k10.exe"=
"e:\\Counter-Strike Source\\hl2.exe"=
"e:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6ONLINEvn\\CODE\\GoalServer6.exe"=
"e:\\Program Files\\EA Games\\MOHAA\\MOHAA.exe"=
"e:\\Program Files\\EA Games\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Valve\\hl.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56118:TCP"= 56118:TCP:Pando Media Booster
"56118:UDP"= 56118:UDP:Pando Media Booster

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [29.10.2009 11:09 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [29.10.2009 11:09 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.8.2009 15:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.8.2009 15:06 74480]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17.1.2010 22:09 246520]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [12.9.2004 8:45 8320]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [22.10.2009 19:35 27632]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.7.2009 18:31 691696]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [27.11.2009 16:54 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [27.11.2009 16:54 8456]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [22.10.2009 19:35 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [22.10.2009 19:35 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [22.10.2009 19:35 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [22.10.2009 19:35 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [22.10.2009 19:35 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [22.10.2009 19:35 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [22.10.2009 19:35 115752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.8.2009 15:06 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-18 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Subscribe in Desktop Sidebar - c:\program files\Desktop Sidebar\sbhelp.dll/menuhandler.html
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\imon.dll
TCP: {46F288FA-1A35-4FA6-AFC1-24F703C2B251} = 10.10.10.1
FF - ProfilePath - c:\documents and settings\Martin.MARTIN-PC\Data aplikací\Mozilla\Firefox\Profiles\bder680s.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\martin\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\martin\Opera\program\plugins\NPOFFICE.DLL
FF - plugin: c:\martin\Opera\program\plugins\NPOFFICE.DLL
FF - plugin: c:\martin\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\martin\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-QIP 2005_is1 - c:\program files\QIP\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 15:54
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-448539723-926492609-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-448539723-926492609-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:1c,76,f9,df,b0,d3,03,00,c8,35,c3,07,32,2b,36,78,a2,03,8a,07,b0,
bf,66,cd,83,c2,6d,e4,34,1c,d2,e6,d0,03,27,7e,23,a7,07,21,de,3c,00,ff,b2,11,\
"rkeysecu"=hex:3b,71,a0,89,a0,5c,d1,64,06,7d,b4,29,af,de,be,ca
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1336)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-01-18 15:55:51
ComboFix-quarantined-files.txt 2010-01-18 14:55

Před spuštěním: Volných bajtů: 11 848 507 392
Po spuštění: Volných bajtů: 14 520 971 264

- - End Of File - - CCCBBA8F6737388CA99B50F2466F458A

[M4RTY]

Damned ?

[Damned]

Všimni si, že v archívu jdu nejdříve od posledních, včera jsem tu nebyl.
Co je to NeaPhetyx ?
a toto?
c:\documents and settings\All Users.WINDOWS\Data aplikac
c:\documents and settings\Martin.MARTIN-PC\WINDOWS

Kdo to vyrobil?

[M4RTY]

NeaPhetyx byl uživatel , teď už není . A to ostatní o tom nemám ponětí

[Damned]

Co obsahují, kdy a s čím byly vytvořeny?

[M4RTY]

c:\documents and settings\All Users.WINDOWS\Data aplikac => obsahují složku PMB Files a konfiguračním nastavením Pambo.ini. . Mají 80bajtů. Vytvořeno 1.Ledna.2010 10:01:43

c:\documents and settings\Martin.MARTIN-PC\WINDOWS => obsahují složku system a vní nic .

Takže to můžu vymazat ?

EDIT: A nevím čím byly vytvořeny

[Damned]

Zabal ten Pambo.ini do archívu a přilož mi ho sem.

[M4RTY]

Tady to je

EDIT: Pando , promiň za název jsem se spletl