Zdravím,
bratrovi se podařilo chytit na internetu vir viz sub.
četl jsem tady návody a v jednom je napsáno, že je potřeba psát skripty na míru, proto píši takhle.
Na infikovaném PC nejde otevřít žádná webová stránka, přitom win. hlásí připojení k internetu.
Přikládám následně log z programu RSIT
A děkuji za každou pomoc.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Martin at 2011-07-11 08:47:51
Microsoft Windows 7 Ultimate
System drive C: has 16 GB (10%) free of 153 GB
Total RAM: 2046 MB (64% free)
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-672225838-3496896349-3914168291-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-672225838-3496896349-3914168291-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\afj65a5g.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.searchqu.com/"
prefs.js - "extensions.enabledItems" - "DTToolbar@toolbarnet.com:1.1.3.0244, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1, {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25, {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.23, {6236BA26-C117-4007-928C-DE0716C7FA82}:1.0.2, {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1, {71bfcce7-421d-4042-95d4-a585a821cbca}:2.5.2, {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0, ffox@bandoo.com:5.1, {99079a25-328f-4bd4-be04-00955acaa0a7}:4.1.0.01, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12"
prefs.js - "keyword.URL" - "http://www.searchqu.com/web?src=ffb&systemid=101&q="
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609]
"Description"=12.0.1.609
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsIBitCometAgent.xpt
nsINIProcessor.js
nsjsrealplayerplugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat
C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npBitCometAgent.dll
npnul32.dll
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll
ShockwavePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
SearchquWebSearch.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\afj65a5g.default\extensions\
DTToolbar@toolbarnet.com
ffox@bandoo.com
staged-xpis
{6236BA26-C117-4007-928C-DE0716C7FA80}
{6236BA26-C117-4007-928C-DE0716C7FA82}
{6236BA26-C117-4007-928C-DE0716C7FA96}
{6236BA26-C117-4007-928C-DE0716C7FA99}
{71bfcce7-421d-4042-95d4-a585a821cbca}
{99079a25-328f-4bd4-be04-00955acaa0a7}
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\afj65a5g.default\searchplugins\
daemon-search.xml
SearchquWebSearch.xml
web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-01-16 382720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-02-23 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
XfireXO Toolbar - C:\Program Files\XfireXO\tbXfi1.dll [2011-02-23 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
Searchqu Toolbar - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll [2011-03-02 88976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [2010-08-28 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Stylish Profile\enlbrdr.dll [2010-10-19 185856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
UrlHelper Class - C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll [2011-03-02 722840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-26 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
BandooIEPlugin Class - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll [2011-04-21 2046864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2010-08-28 245760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2010-08-28 245760]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - XfireXO Toolbar - C:\Program Files\XfireXO\tbXfi1.dll [2011-02-23 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-02-23 3911776]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll [2011-03-02 88976]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-01-16 274608]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2010-09-17 63048]
"DATAMNGR"=C:\PROGRA~1\WIA6EB~1\Datamngr\DATAMN~1.EXE [2011-03-02 1115536]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-05-25 1951112]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 136176]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"RGSC"=D:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"EPSON SX110 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE [2008-09-27 199680]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-07-14 8704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1148259343]
