Žadám o log

[MichuliN]

Zdravím, také bych rád požádal o log. Windows installer vubec nereaguje, ani v cmd (msiexec.exe /unregister....) hlásí to, že probíbá jiná instalace (přičemž já nejsem schopnej vypátrat jaká/čeho)

Předem Díky moc.

MichuliN

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:12:32, on 31.1.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\USBTurboSpeed\USBTurboSpeed.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT
C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Akamai\netsession_win.exe
C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Akamai\netsession_win.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe
C:\Program Files\Opera\19.0.1326.56\opera_crashreporter.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe
C:\Stahování\HiJackThis.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - (no file)
R3 - URLSearchHook: (no name) - {5c99e1f0-a422-47be-8be3-a38148ed1615} - (no file)
O2 - BHO: Yenidosya - {5c99e1f0-a422-47be-8be3-a38148ed1615} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Brothersoft - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - (no file)
O3 - Toolbar: (no name) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - (no file)
O3 - Toolbar: (no name) - {5c99e1f0-a422-47be-8be3-a38148ed1615} - (no file)
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [USBTurboSpeed] C:\Program Files\USBTurboSpeed\USBTurboSpeed.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-2722186806-3983479735-3738779071-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2722186806-3983479735-3738779071-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2722186806-3983479735-3738779071-1004 Startup: Registration Assassin.LNK = C:\Hry\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe (User '?')
O4 - Startup: Registration Assassin.LNK = C:\Hry\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe

--
End of file - 11126 bytes

[Reklama]

[memphisto]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[MichuliN]

Malware log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.31.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lynx :: MICHAL [administrátor]

31.1.2014 18:08:35
MBAM-log-2014-01-31 (18-19-16).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 242789
Uplynulý čas: 10 minut, 20 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 13
HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKCR\b (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\PriceGong (PUP.Optional.PriceGong.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Documents and Settings\Lynx\Data aplikací\PriceGong (PUP.Optional.PriceGong.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Lynx\Data aplikací\PriceGong\Data (PUP.Optional.PriceGong.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 7
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Lynx\Local Settings\Temp\uneb.exe (Adware.Eurobarre) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Lynx\Local Settings\Temp\OpenCandy\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\All Users\Data aplikací\rundll32.exe (Trojan.Agent.Gen) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Lynx\Local Settings\Temp\webyeryb3460vavaw.exe (Exploit.Drop.GS) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Lynx\Data aplikací\PriceGong\Data\mru.xml (PUP.Optional.PriceGong.A) -> Nebyla provedena žádná instrukce.

(konec)



Adw Log: # AdwCleaner v3.007 - Report created 31/01/2014 at 18:25:06
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Lynx - MICHAL
# Running from : C:\Documents and Settings\Lynx\Plocha\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\DOCUME~1\Lynx\LOCALS~1\Temp\Uninstall.exe
File Found : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\searchplugins\Conduit.xml
File Found : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\searchplugins\daemon-search.xml
File Found : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\searchplugins\icqplugin.xml
File Found : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\searchplugins\icqplugin-1.xml
File Found : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\searchplugins\search-web.xml
File Found : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\user.js
File Found : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google\Chrome\User Data\Default\databases\chrome-extension_dnpmlnedpdikbgdghljdepnljfpkhccn_0
File Found : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dnpmlnedpdikbgdghljdepnljfpkhccn_0.localstorage
File Found : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbpcjmidkkgldeplajgnbpjkfpmpeepb_0.localstorage
File Found : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbpcjmidkkgldeplajgnbpjkfpmpeepb_0.localstorage-journal
File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\WINDOWS\system32\conduitEngine.tmp
Folder Found : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\Extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Folder Found : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\Extensions\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Folder Found : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Folder Found : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\Extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}
Folder Found : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Folder Found C:\DOCUME~1\Lynx\LOCALS~1\Temp\OpenCandy
Folder Found C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Found C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Found C:\Documents and Settings\All Users\Data aplikací\Trymedia
Folder Found C:\Documents and Settings\Lynx\Data aplikací\Babylon
Folder Found C:\Documents and Settings\Lynx\Data aplikací\BabylonToolbar
Folder Found C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\Conduit
Folder Found C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\CT2463487
Folder Found C:\Documents and Settings\Lynx\Data aplikací\PriceGong
Folder Found C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Brothersoft
Folder Found C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Brothersoft
Folder Found C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Conduit
Folder Found C:\Documents and Settings\Lynx\Local Settings\Data aplikací\setupgo
Folder Found C:\Documents and Settings\Lynx\Nabídka Start\Programy\Eurobarre
Folder Found C:\Program Files\BabylonToolbar
Folder Found C:\Program Files\Brothersoft
Folder Found C:\Program Files\Brothersoft
Folder Found C:\Program Files\DAEMON Tools Toolbar
Folder Found C:\Program Files\ChatZum Toolbar
Folder Found C:\Program Files\ICQ6Toolbar
Folder Found C:\Program Files\setupgo

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Brothersoft
Key Found : HKCU\Software\Brothersoft
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ChatZum Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C99E1F0-A422-47BE-8BE3-A38148ED1615}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SBConvert
Key Found : HKCU\Software\setupgo
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\Software\Brothersoft
Key Found : HKLM\Software\Brothersoft
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2463487
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2636546
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\ChatZum Toolbar
Key Found : HKLM\Software\ICQ\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0151CE5D-C8CE-46E0-BC79-DFE1AADDE1BC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BE172F3-5E1F-423E-AB37-21FF6B580D73}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{919B4836-3B1E-40C4-AA8E-5515E831E4B3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B03909E-E05A-478F-BBDE-89499D9CE4F4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Brothersoft Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ChatZum Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\setupgo Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C99E1F0-A422-47BE-8BE3-A38148ED1615}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DFF59DC5-54D9-4E14-9B66-A145642DCE12}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E4DE6A13-7CE7-4B38-AB41-E9457241CCFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brothersoft Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\setupgo Toolbar
Key Found : HKLM\Software\setupgo
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5C99E1F0-A422-47BE-8BE3-A38148ED1615}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5C99E1F0-A422-47BE-8BE3-A38148ED1615}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5C99E1F0-A422-47BE-8BE3-A38148ED1615}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.chatzum.com/

-\\ Mozilla Firefox v3.5.7 (cs)

[ File : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\prefs.js ]

