Prosím o kontrolu logu (Jak se zbavit bearshare?) Vyřešeno

[jazzdave]

/*
Log oddělen z vlákna viewtopic.php?f=39&t=62477&p=455774
Myloš
*/

Už jsem to s hijackthis zkoušel a fixnul jsem řádky,kde jem našel BEARSH, ale nepomohloto.
Tak tady je nový log.
Tak díky.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:36, on 15.1.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Keyboard Driver\OEMDriver.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\IR\shutTask.exe
C:\Program Files\SAMSUNG\EmoDio\SMSTray.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Automatické vypnutí počítače\avp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [shutTask] "C:\Program Files\IR\shutTask.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\SAMSUNG\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [PureSync] "C:\Program Files\PureSync\PureSyncTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [JP595IR86O] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Aty.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Automatické vypnutí počítače.lnk = ?
O4 - Startup: Zástupce - učetnictví.lnk = ?
O4 - Startup: Zástupce - výběr nanájem.lnk = ?
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10453 bytes

[Reklama]

[memphisto]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[jazzdave]

Děkuju moc.

Tad je ten log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5556

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

19.1.2011 22:52:10
mbam-log-2011-01-19 (22-51-55).txt

Typ kontroly: Rychlý test
Testované objekty: 147962
Uplynulý čas: 4 minut, 57 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Z30KYPG3WS (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\administrator\plocha\serial_arcsoft.totalmedia.3.5.45376.exe (Trojan.FraudPack) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[jazzdave]

Log po odstraňování:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5556

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

19.1.2011 23:51:18
mbam-log-2011-01-19 (23-51-18).txt

Typ kontroly: Rychlý test
Testované objekty: 148043
Uplynulý čas: 2 minut, 8 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Z30KYPG3WS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> Quarantined and deleted successfully.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Nový scan a log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5556

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

19.1.2011 23:55:59
mbam-log-2011-01-19 (23-55-59).txt

Typ kontroly: Rychlý test
Testované objekty: 148014
Uplynulý čas: 2 minut, 29 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)


Tady je log z ComboFixu



ComboFix 11-01-19.01 - Administrator 20.01.2011 0:10.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2559.2038 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Recent\Thumbs.db
c:\windows\system32\muzapp.exe
c:\windows\TEMP\logishrd\LVPrcInj02.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-19 do 2011-01-19 )))))))))))))))))))))))))))))))
.

2011-01-19 21:43 . 2011-01-19 21:43 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-01-19 21:42 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 21:42 . 2011-01-19 21:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-19 21:42 . 2011-01-19 21:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 21:42 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-16 11:22 . 2011-01-16 11:22 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2011-01-14 00:06 . 2011-01-14 00:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\1A35B
2011-01-12 17:32 . 2011-01-14 19:52 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb
2011-01-12 17:32 . 2011-01-14 00:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare
2011-01-12 17:32 . 2011-01-14 19:25 -------- d-----w- c:\program files\BearShare Applications
2011-01-12 17:31 . 2011-01-14 19:25 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\~0
2011-01-12 17:31 . 2011-01-12 17:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PackageAware
2011-01-01 20:41 . 2011-01-01 20:54 -------- d-----w- c:\documents and settings\Administrator\.netbeans
2011-01-01 20:41 . 2011-01-01 20:41 -------- d-----w- c:\documents and settings\Administrator\.netbeans-registration
2011-01-01 20:38 . 2011-01-01 21:05 -------- d-----w- c:\program files\NetBeans 6.9.1
2011-01-01 20:38 . 2011-01-01 20:38 -------- d-----w- c:\program files\Common Files\Java
2011-01-01 20:37 . 2011-01-01 20:37 -------- d-----w- c:\program files\Sun
2011-01-01 20:37 . 2011-01-01 20:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-01 20:33 . 2011-01-01 20:50 -------- d-----w- c:\documents and settings\Administrator\.nbi
2011-01-01 20:13 . 2011-01-01 20:41 -------- d-----w- c:\program files\jdk

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-01 20:37 . 2010-04-30 21:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-02-10 09:18 . 2010-08-18 05:42 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2010-09-25 328056]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"KBDriver"="c:\program files\Keyboard Driver\OEMDriver.exe" [2006-07-25 151552]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"shutTask"="c:\program files\IR\shutTask.exe" [2009-12-29 110592]
"SMSTray"="c:\program files\SAMSUNG\EmoDio\SMSTray.exe" [2009-04-16 479232]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Automatick‚ vypnutˇ poźˇtaźe.lnk - c:\program files\Automatick‚ vypnutˇ poźˇtaźe\avp.exe [2004-12-28 443392]
Z stupce - uźetnictvˇ.lnk - c:\documents and settings\Administrator\Plocha\uźetnictvˇ.xlsx [2010-10-21 13111]
Z stupce - věbŘr nan jem.lnk - c:\documents and settings\Administrator\Plocha\věbŘr nan jem.xlsx [2010-10-8 10808]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-6-14 258048]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"k:\\downloaded\\sdc230\\StrongDC.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.9.2009 19:41 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.9.2009 9:37 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.9.2009 9:37 17744]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31.10.2010 12:53 247096]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7.10.2009 13:50 185640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.6.2010 15:41 92008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.11.2009 23:19 135664]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 WFSONORA;WinFast PxDVR3200 H;c:\windows\system32\drivers\wfsonora.sys [31.5.2010 22:57 313216]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 22:19]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 22:19]

