VIRY.CZ

Dobrý den,

mám s jistotou zavirované pc, prosím o pomoc. PC je extrémně zpomalené, a to opravdu extrémně. Problém řeším z jiného pc, protože většina programů nefunguje, žádný z prohlížečů, takže na internet se nedostanu. Při spuštění testu od Avast při spuštění počítače našel asi 10 virů, ale teď už nejde spustit ani ten. Jen udělání a převedení logu sem trvalo přes hodinu.
Vkládám log z rsitu a žádám o pomoc. Děkuji mnohokrát..
LOG:

Logfile of random's system information tool 1.08 (written by random/random)
Run by PETR at 2011-06-26 22:26:41
Microsoft Windows 7 Professional
System drive C: has 332 GB (72%) free of 459 GB
Total RAM: 3951 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:33:03, on 26.6.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\PETR\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\syswow64\MsiExec.exe
C:\Users\PETR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\PETR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\PETR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\PETR.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/facesmooch12a ... CC3D5005CE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\FaceSmooch Toolbar\tbhelper.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\ToolBar\searchqudtx.dll
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files (x86)\Seznam.cz\toolbar\toolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\ToolBar\searchqudtx.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: FaceSmooch Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IR_SERVER] C:\Program Files (x86)\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [FacebookDiscovery] "C:\Program Files\FacebookDiscovery\FacebookDiscovery.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\PETR\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: TMMonitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files (x86)\Seznam.cz\listicka.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\wia6eb~1\datamngr\datamngr.dll c:\progra~2\wia6eb~1\datamngr\iebho.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19160 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
atieclxx
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\windows\system32\WLANExt.exe 29992688
\??\C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
"C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe"
"C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
WLIDSvcM.exe 2904
C:\windows\system32\wbem\unsecapp.exe -Embedding
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
"C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Users\PETR\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" /start
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=SYSTRAY
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /ArmUpdateExe:"C:\ProgramData\Adobe\ARM\Reader_10.0.1\13123" /MODE:1 /PRODUCT:Reader /VERSION:10 /LANG:CZE/qn
C:\windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe -Embedding D05CAD3342895F6A71DFF5C1C751C9BA
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -UseCLSID {A0E8A38E-846B-497F-9E4E-F795822FF5E6} -Comment "NGen Worker Process"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
C:\Windows\syswow64\MsiExec.exe -Embedding 5EA5A1F157277439AD31BB766E5A3F12 M Global\MSI0000
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Bluetooth®: On
WLAN: On</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>1012453480</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Users\PETR\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1376 CREDAT:203009
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Users\PETR\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_250ms_queue_prefetch/DnsParallelism/parallel_20/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/ --channel=6544.0BE61288.1963437528 /prefetch:3
"C:\Users\PETR\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_250ms_queue_prefetch/DnsParallelism/parallel_20/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/ --channel=6544.0BFBCA98.1920235659 /prefetch:3 --ignored=" --type=renderer "
C:\windows\system32\rundll32.exe "C:\Users\PETR\AppData\Local\Google\Chrome\APPLIC~1\120742~1.100\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\PETR\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\PETR\AppData\Local\Google\Chrome\Application\12.0.742.100\gcswf32.dll" --lang=cs --channel=6544.0BFFD750.1473298382 /prefetch:4 --flash-broker=6328
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\servicing\TrustedInstaller.exe
"G:\Viry\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-287492491-823371776-2074256621-1002Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-287492491-823371776-2074256621-1002UA.job
C:\windows\tasks\HPCeeScheduleForPETR.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2011-05-10 977472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 2132232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
UrlHelper Class - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll [2011-03-02 1058712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-05-20 409776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-21 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-01-19 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 1471752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
Searchqu Toolbar - C:\PROGRA~2\WIA6EB~1\ToolBar\searchqudtx.dll [2011-03-02 88976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