Line Found : user_pref("CT2463487.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
Line Found : user_pref("CT2463487.CTID", "CT2463487");
Line Found : user_pref("CT2463487.CurrentServerDate", "26-1-2014");
Line Found : user_pref("CT2463487.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2463487.EMailNotifierPollDate", "Sun Jan 26 2014 19:51:03 GMT+0100");
Line Found : user_pref("CT2463487.FirstServerDate", "22-8-2010");
Line Found : user_pref("CT2463487.FirstTime", true);
Line Found : user_pref("CT2463487.FirstTimeFF3", true);
Line Found : user_pref("CT2463487.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2463487.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2463487.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2463487.Initialize", true);
Line Found : user_pref("CT2463487.InitializeCommonPrefs", true);
Line Found : user_pref("CT2463487.InstalledDate", "Sun Aug 22 2010 13:55:50 GMT+0200");
Line Found : user_pref("CT2463487.InvalidateCache", false);
Line Found : user_pref("CT2463487.IsGrouping", false);
Line Found : user_pref("CT2463487.IsMulticommunity", false);
Line Found : user_pref("CT2463487.IsOpenThankYouPage", false);
Line Found : user_pref("CT2463487.IsOpenUninstallPage", true);
Line Found : user_pref("CT2463487.LanguagePackLastCheckTime", "Sun Jan 26 2014 19:51:02 GMT+0100");
Line Found : user_pref("CT2463487.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2463487.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2463487.LastLogin_2.5.6.0", "Sun Jan 26 2014 19:51:02 GMT+0100");
Line Found : user_pref("CT2463487.LatestVersion", "3.20.0.4");
Line Found : user_pref("CT2463487.Locale", "en");
Line Found : user_pref("CT2463487.LoginCache", 4);
Line Found : user_pref("CT2463487.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2463487.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2463487.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2463487.RadioIsPodcast", false);
Line Found : user_pref("CT2463487.RadioLastCheckTime", "Sun Jan 26 2014 19:51:01 GMT+0100");
Line Found : user_pref("CT2463487.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT2463487.RadioLastUpdateServer", "129042273303200000");
Line Found : user_pref("CT2463487.RadioMediaID", "13027686");
Line Found : user_pref("CT2463487.RadioMediaType", "Media Player");
Line Found : user_pref("CT2463487.RadioMenuSelectedID", "EBRadioMenu_CT246348713027686");
Line Found : user_pref("CT2463487.RadioStationName", "ckln.fm");
Line Found : user_pref("CT2463487.RadioStationURL", "hxxp://141.117.225.9:8000");
Line Found : user_pref("CT2463487.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT2463487.SavedHomepage", "hxxp://start.icq.com/");
Line Found : user_pref("CT2463487.SearchEngine", "News||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&SearchType=SearchNews&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&SearchSource=1&CUI=SB_CUI&UM=UM_ID")[...]
Line Found : user_pref("CT2463487.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2463487.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&q=");
Line Found : user_pref("CT2463487.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2463487.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2463487.SearchInNewTabLastCheckTime", "Sun Jan 26 2014 19:51:01 GMT+0100");
Line Found : user_pref("CT2463487.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Found : user_pref("CT2463487.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2463487.SettingsCheckIntervalMin", 120);
Line Found : user_pref("CT2463487.SettingsLastCheckTime", "Sun Jan 26 2014 19:51:01 GMT+0100");
Line Found : user_pref("CT2463487.SettingsLastUpdate", "1389956968");
Line Found : user_pref("CT2463487.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2463487.ThirdPartyComponentsLastCheck", "Sun Jan 26 2014 19:51:01 GMT+0100");
Line Found : user_pref("CT2463487.ThirdPartyComponentsLastUpdate", "1331805997");
Line Found : user_pref("CT2463487.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Line Found : user_pref("CT2463487.UserID", "UN61094065067226484");
Line Found : user_pref("CT2463487.ValidationData_Toolbar", 2);
Line Found : user_pref("CT2463487.WeatherNetwork", "");
Line Found : user_pref("CT2463487.WeatherPollDate", "Sun Jan 26 2014 19:51:02 GMT+0100");
Line Found : user_pref("CT2463487.WeatherUnit", "C");
Line Found : user_pref("CT2463487.alertChannelId", "857155");
Line Found : user_pref("CT2463487.backendstorage.appbuttondisablenull", "30");
Line Found : user_pref("CT2463487.backendstorage.c2p_iframe_md5", "6537663536626130396366633837326231393531333264383732343030346463");
Line Found : user_pref("CT2463487.backendstorage.ct2463487ads1", "2537422532326164732532322533412535422537422532326169642532322533412532323131303439322532322532432532327469746C6525323225334125323225753235434625323[...]
Line Found : user_pref("CT2463487.backendstorage.ct2463487current_term", "");
Line Found : user_pref("CT2463487.backendstorage.ct2463487isadsdisabled", "66616C7365");
Line Found : user_pref("CT2463487.backendstorage.ct2463487sdate", "3236");
Line Found : user_pref("CT2463487.backendstorage.googletranslateautotr", "31");
Line Found : user_pref("CT2463487.backendstorage.gtrans_daysactivity", "31333434313930313530313434");
Line Found : user_pref("CT2463487.backendstorage.gtrans_firsttime", "74727565");
Line Found : user_pref("CT2463487.backendstorage.hxxp://gtrans_conduitapps_com.googletranslatefirststart", "30");
Line Found : user_pref("CT2463487.clientLogIsEnabled", false);
Line Found : user_pref("CT2463487.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2463487.myStuffEnabled", true);
Line Found : user_pref("CT2463487.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2463487.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2463487.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2463487.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2463487.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://gtrans.conduitapps.com/v2.5.0/gadget.html", "479x230");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2463487");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2463487");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jan 26 2014 19:51:01 GMT+0100");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "{dedd0f55-616d-4ffe-9eb2-5aee6602cd4e}");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jun 15 2011 22:55:57 GMT+0200");
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2463487");
Line Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Found : user_pref("browser.newtab.url", "search.chatzum.com");
Line Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Line Found : user_pref("browser.search.defaultthis.engineName", "Brothersoft Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=111881&babsrc=HP_ss&mntrId=90ae2bb8000000000000002618fd7da3");
Line Found : user_pref("extensions.BabylonToolbar.admin", false);
Line Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=111881");
Line Found : user_pref("extensions.BabylonToolbar.bbDpng", 26);
Line Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Line Found : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Found : user_pref("extensions.BabylonToolbar.id", "90ae2bb8000000000000002618fd7da3");
Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15533");
Line Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=111881&babsrc=KW_ss&mntrId=90ae2bb8000000000000002618fd7da3&q=");
Line Found : user_pref("extensions.BabylonToolbar.lastDP", 26);
Line Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1716:41:18");
Line Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.5");
Line Found : user_pref("extensions.BabylonToolbar.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Line Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar.propectorlck", 129322331);
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Found : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Line Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1716:41:18");
Line Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111881");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "90ae2bb8000000000000002618fd7da3");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "90ae2bb8000000000000002618fd7da3");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15533");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:41:18");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.enabledItems", "wrc@avast.com:9.0.2006.53,ffxtlbr@babylon.com:1.2.0,{e8de9422-3b2c-4243-bf6f-235da84d8ef8}:2.5.6.0,{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9,{CAFEEFAC-0016-000[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Found : user_pref("icqtoolbar.allowSendURL", false);
Line Found : user_pref("icqtoolbar.engineVerified", false);
Line Found : user_pref("icqtoolbar.geolastmodified", 1390762259);
Line Found : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Found : user_pref("icqtoolbar.history", "bastardi%20online%20ke%20shl%C3%A9dnut%C3%AD||Bastardi%20online%20ke%20shl%C3%A9dnut%C3%AD||se||youtube||rybicky||ryky.net||ry");
Line Found : user_pref("icqtoolbar.icqgeo", 42);
Line Found : user_pref("icqtoolbar.installTime", "1308171354");
Line Found : user_pref("icqtoolbar.installsource", "1");
Line Found : user_pref("icqtoolbar.newtab_state", "1");
Line Found : user_pref("icqtoolbar.numberOfSearches", 0);
Line Found : user_pref("icqtoolbar.previousFFVersion", "3.5.7");
Line Found : user_pref("icqtoolbar.skip_default_search", "no");
Line Found : user_pref("icqtoolbar.suggestions", false);
Line Found : user_pref("icqtoolbar.uniqueID", "126238347912623834791262979028691");
Line Found : user_pref("icqtoolbar.usageStatstTimestamp", 1390762262);
Line Found : user_pref("icqtoolbar.version", "1.1.9");
Line Found : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Found : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Found : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Found : user_pref("icqtoolbar.voucherWasShown", 0);
Line Found : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Found : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Found : user_pref("id_chatzum.firstlaunch", "0");
Line Found : user_pref("id_chatzum.guid", "%7B2CD7D1B6-A7C4-1DB6-D9BC-65C656CB2D23%7D");
Line Found : user_pref("id_chatzum.hiddenvisual", 0);
Line Found : user_pref("id_chatzum.oldHomepage", "hxxp://search.chatzum.com/");
Line Found : user_pref("id_chatzum.openSearchEngineName", "Search%20web");
Line Found : user_pref("id_chatzum.searchengine", "DAEMON%20Search");
Line Found : user_pref("id_chatzum.variables.SVar1", "%13");
Line Found : user_pref("id_chatzum.variables.SVar10", "%13");
Line Found : user_pref("id_chatzum.variables.SVar2", "%13");
Line Found : user_pref("id_chatzum.variables.SVar3", "%13");
Line Found : user_pref("id_chatzum.variables.SVar4", "%13");
Line Found : user_pref("id_chatzum.variables.SVar5", "%13");
Line Found : user_pref("id_chatzum.variables.SVar6", "%13");
Line Found : user_pref("id_chatzum.variables.SVar7", "%13");
Line Found : user_pref("id_chatzum.variables.SVar8", "%13");
Line Found : user_pref("id_chatzum.variables.SVar9", "%13");
Line Found : user_pref("id_chatzum.variables.Var1", "0");
Line Found : user_pref("id_chatzum.variables.Var10", "0");
Line Found : user_pref("id_chatzum.variables.Var2", "0");
Line Found : user_pref("id_chatzum.variables.Var3", "0");
Line Found : user_pref("id_chatzum.variables.Var4", "0");
Line Found : user_pref("id_chatzum.variables.Var5", "0");
Line Found : user_pref("id_chatzum.variables.Var6", "0");
Line Found : user_pref("id_chatzum.variables.Var7", "0");
Line Found : user_pref("id_chatzum.variables.Var8", "0");
Line Found : user_pref("id_chatzum.variables.Var9", "0");
Line Found : user_pref("id_chatzum_installed_version", "1.0.14");
Line Found : user_pref("id_chatzum_tabpage", "hxxp%3A//search.chatzum.com/");
Line Found : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=");
Line Found : user_pref("speedbitvideodownloader.Var1", "0");
Line Found : user_pref("speedbitvideodownloader.Var10", "0");
Line Found : user_pref("speedbitvideodownloader.Var2", "0");
Line Found : user_pref("speedbitvideodownloader.Var3", "0");
Line Found : user_pref("speedbitvideodownloader.Var4", "0");
Line Found : user_pref("speedbitvideodownloader.Var5", "0");
Line Found : user_pref("speedbitvideodownloader.Var6", "0");
Line Found : user_pref("speedbitvideodownloader.Var7", "0");
Line Found : user_pref("speedbitvideodownloader.Var8", "0");
Line Found : user_pref("speedbitvideodownloader.Var9", "0");
Line Found : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "1/19/17/3/113");
Line Found : user_pref("speedbitvideodownloader.firstlaunch", "0");
Line Found : user_pref("speedbitvideodownloader.guid", "%7BCB32CE4B-CB08-54AE-5B32-F51DE94B0127%7D");
Line Found : user_pref("speedbitvideodownloader.userId", "%12");
Line Found : user_pref("speedbitvideodownloader_installed_version", "2.4.0");