2011-01-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]

2011-01-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-05 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tkyl6ppg.default\
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
Toolbar-10 - (no file)
HKCU-Run-PureSync - c:\program files\PureSync\PureSyncTray.exe
HKCU-Run-Windows Live Sync - c:\program files\Windows Live\Sync\WindowsLiveSync.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-HijackThis - c:\documents and settings\Administrator\Dokumenty\Stažené soubory\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-20 00:15
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\documents and settings\Administrator\Data aplikací\ArcSoft\TotalMedia\3.5.7\ArcPVR\epg.ldb 64 bytes
c:\documents and settings\Administrator\Data aplikací\Skype\etilqs_U74bZyzgLVAiOz98AxHX 27648 bytes
c:\documents and settings\Administrator\Data aplikací\Skype\shared_dynco\dc.lock
c:\documents and settings\Administrator\Data aplikací\Skype\shared_httpfe\queue.lock
c:\documents and settings\Administrator\Data aplikací\Skype\etilqs_SbmFRRWBU8eolMMR6Qt7

sken byl úspešně dokončen
skryté soubory: 5

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7524)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2011-01-20 00:18:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-19 23:18

Před spuštěním: 6 080 405 504
Po spuštění: 6 219 350 016

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9D5ABAF2299AD303FE71DC18EE6B0B0A

[jaro3]

jestli tam máš AVP Tool ( by Kaspersky) tak to odinstaluj.

pak smaž:
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\---najdi avp
Automatick‚ vypnutˇ poźˇtaźe.lnk –
c:\program files\Automatick‚ vypnutˇ poźˇtaźe\avp.exe


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\program files\Common Files\AskToolbarInstaller.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Folder::
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare
c:\program files\BearShare Applications
c:\program files\Ask.com
c:\program files\ICQ6Toolbar

DirLook::
c:\documents and settings\All Users\Data aplikací\1A35B
c:\documents and settings\All Users\Data aplikací\~0

Driver::
ICQ Service
SetupNTGLM7X

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tkyl6ppg.default\
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\TEMP\logishrd\LVPrcInj01.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[jazzdave]

