VIRY.CZ

Prosím o pomoc,další Kr...a,co se chtěla podívat na video



Logfile of random's system information tool 1.09 (written by random/random)
Run by KAČENKA at 2011-07-25 22:01:49
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 146 GB (75%) free of 193 GB
Total RAM: 2037 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:02:17, on 25.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\USB Camera\VM331_STI.EXE
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Windows\update.tray-12-0\svchost.exe
C:\Windows\update.tray-14-0\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\l1rezerv.exe
C:\Windows\systemup.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ICQ7.5\ICQ.exe
C:\Users\KAČENKA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Users\KAČENKA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KAČENKA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\KAČENKA\Downloads\RSIT.exe
C:\Program Files\trend micro\KAČENKA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WIA6EB~1\ToolBar\SearchquDx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WIA6EB~1\ToolBar\SearchquDx.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [331BigDog] C:\Program Files\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [TpShocks] C:\Windows\system32\TpShocks.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WIA6EB~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [tray_ico0] C:\windows\update.tray-12-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\windows\update.tray-14-0\svchost.exe
O4 - HKLM\..\Run: [3928073.exe] "C:\Users\KAČENKA\AppData\Local\Temp\3928073.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [2300963.exe] "C:\Windows\Temp\2300963.exe"
O4 - HKLM\..\Run: [8312258.exe] "C:\Windows\Temp\8312258.exe"
O4 - HKLM\..\Run: [42716588-loader2.exe] "C:\Windows\Temp\42716588-loader2.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\windows\l1rezerv.exe"
O4 - HKLM\..\Run: [systemup] "C:\windows\systemup.exe" stand
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [229575.exe] "C:\Windows\Temp\229575.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\KAČENKA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: c:\progra~1\wia6eb~1\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\QSTART.SYS\config\DVMExportService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: @c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: srvbtcclient - Unknown owner - C:\windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\windows\sysdriver32.exe
O23 - Service: IdeaPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.exe
O23 - Service: wxpdrivers - Unknown owner - C:\windows\update.1\svchost.exe

--
End of file - 12398 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2648414305-365348307-1249114892-1003Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2648414305-365348307-1249114892-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\KAČENKA\AppData\Roaming\Mozilla\Firefox\Profiles\fb43o1nr.default

prefs.js - "browser.startup.homepage" - "http://www.searchqu.com/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1387, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG10\Firefox4\
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\Toolbar\firefox\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\KAČENKA\AppData\Roaming\Mozilla\Firefox\Profiles\fb43o1nr.default\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Users\KAČENKA\AppData\Roaming\Mozilla\Firefox\Profiles\fb43o1nr.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-07-14 1237240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}]
Searchqu Toolbar - C:\PROGRA~1\WIA6EB~1\ToolBar\SearchquDx.dll [2010-02-10 87488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
BandooIEPlugin Class - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll [2011-01-13 2444688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{7FF99715-3016-4381-84CE-E4E4C9673020} - Searchqu Toolbar - C:\PROGRA~1\WIA6EB~1\ToolBar\SearchquDx.dll [2010-02-10 87488]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-07-14 1237240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-04-23 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-04-23 173592]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-04-23 150552]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-01-14 1615144]
"331BigDog"=C:\Program Files\USB Camera\VM331_STI.EXE [2010-01-15 536576]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2009-09-02 186208]
"EnergyUtility"=C:\Program Files\Lenovo\Energy Management\utility.exe [2009-10-23 4114288]
"Energy Management"=C:\Program Files\Lenovo\Energy Management\Energy Management.exe [2009-10-23 5064560]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"DATAMNGR"=C:\PROGRA~1\WIA6EB~1\Datamngr\DATAMN~1.EXE [2010-11-04 985488]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"tray_ico"= []
"tray_ico0"=C:\windows\update.tray-12-0\svchost.exe [2011-07-24 1174016]
"tray_ico1"=C:\windows\update.tray-14-0\svchost.exe [2011-07-24 1174016]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"3928073.exe"=C:\Users\KAČENKA\AppData\Local\Temp\3928073.exe [2011-07-24 247296]
"sysdriver32.exe"=C:\windows\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\windows\sysdriver32_.exe [2011-07-25 256000]
"2300963.exe"=C:\Windows\Temp\2300963.exe [2011-07-24 247296]
"8312258.exe"=C:\Windows\Temp\8312258.exe [2011-07-24 495616]
"42716588-loader2.exe"=C:\Windows\Temp\42716588-loader2.exe [2011-07-24 247296]
"l1rezerv.exe"=C:\windows\l1rezerv.exe [2011-07-24 232960]
"systemup"=C:\windows\systemup.exe [2011-07-24 114176]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-07-25 2216960]
"229575.exe"=C:\Windows\Temp\229575.exe [2011-07-25 256000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-25 3318784]
"Google Update"=C:\Users\KAČENKA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 136176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Users\KAČENKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\wia6eb~1\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-04-19 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-25 22:01:51 ----D---- C:\Program Files\trend micro
2011-07-25 22:01:49 ----D---- C:\rsit
2011-07-25 16:21:56 ----D---- C:\Program Files\WinClamAVShield
2011-07-25 16:20:04 ----D---- C:\Program Files\Crawler
2011-07-25 16:20:02 ----A---- C:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-25 16:20:01 ----D---- C:\Users\KAČENKA\AppData\Roaming\Spyware Terminator
2011-07-25 16:19:59 ----D---- C:\ProgramData\Spyware Terminator
2011-07-25 16:19:58 ----D---- C:\Program Files\Spyware Terminator
2011-07-25 16:06:41 ----SHD---- C:\Config.Msi
2011-07-24 14:17:20 ----HD---- C:\windows\update.tray-14-0-lnk
2011-07-24 14:17:20 ----HD---- C:\windows\update.tray-14-0
2011-07-24 13:08:31 ----D---- C:\windows\system32\SPReview
2011-07-24 13:06:47 ----D---- C:\windows\system32\EventProviders
2011-07-24 13:02:40 ----A---- C:\windows\ddh_iplist.txt
2011-07-24 13:01:58 ----A---- C:\windows\systemup.exe
2011-07-24 13:01:26 ----D---- C:\windows\ufa
2011-07-24 13:01:26 ----D---- C:\windows\rpcminer
2011-07-24 13:01:26 ----D---- C:\windows\phoenix
2011-07-24 12:59:10 ----A---- C:\windows\btc_client_iplist.txt
2011-07-24 12:58:39 ----HD---- C:\windows\update.5.0
2011-07-24 12:57:38 ----A---- C:\windows\l1rezerv.exe
2011-07-24 12:56:24 ----A---- C:\windows\iecheck_iplist.txt
2011-07-24 12:55:56 ----A---- C:\windows\unrar.exe
2011-07-24 12:55:42 ----HD---- C:\windows\update.2
2011-07-24 12:53:47 ----A---- C:\windows\iplist.txt
2011-07-24 12:52:26 ----A---- C:\windows\sysdriver32_.exe
2011-07-24 12:52:12 ----A---- C:\windows\sysdriver32.exe
2011-07-24 12:51:56 ----A---- C:\windows\front_ip_list.txt
2011-07-24 12:51:04 ----D---- C:\windows\av_ico
2011-07-24 12:49:40 ----HD---- C:\windows\update.1
2011-07-24 12:49:31 ----HD---- C:\windows\update.tray-12-0-lnk
2011-07-24 12:49:31 ----HD---- C:\windows\update.tray-12-0
2011-07-24 12:37:44 ----A---- C:\windows\winlog-ids.txt
2011-07-24 12:37:44 ----A---- C:\windows\winlog-dirs.txt
2011-07-13 14:24:39 ----A---- C:\windows\system32\fsquirt.exe
2011-07-13 14:24:39 ----A---- C:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 14:24:39 ----A---- C:\windows\system32\drivers\bthport.sys
2011-07-13 14:24:37 ----A---- C:\windows\system32\KernelBase.dll
2011-07-13 14:24:37 ----A---- C:\windows\system32\kernel32.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 14:24:36 ----A---- C:\windows\system32\winsrv.dll
2011-07-13 14:24:36 ----A---- C:\windows\system32\conhost.exe
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 14:24:32 ----A---- C:\windows\system32\win32k.sys
2011-06-29 18:37:44 ----A---- C:\windows\system32\umpnpmgr.dll
2011-06-29 18:37:44 ----A---- C:\windows\system32\cfgmgr32.dll