-\\ Google Chrome v32.0.1700.102

[ File : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [32610 octets] - [31/01/2014 18:25:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [32671 octets] ##########

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[MichuliN]

Adw log 2:
# AdwCleaner v3.007 - Report created 31/01/2014 at 19:46:41
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Lynx - MICHAL
# Running from : C:\Documents and Settings\Lynx\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Trymedia
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Brothersoft
Folder Deleted : C:\Program Files\ChatZum Toolbar
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\setupgo
Folder Deleted : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Brothersoft
Folder Deleted : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\setupgo
Folder Deleted : C:\DOCUME~1\Lynx\LOCALS~1\Temp\OpenCandy
Folder Deleted : C:\Documents and Settings\Lynx\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\Lynx\Data aplikací\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Lynx\Data aplikací\PriceGong
Folder Deleted : C:\Documents and Settings\Lynx\Nabídka Start\Programy\Eurobarre
Folder Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\Conduit
Folder Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\CT2463487
Folder Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\Extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Folder Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\Extensions\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Folder Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Folder Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\Extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}
[!] Folder Deleted : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
File Deleted : C:\DOCUME~1\Lynx\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\searchplugins\daemon-search.xml
File Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\searchplugins\icqplugin.xml
File Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\searchplugins\search-web.xml
File Deleted : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\user.js
File Deleted : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google\Chrome\User Data\Default\databases\chrome-extension_dnpmlnedpdikbgdghljdepnljfpkhccn_0
File Deleted : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dnpmlnedpdikbgdghljdepnljfpkhccn_0.localstorage
File Deleted : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbpcjmidkkgldeplajgnbpjkfpmpeepb_0.localstorage
File Deleted : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbpcjmidkkgldeplajgnbpjkfpmpeepb_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2463487
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2636546
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C99E1F0-A422-47BE-8BE3-A38148ED1615}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C99E1F0-A422-47BE-8BE3-A38148ED1615}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DFF59DC5-54D9-4E14-9B66-A145642DCE12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E4DE6A13-7CE7-4B38-AB41-E9457241CCFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0151CE5D-C8CE-46E0-BC79-DFE1AADDE1BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{919B4836-3B1E-40C4-AA8E-5515E831E4B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B03909E-E05A-478F-BBDE-89499D9CE4F4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BE172F3-5E1F-423E-AB37-21FF6B580D73}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5C99E1F0-A422-47BE-8BE3-A38148ED1615}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5C99E1F0-A422-47BE-8BE3-A38148ED1615}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5C99E1F0-A422-47BE-8BE3-A38148ED1615}]
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Brothersoft
Key Deleted : HKCU\Software\ChatZum Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SBConvert
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\setupgo
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Brothersoft
Key Deleted : HKLM\Software\ChatZum Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\setupgo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brothersoft Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\setupgo Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ChatZum Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Brothersoft Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\setupgo Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v3.5.7 (cs)

[ File : C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\prefs.js ]

Line Deleted : user_pref("CT2463487.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
Line Deleted : user_pref("CT2463487.CTID", "CT2463487");
Line Deleted : user_pref("CT2463487.CurrentServerDate", "26-1-2014");
Line Deleted : user_pref("CT2463487.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2463487.EMailNotifierPollDate", "Sun Jan 26 2014 19:51:03 GMT+0100");
Line Deleted : user_pref("CT2463487.FirstServerDate", "22-8-2010");
Line Deleted : user_pref("CT2463487.FirstTime", true);
Line Deleted : user_pref("CT2463487.FirstTimeFF3", true);
Line Deleted : user_pref("CT2463487.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2463487.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2463487.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2463487.Initialize", true);
Line Deleted : user_pref("CT2463487.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2463487.InstalledDate", "Sun Aug 22 2010 13:55:50 GMT+0200");
Line Deleted : user_pref("CT2463487.InvalidateCache", false);
Line Deleted : user_pref("CT2463487.IsGrouping", false);
Line Deleted : user_pref("CT2463487.IsMulticommunity", false);
Line Deleted : user_pref("CT2463487.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2463487.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2463487.LanguagePackLastCheckTime", "Sun Jan 26 2014 19:51:02 GMT+0100");
Line Deleted : user_pref("CT2463487.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2463487.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2463487.LastLogin_2.5.6.0", "Sun Jan 26 2014 19:51:02 GMT+0100");
Line Deleted : user_pref("CT2463487.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT2463487.Locale", "en");
Line Deleted : user_pref("CT2463487.LoginCache", 4);
Line Deleted : user_pref("CT2463487.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2463487.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2463487.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2463487.RadioIsPodcast", false);
Line Deleted : user_pref("CT2463487.RadioLastCheckTime", "Sun Jan 26 2014 19:51:01 GMT+0100");
Line Deleted : user_pref("CT2463487.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2463487.RadioLastUpdateServer", "129042273303200000");
Line Deleted : user_pref("CT2463487.RadioMediaID", "13027686");
Line Deleted : user_pref("CT2463487.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2463487.RadioMenuSelectedID", "EBRadioMenu_CT246348713027686");
Line Deleted : user_pref("CT2463487.RadioStationName", "ckln.fm");
Line Deleted : user_pref("CT2463487.RadioStationURL", "hxxp://141.117.225.9:8000");
Line Deleted : user_pref("CT2463487.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2463487.SavedHomepage", "hxxp://start.icq.com/");
Line Deleted : user_pref("CT2463487.SearchEngine", "News||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&SearchType=SearchNews&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&SearchSource=1&CUI=SB_CUI&UM=UM_ID")[...]
Line Deleted : user_pref("CT2463487.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2463487.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&q=");
Line Deleted : user_pref("CT2463487.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2463487.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2463487.SearchInNewTabLastCheckTime", "Sun Jan 26 2014 19:51:01 GMT+0100");
Line Deleted : user_pref("CT2463487.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT2463487.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2463487.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2463487.SettingsLastCheckTime", "Sun Jan 26 2014 19:51:01 GMT+0100");
Line Deleted : user_pref("CT2463487.SettingsLastUpdate", "1389956968");
Line Deleted : user_pref("CT2463487.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2463487.ThirdPartyComponentsLastCheck", "Sun Jan 26 2014 19:51:01 GMT+0100");
Line Deleted : user_pref("CT2463487.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2463487.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2463487.UserID", "UN61094065067226484");
Line Deleted : user_pref("CT2463487.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2463487.WeatherNetwork", "");
Line Deleted : user_pref("CT2463487.WeatherPollDate", "Sun Jan 26 2014 19:51:02 GMT+0100");
Line Deleted : user_pref("CT2463487.WeatherUnit", "C");
Line Deleted : user_pref("CT2463487.alertChannelId", "857155");
Line Deleted : user_pref("CT2463487.backendstorage.appbuttondisablenull", "30");
Line Deleted : user_pref("CT2463487.backendstorage.c2p_iframe_md5", "6537663536626130396366633837326231393531333264383732343030346463");
Line Deleted : user_pref("CT2463487.backendstorage.ct2463487ads1", "2537422532326164732532322533412535422537422532326169642532322533412532323131303439322532322532432532327469746C6525323225334125323225753235434625323[...]
Line Deleted : user_pref("CT2463487.backendstorage.ct2463487current_term", "");
Line Deleted : user_pref("CT2463487.backendstorage.ct2463487isadsdisabled", "66616C7365");
Line Deleted : user_pref("CT2463487.backendstorage.ct2463487sdate", "3236");
Line Deleted : user_pref("CT2463487.backendstorage.googletranslateautotr", "31");
Line Deleted : user_pref("CT2463487.backendstorage.gtrans_daysactivity", "31333434313930313530313434");
Line Deleted : user_pref("CT2463487.backendstorage.gtrans_firsttime", "74727565");
Line Deleted : user_pref("CT2463487.backendstorage.hxxp://gtrans_conduitapps_com.googletranslatefirststart", "30");
Line Deleted : user_pref("CT2463487.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2463487.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2463487.myStuffEnabled", true);
Line Deleted : user_pref("CT2463487.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2463487.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2463487.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2463487.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2463487.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://gtrans.conduitapps.com/v2.5.0/gadget.html", "479x230");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2463487");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2463487");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jan 26 2014 19:51:01 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{dedd0f55-616d-4ffe-9eb2-5aee6602cd4e}");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jun 15 2011 22:55:57 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2463487");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.newtab.url", "search.chatzum.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Brothersoft Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=111881&babsrc=HP_ss&mntrId=90ae2bb8000000000000002618fd7da3");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111881");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 26);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "90ae2bb8000000000000002618fd7da3");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15533");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=111881&babsrc=KW_ss&mntrId=90ae2bb8000000000000002618fd7da3&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 26);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1716:41:18");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.5");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 129322331);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1716:41:18");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111881");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "90ae2bb8000000000000002618fd7da3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "90ae2bb8000000000000002618fd7da3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15533");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:41:18");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.enabledItems", "wrc@avast.com:9.0.2006.53,ffxtlbr@babylon.com:1.2.0,{e8de9422-3b2c-4243-bf6f-235da84d8ef8}:2.5.6.0,{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9,{CAFEEFAC-0016-000[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.engineVerified", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1390762259);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Deleted : user_pref("icqtoolbar.history", "bastardi%20online%20ke%20shl%C3%A9dnut%C3%AD||Bastardi%20online%20ke%20shl%C3%A9dnut%C3%AD||se||youtube||rybicky||ryky.net||ry");
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1308171354");
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "3.5.7");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "126238347912623834791262979028691");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1390762262);
Line Deleted : user_pref("icqtoolbar.version", "1.1.9");
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Deleted : user_pref("id_chatzum.firstlaunch", "0");
Line Deleted : user_pref("id_chatzum.guid", "%7B2CD7D1B6-A7C4-1DB6-D9BC-65C656CB2D23%7D");
Line Deleted : user_pref("id_chatzum.hiddenvisual", 0);
Line Deleted : user_pref("id_chatzum.oldHomepage", "hxxp://search.chatzum.com/");
Line Deleted : user_pref("id_chatzum.openSearchEngineName", "Search%20web");
Line Deleted : user_pref("id_chatzum.searchengine", "DAEMON%20Search");
Line Deleted : user_pref("id_chatzum.variables.SVar1", "%13");
Line Deleted : user_pref("id_chatzum.variables.SVar10", "%13");
Line Deleted : user_pref("id_chatzum.variables.SVar2", "%13");
Line Deleted : user_pref("id_chatzum.variables.SVar3", "%13");
Line Deleted : user_pref("id_chatzum.variables.SVar4", "%13");
Line Deleted : user_pref("id_chatzum.variables.SVar5", "%13");
Line Deleted : user_pref("id_chatzum.variables.SVar6", "%13");
Line Deleted : user_pref("id_chatzum.variables.SVar7", "%13");
Line Deleted : user_pref("id_chatzum.variables.SVar8", "%13");
Line Deleted : user_pref("id_chatzum.variables.SVar9", "%13");
Line Deleted : user_pref("id_chatzum.variables.Var1", "0");
Line Deleted : user_pref("id_chatzum.variables.Var10", "0");
Line Deleted : user_pref("id_chatzum.variables.Var2", "0");
Line Deleted : user_pref("id_chatzum.variables.Var3", "0");
Line Deleted : user_pref("id_chatzum.variables.Var4", "0");
Line Deleted : user_pref("id_chatzum.variables.Var5", "0");
Line Deleted : user_pref("id_chatzum.variables.Var6", "0");
Line Deleted : user_pref("id_chatzum.variables.Var7", "0");
Line Deleted : user_pref("id_chatzum.variables.Var8", "0");
Line Deleted : user_pref("id_chatzum.variables.Var9", "0");
Line Deleted : user_pref("id_chatzum_installed_version", "1.0.14");
Line Deleted : user_pref("id_chatzum_tabpage", "hxxp%3A//search.chatzum.com/");
Line Deleted : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=");
Line Deleted : user_pref("speedbitvideodownloader.Var1", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var10", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var2", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var3", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var4", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var5", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var6", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var7", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var8", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var9", "0");
Line Deleted : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "1/19/17/3/113");
Line Deleted : user_pref("speedbitvideodownloader.firstlaunch", "0");
Line Deleted : user_pref("speedbitvideodownloader.guid", "%7BCB32CE4B-CB08-54AE-5B32-F51DE94B0127%7D");
Line Deleted : user_pref("speedbitvideodownloader.userId", "%12");
Line Deleted : user_pref("speedbitvideodownloader_installed_version", "2.4.0");

