Prosím pomoc, explorer.exe+vírusy

Zpráva

janhoo · #1 Příspěvek od **janhoo** » 17 úno 2011 19:48

Hľadal som na forume podobný problém ale nenašiel som ak aj je tak sa ospravedlňujem ak som to prehliadol. Mám takéto problémy pred cca 5dňami mi ESET zaregistroval vírus Trojského koňa tak som ho preveril a zmazal, no potom o pár minút znova a bola ktomu aj IP adresa + www stránka, a hneď nato asi 5krát to isté, tak som okamžite zapol ESET ten mi našiel asi 5 vymazal som, a na druhý deň ten istý problém keď som šiel na internet. ESET som znova zapol a nenašlo nič, tak som stiahol iné antiviráky a AD-AWARE našiel tiež nepamätám sa presne ale cca 8 a potom som aj AVAST spojazdnil a aj ten našiel približne 5, a objavil sa aj problém že po zapnutí notebooku a po prihlásení mám obrazovku celú čiernu, zapnúť sa mi ju podarí cez Správcu úloh. Ale neviem čo je za problém, na internete som našiel viac problémov, že môže byť:1. register, 2. vírus, 3. problém so Servis Pack, 4. graf.ovladače neviem čo mám robiť prosím o pomoc, prikladám LOG, mám notebook VISTA orig. SP 2

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 19:39:35, on 17. 2. 2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\johny\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade

Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\TwinTouch LuxeMate\MouseElf.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://homepage.acer.com/rdr.aspx?

b=ACAW&l=041b&s=2&o=vp32&d=0109&m=aspire_7730g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://homepage.acer.com/rdr.aspx?

b=ACAW&l=041b&s=2&o=vp32&d=0109&m=aspire_7730g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://homepage.acer.com/rdr.aspx?

b=ACAW&l=041b&s=2&o=vp32&d=0109&m=aspire_7730g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = http=127.0.0.1:54545
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-

c7a115230949} - (value not set) (file missing)
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3}

- (value not set) (file missing)
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-

149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=explorer.exe

"C:\Users\johny\AppData\Roaming\qanmbmim1eo2amtczyljflif2v2tyvu2\csrss.exe"
O1 - Hosts: 85.25.73.109 l2authd.lineage2.com
O1 - Hosts: 85.25.73.109 l2testauthd.lineage2.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -

C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (value

not set) (file missing)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86

\ActiveToolBand.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-

4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-

c7a115230949} - (value not set) (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-

396DB0476E29} - C:\Program Files\Acer\Empowering

Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-

c7a115230949} - (value not set) (file missing)
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -

(value not set) (file missing)
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}

- C:\Program Files\Softonic-Eng7\tbSoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows

Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering

Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering

Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering

Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI

Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ProductReg] "C:\Program

Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage

Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google

Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio

Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade

Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer

Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade

Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Startup Cleaner] C:\Program Files\CM Data Software\CM

DiskCleaner\Startup Cleaner.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6

\bin\jusched.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming

Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn

Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5

\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol

120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows

Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools

Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

/autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... -

C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-

00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-

B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F}

- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-

5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) -

http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer

Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-

2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere

Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALASETLBQL - Unknown owner -

C:\Users\johny\AppData\Local\Temp\ALASETLBQL.exe (file missing)
O23 - Service: AORFQ - Unknown owner -

C:\Users\johny\AppData\Local\Temp\AORFQ.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil

Software\Avast5\AvastSvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech

Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5

\Client\Agentsvc.exe
O23 - Service: CGWFHEXECVXXVCN - Unknown owner -

C:\Users\johny\AppData\Local\Temp\CGWFHEXECVXXVCN.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program

Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner -

C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Game Jackal Server (GJService) - Unknown owner -

C:\ProgramData\{AAD0A813-CC18-4D28-A1CC-4DC0DF41A592}\Server.exe
O23 - Service: Správca pre program Google Desktop 5.9.1005.12335

(GoogleDesktopManager-051210-111108) - Google - C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. -

C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown

owner - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel

Corporation - C:\Program Files\Intel\Intel Matrix Storage

Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program

Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility

Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech

InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5

\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) -

Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5

\SchedulerSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner

- C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division

Software - C:\Program Files\Alcohol Soft\Alcohol 120

\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program

Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VNHEBTDRENTNG - Sysinternals - www.sysinternals.com -

C:\Users\johny\AppData\Local\Temp\VNHEBTDRENTNG.exe
O23 - Service: XLVHQCNTNNDO - Unknown owner -

C:\Users\johny\AppData\Local\Temp\XLVHQCNTNNDO.exe (file missing)