C:\Users\Martin\AppData\Local\aed.exe [2011-07-10 339968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\wia6eb~1\datamngr\datamngr.dll c:\progra~1\wia6eb~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll, snapapi32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideSCAHealth"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Martin\Downloads\facebook-pic000934519.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehshell.exe]
"Debugger=""C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"VIDC.XFR1"=xfcodec.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.IV41"=IR41_32.AX
======File associations======
.exe - open - "C:\Users\Martin\AppData\Local\aed.exe" -a "%1" %*
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-07-11 08:47:51 ----D---- C:\rsit
2011-07-11 08:47:51 ----D---- C:\Program Files\trend micro
2011-06-21 16:17:52 ----A---- C:\Windows\War3Unin.pif
2011-06-21 16:17:52 ----A---- C:\Windows\War3Unin.exe
2011-06-21 16:17:52 ----A---- C:\Windows\War3Unin.dat
2011-06-20 14:45:26 ----D---- C:\The_Lord_Of_The_Rings_Conquest-Razor1911
2011-06-20 14:38:27 ----D---- C:\The_Lord_Of_The_Rings_Conquest_Crackfix-Razor1911
======List of files/folders modified in the last 1 month======
2011-07-11 08:47:51 ----RD---- C:\Program Files
2011-07-11 08:46:58 ----D---- C:\Users\Martin\AppData\Roaming\Skype
2011-07-11 08:26:54 ----D---- C:\Users\Martin\AppData\Roaming\Xfire
2011-07-11 08:17:39 ----D---- C:\Windows\Temp
2011-07-11 08:15:21 ----D---- C:\ProgramData\NVIDIA
2011-07-11 00:11:59 ----D---- C:\ProgramData\LogMeIn
2011-07-10 23:48:54 ----SHD---- C:\Windows\Installer
2011-07-10 23:48:49 ----HD---- C:\ProgramData
2011-07-10 23:48:45 ----D---- C:\Windows\system32\drivers
2011-07-10 23:40:54 ----D---- C:\Windows\system32\Tasks
2011-07-10 23:39:06 ----RD---- C:\Users
2011-07-10 23:32:59 ----D---- C:\Program Files\Opera
2011-07-10 12:48:12 ----D---- C:\Windows\system32\config
2011-07-10 12:36:44 ----SHD---- C:\System Volume Information
2011-07-09 11:36:26 ----D---- C:\ProgramData\Xfire
2011-07-07 21:48:00 ----D---- C:\Windows\Prefetch
2011-07-06 13:14:46 ----D---- C:\Windows\system32\catroot2
2011-07-05 00:06:23 ----D---- C:\JDownloads
2011-06-28 20:36:45 ----D---- C:\Windows\System32
2011-06-28 20:36:44 ----A---- C:\Windows\system32\PnkBstrB.exe
2011-06-27 22:54:17 ----D---- C:\Program Files\JDownloader
2011-06-23 20:59:02 ----D---- C:\Windows\system32\NDF
2011-06-22 20:59:44 ----D---- C:\Users\Martin\AppData\Roaming\uTorrent
2011-06-21 16:36:34 ----D---- C:\Program Files\Garena
2011-06-21 16:17:52 ----D---- C:\Windows
2011-06-21 00:30:19 ----A---- C:\Windows\system32\PnkBstrA.exe
2011-06-20 21:27:36 ----RSD---- C:\Windows\assembly
2011-06-20 21:02:41 ----D---- C:\Image
2011-06-20 00:05:31 ----A---- C:\Windows\system32\H@tKeysH@@k.DLL
2011-06-19 21:39:23 ----D---- C:\Users\Martin\AppData\Roaming\TS3Client
2011-06-18 22:41:41 ----D---- C:\Program Files\TeamSpeak 3 Client
2011-06-18 16:04:34 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-14 11:19:54 ----D---- C:\Windows\inf
2011-06-14 11:19:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-05-11 436792]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2010-09-17 47640]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2010-09-17 10144]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S3 a0778c78;a0778c78; C:\Windows\system32\drivers\a0778c78.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2005-04-12 17632]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bandoo Coordinator;Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [2011-04-21 1617296]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-17 143872]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2010-12-08 136584]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2010-11-08 390528]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-06-21 75136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Win 7 security 2012 + blokovaný internet
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Win 7 security 2012 + blokovaný internet
Zdravím, nejprve odstřelíme některé nesmysli.
Stáhni HJT
Spusť ho a klik na Do a system scan and save a logfile SCAN,
aplikace vytvoří log který mi sem nakopíruj.
pokud to nepůjde v Normálním režimu, udělej to v Nouzovém.