-\\ Google Chrome v32.0.1700.102

[ File : C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [32752 octets] - [31/01/2014 18:25:06]
AdwCleaner[R1].txt - [32813 octets] - [31/01/2014 19:46:04]
AdwCleaner[S0].txt - [33224 octets] - [31/01/2014 19:46:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33285 octets] ##########


JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by Lynx on p  31.01.2014 at 19:58:15,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\user.js



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  31.01.2014 at 20:00:45,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MbAM log po odstranění nálezů:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.31.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lynx :: MICHAL [administrátor]

31.1.2014 20:06:22
mbam-log-2014-01-31 (20-06-22).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 241507
Uplynulý čas: 8 minut, 38 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Documents and Settings\Lynx\Local Settings\Temp\uneb.exe (Adware.Eurobarre) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\rundll32.exe (Trojan.Agent.Gen) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Lynx\Local Settings\Temp\webyeryb3460vavaw.exe (Exploit.Drop.GS) -> Přesun do karantény a smazání se zdařilo.

(konec)

[MichuliN]

po restartu MbaM:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.31.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lynx :: MICHAL [administrátor]

31.1.2014 20:24:46
mbam-log-2014-01-31 (20-24-46).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 241276
Uplynulý čas: 8 minut, 24 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[MichuliN]

ROGUE KILLER:

RogueKiller V8.8.4 [Jan 27 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Lynx [Práva správce]
Mód : Kontrola -- Datum : 01/31/2014 20:39:43
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 2 ¤¤¤
[All Users][SUSP UNIC] Windows Search.lnk : C:\Documents and Settings\All

Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk [-] -> NALEZENO
[Lynx][SUSP UNIC] Registration Assassin.LNK : C:\Documents and

Settings\Lynx\Nabídka Start\Programy\Po spuštění\Registration Assassin.LNK [-]

-> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ( @ ) +++++
--- User ---
[MBR] b3429793417001560e34c886848dbc5d
[BSP] 5ca9e0770e0c6469e4ccaf8ebc1fda1e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_01312014_203943.txt >>

[memphisto]

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.

[MichuliN]

RogueKiller:


RogueKiller V8.8.4 [Jan 27 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Lynx [Práva správce]
Mód : Odebrat -- Datum : 01/31/2014 22:29:23
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 2 ¤¤¤
[All Users][SUSP UNIC] Windows Search.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk [-] -> VYMAZÁNO
[Lynx][SUSP UNIC] Registration Assassin.LNK : C:\Documents and Settings\Lynx\Nabídka Start\Programy\Po spuštění\Registration Assassin.LNK [-] -> VYMAZÁNO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ( @ ) +++++
--- User ---
[MBR] b3429793417001560e34c886848dbc5d
[BSP] 5ca9e0770e0c6469e4ccaf8ebc1fda1e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_01312014_222923.txt >>
RKreport[0]_S_01312014_203943.txt;RKreport[0]_S_01312014_222859.txt

[jaro3]

Avast 5 je dost stará verze , po odvirování nainstaluj nejnovější verzi.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[MichuliN]

TDSSKiller:

16:23:53.0937 1488 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:24:10.0125 1488 ============================================================
16:24:10.0125 1488 Current date / time: 2014/02/01 16:24:10.0125
16:24:10.0125 1488 SystemInfo:
16:24:10.0125 1488
16:24:10.0125 1488 OS Version: 5.1.2600 ServicePack: 3.0
16:24:10.0125 1488 Product type: Workstation
16:24:10.0125 1488 ComputerName: MICHAL
16:24:10.0125 1488 UserName: Lynx
16:24:10.0125 1488 Windows directory: C:\WINDOWS
16:24:10.0125 1488 System windows directory: C:\WINDOWS
16:24:10.0125 1488 Processor architecture: Intel x86
16:24:10.0125 1488 Number of processors: 4
16:24:10.0125 1488 Page size: 0x1000
16:24:10.0125 1488 Boot type: Normal boot
16:24:10.0125 1488 ============================================================
16:24:11.0468 1488 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:24:11.0468 1488 ============================================================
16:24:11.0468 1488 \Device\Harddisk0\DR0:
16:24:11.0468 1488 MBR partitions:
16:24:11.0468 1488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:24:11.0468 1488 ============================================================
16:24:11.0500 1488 C: <-> \Device\Harddisk0\DR0\Partition1
16:24:11.0500 1488 ============================================================
16:24:11.0500 1488 Initialize success
16:24:11.0500 1488 ============================================================
16:24:57.0093 1260 ============================================================
16:24:57.0093 1260 Scan started
16:24:57.0093 1260 Mode: Manual;
16:24:57.0093 1260 ============================================================
16:24:58.0234 1260 ================ Scan system memory ========================
16:24:58.0234 1260 System memory - ok
16:24:58.0234 1260 ================ Scan services =============================
16:24:58.0359 1260 Abiosdsk - ok
16:24:58.0359 1260 abp480n5 - ok
16:24:58.0390 1260 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:24:58.0390 1260 ACPI - ok
16:24:58.0437 1260 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:24:58.0437 1260 ACPIEC - ok
16:24:58.0468 1260 [ 45B952A3ED567264ACFF89E46F65331D ] ACRUSBTM C:\WINDOWS\system32\drivers\ACRUSBTM.SYS
16:24:58.0468 1260 ACRUSBTM - ok
16:24:58.0546 1260 [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:24:58.0546 1260 AdobeFlashPlayerUpdateSvc - ok
16:24:58.0546 1260 adpu160m - ok
16:24:58.0562 1260 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:24:58.0562 1260 aec - ok
16:24:58.0609 1260 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:24:58.0609 1260 AFD - ok
16:24:58.0609 1260 Aha154x - ok
16:24:58.0609 1260 aic78u2 - ok
16:24:58.0609 1260 aic78xx - ok
16:24:58.0828 1260 [ BBE9054FDADC8D49D29C5DA4FB84A803 ] Akamai c:\program files\common files\akamai/netsession_win_8fa3539.dll
16:24:58.0828 1260 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_8fa3539.dll. md5: BBE9054FDADC8D49D29C5DA4FB84A803
16:24:58.0843 1260 Akamai ( HiddenFile.Multi.Generic ) - warning
16:24:58.0843 1260 Akamai - detected HiddenFile.Multi.Generic (1)
16:24:58.0875 1260 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:24:58.0875 1260 Alerter - ok
16:24:58.0921 1260 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
16:24:58.0921 1260 ALG - ok
16:24:58.0921 1260 AliIde - ok
16:24:58.0953 1260 [ 6E58654CB25730B2579E45E1FD116A47 ] amdide C:\WINDOWS\system32\DRIVERS\amdide.sys
16:24:58.0953 1260 amdide - ok
16:24:58.0984 1260 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
16:24:58.0984 1260 AmdPPM - ok
16:24:58.0984 1260 amsint - ok
16:24:59.0000 1260 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:24:59.0000 1260 AppMgmt - ok
16:24:59.0015 1260 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:24:59.0015 1260 Arp1394 - ok
16:24:59.0015 1260 asc - ok
16:24:59.0015 1260 asc3350p - ok
16:24:59.0015 1260 asc3550 - ok
16:24:59.0046 1260 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
16:24:59.0046 1260 AsIO - ok
16:24:59.0109 1260 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:24:59.0109 1260 aspnet_state - ok
16:24:59.0140 1260 [ E781164C7D47950E3D218C84B2901CB2 ] AsSysCtrlService C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
16:24:59.0140 1260 AsSysCtrlService - ok
16:24:59.0187 1260 [ E2FEE0486D68BF85355D3EDA1A24FF68 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
16:24:59.0187 1260 aswKbd - ok
16:24:59.0218 1260 [ 61953E5E1FFAEAF246A610BEE2554879 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:24:59.0218 1260 aswMonFlt - ok
16:24:59.0250 1260 [ 98C18C78B0C3E7EFBDDA7BD0C35F5903 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
16:24:59.0250 1260 aswRdr - ok
16:24:59.0281 1260 [ F385467DF95D0A73775CB3B076B8B969 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
16:24:59.0281 1260 aswRvrt - ok
16:24:59.0312 1260 [ 8CD8710457FCC1CDE88CBFA3AA119B92 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
16:24:59.0328 1260 aswSnx - ok
16:24:59.0359 1260 [ C1F95C9481F46B96E23A276639C55AC9 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
16:24:59.0359 1260 aswSP - ok
16:24:59.0375 1260 [ E6390554DCB2A730702188547267093C ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
16:24:59.0375 1260 aswTdi - ok
16:24:59.0406 1260 [ 1B0662514A68C3A42E60D240C5ABEF28 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
16:24:59.0406 1260 aswVmm - ok
16:24:59.0437 1260 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:24:59.0437 1260 AsyncMac - ok
16:24:59.0468 1260 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:24:59.0468 1260 atapi - ok
16:24:59.0468 1260 Atdisk - ok
16:24:59.0531 1260 [ D80A3FD3DB6F999F6D1C6D23A293851B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:24:59.0531 1260 Ati HotKey Poller - ok
16:24:59.0578 1260 [ 613E7ADA3279F7AD20588B919C223481 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
16:24:59.0578 1260 ATI Smart - ok
16:24:59.0750 1260 [ C832BF76F003999D2E91E5115583C69E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:24:59.0781 1260 ati2mtag - ok
16:24:59.0828 1260 [ D9BC8892B9440A2551B8148C57AA039E ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
16:24:59.0828 1260 AtiHdmiService - ok
16:24:59.0859 1260 [ 21D9E9F696BFDC5999E167AD8F260F3D ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
16:24:59.0859 1260 atksgt - ok
16:24:59.0890 1260 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:24:59.0890 1260 Atmarpc - ok
16:24:59.0921 1260 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:24:59.0921 1260 AudioSrv - ok
16:24:59.0937 1260 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:24:59.0937 1260 audstub - ok
16:25:00.0000 1260 [ CC42F104172B4A62793083D380867317 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
16:25:00.0000 1260 avast! Antivirus - ok
16:25:00.0031 1260 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:25:00.0031 1260 Beep - ok
16:25:00.0078 1260 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
16:25:00.0156 1260 BITS - ok
16:25:00.0187 1260 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
16:25:00.0187 1260 Browser - ok
16:25:00.0218 1260 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
16:25:00.0218 1260 BthEnum - ok
16:25:00.0234 1260 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
16:25:00.0234 1260 BTHMODEM - ok
16:25:00.0250 1260 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
16:25:00.0250 1260 BthPan - ok
16:25:00.0281 1260 [ F338662A6C1FC11DD9508F6DFF2C06A2 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
16:25:00.0281 1260 BTHPORT - ok
16:25:00.0296 1260 [ 70CA4B3F634C9DCA200832F8DA76E009 ] BthServ C:\WINDOWS\System32\bthserv.dll
16:25:00.0296 1260 BthServ - ok
16:25:00.0343 1260 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
16:25:00.0343 1260 BTHUSB - ok
16:25:00.0359 1260 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:25:00.0359 1260 cbidf2k - ok
16:25:00.0359 1260 cd20xrnt - ok
16:25:00.0390 1260 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:25:00.0390 1260 Cdaudio - ok
16:25:00.0390 1260 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:25:00.0390 1260 Cdfs - ok
16:25:00.0390 1260 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:25:00.0390 1260 Cdrom - ok
16:25:00.0390 1260 Changer - ok
16:25:00.0406 1260 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:25:00.0406 1260 CiSvc - ok
16:25:00.0421 1260 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:25:00.0421 1260 ClipSrv - ok
16:25:00.0437 1260 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:25:00.0437 1260 clr_optimization_v2.0.50727_32 - ok
16:25:00.0437 1260 CmdIde - ok
16:25:00.0437 1260 COMSysApp - ok
16:25:00.0453 1260 Cpqarray - ok
16:25:00.0484 1260 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:25:00.0484 1260 CryptSvc - ok
16:25:00.0484 1260 dac2w2k - ok
16:25:00.0484 1260 dac960nt - ok
16:25:00.0500 1260 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:25:00.0515 1260 DcomLaunch - ok
16:25:00.0546 1260 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:25:00.0546 1260 Dhcp - ok
16:25:00.0546 1260 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:25:00.0546 1260 Disk - ok
16:25:00.0546 1260 dmadmin - ok
16:25:00.0578 1260 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:25:00.0578 1260 dmboot - ok
16:25:00.0593 1260 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:25:00.0593 1260 dmio - ok
16:25:00.0609 1260 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:25:00.0609 1260 dmload - ok
16:25:00.0625 1260 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:25:00.0625 1260 dmserver - ok
16:25:00.0656 1260 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:25:00.0656 1260 DMusic - ok
16:25:00.0671 1260 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:25:00.0671 1260 Dnscache - ok
16:25:00.0703 1260 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:25:00.0703 1260 Dot3svc - ok
16:25:00.0703 1260 dpti2o - ok
16:25:00.0703 1260 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:25:00.0703 1260 drmkaud - ok
16:25:00.0718 1260 [ 555E54AC2F601A8821CEF58961653991 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
16:25:00.0718 1260 dtsoftbus01 - ok
16:25:00.0718 1260 EagleXNt - ok
16:25:00.0734 1260 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:25:00.0734 1260 EapHost - ok
16:25:00.0750 1260 [ 3B47010B2425B69826004767E59045BA ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
16:25:00.0750 1260 Epfwndis - ok
16:25:00.0765 1260 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:25:00.0765 1260 ERSvc - ok
16:25:00.0812 1260 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
16:25:00.0812 1260 Eventlog - ok
16:25:00.0859 1260 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
16:25:00.0859 1260 EventSystem - ok
16:25:00.0875 1260 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:25:00.0875 1260 Fastfat - ok
16:25:00.0906 1260 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:25:00.0921 1260 FastUserSwitchingCompatibility - ok
16:25:00.0921 1260 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:25:00.0921 1260 Fdc - ok
16:25:00.0937 1260 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:25:00.0937 1260 Fips - ok
16:25:01.0000 1260 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