--
End of file - 13427 bytes

#2 Příspěvek od **vyosek** » 17 úno 2011 19:54

Zdravim a pekny vecer preji

Prectete si prosim pravidla fora

Dejte log z RSIT - viz muj podpis

Predpokladam ze ten balicek ESET mate legalni = zakoupena licene

janhoo · #3 Příspěvek od **janhoo** » 17 úno 2011 20:17

ospravedlňujem sa za tie chyby

tak tu je LOG a ESET bohužial nemám zakúpený

Logfile of random's system information tool 1.08 (written by random/random)
Run by johny at 2011-02-17 20:00:00
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 87 GB (59%) free of 148 GB
Total RAM: 3066 MB (50% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
XfireXO Toolbar - (value not set) []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-03-04 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - (value not set) []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-04 142896]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - (value not set) []
{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - XfireXO Toolbar - (value not set) []
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-28 6111232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-04 526896]
"eAudio"=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-03-07 544768]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-04-23 397312]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-07-02 821768]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-17 30192]
"eRecoveryService"= []
"ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2009-01-09 3607040]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-05-12 147456]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-05-12 167936]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-05-12 167936]
"mouseElf"=C:\PROGRA~1\TWINTO~1\MouseElf.EXE [2004-08-26 192512]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"Startup Cleaner"=C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe [2006-07-14 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-08 149280]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 153672]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-11-23 203720]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2009-01-09 2972160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Acer\Acer Bio Protection\PwdFilter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\johny\AppData\Local\Temp\0.47319059924956774.exe"="C:\Users\johny\AppData\Local\Temp\0.47319059924956774.exe:*:Enabled:ldrsoft"
"C:\Users\johny\AppData\Roaming\qanmbmim1eo2amtczyljflif2v2tyvu2\csrss.exe"="C:\Users\johny\AppData\Roaming\qanmbmim1eo2amtczyljflif2v2tyvu2\csrss.exe:*:Enabled:ldrsoft"
"C:\Users\johny\AppData\Roaming\xrgu222ajguulzlmomftkdihr13hunhx2\svcnost.exe"="C:\Users\johny\AppData\Roaming\xrgu222ajguulzlmomftkdihr13hunhx2\svcnost.exe:*:Enabled:ldrsoft"
"C:\Users\johny\AppData\Roaming\xkcganz3eng3w1xvcmdbhzrjfgvplpfq2\svcnost.exe"="C:\Users\johny\AppData\Roaming\xkcganz3eng3w1xvcmdbhzrjfgvplpfq2\svcnost.exe:*:Enabled:ldrsoft"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-02-17 20:00:00 ----D---- C:\rsit
2011-02-17 20:00:00 ----D---- C:\Program Files\trend micro
2011-02-17 18:57:46 ----A---- C:\Windows\system32\nvhdap32.dll
2011-02-17 18:57:46 ----A---- C:\Windows\system32\nvgenco32hda.dll
2011-02-17 18:57:46 ----A---- C:\Windows\system32\nvapo32v.dll
2011-02-17 18:57:46 ----A---- C:\Windows\system32\drivers\nvhda32v.sys
2011-02-17 18:52:17 ----ASH---- C:\hiberfil.sys
2011-02-17 18:35:57 ----A---- C:\Windows\system32\OpenCL.dll
2011-02-17 18:35:57 ----A---- C:\Windows\system32\nvwgf2um.dll
2011-02-17 18:35:57 ----A---- C:\Windows\system32\nvoglv32.dll
2011-02-17 18:35:57 ----A---- C:\Windows\system32\nvgenco322040.dll
2011-02-17 18:35:57 ----A---- C:\Windows\system32\nvdispco322090.dll
2011-02-17 18:35:57 ----A---- C:\Windows\system32\nvd3dum.dll
2011-02-17 18:35:57 ----A---- C:\Windows\system32\nvcuvid.dll
2011-02-17 18:35:57 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-02-17 18:35:57 ----A---- C:\Windows\system32\nvcuda.dll
2011-02-17 18:35:57 ----A---- C:\Windows\system32\nvcompiler.dll
2011-02-17 18:35:57 ----A---- C:\Windows\system32\nvapi.dll
2011-02-17 18:35:57 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-02-17 18:26:56 ----A---- C:\Windows\system32\nvexpbar.dll
2011-02-17 18:26:56 ----A---- C:\Windows\system32\nvcpluir.dll
2011-02-17 18:26:56 ----A---- C:\Windows\system32\nvcplui.exe
2011-02-17 13:16:34 ----A---- C:\Windows\system32\lsdelete.exe
2011-02-17 11:30:13 ----DC---- C:\Windows\system32\DRVSTORE
2011-02-17 11:30:13 ----A---- C:\Windows\system32\drivers\Lbd.sys
2011-02-17 11:29:42 ----HDC---- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2011-02-17 11:29:08 ----D---- C:\ProgramData\Lavasoft
2011-02-17 11:29:08 ----D---- C:\Program Files\Lavasoft
2011-02-16 12:43:38 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-02-16 12:43:38 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-02-16 12:43:38 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-02-16 12:43:38 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-02-16 12:43:37 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-02-16 12:43:06 ----A---- C:\Windows\system32\aswBoot.exe
2011-02-16 12:42:56 ----D---- C:\ProgramData\Alwil Software
2011-02-16 12:42:56 ----D---- C:\Program Files\Alwil Software
2011-02-16 12:30:01 ----D---- C:\Program Files\TrendMicro
2011-02-14 15:45:18 ----A---- C:\Windows\ntbtlog.txt
2011-02-14 14:18:53 ----H---- C:\Users\johny\AppData\Roaming\desktop.ini
2011-02-09 10:33:17 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 10:33:11 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-09 10:33:11 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 10:33:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 10:33:04 ----A---- C:\Windows\system32\shell32.dll
2011-02-09 10:33:01 ----A---- C:\Windows\system32\shlwapi.dll
2011-02-09 10:32:57 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 10:32:54 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 10:32:53 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 10:32:52 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 10:32:52 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 10:32:51 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 10:32:51 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 10:32:51 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 10:32:50 ----A---- C:\Windows\system32\ieencode.dll
2011-02-09 10:32:50 ----A---- C:\Windows\system32\ieapfltr.dll
2011-02-09 10:32:46 ----A---- C:\Windows\system32\atmfd.dll
2011-02-09 10:32:45 ----A---- C:\Windows\system32\atmlib.dll
2011-02-08 10:43:55 ----SHD---- C:\ProgramData\SecuROM

