VIRY.CZ

Mohli by jste mi prosím pomoct s odstraněním UFA.exe z mého PC.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Pepan23 at 2011-08-01 20:16:19
Microsoft Windows 7 Home Premium
System drive C: has 342 GB (75%) free of 455 GB
Total RAM: 3071 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:32, on 1.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\l1rezerv.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\trend micro\Pepan23.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx? ... 5r4791t26o
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx? ... 5r4791t26o
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx? ... 5r4791t26o
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [3933877.exe] "C:\Windows\Temp\3933877.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [7889755.exe] "C:\Users\Pepan23\AppData\Local\Temp\7889755.exe"
O4 - HKLM\..\Run: [9531329.exe] "C:\Users\Pepan23\AppData\Local\Temp\9531329.exe"
O4 - HKLM\..\Run: [5494492.exe] "C:\Users\Pepan23\AppData\Local\Temp\5494492.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\Windows\l1rezerv.exe"
O4 - HKLM\..\Run: [40983658-loader2.exe] "C:\Users\Pepan23\AppData\Local\Temp\40983658-loader2.exe"
O4 - HKLM\..\Run: [95658808-loader2.exe] "C:\Windows\Temp\95658808-loader2.exe"
O4 - HKLM\..\Run: [385608.exe] "C:\Windows\Temp\385608.exe"
O4 - HKLM\..\Run: [8723673.exe] "C:\Windows\Temp\8723673.exe"
O4 - HKLM\..\Run: [689405.exe] "C:\Windows\Temp\689405.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pepan23\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe

--
End of file - 13922 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
C:\Windows\update.5.0\svchost.exe srv
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
C:\Windows\sysdriver32.exe srv
"C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe"
C:\Windows\update.1\svchost.exe srv
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e6128afe-95b3-4825-aa45-d93e33b8c14a -SystemEventPortName:HostProcess-e571487a-2d36-4cf2-9af8-e86708821120 -IoCancelEventPortName:HostProcess-58258e83-65bc-450f-a247-dc426bc42f76 -NonStateChangingEventPortName:HostProcess-5c38f4e4-17db-48f4-8137-34c4967e59ba -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:051d0ced-5394-4cc5-bf6e-2661e26a2a96
"C:\Windows\update.2\svchost.exe" stand
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
"C:\Users\Pepan23\AppData\Local\Apps\2.0\4XVK0N54.PLN\GGV75VYO.CBL\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe"
"C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe"
"C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Windows\l1rezerv.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Opera\opera.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe"
C:\Windows\system32\sppsvc.exe
"C:\Users\Pepan23\AppData\Local\Opera\Opera\temporary_downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-310379545-2288553614-4208006685-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-310379545-2288553614-4208006685-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll [2011-01-25 1057160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-02-25 400560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll [2011-02-25 335928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
MediaBar - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll [2011-01-24 89008]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll [2011-01-25 721288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-25 298160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll [2011-02-25 848952]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-02-25 400560]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2011-01-20 1581376]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll []
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{28387537-e3f9-4ed7-860c-11e69af4a8a0} - MediaBar - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll [2011-01-24 89008]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-25 298160]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-09 10060320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-12-03 14944136]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-15 39408]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Google Update"=C:\Users\Pepan23\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 133104]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-29 3318784]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]
"Hotkey Utility"=C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [2010-08-04 611872]
"NortonOnlineBackupReminder"=C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [2009-07-25 588648]
"DATAMNGR"=C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [2011-01-25 1116080]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
"tray_ico"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"3933877.exe"=C:\Windows\Temp\3933877.exe [2011-07-16 232960]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-25 256000]
"7889755.exe"=C:\Users\Pepan23\AppData\Local\Temp\7889755.exe [2011-07-16 232960]
"9531329.exe"=C:\Users\Pepan23\AppData\Local\Temp\9531329.exe [2011-07-16 232960]
"5494492.exe"=C:\Users\Pepan23\AppData\Local\Temp\5494492.exe [2011-07-16 232960]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-23 232960]
"40983658-loader2.exe"=C:\Users\Pepan23\AppData\Local\Temp\40983658-loader2.exe [2011-07-23 247296]
"95658808-loader2.exe"=C:\Windows\Temp\95658808-loader2.exe [2011-07-23 247296]
"385608.exe"=C:\Windows\Temp\385608.exe [2011-07-25 256000]
"8723673.exe"=C:\Windows\Temp\8723673.exe [2011-07-29 502272]
"689405.exe"=C:\Windows\Temp\689405.exe [2011-07-27 502272]
"SpywareTerminator"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2011-07-29 2557440]
"wxpdrv"=C:\Windows\services32.exe []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []

C:\Users\Pepan23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CurseClientStartup.ccip