16:25:01.0031 1260 FirebirdServerMAGIXInstance - ok
16:25:01.0062 1260 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:25:01.0062 1260 Flpydisk - ok
16:25:01.0109 1260 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:25:01.0109 1260 FltMgr - ok
16:25:01.0140 1260 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:25:01.0140 1260 FontCache3.0.0.0 - ok
16:25:01.0140 1260 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:25:01.0140 1260 Fs_Rec - ok
16:25:01.0171 1260 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:25:01.0171 1260 Ftdisk - ok
16:25:01.0171 1260 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:25:01.0171 1260 Gpc - ok
16:25:01.0250 1260 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:25:01.0250 1260 gupdate - ok
16:25:01.0265 1260 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:25:01.0265 1260 gupdatem - ok
16:25:01.0281 1260 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
16:25:01.0281 1260 hamachi - ok
16:25:01.0359 1260 [ C9EF0B0B132EA48CDD5E206F6F99EDC9 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
16:25:01.0375 1260 Hamachi2Svc - ok
16:25:01.0406 1260 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:25:01.0406 1260 HDAudBus - ok
16:25:01.0437 1260 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:25:01.0437 1260 helpsvc - ok
16:25:01.0468 1260 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:25:01.0468 1260 HidServ - ok
16:25:01.0500 1260 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:25:01.0500 1260 HidUsb - ok
16:25:01.0531 1260 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:25:01.0531 1260 hkmsvc - ok
16:25:01.0531 1260 hpn - ok
16:25:01.0562 1260 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:25:01.0562 1260 HTTP - ok
16:25:01.0578 1260 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:25:01.0578 1260 HTTPFilter - ok
16:25:01.0578 1260 i2omgmt - ok
16:25:01.0593 1260 i2omp - ok
16:25:01.0593 1260 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:25:01.0593 1260 i8042prt - ok
16:25:01.0656 1260 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:25:01.0656 1260 IDriverT - ok
16:25:01.0703 1260 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:25:01.0718 1260 idsvc - ok
16:25:01.0734 1260 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:25:01.0734 1260 Imapi - ok
16:25:01.0765 1260 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:25:01.0765 1260 ImapiService - ok
16:25:01.0765 1260 ini910u - ok
16:25:01.0765 1260 IntelIde - ok
16:25:01.0781 1260 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:25:01.0781 1260 Ip6Fw - ok
16:25:01.0781 1260 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:25:01.0781 1260 IpFilterDriver - ok
16:25:01.0781 1260 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:25:01.0796 1260 IpInIp - ok
16:25:01.0812 1260 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:25:01.0812 1260 IpNat - ok
16:25:01.0859 1260 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:25:01.0859 1260 IPSec - ok
16:25:01.0875 1260 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:25:01.0875 1260 IRENUM - ok
16:25:01.0890 1260 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:25:01.0890 1260 isapnp - ok
16:25:02.0000 1260 [ 80A79264302910C7C24BA7E44267EFEF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:25:02.0015 1260 JavaQuickStarterService - ok
16:25:02.0031 1260 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:25:02.0031 1260 Kbdclass - ok
16:25:02.0031 1260 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:25:02.0031 1260 kbdhid - ok
16:25:02.0046 1260 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:25:02.0062 1260 kmixer - ok
16:25:02.0078 1260 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
16:25:02.0078 1260 KMWDFILTER - ok
16:25:02.0078 1260 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:25:02.0078 1260 KSecDD - ok
16:25:02.0093 1260 [ 080CF8720A306A64F7A09D1226491791 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
16:25:02.0093 1260 L1e - ok
16:25:02.0125 1260 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:25:02.0125 1260 LanmanServer - ok
16:25:02.0171 1260 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:25:02.0171 1260 lanmanworkstation - ok
16:25:02.0171 1260 lbrtfdc - ok
16:25:02.0187 1260 [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
16:25:02.0187 1260 lirsgt - ok
16:25:02.0234 1260 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:25:02.0234 1260 LmHosts - ok
16:25:02.0265 1260 [ EA3E1648442BF717B35A68108CA4B0B3 ] LMIGuardianSvc C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
16:25:02.0265 1260 LMIGuardianSvc - ok
16:25:02.0296 1260 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:25:02.0296 1260 Messenger - ok
16:25:02.0296 1260 [ A232590024578E3AEE530B0710611401 ] MMRTKRNL C:\WINDOWS\system32\drivers\mmrtkrnl.sys
16:25:02.0296 1260 MMRTKRNL - ok
16:25:02.0312 1260 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:25:02.0312 1260 mnmdd - ok
16:25:02.0328 1260 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:25:02.0328 1260 mnmsrvc - ok
16:25:02.0328 1260 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:25:02.0343 1260 Modem - ok
16:25:02.0406 1260 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
16:25:02.0421 1260 monfilt - ok
16:25:02.0421 1260 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:25:02.0421 1260 Mouclass - ok
16:25:02.0453 1260 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:25:02.0453 1260 mouhid - ok
16:25:02.0468 1260 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:25:02.0468 1260 MountMgr - ok
16:25:02.0484 1260 mraid35x - ok
16:25:02.0500 1260 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:25:02.0500 1260 MRxDAV - ok
16:25:02.0515 1260 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:25:02.0515 1260 MRxSmb - ok
16:25:02.0531 1260 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:25:02.0531 1260 MSDTC - ok
16:25:02.0531 1260 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:25:02.0531 1260 Msfs - ok
16:25:02.0531 1260 MSIServer - ok
16:25:02.0546 1260 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:25:02.0546 1260 MSKSSRV - ok
16:25:02.0562 1260 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:25:02.0562 1260 MSPCLOCK - ok
16:25:02.0562 1260 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:25:02.0562 1260 MSPQM - ok
16:25:02.0578 1260 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:25:02.0578 1260 mssmbios - ok
16:25:02.0593 1260 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
16:25:02.0593 1260 MTsensor - ok
16:25:02.0609 1260 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:25:02.0609 1260 Mup - ok
16:25:02.0640 1260 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:25:02.0640 1260 napagent - ok
16:25:02.0703 1260 NAVENG - ok
16:25:02.0703 1260 NAVEX15 - ok
16:25:02.0718 1260 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:25:02.0718 1260 NDIS - ok
16:25:02.0734 1260 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:25:02.0734 1260 NdisTapi - ok
16:25:02.0750 1260 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:25:02.0750 1260 Ndisuio - ok
16:25:02.0750 1260 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:25:02.0750 1260 NdisWan - ok
16:25:02.0812 1260 [ 2F597BB467E05B1FE3830EABD821B8E0 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:25:02.0812 1260 NDProxy - ok
16:25:02.0812 1260 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:25:02.0812 1260 NetBIOS - ok
16:25:02.0828 1260 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:25:02.0843 1260 NetBT - ok
16:25:02.0859 1260 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
16:25:02.0859 1260 NetDDE - ok
16:25:02.0859 1260 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:25:02.0859 1260 NetDDEdsdm - ok
16:25:02.0890 1260 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:25:02.0890 1260 Netlogon - ok
16:25:02.0906 1260 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
16:25:02.0906 1260 Netman - ok
16:25:02.0953 1260 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:25:02.0953 1260 NetTcpPortSharing - ok
16:25:02.0968 1260 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:25:02.0968 1260 NIC1394 - ok
16:25:03.0015 1260 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
16:25:03.0015 1260 Nla - ok
16:25:03.0093 1260 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files\CDBurnerXP\NMSAccessU.exe
16:25:03.0093 1260 NMSAccessU - ok
16:25:03.0093 1260 Norton Internet Security - ok
16:25:03.0093 1260 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:25:03.0109 1260 Npfs - ok
16:25:03.0109 1260 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:25:03.0125 1260 Ntfs - ok
16:25:03.0125 1260 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:25:03.0125 1260 NtLmSsp - ok
16:25:03.0171 1260 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:25:03.0187 1260 NtmsSvc - ok
16:25:03.0218 1260 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:25:03.0218 1260 Null - ok
16:25:03.0218 1260 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:25:03.0234 1260 NwlnkFlt - ok
16:25:03.0250 1260 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:25:03.0250 1260 NwlnkFwd - ok
16:25:03.0281 1260 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:25:03.0281 1260 ohci1394 - ok
16:25:03.0296 1260 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:25:03.0296 1260 Parport - ok
16:25:03.0296 1260 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:25:03.0296 1260 PartMgr - ok
16:25:03.0296 1260 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:25:03.0296 1260 ParVdm - ok
16:25:03.0328 1260 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:25:03.0328 1260 PCI - ok
16:25:03.0328 1260 PCIDump - ok
16:25:03.0328 1260 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:25:03.0328 1260 PCIIde - ok
16:25:03.0328 1260 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:25:03.0328 1260 Pcmcia - ok
16:25:03.0328 1260 PDCOMP - ok
16:25:03.0328 1260 PDFRAME - ok
16:25:03.0343 1260 PDRELI - ok
16:25:03.0343 1260 PDRFRAME - ok
16:25:03.0343 1260 perc2 - ok
16:25:03.0343 1260 perc2hib - ok
16:25:03.0359 1260 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
16:25:03.0359 1260 PlugPlay - ok
16:25:03.0406 1260 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
16:25:03.0406 1260 PnkBstrA - ok
16:25:03.0406 1260 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:25:03.0406 1260 PolicyAgent - ok
16:25:03.0421 1260 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:25:03.0421 1260 PptpMiniport - ok
16:25:03.0437 1260 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:25:03.0437 1260 Processor - ok
16:25:03.0437 1260 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:25:03.0437 1260 ProtectedStorage - ok
16:25:03.0437 1260 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:25:03.0437 1260 PSched - ok
16:25:03.0437 1260 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:25:03.0437 1260 Ptilink - ok
16:25:03.0453 1260 ql1080 - ok
16:25:03.0453 1260 Ql10wnt - ok
16:25:03.0453 1260 ql12160 - ok
16:25:03.0453 1260 ql1240 - ok
16:25:03.0453 1260 ql1280 - ok
16:25:03.0453 1260 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:25:03.0453 1260 RasAcd - ok