Stáhni HJT
Spusť ho a klik na Do a system scan and save a logfile SCAN,
aplikace vytvoří log který mi sem nakopíruj.
pokud to nepůjde v Normálním režimu, udělej to v Nouzovém.
Re: Win 7 security 2012 + blokovaný internet
Předem díky za čas a pomoc.
HJT spuštěn, výsledný log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:19, on 11.7.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBE.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Users\Martin\AppData\Local\aed.exe
C:\Users\Martin\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Stylish Profile\enlbrdr.dll
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WIA6EB~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Google Update] "C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RGSC] D:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\Windows\TEMP\E_S8333.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-672225838-3496896349-3914168291-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-672225838-3496896349-3914168291-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LogMeInRemoteUser')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs: c:\progra~1\wia6eb~1\datamngr\datamngr.dll c:\progra~1\wia6eb~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
--
End of file - 10360 bytes
HJT spuštěn, výsledný log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:19, on 11.7.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBE.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Users\Martin\AppData\Local\aed.exe
C:\Users\Martin\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Stylish Profile\enlbrdr.dll
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WIA6EB~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Google Update] "C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RGSC] D:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\Windows\TEMP\E_S8333.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-672225838-3496896349-3914168291-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-672225838-3496896349-3914168291-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LogMeInRemoteUser')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs: c:\progra~1\wia6eb~1\datamngr\datamngr.dll c:\progra~1\wia6eb~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
--
End of file - 10360 bytes
Re: Win 7 security 2012 + blokovaný internet
S děkováním počkej až se zbavíme toho šmejda 
Tohle fixni v HJT :
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Google Update] "C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
Fix znamená že spustíš HJT
jako admin
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
Google Updater Service (gusvc)
NBService - Nero AG
NMIndexingService - Nero AG
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Stáhni SystemLook
spusť aplikaci a do otevřeného okna zkopíruj :
pak klik na Look aplikace vytvoří SystemLook.txt jeho obsah mi sem zkopíruj.
Tohle fixni v HJT :
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Google Update] "C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
Fix znamená že spustíš HJT
jako adminv okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
Google Updater Service (gusvc)
NBService - Nero AG
NMIndexingService - Nero AG
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Stáhni SystemLook
spusť aplikaci a do otevřeného okna zkopíruj :
Kód: Vybrat vše
:filefind
snapapi32.dll
Re: Win 7 security 2012 + blokovaný internet
Takže Fixnuto,
Služby zastaveny a zakázány,
SystemLook- spuštěn pod právy správce.
Výsledný log:
SystemLook 04.09.10 by jpshortstuff
Log created at 10:26 on 11/07/2011 by Martin
Administrator - Elevation successful
========== filefind ==========
Searching for "snapapi32.dll"
No files found.
-= EOF =-
Služby zastaveny a zakázány,
SystemLook- spuštěn pod právy správce.
Výsledný log:
SystemLook 04.09.10 by jpshortstuff
Log created at 10:26 on 11/07/2011 by Martin
Administrator - Elevation successful
========== filefind ==========
Searching for "snapapi32.dll"
No files found.