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\update.2\svchost.exe"="C:\Windows\update.2\svchost.exe:*:Enabled:C:\Windows\update.2\svchost.exe"
"C:\Windows\update.1\svchost.exe"="C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-01 20:16:19 ----D---- C:\rsit
2011-08-01 20:16:19 ----D---- C:\Program Files\trend micro
2011-08-01 12:14:04 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-08-01 12:14:03 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-08-01 12:13:53 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-08-01 12:13:22 ----A---- C:\Windows\avastSS.scr
2011-08-01 12:13:21 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-08-01 11:16:16 ----D---- C:\Users\Pepan23\AppData\Roaming\Malwarebytes
2011-08-01 11:16:07 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-08-01 11:16:06 ----D---- C:\ProgramData\Malwarebytes
2011-08-01 11:16:03 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-01 11:16:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-30 18:20:43 ----D---- C:\Windows\ufa
2011-07-30 13:12:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-07-30 13:12:18 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-30 01:14:22 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-30 00:50:03 ----D---- C:\4f2b29fc898a350685f26547a58705d4
2011-07-30 00:10:20 ----A---- C:\Windows\system32\MRT.exe
2011-07-30 00:05:40 ----D---- C:\Program Files (x86)\WinClamAVShield
2011-07-29 23:58:09 ----D---- C:\Users\Pepan23\AppData\Roaming\Spyware Terminator
2011-07-29 23:58:03 ----D---- C:\ProgramData\Spyware Terminator
2011-07-29 23:58:02 ----D---- C:\Program Files (x86)\Spyware Terminator
2011-07-25 09:21:15 ----A---- C:\Windows\w_distrib_iplist.txt
2011-07-25 09:20:28 ----HD---- C:\Windows\update.3
2011-07-16 17:38:32 ----D---- C:\ProgramData\Blizzard Entertainment
2011-07-16 13:08:12 ----D---- C:\Windows\rpcminer
2011-07-16 13:08:12 ----D---- C:\Windows\phoenix
2011-07-16 13:08:11 ----A---- C:\Windows\unrar.exe
2011-07-16 13:06:47 ----A---- C:\Windows\l1rezerv.exe
2011-07-16 13:06:43 ----A---- C:\Windows\ddh_iplist.txt
2011-07-16 13:05:50 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-16 13:05:28 ----HD---- C:\Windows\update.2
2011-07-16 13:05:21 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-16 13:05:00 ----HD---- C:\Windows\update.5.0
2011-07-16 13:04:46 ----A---- C:\Windows\iplist.txt
2011-07-16 13:04:35 ----A---- C:\Windows\sysdriver32_.exe
2011-07-16 13:03:37 ----D---- C:\Windows\av_ico
2011-07-16 13:03:34 ----A---- C:\Windows\sysdriver32.exe
2011-07-16 13:03:12 ----A---- C:\Windows\front_ip_list.txt
2011-07-16 13:01:44 ----HD---- C:\Windows\update.1
2011-07-16 13:01:16 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-07-16 13:01:16 ----HD---- C:\Windows\update.tray-7-0
2011-07-16 13:01:16 ----HD---- C:\Windows\update.tray-10-0-lnk
2011-07-16 13:01:16 ----HD---- C:\Windows\update.tray-10-0
2011-07-16 12:58:13 ----A---- C:\Windows\winlog-ids.txt
2011-07-16 12:58:13 ----A---- C:\Windows\winlog-dirs.txt
2011-07-13 09:02:46 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 09:02:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 09:02:44 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 09:02:44 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 09:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 09:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 09:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 09:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 09:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 09:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 09:02:38 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 09:02:34 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 09:02:34 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 09:02:33 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 09:02:33 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 09:02:33 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 09:02:32 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 09:02:32 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 09:02:32 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 09:02:32 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 09:02:32 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 09:02:32 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 09:02:32 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 09:02:30 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-10 18:10:06 ----D---- C:\Users\Pepan23\AppData\Roaming\TS3Client
2011-07-10 18:09:28 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client