16:25:03.0500 1260 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:25:03.0500 1260 RasAuto - ok
16:25:03.0515 1260 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:25:03.0515 1260 Rasl2tp - ok
16:25:03.0546 1260 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:25:03.0546 1260 RasMan - ok
16:25:03.0546 1260 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:25:03.0546 1260 RasPppoe - ok
16:25:03.0546 1260 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:25:03.0562 1260 Raspti - ok
16:25:03.0578 1260 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:25:03.0578 1260 Rdbss - ok
16:25:03.0593 1260 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:25:03.0593 1260 RDPCDD - ok
16:25:03.0625 1260 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:25:03.0625 1260 rdpdr - ok
16:25:03.0671 1260 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:25:03.0671 1260 RDPWD - ok
16:25:03.0703 1260 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:25:03.0703 1260 RDSessMgr - ok
16:25:03.0718 1260 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:25:03.0718 1260 redbook - ok
16:25:03.0734 1260 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:25:03.0734 1260 RemoteAccess - ok
16:25:03.0750 1260 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:25:03.0750 1260 RemoteRegistry - ok
16:25:03.0796 1260 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
16:25:03.0796 1260 RFCOMM - ok
16:25:03.0828 1260 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
16:25:03.0828 1260 RpcLocator - ok
16:25:03.0859 1260 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:25:03.0859 1260 RpcSs - ok
16:25:03.0875 1260 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:25:03.0875 1260 RSVP - ok
16:25:03.0875 1260 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:25:03.0875 1260 rtl8139 - ok
16:25:03.0890 1260 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
16:25:03.0890 1260 SamSs - ok
16:25:03.0890 1260 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:25:03.0890 1260 SCardSvr - ok
16:25:03.0921 1260 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:25:03.0921 1260 Schedule - ok
16:25:03.0921 1260 [ A643D6DF1B7546256B11FB5D6B5D1375 ] SCREAMINGBDRIVER C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
16:25:03.0921 1260 SCREAMINGBDRIVER - ok
16:25:03.0968 1260 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:25:03.0984 1260 Secdrv - ok
16:25:03.0984 1260 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:25:03.0984 1260 seclogon - ok
16:25:04.0000 1260 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
16:25:04.0000 1260 SENS - ok
16:25:04.0000 1260 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:25:04.0000 1260 serenum - ok
16:25:04.0000 1260 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:25:04.0000 1260 Serial - ok
16:25:04.0015 1260 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:25:04.0015 1260 Sfloppy - ok
16:25:04.0046 1260 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:25:04.0046 1260 SharedAccess - ok
16:25:04.0062 1260 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:25:04.0078 1260 ShellHWDetection - ok
16:25:04.0078 1260 Simbad - ok
16:25:04.0125 1260 [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:25:04.0125 1260 SkypeUpdate - ok
16:25:04.0125 1260 Sparrow - ok
16:25:04.0171 1260 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:25:04.0171 1260 splitter - ok
16:25:04.0203 1260 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:25:04.0203 1260 Spooler - ok
16:25:04.0250 1260 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
16:25:04.0250 1260 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
16:25:04.0250 1260 sptd ( LockedFile.Multi.Generic ) - warning
16:25:04.0250 1260 sptd - detected LockedFile.Multi.Generic (1)
16:25:04.0281 1260 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:25:04.0281 1260 sr - ok
16:25:04.0296 1260 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
16:25:04.0296 1260 srservice - ok
16:25:04.0296 1260 SRTSP - ok
16:25:04.0296 1260 SRTSPX - ok
16:25:04.0343 1260 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:25:04.0343 1260 Srv - ok
16:25:04.0359 1260 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:25:04.0359 1260 SSDPSRV - ok
16:25:04.0390 1260 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:25:04.0390 1260 stisvc - ok
16:25:04.0390 1260 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:25:04.0390 1260 swenum - ok
16:25:04.0406 1260 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:25:04.0406 1260 swmidi - ok
16:25:04.0406 1260 SwPrv - ok
16:25:04.0406 1260 symc810 - ok
16:25:04.0421 1260 symc8xx - ok
16:25:04.0421 1260 sym_hi - ok
16:25:04.0421 1260 sym_u3 - ok
16:25:04.0453 1260 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:25:04.0453 1260 sysaudio - ok
16:25:04.0468 1260 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:25:04.0468 1260 SysmonLog - ok
16:25:04.0484 1260 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:25:04.0484 1260 TapiSrv - ok
16:25:04.0515 1260 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:25:04.0515 1260 Tcpip - ok
16:25:04.0531 1260 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:25:04.0531 1260 TDPIPE - ok
16:25:04.0531 1260 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:25:04.0531 1260 TDTCP - ok
16:25:04.0531 1260 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:25:04.0531 1260 TermDD - ok
16:25:04.0562 1260 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
16:25:04.0562 1260 TermService - ok
16:25:04.0578 1260 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:25:04.0578 1260 Themes - ok
16:25:04.0609 1260 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:25:04.0625 1260 TlntSvr - ok
16:25:04.0625 1260 TosIde - ok
16:25:04.0640 1260 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:25:04.0656 1260 TrkWks - ok
16:25:04.0656 1260 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:25:04.0656 1260 Udfs - ok
16:25:04.0687 1260 [ 3B7E264485F361EA5A65FEEF89F2352F ] UltiDev Cassini Web Server for ASP.NET 2.0 C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
16:25:04.0687 1260 UltiDev Cassini Web Server for ASP.NET 2.0 - ok
16:25:04.0687 1260 ultra - ok
16:25:04.0718 1260 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:25:04.0718 1260 Update - ok
16:25:04.0765 1260 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
16:25:04.0765 1260 upnphost - ok
16:25:04.0765 1260 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
16:25:04.0765 1260 UPS - ok
16:25:04.0812 1260 [ 65898A183FBF1D1F7759D5CCB364DCD4 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:25:04.0812 1260 usbaudio - ok
16:25:04.0859 1260 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:25:04.0859 1260 usbccgp - ok
16:25:04.0859 1260 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:25:04.0859 1260 usbehci - ok
16:25:04.0875 1260 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:25:04.0875 1260 usbhub - ok
16:25:04.0906 1260 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:25:04.0906 1260 usbohci - ok
16:25:04.0937 1260 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:25:04.0937 1260 USBSTOR - ok
16:25:04.0984 1260 [ F4CA0EC9BE5977CD4C6B906BDE748EBD ] USBTurboSpeed C:\WINDOWS\system32\drivers\USBTurboSpeed.sys
16:25:04.0984 1260 USBTurboSpeed - ok
16:25:05.0000 1260 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:25:05.0000 1260 VgaSave - ok
16:25:05.0046 1260 [ AC3D98797520265B333DC54C327AA390 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
16:25:05.0062 1260 VIAHdAudAddService - ok
16:25:05.0062 1260 ViaIde - ok
16:25:05.0093 1260 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:25:05.0093 1260 VolSnap - ok
16:25:05.0125 1260 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
16:25:05.0140 1260 VSS - ok
16:25:05.0187 1260 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
16:25:05.0187 1260 W32Time - ok
16:25:05.0203 1260 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:25:05.0203 1260 Wanarp - ok
16:25:05.0203 1260 WDICA - ok
16:25:05.0218 1260 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:25:05.0218 1260 wdmaud - ok
16:25:05.0234 1260 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:25:05.0234 1260 WebClient - ok
16:25:05.0375 1260 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:25:05.0390 1260 wlidsvc - ok
16:25:05.0421 1260 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:25:05.0421 1260 WmdmPmSN - ok
16:25:05.0453 1260 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:25:05.0453 1260 Wmi - ok
16:25:05.0453 1260 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:25:05.0468 1260 WmiAcpi - ok
16:25:05.0546 1260 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:25:05.0546 1260 WmiApSrv - ok
16:25:05.0625 1260 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:25:05.0625 1260 WMPNetworkSvc - ok
16:25:05.0640 1260 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:25:05.0656 1260 WpdUsb - ok
16:25:05.0656 1260 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:25:05.0656 1260 WS2IFSL - ok
16:25:05.0656 1260 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:25:05.0671 1260 wscsvc - ok
16:25:05.0671 1260 WSearch - ok
16:25:05.0703 1260 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:25:05.0718 1260 wuauserv - ok
16:25:05.0734 1260 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:25:05.0734 1260 WudfPf - ok
16:25:05.0734 1260 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:25:05.0734 1260 WudfRd - ok
16:25:05.0781 1260 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:25:05.0781 1260 WudfSvc - ok
16:25:05.0843 1260 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:25:05.0890 1260 WZCSVC - ok
16:25:05.0906 1260 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:25:05.0921 1260 xmlprov - ok
16:25:05.0921 1260 ================ Scan global ===============================
16:25:05.0984 1260 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
16:25:06.0031 1260 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
16:25:06.0031 1260 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
16:25:06.0046 1260 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
16:25:06.0046 1260 [Global] - ok
16:25:06.0046 1260 ================ Scan MBR ==================================
16:25:06.0078 1260 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
16:25:06.0203 1260 \Device\Harddisk0\DR0 - ok
16:25:06.0203 1260 ================ Scan VBR ==================================
16:25:06.0218 1260 [ 7126EFC661D5AA7182FC418CA8480503 ] \Device\Harddisk0\DR0\Partition1
16:25:06.0218 1260 \Device\Harddisk0\DR0\Partition1 - ok
16:25:06.0218 1260 ============================================================
16:25:06.0218 1260 Scan finished
16:25:06.0218 1260 ============================================================
16:25:06.0218 1052 Detected object count: 2
16:25:06.0218 1052 Actual detected object count: 2
16:25:23.0609 1052 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:25:23.0609 1052 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:25:23.0609 1052 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:25:23.0609 1052 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:25:27.0390 3804 Deinitialize success