Log z ComboFixu
ComboFix 11-01-19.04 - Administrator 20.01.2011 18:41:23.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2559.2112 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\Common Files\AskToolbarInstaller.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\dtx.ini
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\games\560c7201755c679869eea910b6fd1eb7
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\games\c3f22b13df8b8baa8e724cb076f76e87
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\games\d5b2c3ce52b4fc55ef8dfa8715f33189
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\games\GameCategories.xml
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\games\GameTypes.xml
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\guid.dat
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\preferences.dat
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\stats.dat
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\uninstallIE.dat
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\version.xml
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\weather\2f470a4c08c09d8b2643c6150e0095c5
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\weather\840442baa72959499868ccbeea2aa6d8
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\weather\forecasts_cache.xml
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\weather\observations_cache.xml
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\weatherbutton_prefs.xml
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\widgets_cache\9f9d921adaa38d5368da64c4eca671a7
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\widgets_cache\c2aa2d5455a96425c82f2c63f7bc461e
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\widgets_cache\category_cache.xml
c:\documents and settings\Administrator\Data aplikací\bearsharemediabartb\widgets_cache\widget_cache.xml
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Artwork\RABlAGwAaQByAGkAbwB1AHMAPwAgAC0AIABLAGkAbgBnAGQAbwBtACAAbwBmACAAQwBvAG0AZgBvAHIAdAA=(150x82).jpeg
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Artwork\RABlAGwAaQByAGkAbwB1AHMAPwAgAC0AIABLAGkAbgBnAGQAbwBtACAAbwBmACAAQwBvAG0AZgBvAHIAdAA=.jpeg
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Artwork\YQBsAGIAdQBtACAALQAgAEsAaQBuAGcAZABvAG0AIABvAGYAIABDAG8AbQBmAG8AcgB0ACAALQAgAGYAZgBmAGYAZgBmAGYAZgA=(100x100).jpeg
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Artwork\YQBsAGIAdQBtACAALQAgAEsAaQBuAGcAZABvAG0AIABvAGYAIABDAG8AbQBmAG8AcgB0ACAALQAgAGYAZgBmAGYAZgBmAGYAZgA=(150x150).jpeg
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Artwork\YQBsAGIAdQBtACAALQAgAEsAaQBuAGcAZABvAG0AIABvAGYAIABDAG8AbQBmAG8AcgB0ACAALQAgAGYAZgBmAGYAZgBmAGYAZgA=.jpeg
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Artwork\YQByAHQAaQBzAHQAIAAtACAARABlAGwAaQByAGkAbwB1AHMAPwA=(146x65).jpeg
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Artwork\YQByAHQAaQBzAHQAIAAtACAARABlAGwAaQByAGkAbwB1AHMAPwA=.jpeg
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Creatives.xml
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\10.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1040.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1043.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1044.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1050.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1054.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1055.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1057.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1058.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1060.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1062.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1063.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\1070.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\11.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\12.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\13.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\14.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\15.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\16.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\17.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\18.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\19.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\2.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\20.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\21.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\22.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\23.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\24.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\25.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\26.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\27.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\28.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\29.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\3.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\30.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\31.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\32.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\33.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\34.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\35.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\36.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\37.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\38.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\4.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\5.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\6.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\7.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\8.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\CreativesFiles\9.gif
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\BackUp\BitTorrent.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\BackUp\Cddb.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\BackUp\ContentDirs.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\BackUp\ContentFile.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\BackUp\DownloadFile.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\BackUp\PartsHashes.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\BackUp\Playlists.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\BackUp\VirtualFile.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\BitTorrent.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\Cddb.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\ContentDirs.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\ContentFile.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\DownloadFile.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\PartsHashes.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\Playlists.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Data\VirtualFile.db
c:\documents and settings\Administrator\Local Settings\Data aplikací\BearShare\Player.swf
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_1f.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\BearShare Applications
c:\program files\BearShare Applications\MediaBar\Datamngr\datamngr.dll
c:\program files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
c:\program files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\content\FFBHO.js
c:\program files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\install.rdf
c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarTb.dll
c:\program files\BearShare Applications\MediaBar\ToolBar\components\windowmediator.js
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\bearshare.js
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\data\search\engines.xml
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\data\search\search.xsl
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\lib\about.xml
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\lib\external.js
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\preferences.xml
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\toolbar.htm
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\toolbar.xul
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\bearshare.css
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\bluelite.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\bluesky.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\btn-search-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\btn-search.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\btn-settings.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\btn-widgets.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\btn_settings.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-down-back-ff.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-down-back.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-down-left.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-down-right.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-down-splitter.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-drop-back.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-drop-left.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-drop-right.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-drop-splitter.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-hover-back.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-hover-left.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-hover-right.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\button-hover-splitter.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\ca.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\dictionary.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\divider.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\downloadcom.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\dtxlogo.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\email.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\email_on.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\games.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\graphred0.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\graphred0_5.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\grey.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\headsup.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\ico-shield.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\images.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\add.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\aol.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\blank.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\collapse.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\comcast.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\dtx.css
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\expand.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\found.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\gmail.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\highlight.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\chevron.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\imap.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\lock.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\modify.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\move.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\pop.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\reload.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\remove.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\rename.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\rss.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\search-go.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\search.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\lichen.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\logo-about.jpg
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\logo-about.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\logo-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\logo.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\logo_old.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\maps.bmp
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\modify-save.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\modify.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\modifyhot.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\music.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\news.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\options\options-main.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\options\options-search.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\orange.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\pixsy.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\relatedlinks.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rss-collapse.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rss-delete.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rss-expand.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rss-feed.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rss-folder.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rss-found.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rss-reload.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rss.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rssback.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\rsstopback.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\search-over.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\search.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\settings.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\shopping.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\siteinfo.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\skin-grey.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\skin-lichen.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\skin-orange.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\skin-yellow.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\technorati.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\throbber.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\video.bmp
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\weather.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\web.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\widget_allocine.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\widget_bliptv.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\widget_calcal.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\widget_calculator.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\widget_gservices.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\widget_sudoku.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\widget_todo.jpg
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\widget_todo.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\widget_trio.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\widget_uconverter.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\widgets.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\wikipedia.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\yahoosearch.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\yellow.gif
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\youtube.png
c:\program files\BearShare Applications\MediaBar\ToolBar\chrome\skin\zoom.png
c:\program files\BearShare Applications\MediaBar\ToolBar\manifest.xml
c:\program files\BearShare Applications\MediaBar\ToolBar\uninstall.exe
c:\program files\BearShare Applications\MediaBar\uninstall.exe
c:\program files\Common Files\AskToolbarInstaller.exe
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_Service
-------\Legacy_ICQ_Service
-------\Service_ICQ Service
-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-20 do 2011-01-20 )))))))))))))))))))))))))))))))
.