-= EOF =-
Re: Win 7 security 2012 + blokovaný internet
Nyní použijeme větší kalibr tak že pozorně čti, protože tenhle softík netoleruje chyby.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
P.S. opět, pokud to nepůjde v Normálním režimu, udělej to v Nouzovém
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
P.S. opět, pokud to nepůjde v Normálním režimu, udělej to v Nouzovém
Re: Win 7 security 2012 + blokovaný internet
Tohle by měl být teda log z Combofixu
ComboFix 11-07-10.05 - Martin 11.07.2011 10:57:48.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.1027 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\FFBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\as_guid.dat
c:\program files\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\ToolBar\dtUser.exe
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\imeshcode.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\imeshcode.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\template.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\ie7style.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.jsw
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.jsw
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\css\autocomplete.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\bg.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\powered-by-youtube.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\vid-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\index.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\autocomplete.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\jquery-1.4.3.min.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\paginator.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\youtube.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\bg.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\default.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.jsw
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\mail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\translate.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\searchquband.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\uninstall.exe
c:\users\Martin\AppData\Local\aed.exe
c:\users\Martin\AppData\Local\isw.exe
c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\afj65a5g.default\searchplugins\SearchquWebSearch.xml
c:\windows\system32\BReWErS.dll
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-11 do 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 09:04 . 2011-07-11 09:04 -------- d-----w- c:\users\Martin\AppData\Local\temp
2011-07-11 09:04 . 2011-07-11 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-11 06:47 . 2011-07-11 07:17 -------- d-----w- c:\program files\trend micro
2011-07-11 06:47 . 2011-07-11 06:47 -------- d-----w- C:\rsit
2011-07-10 21:39 . 2011-07-10 21:39 -------- d-----w- c:\users\LogMeInRemoteUser
2011-06-21 14:17 . 2011-06-21 14:28 2829 ----a-w- c:\windows\War3Unin.pif
2011-06-21 14:17 . 2011-06-21 14:28 139264 ----a-w- c:\windows\War3Unin.exe
2011-06-20 12:45 . 2011-06-20 19:15 -------- d-----w- C:\The_Lord_Of_The_Rings_Conquest-Razor1911
2011-06-20 12:38 . 2011-06-20 12:38 -------- d-----w- C:\The_Lord_Of_The_Rings_Conquest_Crackfix-Razor1911
2011-06-18 13:45 . 2011-06-18 13:45 1 ----a-w- c:\windows\system32\SI.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-28 18:36 . 2011-03-01 14:17 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-28 18:36 . 2011-02-26 22:04 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-28 18:36 . 2010-09-29 17:20 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-26 20:18 . 2011-02-26 22:04 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-06-20 22:30 . 2011-03-01 14:16 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-19 22:05 . 2010-11-08 18:05 20480 ----a-w- c:\windows\system32\H@tKeysH@@k.DLL
2011-05-21 17:20 . 2010-07-25 18:13 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-21 17:20 . 2010-07-25 18:13 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-11 12:07 . 2010-07-25 15:33 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-21 09:22 . 2011-04-27 17:31 1524112 ----a-w- c:\windows\system32\bandoolmx.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-13 18:25 . 2011-04-13 18:25 157184 --sh--w- c:\windows\system32\SCS.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-10-19 07:47 185856 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RGSC"="d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, snapapi32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-11 436792]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2010-09-17 13408]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 05:24]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 05:24]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-672225838-3496896349-3914168291-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 15:19]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-672225838-3496896349-3914168291-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 15:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.searchqu.com/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.1.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\afj65a5g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Stylish Profile: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: Galaxytoolbar: {71bfcce7-421d-4042-95d4-a585a821cbca} - %profile%\extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}
FF - Ext: Bandoo for Firefox: ffox@bandoo.com - %profile%\extensions\ffox@bandoo.com
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
HKLM-Run-DATAMNGR - c:\progra~1\WIA6EB~1\Datamngr\DATAMN~1.EXE
MSConfigStartUp-1148259343 - c:\users\Martin\AppData\Local\aed.exe
AddRemove-Searchqu 101 MediaBar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-672225838-3496896349-3914168291-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f5,1b,6f,d1,3d,08,83,d0,dd,27,cc,3b,79,f4,47,8f,98,7b,de,78,b0,71,30,
4b,dc,ec,32,5e,dc,2a,a9,82,0b,5f,68,0f,d0,7a,37,3a,5b,e1,9f,97,35,3d,1b,8b,\
"??"=hex:c1,e2,84,79,3d,7d,c5,bf,8c,69,ba,fb,c7,28,68,6e
.