======List of files/folders modified in the last 1 months======

2011-02-17 20:00:00 ----RD---- C:\Program Files
2011-02-17 19:59:59 ----D---- C:\Windows\Temp
2011-02-17 19:20:01 ----D---- C:\Windows\Tasks
2011-02-17 19:11:47 ----D---- C:\Windows\System32
2011-02-17 19:11:47 ----D---- C:\Windows\inf
2011-02-17 19:11:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-17 19:05:25 ----SHD---- C:\Windows
2011-02-17 19:04:47 ----D---- C:\Logs
2011-02-17 19:00:37 ----D---- C:\Windows\system32\drivers
2011-02-17 19:00:36 ----SHD---- C:\System Volume Information
2011-02-17 19:00:34 ----D---- C:\Windows\system32\catroot
2011-02-17 19:00:16 ----SHD---- C:\Windows\Installer
2011-02-17 19:00:15 ----SHD---- C:\Config.Msi
2011-02-17 18:59:51 ----D---- C:\ProgramData\NVIDIA
2011-02-17 18:59:36 ----D---- C:\Program Files\NVIDIA Corporation
2011-02-17 18:24:40 ----D---- C:\Windows\system32\catroot2
2011-02-17 18:23:24 ----HD---- C:\ProgramData
2011-02-17 17:44:40 ----D---- C:\Windows\Prefetch
2011-02-17 11:30:39 ----D---- C:\Windows\system32\Tasks
2011-02-17 11:29:05 ----D---- C:\Windows\winsxs
2011-02-16 13:55:48 ----AD---- C:\ProgramData\TEMP
2011-02-16 12:30:02 ----SD---- C:\Users\johny\AppData\Roaming\Microsoft
2011-02-16 10:26:26 ----D---- C:\Windows\Minidump
2011-02-16 10:15:16 ----D---- C:\Program Files\LogMeIn Hamachi
2011-02-15 16:33:00 ----D---- C:\Program Files\Zrychleni Pocitace
2011-02-15 13:27:44 ----D---- C:\Users\johny\AppData\Roaming\Google
2011-02-15 08:18:39 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-14 16:57:22 ----D---- C:\Program Files\Mozilla Firefox
2011-02-14 16:57:10 ----D---- C:\Program Files\TeamViewer
2011-02-14 16:25:41 ----D---- C:\Program Files\Winamp
2011-02-14 14:12:46 ----D---- C:\Users\johny\AppData\Roaming\Skype
2011-02-14 10:03:07 ----D---- C:\Users\johny\AppData\Roaming\skypePM
2011-02-12 14:04:45 ----SD---- C:\Windows\Downloaded Program Files
2011-02-12 14:04:45 ----RD---- C:\Windows\Offline Web Pages
2011-02-12 13:48:23 ----D---- C:\Users\johny\AppData\Roaming\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AlfaFF;AlfaFF File System mini-filter; C:\Windows\system32\Drivers\AlfaFF.sys [2009-01-09 43184]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-07-20 324120]
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-11-22 64288]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-03-04 18992]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-04 691696]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2007-01-24 67584]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-02-01 279712]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-26 69632]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-02-01 25888]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-04 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-04 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2008-04-25 146688]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2008-07-02 21264]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\Windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-28 2127512]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-11-12 122984]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-01-08 10467656]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 15048]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S1 prodrv03;Star Force copy protection driver v3; C:\Windows\System32\drivers\prodrv03.sys [2009-01-13 115968]
S3 a7i2c8sg;a7i2c8sg; C:\Windows\system32\drivers\a7i2c8sg.sys []
S3 acrmxn1f;acrmxn1f; C:\Windows\system32\drivers\acrmxn1f.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 cimo;cimo; \??\C:\Windows\system32\cimo.sys [2009-08-05 51200]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\johny\AppData\Local\Temp\DRYD6E2.tmp []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-12-30 15600]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-22 15264]
S3 Maplom;Maplom; C:\Windows\system32\drivers\Maplom.sys []
S3 MaplomL;MaplomL; C:\Windows\system32\drivers\MaplomL.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-04-11 31616]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 37704]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-27 31816]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-04 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 GJService;Game Jackal Server; C:\ProgramData\{AAD0A813-CC18-4D28-A1CC-4DC0DF41A592}\Server.exe [2010-04-16 2031040]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]
R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2009-01-09 3471360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-22 1375992]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 608872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -s []
S3 ALASETLBQL;ALASETLBQL; C:\Users\johny\AppData\Local\Temp\ALASETLBQL.exe []
S3 AORFQ;AORFQ; C:\Users\johny\AppData\Local\Temp\AORFQ.exe []
S3 CGWFHEXECVXXVCN;CGWFHEXECVXXVCN; C:\Users\johny\AppData\Local\Temp\CGWFHEXECVXXVCN.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-17 30192]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 VNHEBTDRENTNG;VNHEBTDRENTNG; C:\Users\johny\AppData\Local\Temp\VNHEBTDRENTNG.exe [2011-02-17 347008]
S3 XLVHQCNTNNDO;XLVHQCNTNNDO; C:\Users\johny\AppData\Local\Temp\XLVHQCNTNNDO.exe []