======List of files/folders modified in the last 1 month======

2011-07-25 22:02:02 ----D---- C:\windows\Prefetch
2011-07-25 22:01:56 ----D---- C:\windows\Temp
2011-07-25 22:01:51 ----RD---- C:\Program Files
2011-07-25 22:00:08 ----D---- C:\windows\Microsoft.NET
2011-07-25 20:54:35 ----RSD---- C:\windows\assembly
2011-07-25 20:53:04 ----D---- C:\windows\system32\config
2011-07-25 20:41:15 ----D---- C:\Users\KAČENKA\AppData\Roaming\ICQ
2011-07-25 20:38:10 ----A---- C:\AtmApInit.txt
2011-07-25 20:37:36 ----D---- C:\windows\winsxs
2011-07-25 17:48:21 ----SHD---- C:\System Volume Information
2011-07-25 17:01:45 ----D---- C:\windows\Tasks
2011-07-25 17:01:45 ----D---- C:\windows\system32\Tasks
2011-07-25 16:55:55 ----D---- C:\windows\System32
2011-07-25 16:55:55 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-07-25 16:55:54 ----D---- C:\windows\inf
2011-07-25 16:20:02 ----D---- C:\windows\system32\drivers
2011-07-25 16:19:59 ----HD---- C:\ProgramData
2011-07-25 16:07:27 ----SHD---- C:\windows\Installer
2011-07-24 18:20:15 ----D---- C:\windows\system32\catroot
2011-07-24 18:20:14 ----D---- C:\windows\system32\catroot2
2011-07-24 14:17:20 ----D---- C:\Windows
2011-07-24 14:13:48 ----SD---- C:\ProgramData\Microsoft
2011-07-24 14:00:14 ----D---- C:\windows\system32\DriverStore
2011-07-24 13:55:23 ----D---- C:\Program Files\Windows Sidebar
2011-07-24 13:55:23 ----D---- C:\Program Files\Windows Portable Devices
2011-07-24 13:55:23 ----D---- C:\Program Files\Windows Photo Viewer
2011-07-24 13:55:23 ----D---- C:\Program Files\Windows Media Player
2011-07-24 13:55:23 ----D---- C:\Program Files\Windows Mail
2011-07-24 13:55:23 ----D---- C:\Program Files\Windows Journal
2011-07-24 13:55:23 ----D---- C:\Program Files\Internet Explorer
2011-07-24 13:55:23 ----D---- C:\Program Files\DVD Maker
2011-07-24 13:55:20 ----D---- C:\windows\servicing
2011-07-24 13:55:20 ----D---- C:\windows\ehome
2011-07-24 13:55:20 ----D---- C:\Program Files\Windows Defender
2011-07-24 13:55:11 ----D---- C:\windows\system32\da-DK
2011-07-24 13:55:10 ----D---- C:\windows\system32\sysprep
2011-07-24 13:55:10 ----D---- C:\windows\system32\Setup
2011-07-24 13:55:10 ----D---- C:\windows\system32\oobe
2011-07-24 13:55:10 ----D---- C:\windows\system32\migration
2011-07-24 13:55:10 ----D---- C:\windows\system32\en-US
2011-07-24 13:55:10 ----D---- C:\windows\system32\cs
2011-07-24 13:55:10 ----D---- C:\windows\system32\AdvancedInstallers
2011-07-24 13:55:09 ----D---- C:\windows\system32\cs-CZ
2011-07-24 13:55:08 ----D---- C:\windows\system32\sppui
2011-07-24 13:55:08 ----D---- C:\windows\system32\manifeststore
2011-07-24 13:55:08 ----D---- C:\windows\system32\es-ES
2011-07-24 13:55:07 ----D---- C:\windows\system32\drivers\cs-CZ
2011-07-24 13:55:06 ----D---- C:\windows\system32\wbem
2011-07-24 13:55:06 ----D---- C:\windows\system32\migwiz
2011-07-24 13:55:06 ----D---- C:\windows\system32\Dism
2011-07-24 13:54:46 ----RSD---- C:\windows\Fonts
2011-07-24 13:54:45 ----D---- C:\windows\AppPatch
2011-07-24 13:54:31 ----D---- C:\windows\system32\Boot
2011-07-24 13:21:19 ----A---- C:\windows\system32\msclmd.dll
2011-07-24 13:03:43 ----D---- C:\ProgramData\MFAData
2011-07-24 12:56:02 ----D---- C:\windows\system32\drivers\etc
2011-07-24 12:34:19 ----D---- C:\windows\system32\drivers\AVG
2011-07-13 21:09:14 ----A---- C:\windows\system32\MRT.exe
2011-07-01 15:03:05 ----D---- C:\Program Files\Mozilla Firefox
2011-06-30 20:47:33 ----D---- C:\Program Files\ICQ7.5