2011-01-19 21:43 . 2011-01-19 21:43 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-01-19 21:42 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 21:42 . 2011-01-19 21:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-19 21:42 . 2011-01-19 21:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 21:42 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-16 11:22 . 2011-01-16 11:22 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2011-01-14 00:06 . 2011-01-14 00:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\1A35B
2011-01-12 17:31 . 2011-01-14 19:25 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\~0
2011-01-12 17:31 . 2011-01-12 17:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PackageAware
2011-01-01 20:41 . 2011-01-01 20:54 -------- d-----w- c:\documents and settings\Administrator\.netbeans
2011-01-01 20:41 . 2011-01-01 20:41 -------- d-----w- c:\documents and settings\Administrator\.netbeans-registration
2011-01-01 20:38 . 2011-01-01 21:05 -------- d-----w- c:\program files\NetBeans 6.9.1
2011-01-01 20:38 . 2011-01-01 20:38 -------- d-----w- c:\program files\Common Files\Java
2011-01-01 20:37 . 2011-01-01 20:37 -------- d-----w- c:\program files\Sun
2011-01-01 20:37 . 2011-01-01 20:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-01 20:33 . 2011-01-01 20:50 -------- d-----w- c:\documents and settings\Administrator\.nbi
2011-01-01 20:13 . 2011-01-01 20:41 -------- d-----w- c:\program files\jdk

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-01 20:37 . 2010-04-30 21:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-19_23.15.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-20 17:47 . 2011-01-20 17:47 16384 c:\windows\temp\Perflib_Perfdata_81c.dat
+ 2011-01-20 17:47 . 2011-01-20 17:47 16384 c:\windows\temp\Perflib_Perfdata_49c.dat
- 2009-09-05 09:42 . 2011-01-19 23:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-05 09:42 . 2011-01-20 17:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-05 09:42 . 2011-01-19 23:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-05 09:42 . 2011-01-20 17:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-01-20 13:01 . 2011-01-20 17:47 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-09-05 09:42 . 2011-01-19 23:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-01-20 17:47 . 2008-07-26 07:25 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2011-01-19 23:15 . 2008-07-26 07:25 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll

[jazzdave]

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2010-09-25 328056]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"KBDriver"="c:\program files\Keyboard Driver\OEMDriver.exe" [2006-07-25 151552]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"shutTask"="c:\program files\IR\shutTask.exe" [2009-12-29 110592]
"SMSTray"="c:\program files\SAMSUNG\EmoDio\SMSTray.exe" [2009-04-16 479232]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - uźetnictvˇ.lnk - c:\documents and settings\Administrator\Plocha\uźetnictvˇ.xlsx [2010-10-21 13111]
Z stupce - věbŘr nan jem.lnk - c:\documents and settings\Administrator\Plocha\věbŘr nan jem.xlsx [2010-10-8 10808]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-6-14 258048]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"k:\\downloaded\\sdc230\\StrongDC.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.9.2009 19:41 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.9.2009 9:37 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.9.2009 9:37 17744]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7.10.2009 13:50 185640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.6.2010 15:41 92008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.11.2009 23:19 135664]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 WFSONORA;WinFast PxDVR3200 H;c:\windows\system32\drivers\wfsonora.sys [31.5.2010 22:57 313216]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-05 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tkyl6ppg.default\
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-20 18:47
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5376)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\TeamViewer\Version4\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Microsoft Office\Office12\EXCEL.EXE
c:\program files\Microsoft Office\Office12\EXCEL.EXE
.
**************************************************************************
.
Celkový čas: 2011-01-20 18:51:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-20 17:51
ComboFix2.txt 2011-01-19 23:18

Před spuštěním: 6 235 914 240 begin_of_the_skype_highlighting 6 235 914 240 end_of_the_skype_highlighting
Po spuštění: 6 151 839 744

- - End Of File - - B58BDD2232C78DCC468B9F19150E73B1

[jazzdave]

Log z HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:24, on 20.1.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Keyboard Driver\OEMDriver.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\IR\shutTask.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
G:\DATA\stažené soubory\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [shutTask] "C:\Program Files\IR\shutTask.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\SAMSUNG\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - učetnictví.lnk = ?
O4 - Startup: Zástupce - výběr nanájem.lnk = ?
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9317 bytes

Odkaz na Virustotal
c:\windows\TEMP\logishrd\LVPrcInj01.dll
http://www.virustotal.com/file-scan/rep ... 1295546285


Už mi to ty problémy nedělá,díky moc za pomoc!!!!!!!

[jaro3]

Není zač..

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


ještě jeden script v Combofixu (stejný postup):

Kód: Vybrat vše

Driver::
SetupNTGLM7X

[jaro3]

ještě nejsme hotovi , fajfka byly předčasná..

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[jazzdave]

Díky, udělal jsem to a nejsou problémy.