UrlHelper Class - C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll [2011-03-02 722840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-05-20 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files (x86)\Seznam.cz\listicka.dll [2010-10-07 1961240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2011-05-10 977472]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-05-20 409776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files (x86)\Seznam.cz\toolbar\toolbar.dll [2010-10-07 187672]
{99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar - C:\PROGRA~2\WIA6EB~1\ToolBar\searchqudtx.dll [2011-03-02 88976]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-06-21 1018680]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-05-10 819840]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - FaceSmooch Toolbar - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll [2010-02-16 2495488]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-05-20 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-01-08 186904]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-04-05 1691192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-04-05 8192]
"acevents"=C:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-04 196648]
""= []
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-04 483880]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-03-17 487424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [2010-02-10 1712184]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-05-19 2736128]
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []
"FacebookDiscovery"=C:\Program Files\FacebookDiscovery\FacebookDiscovery.exe []
""= []
"Google Update"=C:\Users\PETR\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 136176]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-04-14 39408]
"ICQ"=C:\Program Files (x86)\ICQ7.5\ICQ.exe [2011-05-01 124216]
"ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2009-05-28 89600]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2010-03-06 563736]
"File Sanitizer"=C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2010-01-19 11266048]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-04-21 98304]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2010-03-04 111640]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-05-10 3459712]
"IR_SERVER"=C:\Program Files (x86)\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe []
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"DATAMNGR"=C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE [2011-03-02 1115536]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
TMMonitor.lnk - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-06-26 22:26:56 ----D---- C:\Program Files\trend micro
2011-06-26 22:26:41 ----D---- C:\rsit
2011-06-26 22:07:00 ----D---- C:\Program Files (x86)\Adobe
2011-06-26 21:35:40 ----SHD---- C:\Config.Msi
2011-06-26 10:34:19 ----D---- C:\HP_RECOVERY_mountHPSF
2011-06-22 08:16:20 ----D---- C:\ccc311ccbb5e806e4c12e977be
2011-06-22 08:10:01 ----D---- C:\6d5a0ad26bb2abbafed36213b0f2
2011-06-18 14:30:15 ----A---- C:\windows\system32\mshtmled.dll
2011-06-18 14:30:14 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2011-06-18 14:30:14 ----A---- C:\windows\system32\iertutil.dll
2011-06-18 14:30:13 ----A---- C:\windows\SYSWOW64\ieui.dll
2011-06-18 14:30:13 ----A---- C:\windows\SYSWOW64\iertutil.dll
2011-06-18 14:30:13 ----A---- C:\windows\system32\jscript9.dll
2011-06-18 14:30:13 ----A---- C:\windows\system32\ieui.dll
2011-06-18 14:30:12 ----A---- C:\windows\SYSWOW64\urlmon.dll
2011-06-18 14:30:12 ----A---- C:\windows\SYSWOW64\jscript9.dll
2011-06-18 14:30:12 ----A---- C:\windows\SYSWOW64\jscript.dll
2011-06-18 14:30:12 ----A---- C:\windows\system32\urlmon.dll
2011-06-18 14:30:12 ----A---- C:\windows\system32\jscript.dll
2011-06-18 14:30:11 ----A---- C:\windows\SYSWOW64\mshtml.dll
2011-06-18 14:30:10 ----A---- C:\windows\SYSWOW64\ieframe.dll
2011-06-18 14:30:10 ----A---- C:\windows\system32\mshtml.dll
2011-06-18 14:30:09 ----A---- C:\windows\system32\ieframe.dll
2011-06-17 12:13:53 ----A---- C:\windows\system32\drivers\dfsc.sys
2011-06-17 12:13:52 ----A---- C:\windows\system32\drivers\tcpip.sys
2011-06-17 12:13:52 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 12:13:52 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 12:13:52 ----A---- C:\windows\system32\drivers\afd.sys
2011-06-17 12:13:51 ----A---- C:\windows\system32\win32k.sys
2011-06-17 12:13:51 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2011-06-17 12:13:40 ----A---- C:\windows\SYSWOW64\d3d10_1core.dll
2011-06-17 12:13:40 ----A---- C:\windows\SYSWOW64\d3d10_1.dll
2011-06-17 12:13:40 ----A---- C:\windows\system32\d3d10_1core.dll
2011-06-17 12:13:40 ----A---- C:\windows\system32\d3d10_1.dll
2011-06-17 12:13:39 ----A---- C:\windows\system32\drivers\srvnet.sys
2011-06-17 12:13:39 ----A---- C:\windows\system32\drivers\srv2.sys
2011-06-17 12:13:39 ----A---- C:\windows\system32\drivers\srv.sys
2011-06-17 12:13:36 ----A---- C:\windows\SYSWOW64\oleaut32.dll
2011-06-17 12:13:36 ----A---- C:\windows\SYSWOW64\inetcomm.dll
2011-06-17 12:13:36 ----A---- C:\windows\system32\oleaut32.dll
2011-06-17 12:13:36 ----A---- C:\windows\system32\inetcomm.dll
2011-06-14 14:25:26 ----D---- C:\Users\PETR\AppData\Roaming\BatteryBar
2011-06-14 14:25:25 ----D---- C:\Program Files\BatteryBar
2011-06-09 13:07:40 ----D---- C:\ProgramData\Adobe
2011-06-09 08:14:02 ----D---- C:\TopCD