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 17 úno 2011 20:25

Prectete si prosim soukromou zpravu a odpovezte mi na ni

Stahnete na plochu CKScanner

Spustte a kliknete na Search for files
Po dokonceni skenu kliknete na Save List to File a nasledne OK
Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

janhoo · #5 Příspěvek od **janhoo** » 17 úno 2011 20:41

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\johny\appdata\locallow\softonic-eng7\rss\http___crackle_com_rss_media_sxsw_featured_rss.xml
c:\users\johny\appdata\locallow\softonic-eng7\rss\http___crackle_com_rss_media_sxsw_featured_rss_history.xml
c:\users\johny\appdata\locallow\softonic-eng7\rss\http___crackle_com_rss_media_sxsw_featured_rss_structured.xml
c:\users\johny\appdata\roaming\mozilla\firefox\profiles\uumgwdji.default\ct2405280\feed\http___crackle_com_rss_media_sxsw_featured_rss_history.xml
c:\users\johny\appdata\roaming\mozilla\firefox\profiles\uumgwdji.default\ct2405280\feed\http___crackle_com_rss_media_sxsw_featured_rss_structured.xml
scanner sequence 3.BC.11
----- EOF -----

#6 Příspěvek od **vyosek** » 17 úno 2011 20:52

ESET poresen pres PM a jdem s haveti zatocit

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

janhoo · #7 Příspěvek od **janhoo** » 17 úno 2011 21:30

tak je to hotové, teraz môžem zapnúť späť antivírus + firewall?

ComboFix 11-02-17.01 - johny . 02. 2011 21:13:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3066.1648 [GMT 1:00]
Running from: c:\users\johny\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\programdata\Desktop
c:\users\johny\AppData\Roaming\.#
c:\users\johny\AppData\Roaming\desktop.ini
c:\users\johny\AppData\Roaming\edxLabs
c:\users\johny\AppData\Roaming\edxLabs\edxSilkroadLoader\edxSilkroadLoader.ini
c:\users\johny\AppData\Roaming\edxLabs\edxSilkroadLoader\ISRO.ini
c:\users\johny\AppData\Roaming\inst.exe
c:\windows\desktop
c:\windows\system32\twunk_32.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-17 20:20 . 2011-02-17 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-17 19:00 . 2011-02-17 19:00 -------- d-----w- C:\rsit
2011-02-17 19:00 . 2011-02-17 19:00 -------- d-----w- c:\program files\trend micro
2011-02-17 17:57 . 2010-12-02 09:12 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
2011-02-17 17:57 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-02-17 17:57 . 2010-11-11 23:10 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-02-17 17:57 . 2010-11-11 23:10 122984 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-02-17 17:35 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-17 17:35 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-17 17:35 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-17 17:35 . 2011-01-08 03:27 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-02-17 17:35 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-17 17:35 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-17 17:35 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-17 17:35 . 2011-01-08 03:27 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-02-17 17:35 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-17 17:35 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-17 17:35 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-17 17:35 . 2011-01-08 03:27 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-02-17 17:26 . 2008-08-07 07:05 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2011-02-17 17:26 . 2008-08-07 07:05 768544 ----a-w- c:\windows\system32\nvcplui.exe
2011-02-17 17:26 . 2008-08-07 07:05 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2011-02-17 17:26 . 2008-08-07 07:05 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2011-02-17 15:30 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{62097D30-3279-4414-8B45-B668705A4A95}\mpengine.dll
2011-02-17 12:16 . 2010-11-22 08:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-17 10:30 . 2011-02-17 10:30 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-17 10:30 . 2010-11-22 08:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-17 10:29 . 2011-02-17 10:29 -------- dc-h--w- c:\programdata\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2011-02-17 10:29 . 2011-02-17 10:30 -------- d-----w- c:\programdata\Lavasoft
2011-02-17 10:29 . 2011-02-17 10:29 -------- d-----w- c:\program files\Lavasoft
2011-02-16 11:43 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-16 11:43 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-16 11:43 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-16 11:43 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-16 11:43 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-16 11:43 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-16 11:43 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-16 11:42 . 2011-02-16 11:42 -------- d-----w- c:\programdata\Alwil Software