======List of files/folders modified in the last 1 month======

2011-08-01 20:16:27 ----D---- C:\Windows\Temp
2011-08-01 20:16:19 ----RD---- C:\Program Files
2011-08-01 20:06:56 ----D---- C:\Users\Pepan23\AppData\Roaming\Skype
2011-08-01 20:06:34 ----D---- C:\Windows\system32\config
2011-08-01 19:07:37 ----D---- C:\ProgramData\Easybits GO
2011-08-01 17:37:36 ----D---- C:\Users\Pepan23\AppData\Roaming\go
2011-08-01 12:16:52 ----HD---- C:\ProgramData
2011-08-01 12:14:04 ----D---- C:\Windows\system32\drivers
2011-08-01 12:13:50 ----SHD---- C:\Windows\Installer
2011-08-01 12:13:22 ----D---- C:\Windows
2011-08-01 12:13:21 ----D---- C:\Windows\SysWOW64
2011-08-01 12:13:10 ----SHD---- C:\System Volume Information
2011-08-01 11:16:07 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-01 11:16:03 ----RD---- C:\Program Files (x86)
2011-08-01 10:37:49 ----D---- C:\Windows\system32\catroot2
2011-07-30 18:20:28 ----D---- C:\Program Files (x86)\Microsoft Office
2011-07-30 01:30:26 ----D---- C:\Users\Pepan23\AppData\Roaming\ICQ
2011-07-30 00:10:20 ----D---- C:\Windows\System32
2011-07-29 23:44:54 ----D---- C:\Windows\system32\Tasks
2011-07-29 23:27:09 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-07-29 23:27:09 ----D---- C:\Windows\system32\wbem
2011-07-29 23:27:08 ----D---- C:\Windows\system32\cs-CZ
2011-07-29 23:27:08 ----D---- C:\Windows\system32\AdvancedInstallers
2011-07-29 23:27:08 ----D---- C:\Program Files\Windows Media Player
2011-07-29 23:27:08 ----D---- C:\Program Files\Internet Explorer
2011-07-29 23:27:07 ----D---- C:\Windows\Tasks
2011-07-29 23:27:07 ----D---- C:\Windows\system32\wfp
2011-07-29 23:27:06 ----D---- C:\Windows\winsxs
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\wbem
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\sppui
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\Setup
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\oobe
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\migwiz
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\migration
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\es-ES
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\Dism
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\da-DK
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\cs
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2011-07-29 23:25:56 ----D---- C:\Windows\system32\sppui
2011-07-29 23:25:56 ----D---- C:\Windows\system32\Setup
2011-07-29 23:25:56 ----D---- C:\Windows\system32\oobe
2011-07-29 23:25:56 ----D---- C:\Windows\system32\migwiz
2011-07-29 23:25:56 ----D---- C:\Windows\system32\migration
2011-07-29 23:25:56 ----D---- C:\Windows\system32\manifeststore
2011-07-29 23:25:56 ----D---- C:\Windows\system32\es-ES
2011-07-29 23:25:56 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-07-29 23:25:56 ----D---- C:\Windows\system32\Dism
2011-07-29 23:25:56 ----D---- C:\Windows\system32\da-DK
2011-07-29 23:25:56 ----D---- C:\Windows\system32\cs
2011-07-29 23:25:56 ----D---- C:\Windows\system32\Boot
2011-07-29 23:25:56 ----D---- C:\Windows\servicing
2011-07-29 23:25:56 ----D---- C:\Windows\PolicyDefinitions
2011-07-29 23:25:56 ----D---- C:\Windows\inf
2011-07-29 23:25:55 ----RSD---- C:\Windows\Fonts
2011-07-29 23:25:55 ----D---- C:\Windows\ehome
2011-07-29 23:25:55 ----D---- C:\Windows\AppPatch
2011-07-29 23:25:55 ----D---- C:\Program Files\Windows Sidebar
2011-07-29 23:25:55 ----D---- C:\Program Files\Windows Photo Viewer
2011-07-29 23:25:55 ----D---- C:\Program Files\Windows Mail
2011-07-29 23:25:55 ----D---- C:\Program Files\Windows Journal
2011-07-29 23:25:55 ----D---- C:\Program Files\Windows Defender
2011-07-29 23:25:55 ----D---- C:\Program Files\DVD Maker
2011-07-29 23:25:55 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-07-29 23:25:55 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-07-29 23:25:55 ----D---- C:\Program Files (x86)\Windows Media Player
2011-07-29 23:25:55 ----D---- C:\Program Files (x86)\Windows Mail
2011-07-29 23:25:55 ----D---- C:\Program Files (x86)\Internet Explorer
2011-07-29 23:25:33 ----D---- C:\Windows\TAPI
2011-07-29 23:25:33 ----D---- C:\Windows\SYSWOW64\XPSViewer
2011-07-29 23:25:33 ----D---- C:\Windows\SYSWOW64\Speech
2011-07-29 23:25:33 ----D---- C:\Windows\SYSWOW64\MUI
2011-07-29 23:25:33 ----D---- C:\Windows\system32\spp
2011-07-29 23:25:33 ----D---- C:\Windows\system32\Speech
2011-07-29 23:25:33 ----D---- C:\Windows\system32\MUI
2011-07-29 23:25:33 ----D---- C:\Windows\system32\DriverStore
2011-07-29 23:25:31 ----D---- C:\Windows\system32\drivers\etc
2011-07-29 23:25:31 ----D---- C:\Windows\system32\CodeIntegrity
2011-07-29 23:25:31 ----D---- C:\Windows\security
2011-07-29 23:25:16 ----D---- C:\ProgramData\Symantec
2011-07-29 23:25:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-29 23:25:15 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-07-29 23:25:15 ----D---- C:\Program Files (x86)\Symantec
2011-07-29 23:25:14 ----D---- C:\Program Files\Windows Portable Devices
2011-07-29 23:22:53 ----D---- C:\Windows\registration
2011-07-29 23:17:53 ----D---- C:\Windows\system32\catroot
2011-07-29 23:17:02 ----D---- C:\Windows\Microsoft.NET
2011-07-29 23:15:55 ----RSD---- C:\Windows\assembly
2011-07-29 23:15:19 ----SD---- C:\Users\Pepan23\AppData\Roaming\Microsoft
2011-07-29 23:15:17 ----SD---- C:\ProgramData\Microsoft
2011-07-29 22:27:09 ----D---- C:\Windows\Logs
2011-07-29 22:24:56 ----D---- C:\Windows\debug
2011-07-16 19:41:57 ----D---- C:\World of Warcraft
2011-07-15 17:51:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-15 17:28:48 ----D---- C:\Windows\rescache
2011-07-15 13:07:31 ----A---- C:\Windows\WinInit.Ini
2011-07-04 13:43:42 ----A---- C:\Windows\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-26 254528]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1101000.013\SRTSPX64.SYS [2009-10-09 32304]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-09 2269600]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2009-07-30 339744]
S1 cneiaoer;cneiaoer; \??\C:\Windows\system32\drivers\cneiaoer.sys []
S1 jarmulty;jarmulty; \??\C:\Windows\system32\drivers\jarmulty.sys []
S1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\drivers\NISx64\1101000.013\SRTSP64.SYS [2009-10-09 504880]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100208.002\ENG64.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100208.002\EX64.SYS []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Greg_Service;GRegService; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-02-17 151144]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2011-07-29 948775]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-07-26 348672]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-07-29 502272]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-07-25 256000]
R2 Updater Service;Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-29 243232]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-07-16 1170432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 135664]
S2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe /s NIS /m C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\diMaster.dll /prefetch:1 []
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [2009-10-10 238328]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-15 182768]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]

-----------------EOF-----------------

Zdravim a pekny den preji

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  motji píše: Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost 2 a potvrte enterem
• Utilita provede svou cinnost a da log - ten sem vlozte
• Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Dobrý už to zkouším podle vaší rady:

RogueKiller V5.3.0 [08/01/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Pepan23 [Admin rights]
Mode: Remove -- Date : 08/02/2011 10:56:29

Bad processes: 7
[HJ NAME] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.1\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED [TermProc]

Registry Entries: 14
[SUSP PATH] HKUS\.DEFAULT[...]\Windows : Load (C:\Windows\TEMP\csrss.exe) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[HJ NAME] {80583018-8FD4-4099-8225-8E1F6CA6216F}.job : c:\windows\update.tray-7-0-lnk\svchost.exe -> DELETED
[HJ NAME] {C5636371-15B0-4D86-913C-C588685A320B}.job : c:\windows\update.tray-7-0-lnk\svchost.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V5.3.0 [08/01/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Pepan23 [Admin rights]
Mode: HOSTSFix -- Date : 08/02/2011 10:59:03

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt




RogueKiller V5.3.0 [08/01/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Pepan23 [Admin rights]
Mode: ProxyFix -- Date : 08/02/2011 10:59:46

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Fajn, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Tak snad už :