======List of files/folders modified in the last 1 months======

2011-06-26 22:33:26 ----D---- C:\windows\Temp
2011-06-26 22:26:56 ----RD---- C:\Program Files
2011-06-26 22:23:38 ----D---- C:\windows\system32\config
2011-06-26 22:13:32 ----SHD---- C:\windows\Installer
2011-06-26 22:07:00 ----RD---- C:\Program Files (x86)
2011-06-26 22:06:58 ----D---- C:\Program Files (x86)\Common Files
2011-06-26 21:40:19 ----D---- C:\windows\System32
2011-06-26 21:40:19 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-06-26 21:40:14 ----D---- C:\windows\inf
2011-06-26 21:34:51 ----D---- C:\windows\Microsoft.NET
2011-06-26 21:34:31 ----D---- C:\windows\SysWOW64
2011-06-26 21:34:28 ----D---- C:\Users\PETR\AppData\Roaming\ICQ
2011-06-26 21:32:49 ----D---- C:\ProgramData\HPQLOG
2011-06-26 21:32:39 ----A---- C:\windows\SYSWOW64\log.txt
2011-06-26 12:51:02 ----D---- C:\windows\system32\Tasks
2011-06-26 12:51:02 ----D---- C:\Windows
2011-06-26 11:31:12 ----SD---- C:\Users\PETR\AppData\Roaming\Microsoft
2011-06-26 11:05:38 ----D---- C:\windows\Minidump
2011-06-25 15:22:05 ----D---- C:\windows\system32\NDF
2011-06-25 15:20:47 ----D---- C:\windows\Prefetch
2011-06-24 14:46:36 ----D---- C:\windows\Tasks
2011-06-24 14:00:50 ----D---- C:\ProgramData\PDFC
2011-06-24 13:53:02 ----RSD---- C:\windows\assembly
2011-06-22 08:16:20 ----SHD---- C:\System Volume Information
2011-06-22 08:11:58 ----D---- C:\windows\winsxs
2011-06-21 09:57:03 ----D---- C:\windows\system32\catroot
2011-06-21 09:57:01 ----D---- C:\windows\system32\catroot2
2011-06-20 12:00:26 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-06-20 11:59:12 ----D---- C:\windows\system32\drivers
2011-06-20 11:59:12 ----D---- C:\Program Files\Internet Explorer
2011-06-20 11:59:12 ----D---- C:\Program Files (x86)\Internet Explorer
2011-06-18 14:33:13 ----A---- C:\windows\system32\MRT.exe
2011-06-18 14:33:09 ----D---- C:\ProgramData\Microsoft Help
2011-06-09 13:10:10 ----D---- C:\Users\PETR\AppData\Roaming\Adobe
2011-06-09 13:07:40 ----HD---- C:\ProgramData
2011-06-05 20:48:25 ----D---- C:\Users\PETR\AppData\Roaming\Skype
2011-06-05 16:06:12 ----D---- C:\Users\PETR\AppData\Roaming\skypePM
2011-06-01 13:14:44 ----D---- C:\Program Files (x86)\Electronic Arts
2011-06-01 13:14:35 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-01-08 409112]
R0 PxHlpa64;PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2010-02-02 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2010-02-02 15688]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2011-05-10 31064]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2011-05-10 600920]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2011-05-10 287576]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2011-05-10 53592]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2010-02-02 58184]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2009-12-01 359624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2011-05-10 22360]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 64344]
R2 rimspci;rimspci; C:\windows\system32\DRIVERS\rimspe64.sys [2009-10-27 61952]
R2 risdpcie;risdpcie; C:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29 79360]
R2 rixdpcie;rixdpcie; C:\windows\system32\DRIVERS\rixdpe64.sys [2009-12-12 55808]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2010-01-21 1209856]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys [2010-04-08 124944]
R3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-04-22 6101504]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-11-20 3058168]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2010-06-24 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-01-07 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2010-01-07 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-01-07 21160]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\windows\system32\DRIVERS\e1k62x64.sys [2010-01-07 295088]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vpcbus;Virtual PC Host Bus Service; C:\windows\system32\DRIVERS\vpchbus.sys [2010-11-20 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2010-06-24 552448]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETw5s64.sys [2010-02-01 7675392]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 42912]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\windows\system32\drivers\RTL2832UBDA.sys [2009-07-06 114080]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\windows\System32\Drivers\RTL2832UUSB.sys [2009-07-06 38944]
S3 s3cap;s3cap; C:\windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-09-16 109056]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2010-01-19 1803904]
S3 storvsc;storvsc; C:\windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2010-01-21 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-04-21 202752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-05-10 42184]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-12-30 873248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2010-03-31 462088]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-11-15 126520]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2010-01-08 354840]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-05-19 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-04 268824]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-03-06 635416]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [2010-03-17 244736]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-04 2320920]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-10-14 751672]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2010-02-19 2045232]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-04-14 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-10-16 74392]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-12-25 1255736]