2011-02-16 11:42 . 2011-02-16 11:42 -------- d-----w- c:\program files\Alwil Software
2011-02-16 11:30 . 2011-02-16 11:30 388096 ----a-r- c:\users\johny\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-16 11:30 . 2011-02-16 11:30 -------- d-----w- c:\program files\TrendMicro
2011-02-09 09:33 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 09:33 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 09:33 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 09:33 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-08 09:43 . 2011-02-08 09:43 -------- d-sh--w- c:\programdata\SecuROM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2011-02-17 17:35 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 288872 ----a-w- c:\windows\system32\nvhotkey.dll
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-30 18:43 . 2010-12-30 18:42 15600 ----a-w- c:\windows\gdrv.sys
2010-12-28 15:55 . 2011-01-12 20:25 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 20:25 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-02-17 15:22 . 2010-02-16 18:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-17 30192]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-09 3607040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"mouseElf"="c:\progra~1\TWINTO~1\MouseElf.EXE" [2004-08-26 192512]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-07-14 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-08 149280]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-01-09 18:04 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 prodrv03;Star Force copy protection driver v3;c:\windows\System32\drivers\prodrv03.sys [2009-01-13 115968]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R3 ALASETLBQL;ALASETLBQL;c:\users\johny\AppData\Local\Temp\ALASETLBQL.exe [x]
R3 AORFQ;AORFQ;c:\users\johny\AppData\Local\Temp\AORFQ.exe [x]
R3 CGWFHEXECVXXVCN;CGWFHEXECVXXVCN;c:\users\johny\AppData\Local\Temp\CGWFHEXECVXXVCN.exe [x]
R3 cimo;cimo;c:\windows\system32\cimo.sys [2009-08-05 51200]
R3 GarenaPEngine;GarenaPEngine;c:\users\johny\AppData\Local\Temp\DRYD6E2.tmp [x]
R3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-17 30192]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-22 1375992]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-22 15264]
R3 MaplomL;MaplomL; [x]
R3 VNHEBTDRENTNG;VNHEBTDRENTNG;c:\users\johny\AppData\Local\Temp\VNHEBTDRENTNG.exe [x]
R3 XLVHQCNTNNDO;XLVHQCNTNNDO;c:\users\johny\AppData\Local\Temp\XLVHQCNTNNDO.exe [x]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2009-01-09 43184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-11-22 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-04 691696]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 GJService;Game Jackal Server;c:\programdata\{AAD0A813-CC18-4D28-A1CC-4DC0DF41A592}\Server.exe [2010-04-16 2031040]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2009-01-09 3471360]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-11-22 08:50]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:47]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041b&s=2&o=vp32&d=0109&m=aspire_7730g
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:54545
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &U????????? - c:\program files\NamiRobot\Data\du.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (value not set)
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (value not set)
BHO-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (value not set)
BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (value not set)
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (value not set)
Toolbar-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (value not set)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (value not set)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (value not set)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 21:23
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\johny\AppData\Local\Temp\DRYD6E2.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b4,88,b4,46,81,ab,ce,b6,b5,90,48,10,2e,cf,22,1f,69,7e,7b,5a,13,ef,8d,
4a,aa,1d,ee,a2,97,e3,19,fd,9b,3e,bf,7d,9e,58,55,59,0f,fe,eb,99,12,18,89,4a,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\License information*]
"datasecu"=hex:fd,cf,74,42,12,1c,47,9b,13,87,7d,cb,95,c6,0a,4c,82,94,23,78,da,
b9,03,53,c3,40,45,2a,aa,4f,98,87,36,1a,8e,30,5d,42,b3,ac,31,9d,a6,3d,22,27,\
"rkeysecu"=hex:01,e4,58,16,39,a8,01,79,3c,5e,e3,08,30,e3,75,2e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3412)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-02-17 21:28:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-17 20:28