[HKEY_USERS\S-1-5-21-672225838-3496896349-3914168291-1000\Software\SecuROM\License information*]
"datasecu"=hex:63,eb,53,ac,05,12,ea,8e,05,50,a4,ab,25,c0,59,53,ce,6c,62,7a,ec,
ed,8c,81,d7,de,c7,37,ff,21,0b,43,4c,ff,0c,06,68,24,af,35,de,e8,48,74,a9,12,\
"rkeysecu"=hex:8d,fc,36,e7,e9,18,9a,d4,19,dc,8b,8a,9d,a1,8d,cb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-11 11:06:03
ComboFix-quarantined-files.txt 2011-07-11 09:06
.
Před spuštěním: Volných bajtů: 25 885 655 040
Po spuštění: Volných bajtů: 28 924 309 504
.
- - End Of File - - F587DDEA6384B33475DB2D526C805515
ComboFix 11-07-10.05 - Martin 11.07.2011 10:57:48.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.1027 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\FFBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\as_guid.dat
c:\program files\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\ToolBar\dtUser.exe
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\imeshcode.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\imeshcode.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\template.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\ie7style.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.jsw
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.jsw
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\css\autocomplete.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\bg.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\powered-by-youtube.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\vid-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\index.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\autocomplete.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\jquery-1.4.3.min.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\paginator.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\youtube.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\bg.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\default.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.jsw
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\mail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\translate.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\searchquband.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\uninstall.exe
c:\users\Martin\AppData\Local\aed.exe
c:\users\Martin\AppData\Local\isw.exe
c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\afj65a5g.default\searchplugins\SearchquWebSearch.xml
c:\windows\system32\BReWErS.dll
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-11 do 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 09:04 . 2011-07-11 09:04 -------- d-----w- c:\users\Martin\AppData\Local\temp
2011-07-11 09:04 . 2011-07-11 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-11 06:47 . 2011-07-11 07:17 -------- d-----w- c:\program files\trend micro
2011-07-11 06:47 . 2011-07-11 06:47 -------- d-----w- C:\rsit
2011-07-10 21:39 . 2011-07-10 21:39 -------- d-----w- c:\users\LogMeInRemoteUser
2011-06-21 14:17 . 2011-06-21 14:28 2829 ----a-w- c:\windows\War3Unin.pif
2011-06-21 14:17 . 2011-06-21 14:28 139264 ----a-w- c:\windows\War3Unin.exe
2011-06-20 12:45 . 2011-06-20 19:15 -------- d-----w- C:\The_Lord_Of_The_Rings_Conquest-Razor1911
2011-06-20 12:38 . 2011-06-20 12:38 -------- d-----w- C:\The_Lord_Of_The_Rings_Conquest_Crackfix-Razor1911
2011-06-18 13:45 . 2011-06-18 13:45 1 ----a-w- c:\windows\system32\SI.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-28 18:36 . 2011-03-01 14:17 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-28 18:36 . 2011-02-26 22:04 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-28 18:36 . 2010-09-29 17:20 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-26 20:18 . 2011-02-26 22:04 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-06-20 22:30 . 2011-03-01 14:16 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-19 22:05 . 2010-11-08 18:05 20480 ----a-w- c:\windows\system32\H@tKeysH@@k.DLL