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-03-03 435736]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 Shockprf;Shockprf; C:\windows\System32\DRIVERS\Apsx86.sys [2009-10-21 118800]
R0 TPDIGIMN;TPDIGIMN; C:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-21 20496]
R1 Avgldx86;AVG AVI Loader Driver; C:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\windows\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\windows\system32\drivers\sp_rsdrv2.sys [2011-07-25 142592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
R3 AVGIDSDriver;AVGIDSDriver; C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter; C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim; C:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl6.sys [2010-07-22 2707448]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT32.sys [2010-01-18 514104]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-04-19 4806144]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60x.sys [2010-03-21 275496]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-01-14 233648]
R3 vm331avs;Digital Camera 1; C:\windows\System32\Drivers\vm331avs.sys [2010-01-06 184448]
R3 wdmirror;wdmirror; C:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 Bridge0;Bridge0; C:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-10-02 86056]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2009-08-29 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-08-29 18472]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 174592]
S3 sisagp;Filtr SIS sběrnice AGP; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2008-08-06 128104]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bandoo Coordinator;Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [2011-01-13 1960336]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2009-10-02 595232]
R2 DvmMDES;DeviceVM Meta Data Export Service; C:\QSTART.SYS\config\DVMExportService.exe [2009-12-29 331776]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 IGRS;IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter; C:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-07-25 496128]
R2 srvbtcclient;srvbtcclient; C:\windows\update.5.0\svchost.exe [2011-07-24 340992]
R2 srviecheck;srviecheck; C:\windows\update.2\svchost.exe [2011-07-24 495616]
R2 srvsysdriver32;srvsysdriver32; C:\windows\sysdriver32.exe [2011-07-25 256000]
R2 TPHDEXLGSVC;IdeaPad HDD APS Logging Service; C:\windows\System32\TPHDEXLG.exe [2009-10-21 39952]
R2 wxpdrivers;wxpdrivers; C:\windows\update.1\svchost.exe [2011-07-24 1174016]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe []
S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe []
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe []
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 87904]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PS_MDP;ReadyComm Presentation Space Helper Service; C:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-10-07 1343400]

-----------------EOF-----------------

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Takže tohle by to mělo být


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verze databáze: 7276

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

25.7.2011 22:46:15
mbam-log-2011-07-25 (22-46-15).txt

Typ: Rychlá kontrola
Kontrolované objekty: 154801
Uplynulý čas: 8 minut, 10 sekund

Infikované procesy v paměti: 10
Infikované moduly v paměti: 0
Infikované klíče v registru: 6
Infikované hodnoty v registru: 11
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 41

Infikované procesy v paměti:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 2280 -> Unloaded process successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 2484 -> Unloaded process successfully.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Dropper) -> 3720 -> Unloaded process successfully.
c:\Windows\update.tray-14-0\svchost.exe (Trojan.Dropper) -> 3760 -> Unloaded process successfully.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 3900 -> Unloaded process successfully.
c:\Windows\systemup.exe (Trojan.Agent) -> 3952 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 1236 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3480 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1456 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1272 -> Failed to unload process.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3928073.exe (Trojan.Agent) -> Value: 3928073.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2300963.exe (Trojan.Agent) -> Value: 2300963.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\42716588-loader2.exe (Trojan.Agent) -> Value: 42716588-loader2.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\229575.exe (Trojan.Agent) -> Value: 229575.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované soubory:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-14-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\KAČENKA\AppData\Local\Temp\3928073.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\2300963.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\42716588-loader2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\229575.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\KAČENKA\AppData\Local\Temp\jbi5hxow.exe.part (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\2524037.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5193766.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5385566.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5740954.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5885948.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\59425121.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\652958.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\6822687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\7315445.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\7788717.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\9216373.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\9526540.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\9819404.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Delete on reboot.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

Smazáno. Dejte nový log z RSIT.

Omlouvám se,ale jsem lama nebo jak tomu říkáte. Snad to bude ono


Logfile of random's system information tool 1.09 (written by random/random)
Run by KAČENKA at 2011-07-25 23:16:09
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 145 GB (75%) free of 193 GB
Total RAM: 2037 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:16:19, on 25.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\USB Camera\VM331_STI.EXE
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ICQ7.5\ICQ.exe
C:\Users\KAČENKA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Users\KAČENKA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KAČENKA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KAČENKA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\NOTEPAD.EXE
C:\Users\KAČENKA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KAČENKA\Downloads\RSIT.exe
C:\Program Files\trend micro\KAČENKA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WIA6EB~1\ToolBar\SearchquDx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WIA6EB~1\ToolBar\SearchquDx.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [331BigDog] C:\Program Files\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [TpShocks] C:\Windows\system32\TpShocks.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WIA6EB~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [8312258.exe] "C:\Windows\Temp\8312258.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\KAČENKA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: c:\progra~1\wia6eb~1\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\QSTART.SYS\config\DVMExportService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: @c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: IdeaPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.exe