Pre-Run: 90 645 524 480 bytes free
Post-Run: 96 182 796 288 bytes free

- - End Of File - - 5E790B7D79C85E5CDD964EC9D954CC3F

#8 Příspěvek od **vyosek** » 17 úno 2011 21:44

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

File::
c:\users\johny\AppData\Local\Temp\AORFQ.exe
c:\users\johny\AppData\Local\Temp\ALASETLBQL.exe
c:\users\johny\AppData\Local\Temp\CGWFHEXECVXXVCN.exe
c:\users\johny\AppData\Local\Temp\VNHEBTDRENTNG.exe
c:\windows\Tasks\Ad-Aware Update (Weekly).job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

DDS::
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... pire_7730g
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:54545
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

Firefox::
FF - ProfilePath - c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?cl ... k:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2304157&q=
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

Driver::
ALASETLBQL
AOEFQ
CGWFHEXECVXXVCN
MaplomL
VNHEBTDRENTNG
XLVHQCNTNNDO

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

janhoo · #9 Příspěvek od **janhoo** » 17 úno 2011 22:11

ComboFix 11-02-17.01 - johny . 02. 2011 21:51:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3066.1963 [GMT 1:00]
Running from: c:\users\johny\Desktop\ComboFix.exe
Command switches used :: c:\users\johny\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\users\johny\AppData\Local\Temp\ALASETLBQL.exe"
"c:\users\johny\AppData\Local\Temp\AORFQ.exe"
"c:\users\johny\AppData\Local\Temp\CGWFHEXECVXXVCN.exe"
"c:\users\johny\AppData\Local\Temp\VNHEBTDRENTNG.exe"
"c:\windows\Tasks\Ad-Aware Update (Weekly).job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitAutoCompleteSearch.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitAutoCompleteSearch.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitToolbar.idl
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitToolbar.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitToolbar.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults\default_radio_skin.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults\fbAlert.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome.manifest
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome\zynga.jar
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\install.rdf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\lib\xpcom.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF\manifest.mf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF\zigbert.rsa
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF\zigbert.sf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.gif
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.PNG
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.src
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\version.txt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_bg.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_cz.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_de.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_en.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_es.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_fr.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_he.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_it.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_ru.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_sk.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_tr.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_uk.html
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\sitespanel.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\arrow_eng.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\arrow_heb.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\btn_bg.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\btn_bg_lite.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\20minutos.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\about.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\abv.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\aktuality.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\aktualne.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\alljobs.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\allocine.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\altervista.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\amazon.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\answers.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\aol.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\aolradio.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\apple.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ard.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\as.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\atlas.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\atlassk.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\aufeminin.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\autobazar.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\autobazar1.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\autocz.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\azet.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\bazos.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\bbc.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\bbc.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\bigmir.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\billiger.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\bing.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\blesk.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\bleskove.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\btv.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\calcalist.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\cas.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\cdiscount.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\centrum.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ciao.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\cnet.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\cnn.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\commentcamarche.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\corriere.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\csfd.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\d.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\dailymotion.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\data.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\deezer.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\default.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\delicious.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\depositfiles.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\deviantart.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\diary.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\digg.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\dir.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\disney.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\diva.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\dnevnik.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\doctissimo.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\donanimhaber.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ebay.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ebayanuncios.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ekolay.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\elmundo.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\elpais.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\eurosport.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\expats.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\facebook.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\finance.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\firmy.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\flickr.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\flix.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\fotolog.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\fox.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\france2.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\free.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\garanti.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\gazeta.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\gazetevatan.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\gazzetta.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\gbg.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\gepime.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\gismeteo.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\gittigidiyor.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\globes.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\gmail.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\gmx.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\google.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\googleearth.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\googletranslate.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\haaretz.gif
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\haaretz.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\haber7.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\haberturk.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\hepsiburada.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\horadot.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\horoskopy.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\hurriyet.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\championat.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\chip.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\icq.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\idnes.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ilike.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ilmeteo.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\imageshack.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\imdb.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\impulse.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\infojobs.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\interfacelift.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\internethaber.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\iserialy.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\iua.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\izlesene.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\jappy.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\jeux.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\jeuxvideo.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\jing.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\joj.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\kijiji.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\kinopoisk.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\korrespondent.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\lastfm.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\leboncoin.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\lemonde.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\lenta.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\leonardo.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\lequipe.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\libero.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\libimseti.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\lide.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\linternaute.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\livejournal.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\mailru.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\mako.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\mappy.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\mapy.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\marca.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\marketgid.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\markiza.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\megavideo.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\meinvz.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\mekusharim.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\meta.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\milanobakeca.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\milliyet.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\mimibazar.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\minibazar.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\mobilen.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\morfix.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\mouse.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\mymovies.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\myspace.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\najisto.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\nana.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\nana10.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\netgames.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\netlog.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\novinky.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\novoteka.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\nrg.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ntvmsnbc.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\nytimes.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\odnoklassniki.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\one.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\orange.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\otto.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\pagesjaunes.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\peliculasyonkis.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\photobucket.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\picnik.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\pravda.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\profesia.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\prosieben.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\r10.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\rapidshare.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\rbc.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\repubblica.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\rian.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\rozetka.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\rtl.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\sabah.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\sahibinden.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\sat1.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\segundamano.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\seriesyonkis.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\seznam.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\seznamemail.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\sfr.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\shmu.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\schuelervz.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\skyrock.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\slsp.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\sme.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\snimka.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\softonic.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\spiegel.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\splinder.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\sport-express.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\sport5.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\sportal.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\sportcz.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\sportes.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\sporx.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\stahuj.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\stream.bmp
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\stream.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\studivz.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\subito.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\supercz.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\superhry.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\svejo.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\t-online.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\tapuz.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\taringa.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\telecinco.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\terra.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\tf1.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\themarker.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\tiscali.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\topky.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\torrents.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\travian.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\tv.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\twitter.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ucoz.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ukr.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\vbox7.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\vesti.ico

janhoo · #10 Příspěvek od **janhoo** » 17 úno 2011 22:12

c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\vimeo.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\virgilio.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\vkontakte.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\vodafone.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\walla.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wallmart.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\walmart.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wamba.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wat.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\weather.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\web.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wer-kennt-wen.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wetter.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wikipedia.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wolframalpha.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\yad2.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\yahoo.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ynet.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\youtube.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\zamunda.bmp
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\zap.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\zena.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\menu.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\pin.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\pinc.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\powerd1.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\remove.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\reset.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\search_arrow.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\search_bg.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\unpin.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\blacklist.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_33.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_34.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_359.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_380.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_39.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_42.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_4201.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_49.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_7.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_90.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_972.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\voucher_list.xml
c:\windows\Tasks\Ad-Aware Update (Weekly).job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ALASETLBQL
-------\Service_CGWFHEXECVXXVCN
-------\Service_MaplomL
-------\Service_VNHEBTDRENTNG
-------\Service_XLVHQCNTNNDO