2011-05-21 17:20 . 2010-07-25 18:13 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-21 17:20 . 2010-07-25 18:13 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-11 12:07 . 2010-07-25 15:33 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-21 09:22 . 2011-04-27 17:31 1524112 ----a-w- c:\windows\system32\bandoolmx.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-13 18:25 . 2011-04-13 18:25 157184 --sh--w- c:\windows\system32\SCS.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-10-19 07:47 185856 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RGSC"="d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, snapapi32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-11 436792]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2010-09-17 13408]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 05:24]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 05:24]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-672225838-3496896349-3914168291-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 15:19]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-672225838-3496896349-3914168291-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 15:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.searchqu.com/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.1.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\afj65a5g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Stylish Profile: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: Galaxytoolbar: {71bfcce7-421d-4042-95d4-a585a821cbca} - %profile%\extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}
FF - Ext: Bandoo for Firefox: ffox@bandoo.com - %profile%\extensions\ffox@bandoo.com
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
HKLM-Run-DATAMNGR - c:\progra~1\WIA6EB~1\Datamngr\DATAMN~1.EXE
MSConfigStartUp-1148259343 - c:\users\Martin\AppData\Local\aed.exe
AddRemove-Searchqu 101 MediaBar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-672225838-3496896349-3914168291-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f5,1b,6f,d1,3d,08,83,d0,dd,27,cc,3b,79,f4,47,8f,98,7b,de,78,b0,71,30,
4b,dc,ec,32,5e,dc,2a,a9,82,0b,5f,68,0f,d0,7a,37,3a,5b,e1,9f,97,35,3d,1b,8b,\
"??"=hex:c1,e2,84,79,3d,7d,c5,bf,8c,69,ba,fb,c7,28,68,6e
.
[HKEY_USERS\S-1-5-21-672225838-3496896349-3914168291-1000\Software\SecuROM\License information*]
"datasecu"=hex:63,eb,53,ac,05,12,ea,8e,05,50,a4,ab,25,c0,59,53,ce,6c,62,7a,ec,
ed,8c,81,d7,de,c7,37,ff,21,0b,43,4c,ff,0c,06,68,24,af,35,de,e8,48,74,a9,12,\
"rkeysecu"=hex:8d,fc,36,e7,e9,18,9a,d4,19,dc,8b,8a,9d,a1,8d,cb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-11 11:06:03
ComboFix-quarantined-files.txt 2011-07-11 09:06
.
Před spuštěním: Volných bajtů: 25 885 655 040
Po spuštění: Volných bajtů: 28 924 309 504
.
- - End Of File - - F587DDEA6384B33475DB2D526C805515
Re: Win 7 security 2012 + blokovaný internet
Jinak to hlásilo, že jsou zaplé štíty od NODu,ten je ale už týden odinstalovaný. Tak jsem to normálně pustil a vypsalo mi to tenhle log
Re: Win 7 security 2012 + blokovaný internet
Než budeme pokračovat, tohle :
c:\windows\system32\bandoolmx.dll
otestuj na VIRUSTOTAL
(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor
trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)
Pokud ti to napíše že soubor již byl testován nech otestovat znovu.
c:\windows\system32\bandoolmx.dll
otestuj na VIRUSTOTAL
(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor
trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)
Pokud ti to napíše že soubor již byl testován nech otestovat znovu.