-----------------EOF-----------------

Dobrý večer


Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

• Stáhneme si Combofix
• Program uložíme nejlépe na Plochu
• Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
• Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
• Spustíme Combofix.exe s administrátorským oprávněním
  U Windows XP se přihlásíme pod účtem správce
  Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
• Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
• Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
• Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
• Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
• Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
• (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

Pokud nepůjde normálně,pak v nouzovém režimu(při startu pc mačkejte F8)

double post

Omlouvám se za prodlevu, ale trvalo mi to zase spoustu času, než jsem combofix vůbec dostal do pc, a napotřetí v nouzovým režimu provedl log...
Tady je, děkuji moc za ochotu!

ComboFix 11-06-26.01 - PETR 27.06.2011 9:12.2.4 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3951.2535 [GMT 2:00]
Spuštěný z: c:\users\PETR\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\program files (x86)\FaceSmooch Toolbar\tbHElper.dll
c:\program files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngrUI.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\as_guid.dat
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\dtUser.exe
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\bandoocode.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\imeshcode.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\bandoocode.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\imeshcode.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\nsDragAndDrop.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\vmncode.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\partner.coupons.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\radiobeta.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\vmncode.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\vmnrsswin.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\ie7style.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.jsw
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.jsw
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\css\autocomplete.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\bg.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\powered-by-youtube.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\vid-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images\youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\index.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\autocomplete.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\jquery-1.4.3.min.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\paginator.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js\youtube.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\bg.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.jsw
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\babylon_logo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\bandoo.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\dtxlogo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\ebay.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\facebook.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred1.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred1_5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred2.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred2_5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred3.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred3_5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred4.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred4_5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphredna.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\icon_radio_png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\icon_seperator_png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\imesh.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\reload.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-separator.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\mail.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\protect-id.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\radiobeta.ico
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\search_button_over_png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\search_button_png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\translate.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\vmn.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\vmn.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\searchquband.dll
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\searchqudtx.dll
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
C:\Thumbs.db
c:\users\PETR\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A7EA69C2-5309-4FAF-9C63-9DE2715451A4}.xps
c:\windows\SysWow64\system32\DRIVERS\RTL2832U_IRHID.sys
c:\windows\SysWow64\system32\DRIVERS\RTL2832UBDA.sys
c:\windows\SysWow64\system32\DRIVERS\RTL2832UUSB.sys
.
.