--
End of file - 11929 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2648414305-365348307-1249114892-1003Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2648414305-365348307-1249114892-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\KAČENKA\AppData\Roaming\Mozilla\Firefox\Profiles\fb43o1nr.default

prefs.js - "browser.startup.homepage" - "http://www.searchqu.com/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1387, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG10\Firefox4\
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\Toolbar\firefox\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\KAČENKA\AppData\Roaming\Mozilla\Firefox\Profiles\fb43o1nr.default\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Users\KAČENKA\AppData\Roaming\Mozilla\Firefox\Profiles\fb43o1nr.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-07-14 1237240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}]
Searchqu Toolbar - C:\PROGRA~1\WIA6EB~1\ToolBar\SearchquDx.dll [2010-02-10 87488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
BandooIEPlugin Class - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll [2011-01-13 2444688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{7FF99715-3016-4381-84CE-E4E4C9673020} - Searchqu Toolbar - C:\PROGRA~1\WIA6EB~1\ToolBar\SearchquDx.dll [2010-02-10 87488]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-07-14 1237240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-04-23 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-04-23 173592]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-04-23 150552]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-01-14 1615144]
"331BigDog"=C:\Program Files\USB Camera\VM331_STI.EXE [2010-01-15 536576]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2009-09-02 186208]
"EnergyUtility"=C:\Program Files\Lenovo\Energy Management\utility.exe [2009-10-23 4114288]
"Energy Management"=C:\Program Files\Lenovo\Energy Management\Energy Management.exe [2009-10-23 5064560]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"DATAMNGR"=C:\PROGRA~1\WIA6EB~1\Datamngr\DATAMN~1.EXE [2010-11-04 985488]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"tray_ico"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"8312258.exe"=C:\Windows\Temp\8312258.exe [2011-07-24 495616]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-07-25 2216960]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-07-06 1047656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-25 3318784]
"Google Update"=C:\Users\KAČENKA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 136176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Users\KAČENKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\wia6eb~1\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-04-19 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-25 22:47:20 ----A---- C:\windows\system32\drivers\rreirxr.sys
2011-07-25 22:34:27 ----D---- C:\Users\KAČENKA\AppData\Roaming\Malwarebytes
2011-07-25 22:34:15 ----A---- C:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 22:34:12 ----D---- C:\ProgramData\Malwarebytes
2011-07-25 22:34:08 ----A---- C:\windows\system32\drivers\mbam.sys
2011-07-25 22:34:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-25 22:01:51 ----D---- C:\Program Files\trend micro
2011-07-25 22:01:49 ----D---- C:\rsit
2011-07-25 16:21:56 ----D---- C:\Program Files\WinClamAVShield
2011-07-25 16:20:04 ----D---- C:\Program Files\Crawler
2011-07-25 16:20:02 ----A---- C:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-25 16:20:01 ----D---- C:\Users\KAČENKA\AppData\Roaming\Spyware Terminator
2011-07-25 16:19:59 ----D---- C:\ProgramData\Spyware Terminator
2011-07-25 16:19:58 ----D---- C:\Program Files\Spyware Terminator
2011-07-25 16:06:41 ----SHD---- C:\Config.Msi
2011-07-24 14:17:20 ----HD---- C:\windows\update.tray-14-0-lnk
2011-07-24 14:17:20 ----HD---- C:\windows\update.tray-14-0
2011-07-24 13:08:31 ----D---- C:\windows\system32\SPReview
2011-07-24 13:06:47 ----D---- C:\windows\system32\EventProviders
2011-07-24 13:02:40 ----A---- C:\windows\ddh_iplist.txt
2011-07-24 13:01:26 ----D---- C:\windows\ufa
2011-07-24 13:01:26 ----D---- C:\windows\phoenix
2011-07-24 12:59:10 ----A---- C:\windows\btc_client_iplist.txt
2011-07-24 12:58:39 ----HD---- C:\windows\update.5.0
2011-07-24 12:56:24 ----A---- C:\windows\iecheck_iplist.txt
2011-07-24 12:55:56 ----A---- C:\windows\unrar.exe
2011-07-24 12:55:42 ----HD---- C:\windows\update.2
2011-07-24 12:53:47 ----A---- C:\windows\iplist.txt
2011-07-24 12:51:56 ----A---- C:\windows\front_ip_list.txt
2011-07-24 12:51:04 ----D---- C:\windows\av_ico
2011-07-24 12:49:40 ----HD---- C:\windows\update.1
2011-07-24 12:49:31 ----HD---- C:\windows\update.tray-12-0-lnk
2011-07-24 12:49:31 ----HD---- C:\windows\update.tray-12-0
2011-07-24 12:37:44 ----A---- C:\windows\winlog-ids.txt
2011-07-24 12:37:44 ----A---- C:\windows\winlog-dirs.txt
2011-07-13 14:24:39 ----A---- C:\windows\system32\fsquirt.exe
2011-07-13 14:24:39 ----A---- C:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 14:24:39 ----A---- C:\windows\system32\drivers\bthport.sys
2011-07-13 14:24:37 ----A---- C:\windows\system32\KernelBase.dll
2011-07-13 14:24:37 ----A---- C:\windows\system32\kernel32.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 14:24:36 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 14:24:36 ----A---- C:\windows\system32\winsrv.dll
2011-07-13 14:24:36 ----A---- C:\windows\system32\conhost.exe
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 14:24:35 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 14:24:32 ----A---- C:\windows\system32\win32k.sys
2011-06-29 18:37:44 ----A---- C:\windows\system32\umpnpmgr.dll
2011-06-29 18:37:44 ----A---- C:\windows\system32\cfgmgr32.dll