((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-17 20:59 . 2011-02-17 21:02 -------- d-----w- c:\users\johny\AppData\Local\temp
2011-02-17 19:00 . 2011-02-17 19:00 -------- d-----w- C:\rsit
2011-02-17 19:00 . 2011-02-17 19:00 -------- d-----w- c:\program files\trend micro
2011-02-17 17:57 . 2010-12-02 09:12 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
2011-02-17 17:57 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-02-17 17:57 . 2010-11-11 23:10 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-02-17 17:57 . 2010-11-11 23:10 122984 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-02-17 17:35 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-17 17:35 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-17 17:35 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-17 17:35 . 2011-01-08 03:27 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-02-17 17:35 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-17 17:35 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-17 17:35 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-17 17:35 . 2011-01-08 03:27 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-02-17 17:35 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-17 17:35 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-17 17:35 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-17 17:35 . 2011-01-08 03:27 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-02-17 17:26 . 2008-08-07 07:05 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2011-02-17 17:26 . 2008-08-07 07:05 768544 ----a-w- c:\windows\system32\nvcplui.exe
2011-02-17 17:26 . 2008-08-07 07:05 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2011-02-17 17:26 . 2008-08-07 07:05 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2011-02-17 15:30 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{62097D30-3279-4414-8B45-B668705A4A95}\mpengine.dll
2011-02-17 12:16 . 2010-11-22 08:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-17 10:30 . 2011-02-17 10:30 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-17 10:30 . 2010-11-22 08:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-17 10:29 . 2011-02-17 10:29 -------- dc-h--w- c:\programdata\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2011-02-17 10:29 . 2011-02-17 10:30 -------- d-----w- c:\programdata\Lavasoft
2011-02-17 10:29 . 2011-02-17 10:29 -------- d-----w- c:\program files\Lavasoft
2011-02-16 11:43 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-16 11:43 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-16 11:43 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-16 11:43 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-16 11:43 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-16 11:43 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-16 11:43 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-16 11:42 . 2011-02-16 11:42 -------- d-----w- c:\programdata\Alwil Software
2011-02-16 11:42 . 2011-02-16 11:42 -------- d-----w- c:\program files\Alwil Software
2011-02-16 11:30 . 2011-02-16 11:30 388096 ----a-r- c:\users\johny\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-16 11:30 . 2011-02-16 11:30 -------- d-----w- c:\program files\TrendMicro
2011-02-09 09:33 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 09:33 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 09:33 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 09:33 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-08 09:43 . 2011-02-08 09:43 -------- d-sh--w- c:\programdata\SecuROM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2011-02-17 17:35 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 288872 ----a-w- c:\windows\system32\nvhotkey.dll
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-30 18:43 . 2010-12-30 18:42 15600 ----a-w- c:\windows\gdrv.sys
2010-12-28 15:55 . 2011-01-12 20:25 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 20:25 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-02-17 15:22 . 2010-02-16 18:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-17 30192]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-09 3607040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"mouseElf"="c:\progra~1\TWINTO~1\MouseElf.EXE" [2004-08-26 192512]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-07-14 118784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-01-09 18:04 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R1 prodrv03;Star Force copy protection driver v3;c:\windows\System32\drivers\prodrv03.sys [2009-01-13 115968]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R3 AORFQ;AORFQ;c:\users\johny\AppData\Local\Temp\AORFQ.exe [x]
R3 cimo;cimo;c:\windows\system32\cimo.sys [2009-08-05 51200]
R3 GarenaPEngine;GarenaPEngine;c:\users\johny\AppData\Local\Temp\DRYD6E2.tmp [x]
R3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-17 30192]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-22 1375992]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-22 15264]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2009-01-09 43184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-11-22 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-04 691696]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 GJService;Game Jackal Server;c:\programdata\{AAD0A813-CC18-4D28-A1CC-4DC0DF41A592}\Server.exe [2010-04-16 2031040]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2009-01-09 3471360]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &U????????? - c:\program files\NamiRobot\Data\du.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 22:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\johny\AppData\Local\Temp\DRYD6E2.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b4,88,b4,46,81,ab,ce,b6,b5,90,48,10,2e,cf,22,1f,69,7e,7b,5a,13,ef,8d,
4a,aa,1d,ee,a2,97,e3,19,fd,9b,3e,bf,7d,9e,58,55,59,0f,fe,eb,99,12,18,89,4a,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\License information*]
"datasecu"=hex:fd,cf,74,42,12,1c,47,9b,13,87,7d,cb,95,c6,0a,4c,82,94,23,78,da,
b9,03,53,c3,40,45,2a,aa,4f,98,87,36,1a,8e,30,5d,42,b3,ac,31,9d,a6,3d,22,27,\
"rkeysecu"=hex:01,e4,58,16,39,a8,01,79,3c,5e,e3,08,30,e3,75,2e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3908)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Completion time: 2011-02-17 22:06:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-17 21:06
ComboFix2.txt 2011-02-17 20:28

Pre-Run: 96 214 065 152 bytes free
Post-Run: 96 080 461 824 bytes free

- - End Of File - - 6CCC792AB4EC7D28C7D60214A3319979

#11 Příspěvek od **vyosek** » 17 úno 2011 22:19

Jeste jeden skript pro ComboFix - postup je stejny - log pak sem

Kód: Vybrat vše

Driver::
gupdate
AORFQ

File::
c:\users\johny\AppData\Local\Temp\AORFQ.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=-
"msnmsgr"=-
"DAEMON Tools Lite"=-
"WMPNSCFG"=-

Reboot::

janhoo · #12 Příspěvek od **janhoo** » 17 úno 2011 22:37

ComboFix 11-02-17.01 - johny . 02. 2011 22:23:22.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3066.2021 [GMT 1:00]
Running from: c:\users\johny\Desktop\ComboFix.exe
Command switches used :: c:\users\johny\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\users\johny\AppData\Local\Temp\AORFQ.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AORFQ
-------\Service_gupdate