POKRAČOVÁNÍ LOGU:

((((((((((((((((((((((((( Soubory vytvořené od 2011-05-27 do 2011-06-27 )))))))))))))))))))))))))))))))
.
.
2011-06-27 07:18 . 2011-06-27 07:18 -------- d-----w- c:\users\petr0\AppData\Local\temp
2011-06-27 07:18 . 2011-06-27 07:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-26 20:26 . 2011-06-26 20:33 -------- d-----w- c:\program files\trend micro
2011-06-26 20:26 . 2011-06-26 20:35 -------- d-----w- C:\rsit
2011-06-26 20:06 . 2011-06-26 20:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-06-26 08:34 . 2011-06-26 08:34 -------- d-----w- C:\HP_RECOVERY_mountHPSF
2011-06-24 12:06 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6995E1B1-A5C2-476B-B701-F809D96CD96B}\mpengine.dll
2011-06-22 06:16 . 2011-06-22 06:16 -------- d-----w- C:\ccc311ccbb5e806e4c12e977be
2011-06-22 06:10 . 2011-06-22 06:10 -------- d-----w- C:\6d5a0ad26bb2abbafed36213b0f2
2011-06-21 08:50 . 2011-06-21 08:50 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-06-17 10:13 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-14 12:25 . 2011-06-25 13:38 -------- d-----w- c:\users\PETR\AppData\Roaming\BatteryBar
2011-06-14 12:25 . 2011-06-14 12:26 -------- d-----w- c:\program files\BatteryBar
2011-06-09 11:10 . 2011-06-09 11:10 -------- d-----w- c:\users\PETR\AppData\Local\Adobe
2011-06-09 06:14 . 2011-06-09 06:14 -------- d-----w- C:\TopCD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-09 09:52 . 2011-05-21 07:18 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-24 17:14 . 2010-12-24 19:59 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10 . 2010-12-24 19:12 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-12-24 19:12 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-05-10 12:10 . 2011-03-19 17:20 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:04 . 2011-03-19 17:20 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:04 . 2010-12-24 19:12 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-12-24 19:12 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-12-24 19:12 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-12-24 19:12 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-12-24 19:12 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-25 11:39 . 2011-04-25 11:38 12418248 ----a-w- c:\users\PETR\Firefox Setup 4.0.exe
2011-04-22 20:18 . 2011-05-25 14:17 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:58 . 2011-05-20 14:13 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:45 . 2011-05-12 14:11 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-12 14:11 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-12 14:11 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-20 14:13 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files (x86)\Seznam.cz\toolbar\toolbar.dll" [2010-10-07 187672]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-14 39408]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-05-01 124216]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-03-06 563736]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-30 1082656]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-12-27 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 RsvLock;RsvLock; [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-03-06 635416]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 42912]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-07-06 114080]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-07-06 38944]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 17:58]
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 17:58]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-287492491-823371776-2074256621-1002Core.job
- c:\users\PETR\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:17]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-287492491-823371776-2074256621-1002UA.job
- c:\users\PETR\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:17]
.
2011-06-25 c:\windows\Tasks\HPCeeScheduleForPETR.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF8752.cfxxe" [X]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-04-05 1691192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/facesmooch12a/{A3C17 ... CC3D5005CE}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files (x86)\Seznam.cz\listicka.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 80.83.64.2 80.83.64.5 192.168.100.23
TCP: Interfaces\{5725536F-B5E9-43C3-8C9F-236ADAFAE9C2}: DhcpNameServer = 80.83.64.2 80.83.64.5 192.168.100.23
.
.
------- Asociace souborů -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-FacebookDiscovery - c:\program files\FacebookDiscovery\FacebookDiscovery.exe
Wow6432Node-HKLM-Run-IR_SERVER - c:\program files (x86)\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
BHO-{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - c:\progra~2\WIA6EB~1\Datamngr\x64\IEBHO.dll
Toolbar-10 - (no file)
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Výchozí) - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Searchqu 101 MediaBar - c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-06-27 09:20:10
ComboFix-quarantined-files.txt 2011-06-27 07:20
.
Před spuštěním: Volných bajtů: 375 798 681 600
Po spuštění: Volných bajtů: 375 310 159 872
.
- - End Of File - - AB00826602115DC2D1099C3E5628EC8A