Re: Win 7 security 2012 + blokovaný internet
Takováhle vzorná spolupráce se mi líbí
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
FireFox::
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\afj65a5g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Win 7 security 2012 + blokovaný internet
takže výsledný log:
ComboFix 11-07-11.01 - Martin 11.07.2011 12:42:06.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.1168 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-11 do 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 10:46 . 2011-07-11 10:46 -------- d-----w- c:\users\Martin\AppData\Local\temp
2011-07-11 10:46 . 2011-07-11 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-11 06:47 . 2011-07-11 07:17 -------- d-----w- c:\program files\trend micro
2011-07-11 06:47 . 2011-07-11 06:47 -------- d-----w- C:\rsit
2011-07-10 21:39 . 2011-07-10 21:39 -------- d-----w- c:\users\LogMeInRemoteUser
2011-06-21 14:17 . 2011-06-21 14:28 2829 ----a-w- c:\windows\War3Unin.pif
2011-06-21 14:17 . 2011-06-21 14:28 139264 ----a-w- c:\windows\War3Unin.exe
2011-06-20 12:45 . 2011-06-20 19:15 -------- d-----w- C:\The_Lord_Of_The_Rings_Conquest-Razor1911
2011-06-20 12:38 . 2011-06-20 12:38 -------- d-----w- C:\The_Lord_Of_The_Rings_Conquest_Crackfix-Razor1911
2011-06-18 13:45 . 2011-06-18 13:45 1 ----a-w- c:\windows\system32\SI.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-28 18:36 . 2011-03-01 14:17 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-28 18:36 . 2011-02-26 22:04 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-28 18:36 . 2010-09-29 17:20 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-26 20:18 . 2011-02-26 22:04 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-06-20 22:30 . 2011-03-01 14:16 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-19 22:05 . 2010-11-08 18:05 20480 ----a-w- c:\windows\system32\H@tKeysH@@k.DLL
2011-05-21 17:20 . 2010-07-25 18:13 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-21 17:20 . 2010-07-25 18:13 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-11 12:07 . 2010-07-25 15:33 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-21 09:22 . 2011-04-27 17:31 1524112 ----a-w- c:\windows\system32\bandoolmx.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-13 18:25 . 2011-04-13 18:25 157184 --sh--w- c:\windows\system32\SCS.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-10-19 07:47 185856 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RGSC"="d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-11 436792]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2010-09-17 13408]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 05:24]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 05:24]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-672225838-3496896349-3914168291-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 15:19]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-672225838-3496896349-3914168291-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 15:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.searchqu.com/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.1.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\afj65a5g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Stylish Profile: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: Galaxytoolbar: {71bfcce7-421d-4042-95d4-a585a821cbca} - %profile%\extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}
FF - Ext: Bandoo for Firefox: ffox@bandoo.com - %profile%\extensions\ffox@bandoo.com
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-672225838-3496896349-3914168291-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f5,1b,6f,d1,3d,08,83,d0,dd,27,cc,3b,79,f4,47,8f,98,7b,de,78,b0,71,30,
4b,dc,ec,32,5e,dc,2a,a9,82,0b,5f,68,0f,d0,7a,37,3a,5b,e1,9f,97,35,3d,1b,8b,\
"??"=hex:c1,e2,84,79,3d,7d,c5,bf,8c,69,ba,fb,c7,28,68,6e
.
[HKEY_USERS\S-1-5-21-672225838-3496896349-3914168291-1000\Software\SecuROM\License information*]
"datasecu"=hex:63,eb,53,ac,05,12,ea,8e,05,50,a4,ab,25,c0,59,53,ce,6c,62,7a,ec,
ed,8c,81,d7,de,c7,37,ff,21,0b,43,4c,ff,0c,06,68,24,af,35,de,e8,48,74,a9,12,\
"rkeysecu"=hex:8d,fc,36,e7,e9,18,9a,d4,19,dc,8b,8a,9d,a1,8d,cb
.
Celkový čas: 2011-07-11 12:48:07
ComboFix-quarantined-files.txt 2011-07-11 10:48
ComboFix2.txt 2011-07-11 09:06
.
Před spuštěním: Volných bajtů: 29 005 914 112
Po spuštění: Volných bajtů: 28 709 134 336
.