ComboFix 11-08-02.02 - Pepan23 02.08.2011 11:14:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2046 [GMT 2:00]
Spuštěný z: c:\users\Pepan23\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pepan23\Desktop\Setup.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\Temp\385608.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.3
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-02 do 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-02 08:15 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F57D204F-6722-4F6C-AFBA-DD259CB5247D}\mpengine.dll
2011-08-01 18:16 . 2011-08-01 18:16 -------- d-----w- C:\rsit
2011-08-01 18:16 . 2011-08-01 18:16 -------- d-----w- c:\program files\trend micro
2011-08-01 10:14 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-01 10:14 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-01 10:13 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-01 10:13 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-01 10:13 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-01 09:16 . 2011-08-01 09:16 -------- d-----w- c:\users\Pepan23\AppData\Roaming\Malwarebytes
2011-08-01 09:16 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-01 09:16 . 2011-08-01 09:16 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 09:16 . 2011-08-01 09:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-01 09:16 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 16:20 . 2011-07-30 16:20 -------- d-----w- c:\windows\ufa
2011-07-30 11:12 . 2011-07-30 15:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-30 11:12 . 2011-07-30 15:39 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-07-29 23:14 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-29 22:50 . 2011-07-29 22:50 -------- d-----w- C:\4f2b29fc898a350685f26547a58705d4
2011-07-29 22:05 . 2011-08-01 08:49 -------- d-----w- c:\program files (x86)\WinClamAVShield
2011-07-29 21:58 . 2011-07-31 19:39 -------- d-----w- c:\users\Pepan23\AppData\Roaming\Spyware Terminator
2011-07-29 21:58 . 2011-08-01 17:15 -------- d-----w- c:\programdata\Spyware Terminator
2011-07-29 21:58 . 2011-07-31 19:59 -------- d-----w- c:\program files (x86)\Spyware Terminator
2011-07-29 20:47 . 2011-07-30 16:29 -------- d-----w- c:\users\Pepan23\AppData\Local\ElevatedDiagnostics
2011-07-16 15:38 . 2011-07-16 15:38 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-07-16 11:08 . 2011-07-30 16:20 246272 ----a-w- c:\windows\unrar.exe
2011-07-16 11:03 . 2011-07-29 21:25 -------- d-----w- c:\windows\av_ico
2011-07-16 11:01 . 2011-08-01 17:58 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-16 11:01 . 2011-08-01 17:58 -------- d--h--w- c:\windows\update.tray-10-0
2011-07-16 11:01 . 2011-07-29 21:25 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-16 11:01 . 2011-07-29 21:25 -------- d--h--w- c:\windows\update.tray-10-0-lnk
2011-07-10 16:10 . 2011-07-10 16:20 -------- d-----w- c:\users\Pepan23\AppData\Roaming\TS3Client
2011-07-10 16:09 . 2011-07-10 16:09 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-02-04 15:30 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:32 . 2010-12-24 21:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-12-24 21:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-02 05:56 . 2011-07-13 07:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-16 18:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-16 18:36 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2010-12-24 20:48 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:21 . 2011-06-29 05:30 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-29 05:30 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-29 05:30 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-29 05:30 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-29 05:30 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-07 20:08 . 2011-05-07 20:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-01-24 15:45 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-01-25 12:24 721288 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-15 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-29 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"SpywareTerminator"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-07-29 2557440]
.
c:\users\Pepan23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-6-3 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2 /wow /dir:c:\progra~1\AVASTS~1\Avast\defs\11070401
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 cneiaoer;cneiaoer;c:\windows\system32\drivers\cneiaoer.sys [x]
R1 jarmulty;jarmulty;c:\windows\system32\drivers\jarmulty.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 135664]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 135664]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 20:42]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 20:42]
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-310379545-2288553614-4208006685-1001Core.job
- c:\users\Pepan23\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 15:58]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-310379545-2288553614-4208006685-1001UA.job
- c:\users\Pepan23\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 15:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-01-25 12:24 1057160 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0405&m=et1352&r=173612104203pe464v195r4791t26o
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 172.16.0.5 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
Wow6432Node-HKLM-Run-wxpdrv - c:\windows\services32.exe
Wow6432Node-HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShA64.dll
AddRemove-NIS - c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
.
**************************************************************************
.
Celkový čas: 2011-08-02 11:25:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-02 09:25
.
Před spuštěním: Volných bajtů: 358 646 190 080
Po spuštění: Volných bajtů: 359 078 920 192
.
- - End Of File - - 447C7A5681826F66DB7A9DD0C2988E85

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  File::
  c:\windows\unrar.exe
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-310379545-2288553614-4208006685-1001Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-310379545-2288553614-4208006685-1001UA.job
  
  Folder::
  c:\windows\av_ico
  c:\windows\update.tray-7-0
  c:\windows\update.tray-10-0
  c:\windows\update.tray-7-0-lnk
  c:\windows\update.tray-10-0-lnk
  c:\windows\ufa
  c:\program files (x86)\Spybot - Search & Destroy
  c:\programdata\Spybot - Search & Destroy
  c:\progra~2\IMESHA~1\MediaBar\ToolBar
  c:\program files (x86)\ICQ6Toolbar
  C:\Program Files (x86)\DAEMON Tools Toolbar\
  
  Registry::
  [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
  "{28387537-e3f9-4ed7-860c-11e69af4a8a0}"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"=-
  "swg"=-
  "DAEMON Tools Lite"=-
  "SpywareTerminatorUpdate"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "SunJavaUpdateSched"=-
  "SpywareTerminator"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "FirewallOverride"=dword:00000000
  "DisableThumbnailCache"=dword:00000000
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\Windows\update.2\svchost.exe"=-
  "C:\Windows\update.1\svchost.exe"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
  "{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
  "{28387537-e3f9-4ed7-860c-11e69af4a8a0}"=-
  "{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
  
  Collect::
  c:\windows\system32\drivers\cneiaoer.sys
  c:\windows\system32\drivers\jarmulty.sys
  
  Driver::
  cneiaoer
  jarmulty
  gupdate
  gupdatem
  ICQ Service
  
  DDS::
  mStart Page = hxxp://homepage.emachines.com/rdr.aspx? ... 5r4791t26o
  uStart Page = my.daemon-search.com
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  AtJob::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Musím to poslat na dvakrát nevejde se to do zprávy:

ComboFix 11-08-02.02 - Pepan23 02.08.2011 11:47:06.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.1988 [GMT 2:00]
Spuštěný z: c:\users\Pepan23\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pepan23\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-310379545-2288553614-4208006685-1001Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-310379545-2288553614-4208006685-1001UA.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\IMESHA~1\MediaBar\ToolBar
c:\progra~2\IMESHA~1\MediaBar\ToolBar\components\windowmediator.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\data\search\engines.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\data\search\search.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\imeshcode.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\about.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxpanel.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxwin.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\external.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\imeshcode.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\neterror.xhtml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\nsDragAndDrop.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\rsspreview.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\rsswin.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\rsswin.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\vmncode.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\modules\datastore.jsm
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\neterror.xhtml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\preferences.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\template.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\toolbar.htm
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\toolbar.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\vmncode.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\vmnrsswin.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.jsw
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\index.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\login.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\index.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.4.3.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.event.wheel.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.scrollTo-min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\youtube.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\about_logo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\babylon_logo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\bluelite.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\bluesky.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-search-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-settings-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-settings.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-widgets-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-widgets.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn_settings.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\ca.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\dictionary.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\divider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\downloadcom.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\dtxlogo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\ebay.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\ebay_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\email.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\email_on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\email_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\facebook.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\games.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred0.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred0_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred1.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred1_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred2.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred2_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred3.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred3_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred4.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred4_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphredna.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\grey.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\ico-shield.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\icon_seperator_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\images.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\imesh.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\add.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\aol.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\blank.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btn-widgets.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btn_slider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\collapse.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\comcast.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\dtx.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\edit-back.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\expand.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\found.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\gmail.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\hotmail.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\checkmark.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\chevron.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\ico-check.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\imap.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\lock.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\logo-separator.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\mailcom.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\modify.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\move.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\movetarget.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\main.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\games.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\scroll.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\pop.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\reload.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\remove.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\rename.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\resize-box.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\rss.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\scroll-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\scroll-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\search-go.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\template.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\yahoo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lichen.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo-about.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo-separator.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_about_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_over_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_over_t_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_t_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\mail.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\maps.bmp
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\menuseparatorback.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\modify-save.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\modify.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\modifyhot.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\music.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\news.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-main.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-weather.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-weather.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-widgets.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\orange.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\pixsy.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\protect-id.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\relatedlinks.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-collapse.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-delete.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-expand.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-feed.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-folder-remove.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-folder-rename.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-folder.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-found.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-reload.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-subscribe.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rssback.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rsstopback.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\search-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\search_button_over_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\search_button_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\settings.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\shopping.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\siteinfo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-bluelite.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-bluesky.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-lichen.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-orange.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-yellow.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\technorati.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\toolbarsplitter.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\translate.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\TRUSTe_about.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\video.bmp
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\vmn.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\vmn.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\weather.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\web.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\widgets-square-16px.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\wikipedia.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\yahoosearch.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\yellow.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\youtube.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\zoom.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshbandmltbpi.dll
c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
c:\progra~2\IMESHA~1\MediaBar\ToolBar\manifest.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\uninstall.exe
c:\program files (x86)\DAEMON Tools Toolbar
c:\program files (x86)\DAEMON Tools Toolbar\_DTLite.xml
c:\program files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
c:\program files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
c:\program files (x86)\DAEMON Tools Toolbar\Resources\about.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\AboutWindow.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\accept.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ARA.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\as.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\as.png
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_audio.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_buy.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_download.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_feedback.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_forum.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_home.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astro_lite.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astroburn_site.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\astroLite_16.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\az.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\AZE.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\b1.png
c:\program files (x86)\DAEMON Tools Toolbar\Resources\burn_files.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\burn_image.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\burn_imgs.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\BurnImage.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\buy.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\cal.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Config.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\d.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\d2.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\daemon_search.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\daemon_search_site.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\DEU.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dot_disabled.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dot_enabled.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dot_on_over.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\download.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ds.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dsearch.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt-home.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_about.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_buy.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_download.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_faq.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_feedback.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_forum.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_line.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_lite.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_manual.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dt_pro.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\DTPro.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dtt16.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\dtt32.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Dwnl.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\emulation.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ENG.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\faq.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\favicon.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\fb.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\features.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\feedback.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\forum.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\FRA.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameCentrix.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameCentrixCristals.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameCentrixDownload.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameCentrixPlayOnline.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameCentrixTop.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameS.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\games_search.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\games_search_SA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GameSA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\gct16.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\gd.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\genre.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\globe.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\GrabImage.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\hb.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\hb.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\help.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\hide.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\home.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\CHS.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\CHT.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\image_search.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\image_search_SA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ImageS.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ImageSA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ip.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\ITA.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\JPN.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\KOR.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\lang.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\lingvo.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\m.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mail.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mail_disable.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mail_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mail_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mail_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mailc.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mailc_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mailc_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mailc_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\manual.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\map.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\MenuTr.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mount.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\mount_n_drive.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\next.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\next_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\next_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\next_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\none.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\none_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\op.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\play.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\play.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\play_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\play_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\play_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\pragma.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\prev.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\prev_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\prev_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\prev_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\prod.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Radio.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioBg.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioBg.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDown.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDown.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioE.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioG.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioL.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioLM.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioM.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioN.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioR.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioR.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioRM.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioRU.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RadioW.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\rbcheck.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\rbtxt.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\refresh.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\refresh_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\refresh_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\refresh_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Rss.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Rss1.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RssA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RssA1.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\rssClose.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\rssL.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\rssOpen.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RssRefresh.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\RUS.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\s2.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\show.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\size.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\size_lr.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\size_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\size_rl.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\skins.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\soft24.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\soft24_SA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\spt.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\stop.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\stop.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\stop_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\stop_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\stop_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\style.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\SupportRequest.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\timer.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\TitleIcon.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\toolbar.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\trans.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Trash.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Trash_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Trash_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\Trash_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\u.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\UKR.xml
c:\program files (x86)\DAEMON Tools Toolbar\Resources\unmount-all.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_back.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_dott.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_mute.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\vol_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtClose.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtText.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
c:\program files (x86)\DAEMON Tools Toolbar\Resources\web_resources.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\web_search.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\web_search_SA.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\WebS.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\WebSa.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi0.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi1.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi10.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi11.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi12.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi13.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi14.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi2.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi3.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi4.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi5.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi6.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi7.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi8.ico
c:\program files (x86)\DAEMON Tools Toolbar\Resources\wi9.ico
c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
c:\program files (x86)\ICQ6Toolbar
c:\program files (x86)\ICQ6Toolbar\config.xml
c:\program files (x86)\ICQ6Toolbar\Icons.bmp
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\program files (x86)\ICQ6Toolbar\icq6Toolbar.ico
c:\program files (x86)\ICQ6Toolbar\ICQToolBar.dll
c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files (x86)\ICQ6Toolbar\logo_small.gif
c:\program files (x86)\ICQ6Toolbar\ServiceStarter.exe
c:\program files (x86)\ICQ6Toolbar\short.wav
c:\program files (x86)\ICQ6Toolbar\Version.txt
c:\program files (x86)\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy\advcheck.dll
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Configuration.ini
c:\programdata\Spybot - Search & Destroy\Logs\Fixes.110730-1339.txt
c:\programdata\Spybot - Search & Destroy\Logs\Fixes.110730-1413.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110730-1318.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110730-1338.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110730-1403.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110730-1412.txt
c:\programdata\Spybot - Search & Destroy\Logs\Resident.log
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc
c:\programdata\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip
c:\programdata\Spybot - Search & Destroy\Recovery\Overview.ini
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_norton_start.ico
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-310379545-2288553614-4208006685-1001Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-310379545-2288553614-4208006685-1001UA.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-10-0-lnk
c:\windows\update.tray-10-0-lnk\svchost.exe
c:\windows\update.tray-10-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cneiaoer
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
-------\Service_jarmulty
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-02 do 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-02 09:51 . 2011-08-02 09:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-08-02 08:15 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F57D204F-6722-4F6C-AFBA-DD259CB5247D}\mpengine.dll
2011-08-01 18:16 . 2011-08-01 18:16 -------- d-----w- C:\rsit
2011-08-01 18:16 . 2011-08-01 18:16 -------- d-----w- c:\program files\trend micro
2011-08-01 10:14 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-01 10:14 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-01 10:13 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-01 10:13 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-01 10:13 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-01 09:16 . 2011-08-01 09:16 -------- d-----w- c:\users\Pepan23\AppData\Roaming\Malwarebytes
2011-08-01 09:16 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-01 09:16 . 2011-08-01 09:16 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 09:16 . 2011-08-01 09:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-01 09:16 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-29 23:14 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-29 22:50 . 2011-07-29 22:50 -------- d-----w- C:\4f2b29fc898a350685f26547a58705d4
2011-07-29 22:05 . 2011-08-01 08:49 -------- d-----w- c:\program files (x86)\WinClamAVShield
2011-07-29 21:58 . 2011-07-31 19:39 -------- d-----w- c:\users\Pepan23\AppData\Roaming\Spyware Terminator
2011-07-29 21:58 . 2011-08-01 17:15 -------- d-----w- c:\programdata\Spyware Terminator
2011-07-29 21:58 . 2011-07-31 19:59 -------- d-----w- c:\program files (x86)\Spyware Terminator
2011-07-29 20:47 . 2011-07-30 16:29 -------- d-----w- c:\users\Pepan23\AppData\Local\ElevatedDiagnostics
2011-07-16 15:38 . 2011-07-16 15:38 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-07-10 16:10 . 2011-07-10 16:20 -------- d-----w- c:\users\Pepan23\AppData\Roaming\TS3Client
2011-07-10 16:09 . 2011-07-10 16:09 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-02-04 15:30 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:32 . 2010-12-24 21:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-12-24 21:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-02 05:56 . 2011-07-13 07:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-16 18:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-16 18:36 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2010-12-24 20:48 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:21 . 2011-06-29 05:30 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-29 05:30 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-29 05:30 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-29 05:30 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-29 05:30 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-07 20:08 . 2011-05-07 20:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-02_09.21.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-15 09:35 . 2011-08-02 09:22 44122 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-02 09:22 42078 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-24 20:34 . 2011-08-02 09:22 21586 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-310379545-2288553614-4208006685-1001_UserData.bin
- 2010-12-24 20:34 . 2011-08-02 09:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-24 20:34 . 2011-08-02 09:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-24 20:34 . 2011-08-02 09:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-24 20:34 . 2011-08-02 09:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-24 20:34 . 2011-08-02 09:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-24 20:34 . 2011-08-02 09:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-24 20:36 . 2011-08-02 09:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-24 20:36 . 2011-08-02 09:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-24 20:36 . 2011-08-02 09:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-24 20:36 . 2011-08-02 09:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-30 21:55 . 2011-08-02 09:52 5348 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-08-02 09:52 . 2011-08-02 09:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-02 09:20 . 2011-08-02 09:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-02 09:52 . 2011-08-02 09:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-02 09:20 . 2011-08-02 09:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-08-02 09:19 308772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-02 09:52 308772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-08-02 08:25 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-08-02 09:35 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