======List of files/folders modified in the last 1 month======

2011-07-25 23:16:06 ----D---- C:\windows\Temp
2011-07-25 22:47:20 ----D---- C:\windows\system32\drivers
2011-07-25 22:46:15 ----D---- C:\Windows
2011-07-25 22:46:04 ----D---- C:\windows\Prefetch
2011-07-25 22:34:12 ----HD---- C:\ProgramData
2011-07-25 22:34:07 ----RD---- C:\Program Files
2011-07-25 22:00:08 ----D---- C:\windows\Microsoft.NET
2011-07-25 20:54:35 ----RSD---- C:\windows\assembly
2011-07-25 20:53:04 ----D---- C:\windows\system32\config
2011-07-25 20:41:15 ----D---- C:\Users\KAČENKA\AppData\Roaming\ICQ
2011-07-25 20:38:10 ----A---- C:\AtmApInit.txt
2011-07-25 20:37:36 ----D---- C:\windows\winsxs
2011-07-25 17:48:21 ----SHD---- C:\System Volume Information
2011-07-25 17:01:45 ----D---- C:\windows\Tasks
2011-07-25 17:01:45 ----D---- C:\windows\system32\Tasks
2011-07-25 16:55:55 ----D---- C:\windows\System32
2011-07-25 16:55:55 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-07-25 16:55:54 ----D---- C:\windows\inf
2011-07-25 16:07:27 ----SHD---- C:\windows\Installer
2011-07-24 18:20:15 ----D---- C:\windows\system32\catroot
2011-07-24 18:20:14 ----D---- C:\windows\system32\catroot2
2011-07-24 14:13:48 ----SD---- C:\ProgramData\Microsoft
2011-07-24 14:00:14 ----D---- C:\windows\system32\DriverStore
2011-07-24 13:55:23 ----D---- C:\Program Files\Windows Sidebar
2011-07-24 13:55:23 ----D---- C:\Program Files\Windows Portable Devices
2011-07-24 13:55:23 ----D---- C:\Program Files\Windows Photo Viewer
2011-07-24 13:55:23 ----D---- C:\Program Files\Windows Media Player
2011-07-24 13:55:23 ----D---- C:\Program Files\Windows Mail
2011-07-24 13:55:23 ----D---- C:\Program Files\Windows Journal
2011-07-24 13:55:23 ----D---- C:\Program Files\Internet Explorer
2011-07-24 13:55:23 ----D---- C:\Program Files\DVD Maker
2011-07-24 13:55:20 ----D---- C:\windows\servicing
2011-07-24 13:55:20 ----D---- C:\windows\ehome
2011-07-24 13:55:20 ----D---- C:\Program Files\Windows Defender
2011-07-24 13:55:11 ----D---- C:\windows\system32\da-DK
2011-07-24 13:55:10 ----D---- C:\windows\system32\sysprep
2011-07-24 13:55:10 ----D---- C:\windows\system32\Setup
2011-07-24 13:55:10 ----D---- C:\windows\system32\oobe
2011-07-24 13:55:10 ----D---- C:\windows\system32\migration
2011-07-24 13:55:10 ----D---- C:\windows\system32\en-US
2011-07-24 13:55:10 ----D---- C:\windows\system32\cs
2011-07-24 13:55:10 ----D---- C:\windows\system32\AdvancedInstallers
2011-07-24 13:55:09 ----D---- C:\windows\system32\cs-CZ
2011-07-24 13:55:08 ----D---- C:\windows\system32\sppui
2011-07-24 13:55:08 ----D---- C:\windows\system32\manifeststore
2011-07-24 13:55:08 ----D---- C:\windows\system32\es-ES
2011-07-24 13:55:07 ----D---- C:\windows\system32\drivers\cs-CZ
2011-07-24 13:55:06 ----D---- C:\windows\system32\wbem
2011-07-24 13:55:06 ----D---- C:\windows\system32\migwiz
2011-07-24 13:55:06 ----D---- C:\windows\system32\Dism
2011-07-24 13:54:46 ----RSD---- C:\windows\Fonts
2011-07-24 13:54:45 ----D---- C:\windows\AppPatch
2011-07-24 13:54:31 ----D---- C:\windows\system32\Boot
2011-07-24 13:21:19 ----A---- C:\windows\system32\msclmd.dll
2011-07-24 13:03:43 ----D---- C:\ProgramData\MFAData
2011-07-24 12:56:02 ----D---- C:\windows\system32\drivers\etc
2011-07-24 12:34:19 ----D---- C:\windows\system32\drivers\AVG
2011-07-13 21:09:14 ----A---- C:\windows\system32\MRT.exe
2011-07-01 15:03:05 ----D---- C:\Program Files\Mozilla Firefox
2011-06-30 20:47:33 ----D---- C:\Program Files\ICQ7.5

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-03-03 435736]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 Shockprf;Shockprf; C:\windows\System32\DRIVERS\Apsx86.sys [2009-10-21 118800]
R0 TPDIGIMN;TPDIGIMN; C:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-21 20496]
R1 Avgldx86;AVG AVI Loader Driver; C:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\windows\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\windows\system32\drivers\sp_rsdrv2.sys [2011-07-25 142592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
R3 AVGIDSDriver;AVGIDSDriver; C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter; C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim; C:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl6.sys [2010-07-22 2707448]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT32.sys [2010-01-18 514104]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-04-19 4806144]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60x.sys [2010-03-21 275496]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-01-14 233648]
R3 vm331avs;Digital Camera 1; C:\windows\System32\Drivers\vm331avs.sys [2010-01-06 184448]
R3 wdmirror;wdmirror; C:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
S0 qgqoj;qgqoj; C:\windows\System32\drivers\rreirxr.sys [2011-07-25 54016]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 Bridge0;Bridge0; C:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-10-02 86056]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2009-08-29 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-08-29 18472]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 174592]
S3 sisagp;Filtr SIS sběrnice AGP; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2008-08-06 128104]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bandoo Coordinator;Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [2011-01-13 1960336]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2009-10-02 595232]
R2 DvmMDES;DeviceVM Meta Data Export Service; C:\QSTART.SYS\config\DVMExportService.exe [2009-12-29 331776]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 IGRS;IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter; C:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-07-25 496128]
R2 TPHDEXLGSVC;IdeaPad HDD APS Logging Service; C:\windows\System32\TPHDEXLG.exe [2009-10-21 39952]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe []
S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe []
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe []
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 87904]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PS_MDP;ReadyComm Presentation Space Helper Service; C:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-10-07 1343400]

-----------------EOF-----------------

1. Odinstalijte AskBar.
2. ještě jsou tam nějaká zbytky. Poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Co to je ten askbar? Nevím,kde hledat a kde mám vzít ten log z comboFixu?Uz se mi dvakrát restaroval počítač a nikde nic,žádný výsledek,štít jsem vypla

AskBar odinstalujete z instalace a programy. Log by měl být v C:\combofix.txt.

Takže tady to asi je:


ComboFix 11-07-25.03 - KAČENKA 26.07.2011 0:22.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2037.1134 [GMT 2:00]
Spuštěný z: c:\users\KAČENKA\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\uninstall.exe
c:\users\KACENKA\AppData\Roaming\64dlls.exe
c:\users\KACENKA\AppData\Roaming\intel64.exe
c:\users\KACENKA\AppData\Roaming\Kernel32.exe
c:\users\KACENKA\AppData\Roaming\localsys64.exe
c:\users\KACENKA\AppData\Roaming\ntos.exe
c:\users\KACENKA\AppData\Roaming\oembios.exe
c:\users\KACENKA\AppData\Roaming\sdra64.exe
c:\users\KACENKA\AppData\Roaming\sdra73.exe
c:\users\KACENKA\AppData\Roaming\swin32.exe
c:\users\KACENKA\AppData\Roaming\twex.exe
c:\users\KACENKA\AppData\Roaming\twext.exe
c:\users\KACENKA\AppData\Roaming\wsnpoema.exe
c:\windows\s.bat
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 22:41 . 2011-07-25 22:42 -------- d-----w- c:\users\KAČENKA\AppData\Local\temp
2011-07-25 22:41 . 2011-07-25 22:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-25 22:32 . 2011-07-25 22:32 -------- d-----w- c:\users\KACENKA
2011-07-25 20:34 . 2011-07-25 20:34 -------- d-----w- c:\users\KAČENKA\AppData\Roaming\Malwarebytes
2011-07-25 20:34 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 20:34 . 2011-07-25 20:34 -------- d-----w- c:\programdata\Malwarebytes
2011-07-25 20:34 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 20:34 . 2011-07-25 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-25 20:01 . 2011-07-25 21:16 -------- d-----w- c:\program files\trend micro
2011-07-25 20:01 . 2011-07-25 20:02 -------- d-----w- C:\rsit
2011-07-25 15:01 . 2011-07-25 15:02 -------- d-----w- c:\users\KAČENKA\AppData\Local\Google
2011-07-25 14:21 . 2011-07-25 14:24 -------- d-----w- c:\program files\WinClamAVShield
2011-07-25 14:20 . 2011-07-25 14:20 -------- d-----w- c:\program files\Crawler
2011-07-25 14:20 . 2011-07-25 14:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-25 14:20 . 2011-07-25 21:33 -------- d-----w- c:\users\KAČENKA\AppData\Roaming\Spyware Terminator
2011-07-25 14:19 . 2011-07-25 14:45 -------- d-----w- c:\programdata\Spyware Terminator
2011-07-25 14:19 . 2011-07-25 19:15 -------- d-----w- c:\program files\Spyware Terminator
2011-07-25 10:34 . 2011-07-20 07:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0391F05-41E3-4BF5-9828-CD1E92AE6B7A}\mpengine.dll
2011-07-24 12:17 . 2011-07-25 21:39 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-24 12:17 . 2011-07-24 12:17 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-24 11:08 . 2011-07-24 11:08 -------- d-----w- c:\windows\system32\SPReview
2011-07-24 11:06 . 2011-07-24 11:06 -------- d-----w- c:\windows\system32\EventProviders
2011-07-24 11:01 . 2011-07-24 11:01 -------- d-----w- c:\windows\ufa
2011-07-24 11:01 . 2011-07-24 11:01 -------- d-----w- c:\windows\phoenix
2011-07-24 10:55 . 2011-07-24 11:01 246272 ----a-w- c:\windows\unrar.exe
2011-07-24 10:51 . 2011-07-24 12:23 -------- d-----w- c:\windows\av_ico
2011-07-24 10:49 . 2011-07-25 20:46 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-24 10:49 . 2011-07-24 10:49 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-05 10:38 . 2011-07-07 13:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-01 13:03 . 2011-06-16 04:30 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-01 13:03 . 2011-06-16 04:30 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-01 13:03 . 2011-06-16 04:30 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-01 13:03 . 2011-06-16 04:30 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-01 13:03 . 2011-06-16 04:30 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-01 13:03 . 2011-06-16 04:30 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-01 13:03 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-01 13:03 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 16:37 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 16:37 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 11:21 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-24 09:01 . 2011-06-24 09:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-24 09:01 . 2011-06-24 09:01 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-24 09:01 . 2011-06-24 09:01 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-06-24 09:01 . 2011-06-24 09:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-24 09:00 . 2011-06-24 09:00 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-24 09:00 . 2011-06-24 09:00 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-24 09:00 . 2011-06-24 09:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-24 09:00 . 2011-06-24 09:00 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-24 09:00 . 2011-06-24 09:00 367104 ----a-w- c:\windows\system32\html.iec
2011-06-24 09:00 . 2011-06-24 09:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-24 09:00 . 2011-06-24 09:00 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-24 09:00 . 2011-06-24 09:00 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-24 09:00 . 2011-06-24 09:00 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-24 09:00 . 2011-06-24 09:00 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-24 09:00 . 2011-06-24 09:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-24 09:00 . 2011-06-24 09:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-24 09:00 . 2011-06-24 09:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-24 09:00 . 2011-06-24 09:00 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-24 09:00 . 2011-06-24 09:00 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-24 09:00 . 2011-06-24 09:00 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-24 09:00 . 2011-06-24 09:00 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-24 17:14 . 2010-10-06 09:30 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-03 04:30 . 2011-06-16 09:16 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46 . 2011-06-16 09:17 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-16 09:17 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-16 09:17 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 13:25 . 2011-04-27 13:25 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-27 02:17 . 2011-06-16 09:16 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17 . 2011-06-16 09:16 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17 . 2011-06-16 09:16 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 04:30 . 2011-07-01 13:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-25 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-14 1615144]
"331BigDog"="c:\program files\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"TpShocks"="c:\windows\system32\TpShocks.exe" [2009-09-02 186208]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-10-23 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-10-23 5064560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-07-25 2216960]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\users\KA¬ENKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-10-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 174592]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-07 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-21 20496]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-07-25 142592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-12-29 331776]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-03-21 275496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-01-06 184448]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.168.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-DATAMNGR - c:\progra~1\WIA6EB~1\Datamngr\DATAMN~1.EXE
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-26 00:47:37
ComboFix-quarantined-files.txt 2011-07-25 22:47
.
Před spuštěním: Volných bajtů: 152 168 730 624
Po spuštění: Volných bajtů: 152 506 445 824
.
- - End Of File - - FB44E4D681D04B3DC6070AC1B9DF3ABA

Ještě dočistíme. otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\unrar.exe

Folder::
c:\windows\update.tray-14-0
c:\windows\update.tray-14-0-lnk
c:\windows\ufa
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Dobrý den,provedla jsem vše,co jste mi řekl,posílám poslední report.Už je to v pořádku?