((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-17 21:29 . 2011-02-17 21:32 -------- d-----w- c:\users\johny\AppData\Local\temp
2011-02-17 21:29 . 2011-02-17 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-17 19:00 . 2011-02-17 19:00 -------- d-----w- C:\rsit
2011-02-17 19:00 . 2011-02-17 19:00 -------- d-----w- c:\program files\trend micro
2011-02-17 17:57 . 2010-12-02 09:12 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
2011-02-17 17:57 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-02-17 17:57 . 2010-11-11 23:10 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-02-17 17:57 . 2010-11-11 23:10 122984 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-02-17 17:35 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-17 17:35 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-17 17:35 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-17 17:35 . 2011-01-08 03:27 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-02-17 17:35 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-17 17:35 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-17 17:35 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-17 17:35 . 2011-01-08 03:27 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-02-17 17:35 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-17 17:35 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-17 17:35 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-17 17:35 . 2011-01-08 03:27 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-02-17 17:26 . 2008-08-07 07:05 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2011-02-17 17:26 . 2008-08-07 07:05 768544 ----a-w- c:\windows\system32\nvcplui.exe
2011-02-17 17:26 . 2008-08-07 07:05 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2011-02-17 17:26 . 2008-08-07 07:05 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2011-02-17 15:30 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{62097D30-3279-4414-8B45-B668705A4A95}\mpengine.dll
2011-02-17 12:16 . 2010-11-22 08:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-17 10:30 . 2011-02-17 10:30 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-17 10:30 . 2010-11-22 08:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-17 10:29 . 2011-02-17 10:29 -------- dc-h--w- c:\programdata\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2011-02-17 10:29 . 2011-02-17 10:30 -------- d-----w- c:\programdata\Lavasoft
2011-02-17 10:29 . 2011-02-17 10:29 -------- d-----w- c:\program files\Lavasoft
2011-02-16 11:43 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-16 11:43 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-16 11:43 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-16 11:43 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-16 11:43 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-16 11:43 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-16 11:43 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-16 11:42 . 2011-02-16 11:42 -------- d-----w- c:\programdata\Alwil Software
2011-02-16 11:42 . 2011-02-16 11:42 -------- d-----w- c:\program files\Alwil Software
2011-02-16 11:30 . 2011-02-16 11:30 388096 ----a-r- c:\users\johny\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-16 11:30 . 2011-02-16 11:30 -------- d-----w- c:\program files\TrendMicro
2011-02-09 09:33 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 09:33 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 09:33 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 09:33 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-08 09:43 . 2011-02-08 09:43 -------- d-sh--w- c:\programdata\SecuROM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2011-02-17 17:35 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 288872 ----a-w- c:\windows\system32\nvhotkey.dll
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-30 18:43 . 2010-12-30 18:42 15600 ----a-w- c:\windows\gdrv.sys
2010-12-28 15:55 . 2011-01-12 20:25 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 20:25 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-02-17 15:22 . 2010-02-16 18:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-17 30192]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-09 3607040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"mouseElf"="c:\progra~1\TWINTO~1\MouseElf.EXE" [2004-08-26 192512]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-07-14 118784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-01-09 18:04 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R1 prodrv03;Star Force copy protection driver v3;c:\windows\System32\drivers\prodrv03.sys [2009-01-13 115968]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R3 cimo;cimo;c:\windows\system32\cimo.sys [2009-08-05 51200]
R3 GarenaPEngine;GarenaPEngine;c:\users\johny\AppData\Local\Temp\DRYD6E2.tmp [x]
R3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-17 30192]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-22 1375992]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-22 15264]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2009-01-09 43184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-11-22 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-04 691696]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 GJService;Game Jackal Server;c:\programdata\{AAD0A813-CC18-4D28-A1CC-4DC0DF41A592}\Server.exe [2010-04-16 2031040]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2009-01-09 3471360]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &U????????? - c:\program files\NamiRobot\Data\du.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 22:32
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\johny\AppData\Local\Temp\DRYD6E2.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b4,88,b4,46,81,ab,ce,b6,b5,90,48,10,2e,cf,22,1f,69,7e,7b,5a,13,ef,8d,
4a,aa,1d,ee,a2,97,e3,19,fd,9b,3e,bf,7d,9e,58,55,59,0f,fe,eb,99,12,18,89,4a,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\License information*]
"datasecu"=hex:fd,cf,74,42,12,1c,47,9b,13,87,7d,cb,95,c6,0a,4c,82,94,23,78,da,
b9,03,53,c3,40,45,2a,aa,4f,98,87,36,1a,8e,30,5d,42,b3,ac,31,9d,a6,3d,22,27,\
"rkeysecu"=hex:01,e4,58,16,39,a8,01,79,3c,5e,e3,08,30,e3,75,2e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3804)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-02-17 22:36:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-17 21:36
ComboFix2.txt 2011-02-17 21:06
ComboFix3.txt 2011-02-17 20:28

Pre-Run: 96 123 990 016 bytes free
Post-Run: 95 984 488 448 bytes free

- - End Of File - - 0767A499E84C1E31AAAADFD47A2B5CE5

#13 Příspěvek od **vyosek** » 17 úno 2011 22:38

Jak se chova PC

janhoo · #14 Příspěvek od **janhoo** » 17 úno 2011 22:42

pracuje normálne, aj ide rýchlejšie, teraz môžem zapnúť antivírus a firewall a skúsiť reštart?

#15 Příspěvek od **vyosek** » 17 úno 2011 22:44

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Nechte PC ve stavu jak jej bezne pouzivate (zapnuty AV apod) a napiste jak se chova PC

VIRY.CZ

Prosím pomoc, explorer.exe+vírusy

Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy

Re: Prosím pomoc, explorer.exe+vírusy