Druhá část až do konce:


.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-01-25 12:24 721288 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
.
c:\users\Pepan23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-6-3 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2 /wow /dir:c:\progra~1\AVASTS~1\Avast\defs\11070401
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-01-25 12:24 1057160 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\program files\AVAST Software\Avast\ashShA64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF15479.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 172.16.0.5 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
.
**************************************************************************
.
Celkový čas: 2011-08-02 11:58:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-02 09:58
ComboFix2.txt 2011-08-02 09:25
.
Před spuštěním: Volných bajtů: 359 137 120 256
Po spuštění: Volných bajtů: 358 674 124 800
.
- - End Of File - - FA5E79D0FABC62C0797CBE938F4BCB43

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami at se zbavime zbytku poskozenych antiviru

• http://files.avast.com/files/eng/aswclear.exe
• ftp://ftp.symantec.com/public/english_u ... l_Tool.exe

Nainstalujte Avast free http://www.avast.com/cs-cz/free-antivirus-download

Napiste co PC

Tak jsem to podle vás vše provedl a avast je nainstalován ale hlásí že je zastaven a když dám v avastu opravit nebo spustit tak nic, víte co s tím?

Poprosim o novy log z RSIT

Tak zde prosím

Logfile of random's system information tool 1.09 (written by random/random)
Run by Pepan23 at 2011-08-02 20:48:09
Microsoft Windows 7 Home Premium
System drive C: has 352 GB (77%) free of 455 GB
Total RAM: 3071 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:48:21, on 2.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\trend micro\Pepan23.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9268 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {9E82026C-31D9-4B1F-AC8C-26904B470250}
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe"
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
"C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe"
"taskhost.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
"C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe"
"C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /CHECKNOW
"C:\Users\Pepan23\APPDATA\LOCAL\OPERA\OPERA\TEMPORARY_DOWNLOADS\RSITX64.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 822CEF7A-504D-C69B-CC8A-731D7E4EE169 -Reinvoke

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-07-04 978496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll [2011-01-25 1057160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-02-25 400560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll [2011-02-25 335928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll [2011-01-25 721288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-25 298160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll [2011-02-25 848952]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-02-25 400560]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-07-04 978496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-25 298160]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-09 10060320]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"=C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [2010-08-04 611872]
"NortonOnlineBackupReminder"=C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [2009-07-25 588648]
"DATAMNGR"=C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [2011-01-25 1116080]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
"SpywareTerminator"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2011-07-29 2557440]

C:\Users\Pepan23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CurseClientStartup.ccip

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\update.2\svchost.exe"="C:\Windows\update.2\svchost.exe:*:Enabled:C:\Windows\update.2\svchost.exe"
"C:\Windows\update.1\svchost.exe"="C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-08-02 20:48:09 ----D---- C:\rsit
2011-08-02 20:26:46 ----A---- C:\Windows\system32\aswBoot.exe
2011-08-02 20:26:25 ----D---- C:\ProgramData\AVAST Software
2011-08-02 20:26:25 ----D---- C:\Program Files\AVAST Software
2011-08-02 20:08:38 ----D---- C:\ProgramData\NortonInstaller
2011-08-02 20:05:37 ----A---- C:\Windows\ntbtlog.txt
2011-08-02 19:56:12 ----D---- C:\Program Files\CCleaner
2011-08-02 11:53:59 ----D---- C:\$RECYCLE.BIN
2011-08-02 11:19:26 ----D---- C:\Windows\temp
2011-08-01 20:16:19 ----D---- C:\Program Files\trend micro
2011-08-01 12:14:04 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-08-01 12:14:03 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-08-01 12:13:53 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-08-01 12:13:22 ----A---- C:\Windows\avastSS.scr
2011-08-01 12:13:21 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-08-01 11:16:16 ----D---- C:\Users\Pepan23\AppData\Roaming\Malwarebytes
2011-08-01 11:16:07 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-08-01 11:16:06 ----D---- C:\ProgramData\Malwarebytes
2011-08-01 11:16:03 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-01 11:16:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-30 01:14:22 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-30 00:50:03 ----D---- C:\4f2b29fc898a350685f26547a58705d4
2011-07-30 00:10:20 ----A---- C:\Windows\system32\MRT.exe
2011-07-30 00:05:40 ----D---- C:\Program Files (x86)\WinClamAVShield
2011-07-29 23:58:09 ----D---- C:\Users\Pepan23\AppData\Roaming\Spyware Terminator
2011-07-29 23:58:03 ----D---- C:\ProgramData\Spyware Terminator
2011-07-29 23:58:02 ----D---- C:\Program Files (x86)\Spyware Terminator
2011-07-16 17:38:32 ----D---- C:\ProgramData\Blizzard Entertainment
2011-07-13 09:02:46 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 09:02:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 09:02:44 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 09:02:44 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 09:02:43 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 09:02:42 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 09:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 09:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 09:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 09:02:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 09:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 09:02:41 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 09:02:38 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 09:02:34 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 09:02:34 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 09:02:33 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 09:02:33 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 09:02:33 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 09:02:32 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 09:02:32 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 09:02:32 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 09:02:32 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 09:02:32 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 09:02:32 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 09:02:32 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 09:02:30 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-10 18:10:06 ----D---- C:\Users\Pepan23\AppData\Roaming\TS3Client
2011-07-10 18:09:28 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client