Otevřeme si Poznámkový blok

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  KillAll::
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "swg"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "NokiaMServer"=-
  "StartCCC"=-
  "IMSS"=-
  "GrooveMonitor"=-
  "Adobe ARM"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IAAnotif"=-
  
  DDS::
  mStart Page = hxxp://www.bigseekpro.com/facesmooch12a/{A3C17019-68AC-438C-9295-70CC3D5005CE}
  Trusted Zone: //about.htm/
  Trusted Zone: //Exclude.htm/
  Trusted Zone: //FWEvent.htm/
  Trusted Zone: //LanguageSelection.htm/
  Trusted Zone: //Message.htm/
  Trusted Zone: //MyAgttryCmd.htm/
  Trusted Zone: //MyAgttryNag.htm/
  Trusted Zone: //MyNotification.htm/
  Trusted Zone: //NOCLessUpdate.htm/
  Trusted Zone: //quarantine.htm/
  Trusted Zone: //ScanNow.htm/
  Trusted Zone: //strings.vbs/
  Trusted Zone: //Template.htm/
  Trusted Zone: //Update.htm/
  Trusted Zone: //VirFound.htm/
  Trusted Zone: mcafee.com\*
  Trusted Zone: mcafeeasap.com\betavscan
  Trusted Zone: mcafeeasap.com\vs
  Trusted Zone: mcafeeasap.com\www
  
  FCopy::
  C:\Qoobox\Quarantine\c\windows\SysWow64\system32\DRIVERS\RTL2832U_IRHID.sys.vir | c:\windows\SysWow64\system32\DRIVERS\RTL2832U_IRHID.sys
  C:\Qoobox\Quarantine\c\windows\SysWow64\system32\DRIVERS\RTL2832UBDA.sys.vir | c:\windows\SysWow64\system32\DRIVERS\RTL2832UBDA.sys
  C:\Qoobox\Quarantine\c\windows\SysWow64\system32\DRIVERS\RTL2832UUSB.sys.vir | c:\windows\SysWow64\system32\DRIVERS\RTL2832UUSB.sys
  
  Reboot::
  

• Soubor uložíme na Plochu jako CFScript.txt
• Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
  
  
• Poté Combofix provede všechny operace a udělá nový log,který sem vložte

Díky moc, tady je: (Jinak v pc žádná změna)