ComboFix 11-07-25.03 - KAČENKA 26.07.2011 11:34:08.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2037.1193 [GMT 2:00]
Spuštěný z: c:\users\KALENKA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\KALENKA\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KACENKA\AppData\Roaming\64dlls.exe
c:\users\KACENKA\AppData\Roaming\intel64.exe
c:\users\KACENKA\AppData\Roaming\Kernel32.exe
c:\users\KACENKA\AppData\Roaming\localsys64.exe
c:\users\KACENKA\AppData\Roaming\ntos.exe
c:\users\KACENKA\AppData\Roaming\oembios.exe
c:\users\KACENKA\AppData\Roaming\sdra64.exe
c:\users\KACENKA\AppData\Roaming\sdra73.exe
c:\users\KACENKA\AppData\Roaming\swin32.exe
c:\users\KACENKA\AppData\Roaming\twex.exe
c:\users\KACENKA\AppData\Roaming\twext.exe
c:\users\KACENKA\AppData\Roaming\wsnpoema.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 09:49 . 2011-07-26 09:50 -------- d-----w- c:\users\KAČENKA\AppData\Local\temp
2011-07-26 09:49 . 2011-07-26 09:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-25 23:26 . 2011-07-25 23:26 -------- d-----w- c:\users\KAČENKA\AppData\Local\ElevatedDiagnostics
2011-07-25 22:32 . 2011-07-25 22:32 -------- d-----w- c:\users\KACENKA
2011-07-25 20:34 . 2011-07-25 20:34 -------- d-----w- c:\users\KAČENKA\AppData\Roaming\Malwarebytes
2011-07-25 20:34 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 20:34 . 2011-07-25 20:34 -------- d-----w- c:\programdata\Malwarebytes
2011-07-25 20:34 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 20:34 . 2011-07-25 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-25 20:01 . 2011-07-25 21:16 -------- d-----w- c:\program files\trend micro
2011-07-25 20:01 . 2011-07-25 20:02 -------- d-----w- C:\rsit
2011-07-25 15:01 . 2011-07-25 15:02 -------- d-----w- c:\users\KAČENKA\AppData\Local\Google
2011-07-25 14:21 . 2011-07-26 09:25 -------- d-----w- c:\program files\WinClamAVShield
2011-07-25 14:20 . 2011-07-25 14:20 -------- d-----w- c:\program files\Crawler
2011-07-25 14:20 . 2011-07-25 14:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-25 14:20 . 2011-07-25 23:27 -------- d-----w- c:\users\KAČENKA\AppData\Roaming\Spyware Terminator
2011-07-25 14:19 . 2011-07-26 09:25 -------- d-----w- c:\programdata\Spyware Terminator
2011-07-25 14:19 . 2011-07-25 19:15 -------- d-----w- c:\program files\Spyware Terminator
2011-07-25 10:34 . 2011-07-20 07:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0391F05-41E3-4BF5-9828-CD1E92AE6B7A}\mpengine.dll
2011-07-24 12:17 . 2011-07-25 21:39 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-24 12:17 . 2011-07-24 12:17 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-24 11:08 . 2011-07-24 11:08 -------- d-----w- c:\windows\system32\SPReview
2011-07-24 11:06 . 2011-07-24 11:06 -------- d-----w- c:\windows\system32\EventProviders
2011-07-24 11:01 . 2011-07-24 11:01 -------- d-----w- c:\windows\ufa
2011-07-24 11:01 . 2011-07-24 11:01 -------- d-----w- c:\windows\phoenix
2011-07-24 10:55 . 2011-07-24 11:01 246272 ----a-w- c:\windows\unrar.exe
2011-07-24 10:51 . 2011-07-24 12:23 -------- d-----w- c:\windows\av_ico
2011-07-24 10:49 . 2011-07-25 20:46 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-24 10:49 . 2011-07-24 10:49 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-05 10:38 . 2011-07-07 13:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-01 13:03 . 2011-06-16 04:30 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-01 13:03 . 2011-06-16 04:30 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-01 13:03 . 2011-06-16 04:30 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-01 13:03 . 2011-06-16 04:30 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-01 13:03 . 2011-06-16 04:30 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-01 13:03 . 2011-06-16 04:30 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-01 13:03 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-01 13:03 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 16:37 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 16:37 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 11:21 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-24 09:01 . 2011-06-24 09:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-24 09:01 . 2011-06-24 09:01 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-24 09:01 . 2011-06-24 09:01 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-06-24 09:01 . 2011-06-24 09:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-24 09:00 . 2011-06-24 09:00 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-24 09:00 . 2011-06-24 09:00 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-24 09:00 . 2011-06-24 09:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-24 09:00 . 2011-06-24 09:00 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-24 09:00 . 2011-06-24 09:00 367104 ----a-w- c:\windows\system32\html.iec
2011-06-24 09:00 . 2011-06-24 09:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-24 09:00 . 2011-06-24 09:00 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-24 09:00 . 2011-06-24 09:00 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-24 09:00 . 2011-06-24 09:00 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-24 09:00 . 2011-06-24 09:00 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-24 09:00 . 2011-06-24 09:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-24 09:00 . 2011-06-24 09:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-24 09:00 . 2011-06-24 09:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-24 09:00 . 2011-06-24 09:00 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-24 09:00 . 2011-06-24 09:00 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-24 09:00 . 2011-06-24 09:00 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-24 09:00 . 2011-06-24 09:00 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-24 17:14 . 2010-10-06 09:30 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-03 04:30 . 2011-06-16 09:16 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46 . 2011-06-16 09:17 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-16 09:17 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-16 09:17 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 13:25 . 2011-04-27 13:25 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-06-16 04:30 . 2011-07-01 13:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-25 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-14 1615144]
"331BigDog"="c:\program files\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"TpShocks"="c:\windows\system32\TpShocks.exe" [2009-09-02 186208]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-10-23 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-10-23 5064560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-07-25 2216960]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\users\KA¬ENKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-10-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 174592]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-07 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-21 20496]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-07-25 142592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-12-29 331776]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-03-21 275496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-01-06 184448]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.168.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath -
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-26 11:54:38
ComboFix-quarantined-files.txt 2011-07-26 09:54
ComboFix2.txt 2011-07-25 22:47
.
Před spuštěním: Volných bajtů: 152 553 758 720
Po spuštění: Volných bajtů: 152 443 326 464
.
- - End Of File - - 1EB842B61DC82FFA26A9C1461DD89F39

Bohužel není, soubory a adresáře jsou tam pořád, ale CF smazal něco jiného. Vytvořte znovu stejný skript a spusťte jím CF v nouz. režimu.

Aha, pro blondýny: Jak se spouští nouzový režim?

Restartujte a při úvodních postech tiskněte F8. Ukáže se menu, z něhož vyberete příslušnou položku.

A co teď?