- - End Of File - - 521ECFBC7EC5B3BBAAFA374E20407D5C
ComboFix 11-07-11.01 - Martin 11.07.2011 12:42:06.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.1168 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-11 do 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 10:46 . 2011-07-11 10:46 -------- d-----w- c:\users\Martin\AppData\Local\temp
2011-07-11 10:46 . 2011-07-11 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-11 06:47 . 2011-07-11 07:17 -------- d-----w- c:\program files\trend micro
2011-07-11 06:47 . 2011-07-11 06:47 -------- d-----w- C:\rsit
2011-07-10 21:39 . 2011-07-10 21:39 -------- d-----w- c:\users\LogMeInRemoteUser
2011-06-21 14:17 . 2011-06-21 14:28 2829 ----a-w- c:\windows\War3Unin.pif
2011-06-21 14:17 . 2011-06-21 14:28 139264 ----a-w- c:\windows\War3Unin.exe
2011-06-20 12:45 . 2011-06-20 19:15 -------- d-----w- C:\The_Lord_Of_The_Rings_Conquest-Razor1911
2011-06-20 12:38 . 2011-06-20 12:38 -------- d-----w- C:\The_Lord_Of_The_Rings_Conquest_Crackfix-Razor1911
2011-06-18 13:45 . 2011-06-18 13:45 1 ----a-w- c:\windows\system32\SI.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-28 18:36 . 2011-03-01 14:17 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-28 18:36 . 2011-02-26 22:04 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-28 18:36 . 2010-09-29 17:20 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-26 20:18 . 2011-02-26 22:04 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-06-20 22:30 . 2011-03-01 14:16 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-19 22:05 . 2010-11-08 18:05 20480 ----a-w- c:\windows\system32\H@tKeysH@@k.DLL
2011-05-21 17:20 . 2010-07-25 18:13 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-21 17:20 . 2010-07-25 18:13 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-11 12:07 . 2010-07-25 15:33 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-21 09:22 . 2011-04-27 17:31 1524112 ----a-w- c:\windows\system32\bandoolmx.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-13 18:25 . 2011-04-13 18:25 157184 --sh--w- c:\windows\system32\SCS.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-10-19 07:47 185856 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RGSC"="d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-11 436792]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2010-09-17 13408]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 05:24]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 05:24]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-672225838-3496896349-3914168291-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 15:19]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-672225838-3496896349-3914168291-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 15:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.searchqu.com/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.1.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\afj65a5g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Stylish Profile: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: Galaxytoolbar: {71bfcce7-421d-4042-95d4-a585a821cbca} - %profile%\extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}
FF - Ext: Bandoo for Firefox: ffox@bandoo.com - %profile%\extensions\ffox@bandoo.com
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-672225838-3496896349-3914168291-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f5,1b,6f,d1,3d,08,83,d0,dd,27,cc,3b,79,f4,47,8f,98,7b,de,78,b0,71,30,
4b,dc,ec,32,5e,dc,2a,a9,82,0b,5f,68,0f,d0,7a,37,3a,5b,e1,9f,97,35,3d,1b,8b,\
"??"=hex:c1,e2,84,79,3d,7d,c5,bf,8c,69,ba,fb,c7,28,68,6e
.
[HKEY_USERS\S-1-5-21-672225838-3496896349-3914168291-1000\Software\SecuROM\License information*]
"datasecu"=hex:63,eb,53,ac,05,12,ea,8e,05,50,a4,ab,25,c0,59,53,ce,6c,62,7a,ec,
ed,8c,81,d7,de,c7,37,ff,21,0b,43,4c,ff,0c,06,68,24,af,35,de,e8,48,74,a9,12,\
"rkeysecu"=hex:8d,fc,36,e7,e9,18,9a,d4,19,dc,8b,8a,9d,a1,8d,cb
.
Celkový čas: 2011-07-11 12:48:07
ComboFix-quarantined-files.txt 2011-07-11 10:48
ComboFix2.txt 2011-07-11 09:06
.
Před spuštěním: Volných bajtů: 29 005 914 112
Po spuštění: Volných bajtů: 28 709 134 336
.
- - End Of File - - 521ECFBC7EC5B3BBAAFA374E20407D5C
Re: Win 7 security 2012 + blokovaný internet
Omlouvám se za prodlevu, byl jsem na obědě
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
Re: Win 7 security 2012 + blokovaný internet
Tak jsem to pročistil, ještě jsem to projel Ccleanerem a SUPERAntiSpyware a systém běží tak jak má, takže ještě jednou děkuji za čas a ochotu k spolupráci
Přispějete na provoz fóra?