ComboFix 11-06-26.01 - PETR 27.06.2011 10:53:11.4.4 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3951.2551 [GMT 2:00]
Spuštěný z: c:\users\PETR\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\PETR\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
/wow section - STAGE 4
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Přístup byl odepřen.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\DRIVERS\RTL2832U_IRHID.sys
c:\windows\SysWow64\system32\DRIVERS\RTL2832UBDA.sys
c:\windows\SysWow64\system32\DRIVERS\RTL2832UUSB.sys
.
---- Předchozí spuštění -------
.
c:\windows\SysWow64\system32\DRIVERS\RTL2832U_IRHID.sys
c:\windows\SysWow64\system32\DRIVERS\RTL2832UBDA.sys
c:\windows\SysWow64\system32\DRIVERS\RTL2832UUSB.sys
.
.
--------------- FCopy ---------------
.
c:\qoobox\Quarantine\c\windows\SysWow64\system32\DRIVERS\RTL2832U_IRHID.sys.vir --> c:\windows\SysWow64\system32\DRIVERS\RTL2832U_IRHID.sys
c:\qoobox\Quarantine\c\windows\SysWow64\system32\DRIVERS\RTL2832UBDA.sys.vir --> c:\windows\SysWow64\system32\DRIVERS\RTL2832UBDA.sys
c:\qoobox\Quarantine\c\windows\SysWow64\system32\DRIVERS\RTL2832UUSB.sys.vir --> c:\windows\SysWow64\system32\DRIVERS\RTL2832UUSB.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-27 do 2011-06-27 )))))))))))))))))))))))))))))))
.
.
2011-06-27 08:58 . 2011-06-27 08:58 -------- d-----w- c:\users\petr0\AppData\Local\temp
2011-06-27 08:58 . 2011-06-27 08:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-26 20:26 . 2011-06-26 20:33 -------- d-----w- c:\program files\trend micro
2011-06-26 20:26 . 2011-06-26 20:35 -------- d-----w- C:\rsit
2011-06-26 20:06 . 2011-06-26 20:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-06-26 08:34 . 2011-06-26 08:34 -------- d-----w- C:\HP_RECOVERY_mountHPSF
2011-06-24 12:06 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6995E1B1-A5C2-476B-B701-F809D96CD96B}\mpengine.dll
2011-06-22 06:16 . 2011-06-22 06:16 -------- d-----w- C:\ccc311ccbb5e806e4c12e977be
2011-06-22 06:10 . 2011-06-22 06:10 -------- d-----w- C:\6d5a0ad26bb2abbafed36213b0f2
2011-06-21 08:50 . 2011-06-21 08:50 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-06-17 10:13 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-14 12:25 . 2011-06-25 13:38 -------- d-----w- c:\users\PETR\AppData\Roaming\BatteryBar
2011-06-14 12:25 . 2011-06-14 12:26 -------- d-----w- c:\program files\BatteryBar
2011-06-09 11:10 . 2011-06-09 11:10 -------- d-----w- c:\users\PETR\AppData\Local\Adobe
2011-06-09 06:14 . 2011-06-09 06:14 -------- d-----w- C:\TopCD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-09 09:52 . 2011-05-21 07:18 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-24 17:14 . 2010-12-24 19:59 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10 . 2010-12-24 19:12 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-12-24 19:12 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-05-10 12:10 . 2011-03-19 17:20 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:04 . 2011-03-19 17:20 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:04 . 2010-12-24 19:12 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-12-24 19:12 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-12-24 19:12 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-12-24 19:12 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-12-24 19:12 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-25 11:39 . 2011-04-25 11:38 12418248 ----a-w- c:\users\PETR\Firefox Setup 4.0.exe
2011-04-22 20:18 . 2011-05-25 14:17 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:58 . 2011-05-20 14:13 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:45 . 2011-05-12 14:11 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-12 14:11 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-12 14:11 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-20 14:13 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-27_07.18.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-06-27 09:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-06-27 06:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-06-27 09:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-27 06:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-27 06:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-27 09:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-06-27 08:20 45076 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-06-27 06:47 45076 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-24 19:17 . 2011-06-27 08:20 9780 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-287492491-823371776-2074256621-1002_UserData.bin
- 2010-11-20 01:30 . 2011-06-26 17:06 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-11-20 01:30 . 2011-06-27 09:00 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-06-27 06:28 . 2011-06-27 07:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-27 09:01 . 2011-06-27 09:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-27 09:01 . 2011-06-27 09:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-27 06:28 . 2011-06-27 07:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-06-27 07:16 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-06-27 08:57 615810 c:\windows\system32\perfh009.dat
- 2010-09-16 17:44 . 2011-06-27 07:16 631054 c:\windows\system32\perfh005.dat
+ 2010-09-16 17:44 . 2011-06-27 08:57 631054 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-06-27 08:57 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-06-27 07:16 106190 c:\windows\system32\perfc009.dat
- 2010-09-16 17:44 . 2011-06-27 07:16 121708 c:\windows\system32\perfc005.dat
+ 2010-09-16 17:44 . 2011-06-27 08:57 121708 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2011-06-26 17:06 423440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-06-27 09:00 423440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-06-27 08:32 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-06-26 20:41 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files (x86)\Seznam.cz\toolbar\toolbar.dll" [2010-10-07 187672]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-05-01 124216]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-03-06 563736]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-30 1082656]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-12-27 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 RsvLock;RsvLock; [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-03-06 635416]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 42912]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-07-06 114080]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-07-06 38944]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 17:58]
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 17:58]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-287492491-823371776-2074256621-1002Core.job
- c:\users\PETR\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:17]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-287492491-823371776-2074256621-1002UA.job
- c:\users\PETR\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:17]
.
2011-06-25 c:\windows\Tasks\HPCeeScheduleForPETR.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
c:\progra~2\WIA6EB~1\Datamngr\x64\IEBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-04-05 1691192]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files (x86)\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 80.83.64.2 80.83.64.5 192.168.100.23
TCP: Interfaces\{5725536F-B5E9-43C3-8C9F-236ADAFAE9C2}: DhcpNameServer = 80.83.64.2 80.83.64.5 192.168.100.23
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Celkový čas: 2011-06-27 11:06:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-27 09:06
ComboFix2.txt 2011-06-27 07:20
.
Před spuštěním: Volných bajtů: 375 486 005 248
Po spuštění: Volných bajtů: 375 381 393 408
.
- - End Of File - - 0398BE6DFFE042C3E44FF6A6FECC39AB