ComboFix 11-07-25.03 - KAČENKA 26.07.2011 13:58:26.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2037.1145 [GMT 2:00]
Spuštěný z: c:\users\KALENKA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\KALENKA\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KACENKA\AppData\Roaming\64dlls.exe
c:\users\KACENKA\AppData\Roaming\intel64.exe
c:\users\KACENKA\AppData\Roaming\Kernel32.exe
c:\users\KACENKA\AppData\Roaming\localsys64.exe
c:\users\KACENKA\AppData\Roaming\ntos.exe
c:\users\KACENKA\AppData\Roaming\oembios.exe
c:\users\KACENKA\AppData\Roaming\sdra64.exe
c:\users\KACENKA\AppData\Roaming\sdra73.exe
c:\users\KACENKA\AppData\Roaming\swin32.exe
c:\users\KACENKA\AppData\Roaming\twex.exe
c:\users\KACENKA\AppData\Roaming\twext.exe
c:\users\KACENKA\AppData\Roaming\wsnpoema.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 12:12 . 2011-07-26 12:12 -------- d-----w- c:\users\KAČENKA\AppData\Local\temp
2011-07-26 12:12 . 2011-07-26 12:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 10:12 . 2011-07-20 07:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFD137D4-DAD5-4DD1-A9A9-352A1BB27C9A}\mpengine.dll
2011-07-25 23:26 . 2011-07-25 23:26 -------- d-----w- c:\users\KAČENKA\AppData\Local\ElevatedDiagnostics
2011-07-25 22:32 . 2011-07-25 22:32 -------- d-----w- c:\users\KACENKA
2011-07-25 20:34 . 2011-07-25 20:34 -------- d-----w- c:\users\KAČENKA\AppData\Roaming\Malwarebytes
2011-07-25 20:34 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 20:34 . 2011-07-25 20:34 -------- d-----w- c:\programdata\Malwarebytes
2011-07-25 20:34 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 20:34 . 2011-07-25 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-25 20:01 . 2011-07-25 21:16 -------- d-----w- c:\program files\trend micro
2011-07-25 20:01 . 2011-07-25 20:02 -------- d-----w- C:\rsit
2011-07-25 15:01 . 2011-07-25 15:02 -------- d-----w- c:\users\KAČENKA\AppData\Local\Google
2011-07-25 14:21 . 2011-07-26 09:25 -------- d-----w- c:\program files\WinClamAVShield
2011-07-25 14:20 . 2011-07-25 14:20 -------- d-----w- c:\program files\Crawler
2011-07-25 14:20 . 2011-07-25 14:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-25 14:20 . 2011-07-26 10:47 -------- d-----w- c:\users\KAČENKA\AppData\Roaming\Spyware Terminator
2011-07-25 14:19 . 2011-07-26 09:25 -------- d-----w- c:\programdata\Spyware Terminator
2011-07-25 14:19 . 2011-07-25 19:15 -------- d-----w- c:\program files\Spyware Terminator
2011-07-24 12:17 . 2011-07-25 21:39 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-24 12:17 . 2011-07-24 12:17 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-24 11:08 . 2011-07-24 11:08 -------- d-----w- c:\windows\system32\SPReview
2011-07-24 11:06 . 2011-07-24 11:06 -------- d-----w- c:\windows\system32\EventProviders
2011-07-24 11:01 . 2011-07-24 11:01 -------- d-----w- c:\windows\ufa
2011-07-24 11:01 . 2011-07-24 11:01 -------- d-----w- c:\windows\phoenix
2011-07-24 10:55 . 2011-07-24 11:01 246272 ----a-w- c:\windows\unrar.exe
2011-07-24 10:51 . 2011-07-24 12:23 -------- d-----w- c:\windows\av_ico
2011-07-24 10:49 . 2011-07-25 20:46 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-24 10:49 . 2011-07-24 10:49 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-05 10:38 . 2011-07-07 13:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-01 13:03 . 2011-06-16 04:30 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-01 13:03 . 2011-06-16 04:30 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-01 13:03 . 2011-06-16 04:30 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-01 13:03 . 2011-06-16 04:30 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-01 13:03 . 2011-06-16 04:30 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-01 13:03 . 2011-06-16 04:30 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-01 13:03 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-01 13:03 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 16:37 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 16:37 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 11:21 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-24 09:01 . 2011-06-24 09:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-24 09:01 . 2011-06-24 09:01 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-24 09:01 . 2011-06-24 09:01 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-06-24 09:01 . 2011-06-24 09:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-24 09:00 . 2011-06-24 09:00 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-24 09:00 . 2011-06-24 09:00 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-24 09:00 . 2011-06-24 09:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-24 09:00 . 2011-06-24 09:00 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-24 09:00 . 2011-06-24 09:00 367104 ----a-w- c:\windows\system32\html.iec
2011-06-24 09:00 . 2011-06-24 09:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-24 09:00 . 2011-06-24 09:00 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-24 09:00 . 2011-06-24 09:00 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-24 09:00 . 2011-06-24 09:00 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-24 09:00 . 2011-06-24 09:00 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-24 09:00 . 2011-06-24 09:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-24 09:00 . 2011-06-24 09:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-24 09:00 . 2011-06-24 09:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-24 09:00 . 2011-06-24 09:00 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-24 09:00 . 2011-06-24 09:00 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-24 09:00 . 2011-06-24 09:00 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-24 09:00 . 2011-06-24 09:00 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-24 17:14 . 2010-10-06 09:30 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-03 04:30 . 2011-06-16 09:16 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46 . 2011-06-16 09:17 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-16 09:17 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-16 09:17 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 13:25 . 2011-04-27 13:25 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-06-16 04:30 . 2011-07-01 13:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-25 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-14 1615144]
"331BigDog"="c:\program files\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"TpShocks"="c:\windows\system32\TpShocks.exe" [2009-09-02 186208]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-10-23 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-10-23 5064560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-07-25 2216960]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\users\KA¬ENKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-10-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 174592]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-07 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-21 20496]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-07-25 142592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-12-29 331776]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-03-21 275496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-01-06 184448]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.168.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath -
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-26 14:17:05
ComboFix-quarantined-files.txt 2011-07-26 12:17
ComboFix2.txt 2011-07-26 09:54
ComboFix3.txt 2011-07-25 22:47
.
Před spuštěním: Volných bajtů: 152 402 063 360
Po spuštění: Volných bajtů: 152 123 310 080
.
- - End Of File - - C7D3E363D064806971695B7E1F8D5EBA