======List of files/folders modified in the last 1 month======

2011-08-02 20:43:24 ----D---- C:\Windows\system32\config
2011-08-02 20:26:46 ----D---- C:\Windows\System32
2011-08-02 20:26:45 ----SHD---- C:\Windows\Installer
2011-08-02 20:26:30 ----D---- C:\Windows\SysWOW64
2011-08-02 20:26:30 ----D---- C:\Windows
2011-08-02 20:26:25 ----RD---- C:\Program Files
2011-08-02 20:26:25 ----D---- C:\ProgramData
2011-08-02 20:26:22 ----SHD---- C:\System Volume Information
2011-08-02 19:58:54 ----D---- C:\Users\Pepan23\AppData\Roaming\Skype
2011-08-02 19:58:50 ----D---- C:\Windows\Logs
2011-08-02 19:58:50 ----D---- C:\Windows\debug
2011-08-02 19:40:00 ----D---- C:\Windows\system32\drivers
2011-08-02 11:54:00 ----A---- C:\Windows\system.ini
2011-08-02 11:53:55 ----D---- C:\Windows\system32\drivers\etc
2011-08-02 11:51:29 ----RD---- C:\Program Files (x86)
2011-08-02 11:51:28 ----D---- C:\Windows\Tasks
2011-08-02 11:49:18 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-02 11:49:18 ----D---- C:\Windows\AppPatch
2011-08-02 11:49:16 ----D---- C:\Program Files\Common Files
2011-08-02 11:49:16 ----D---- C:\Program Files (x86)\Common Files
2011-08-02 10:56:28 ----D---- C:\Windows\system32\Tasks
2011-08-01 19:07:37 ----D---- C:\ProgramData\Easybits GO
2011-08-01 17:37:36 ----D---- C:\Users\Pepan23\AppData\Roaming\go
2011-08-01 10:37:49 ----D---- C:\Windows\system32\catroot2
2011-07-30 18:20:28 ----D---- C:\Program Files (x86)\Microsoft Office
2011-07-30 01:30:26 ----D---- C:\Users\Pepan23\AppData\Roaming\ICQ
2011-07-29 23:27:09 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-07-29 23:27:09 ----D---- C:\Windows\system32\wbem
2011-07-29 23:27:08 ----D---- C:\Windows\system32\cs-CZ
2011-07-29 23:27:08 ----D---- C:\Windows\system32\AdvancedInstallers
2011-07-29 23:27:08 ----D---- C:\Program Files\Windows Media Player
2011-07-29 23:27:08 ----D---- C:\Program Files\Internet Explorer
2011-07-29 23:27:07 ----D---- C:\Windows\system32\wfp
2011-07-29 23:27:06 ----D---- C:\Windows\winsxs
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\wbem
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\sppui
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\Setup
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\oobe
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\migwiz
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\migration
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\es-ES
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\Dism
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\da-DK
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\cs
2011-07-29 23:25:56 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2011-07-29 23:25:56 ----D---- C:\Windows\system32\sppui
2011-07-29 23:25:56 ----D---- C:\Windows\system32\Setup
2011-07-29 23:25:56 ----D---- C:\Windows\system32\oobe
2011-07-29 23:25:56 ----D---- C:\Windows\system32\migwiz
2011-07-29 23:25:56 ----D---- C:\Windows\system32\migration
2011-07-29 23:25:56 ----D---- C:\Windows\system32\manifeststore
2011-07-29 23:25:56 ----D---- C:\Windows\system32\es-ES
2011-07-29 23:25:56 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-07-29 23:25:56 ----D---- C:\Windows\system32\Dism
2011-07-29 23:25:56 ----D---- C:\Windows\system32\da-DK
2011-07-29 23:25:56 ----D---- C:\Windows\system32\cs
2011-07-29 23:25:56 ----D---- C:\Windows\system32\Boot
2011-07-29 23:25:56 ----D---- C:\Windows\servicing
2011-07-29 23:25:56 ----D---- C:\Windows\PolicyDefinitions
2011-07-29 23:25:56 ----D---- C:\Windows\inf
2011-07-29 23:25:55 ----RSD---- C:\Windows\Fonts
2011-07-29 23:25:55 ----D---- C:\Windows\ehome
2011-07-29 23:25:55 ----D---- C:\Program Files\Windows Sidebar
2011-07-29 23:25:55 ----D---- C:\Program Files\Windows Photo Viewer
2011-07-29 23:25:55 ----D---- C:\Program Files\Windows Mail
2011-07-29 23:25:55 ----D---- C:\Program Files\Windows Journal
2011-07-29 23:25:55 ----D---- C:\Program Files\Windows Defender
2011-07-29 23:25:55 ----D---- C:\Program Files\DVD Maker
2011-07-29 23:25:55 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-07-29 23:25:55 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-07-29 23:25:55 ----D---- C:\Program Files (x86)\Windows Media Player
2011-07-29 23:25:55 ----D---- C:\Program Files (x86)\Windows Mail
2011-07-29 23:25:55 ----D---- C:\Program Files (x86)\Internet Explorer
2011-07-29 23:25:33 ----D---- C:\Windows\TAPI
2011-07-29 23:25:33 ----D---- C:\Windows\SYSWOW64\XPSViewer
2011-07-29 23:25:33 ----D---- C:\Windows\SYSWOW64\Speech
2011-07-29 23:25:33 ----D---- C:\Windows\SYSWOW64\MUI
2011-07-29 23:25:33 ----D---- C:\Windows\system32\spp
2011-07-29 23:25:33 ----D---- C:\Windows\system32\Speech
2011-07-29 23:25:33 ----D---- C:\Windows\system32\MUI
2011-07-29 23:25:33 ----D---- C:\Windows\system32\DriverStore
2011-07-29 23:25:31 ----D---- C:\Windows\system32\CodeIntegrity
2011-07-29 23:25:31 ----D---- C:\Windows\security
2011-07-29 23:25:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-29 23:25:15 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-07-29 23:25:15 ----D---- C:\Program Files (x86)\Symantec
2011-07-29 23:25:14 ----D---- C:\Program Files\Windows Portable Devices
2011-07-29 23:22:53 ----D---- C:\Windows\registration
2011-07-29 23:17:53 ----D---- C:\Windows\system32\catroot
2011-07-29 23:17:02 ----D---- C:\Windows\Microsoft.NET
2011-07-29 23:15:55 ----RSD---- C:\Windows\assembly
2011-07-29 23:15:19 ----SD---- C:\Users\Pepan23\AppData\Roaming\Microsoft
2011-07-29 23:15:17 ----SD---- C:\ProgramData\Microsoft
2011-07-16 19:41:57 ----D---- C:\World of Warcraft
2011-07-15 17:51:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-15 17:28:48 ----D---- C:\Windows\rescache
2011-07-15 13:07:31 ----A---- C:\Windows\WinInit.Ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-26 254528]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-09 2269600]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2009-07-30 339744]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Greg_Service;GRegService; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-02-17 151144]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2011-07-29 948775]
R2 Updater Service;Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-29 243232]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [2009-10-10 238328]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-15 182768]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]

-----------------EOF-----------------

Odinstalujte SpywareTerminatora, MBAM a WinClamAVShield

Otevrete si poznamkovy blok

• Start->spustit->notepad
• Vlozte text nize

• Kód: Vybrat vše

  Windows Registry Editor Version 5.00
  
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\Windows\update.2\svchost.exe"=-
  "C:\Windows\update.1\svchost.exe"=-

• Soubor ulozte jako oprava.reg
• Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
• 
• Zavrit notepad a spustit dvojklikem oprava.reg
• Pripadny dotaz na zmenu registru potvrdte
• Okno jen problikne a opravi regsitry - soubor muzete smazat

Zkuste jeste pripadne Avast preinstalovat a napiste jak se chova

Avast už pracuje, ale nelze ho aktualizovat, píše, že se nelze připojit k serveru

Me tez ted nejak blbne, zrejme chyba na jejich strane

Doinstalujte Service Pack 1 a i dalsi aktualizace pres windows update

PC sledujte a pokud bude problem, tak napiste