Otevřeme si Poznámkový blok

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  Quit::
  
  DeQuarantine::
  C:\Qoobox\Quarantine\c\windows\SysWow64\system32
  
  Quit::
  

• Soubor uložíme na Plochu jako CFScript.txt
• Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
  
  
• Poté Combofix provede všechny operace a udělá nový log,který sem vložte

Pokud nepůjde normálně,tak v nouzovém režimu(při startu PC mačkejte F8)

Poté jdeme hledat havěť

Malwarebytes' Anti-Malware

• Stáhneme,nainstalujeme a spustíme(pokud si nevíte rady jak,klikněte ZDE)
• Vybereme Úplná kontrola a klikneme na tlačítko Prohledat
• Program provede kontrolu počítače a na konci se vám objeví hláska,že bylo skenování dokončeno,tak potvrdíme tlačítkem OK
• Objeví se vám log,který mi sem vložte
• NIC NEMAZAT!!Program mívá občas falešné detekce,takže mazat budeme až po konzultaci

Nový log:

C:\Qoobox\Quarantine\c\windows\SysWow64\system32\DRIVERS\RTL2832UBDA.sys -> C:\windows\SysWow64\system32\DRIVERS\RTL2832UBDA.sys
C:\Qoobox\Quarantine\c\windows\SysWow64\system32\DRIVERS\RTL2832UUSB.sys -> C:\windows\SysWow64\system32\DRIVERS\RTL2832UUSB.sys
C:\Qoobox\Quarantine\c\windows\SysWow64\system32\DRIVERS\RTL2832U_IRHID.sys -> C:\windows\SysWow64\system32\DRIVERS\RTL2832U_IRHID.sys
Zkopˇrovan‚ soubory: 3

Log z Anti-Malware:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Verze databáze: 6705

Windows 6.1.7600 (Safe Mode)
Internet Explorer 9.0.8112.16421

27.6.2011 12:20:07
mbam-log-2011-06-27 (12-20-01).txt

Typ: Úplná kontrola (C:\|F:\|)
Kontrolované objekty: 388727
Uplynulý čas: 41 minut, 15 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Qoobox\quarantine\C\program files (x86)\funwebproducts\Installr\1.bin\f3plugin.dll.vir (PUP.FunWebProducts) -> No action taken.
c:\Qoobox\quarantine\C\program files (x86)\funwebproducts\Installr\1.bin\npfunweb.dll.vir (PUP.FunWebProducts) -> No action taken.
c:\Users\PETR\FLASH\all net´s\Masakr.exe (Joke.Stressreducer) -> No action taken.

Nalazené položky smazat...jak se chová PC? popište co nejvíce

PC je extrémně pomalé, kromě nouzového režimu, pokud se do něj dostanu, pc jede normálně. Často se však zasekne při spuštění a musím ho opět restartovat. V normálním režimu trvá otřevření čehokoliv minuty až desítky minut. Na začátku mě nechtěl pustit do ovládacích panelů a na internet v jakémkoliv prohlížeči, ale to už teď funguje, zdá se, že jediným problémem zůstává extrémně pomalá rychlost...

Ještě si něco ověříme..použiji kolegův návod,nemám sesmolený svůj zatím

vyosek píše: Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
• Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
• Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
• Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
• Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
• Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

A jedna prosba..zabalte mi složku c:\Qoobox\ a nahrajte na http://www.leteckaposta.cz a dejte mi sem odkaz,děkuji