[MichuliN]

ComboFix 14-01-29.01 - Lynx 01.02.2014 16:55:02.1.4 - x86
Spuštěný z: c:\documents and settings\Lynx\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\config.ini
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\netcfgx.dll.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-01 do 2014-02-01 )))))))))))))))))))))))))))))))
.
.
2014-01-31 18:58 . 2014-01-31 18:58 -------- d-----w- c:\windows\ERUNT
2014-01-31 17:23 . 2014-01-31 18:47 -------- d-----w- C:\AdwCleaner
2014-01-31 17:07 . 2014-01-31 17:07 -------- d-----w- c:\documents and settings\Lynx\Data aplikací\Malwarebytes
2014-01-31 17:07 . 2014-01-31 17:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-01-31 17:07 . 2014-01-31 17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-31 17:07 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-26 19:01 . 2014-01-31 18:03 -------- d-----w- c:\program files\GamePark
2014-01-26 18:11 . 2014-01-26 18:11 -------- d-----w- c:\program files\OpenTTD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-01 15:11 . 2013-06-30 17:38 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-01 15:11 . 2013-06-30 17:38 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-01 15:11 . 2011-03-26 10:37 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-01 15:11 . 2010-07-21 16:22 43152 ----a-w- c:\windows\avastSS.scr
2014-02-01 15:11 . 2010-01-08 22:46 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-01 15:11 . 2010-01-08 22:46 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-01 15:11 . 2010-01-08 22:46 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-01 15:11 . 2010-01-08 22:45 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-26 18:47 . 2009-12-25 20:53 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-01-26 18:47 . 2010-02-13 16:59 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-01-26 18:47 . 2009-12-25 20:53 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-12-10 21:30 . 2012-04-02 16:55 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-10 21:30 . 2011-05-16 14:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-06 19:46 . 2013-12-06 19:46 0 ----a-w- c:\program files\GUM6F.tmp
2013-11-29 21:23 . 2013-06-30 17:38 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-27 20:21 . 2010-03-31 10:38 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 03:00 . 2010-03-31 10:38 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2010-03-31 10:38 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-11-03 18:11 . 2013-11-03 18:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-03 18:11 . 2013-11-03 18:11 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-01 15:11 259464 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Akamai NetSession Interface"="c:\documents and settings\Lynx\Local Settings\Data aplikací\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-02 20472992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-04-06 33603584]
"USBTurboSpeed"="c:\program files\USBTurboSpeed\USBTurboSpeed.exe" [2008-09-16 217088]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 98304]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-01 2345296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ACQTMOUSE"="c:\program files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe" [2008-08-01 501760]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-02-01 3767096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Lynx^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Lynx\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
2007-07-18 14:52 70144 ----a-w- c:\windows\system32\mmrtkrnl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2005-12-20 12:39 94208 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\H R Y\\Call of Duty\\CoDUOMP.exe"=
"c:\\H R Y\\Call of Duty\\CoDMP.exe"=
"c:\\H R Y\\Call of Duty 4\\iw3mp.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\H R Y\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\H R Y\\Call - Kabel\\CoDMP.exe"=
"c:\\Hry\\L4D2\\Left.4.Dead.2-THEPiRATEGAY\\left4dead2.exe"=
"c:\\Hry\\KillingFloor_v1011_NoSteam\\Killing Floor\\System\\KillingFloor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Hry\\Ubisoft\\THE SETTLERS - Vzestup říše\\base\\bin\\Settlers6.exe"=
"c:\\Hry\\Ubisoft\\THE SETTLERS - Vzestup říše\\extra1\\bin\\Settlers6.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Hry\\Warcraft III\\War3.exe"=
"c:\\Hry\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Hry\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Hry\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Hry\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Hry\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Hry\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Hry\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\H R Y\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Hry\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Hry\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Hry\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Hry\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"c:\\Hry\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Hry\\Sega\\Virtua Tennis\\VIRTUA_TENNIS_PC.exe"=
"c:\\H R Y\\Call - Kabel\\CoDUOMP.exe"=
"c:\\Hry\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Hry\\Microsoft Games\\Age of Mythology\\AoM.eXe"=
"c:\\Hry\\Blue Byte\\Settlers IV\\Exe\\S4_Main.exe"=
"c:\\Hry\\F.E.A.R. 3\\F.E.A.R. 3\\F.E.A.R. 3.exe"=
"c:\\Hry\\Mount&Blade With Fire and Sword\\mb_wfas.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Hry\\Tripwire Interactive\\Red Orchestra 2 Heroes of Stalingrad\\Binaries\\Win32\\ROGame.exe"=
"c:\\Documents and Settings\\Lynx\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"c:\\Hry\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Hry\\Sega\\Medieval II Total War\\medieval2.exe"=
"c:\\1\\TERA\\TERA-Launcher.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56948:TCP"= 56948:TCP:Pando Media Booster
"56948:UDP"= 56948:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6919:TCP"= 6919:TCP:League of Legends Launcher
"6919:UDP"= 6919:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"56678:TCP"= 56678:TCP:Pando Media Booster
"56678:UDP"= 56678:UDP:Pando Media Booster
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-10-01 1612112]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 ACRUSBTM;ACRUSBTM;c:\windows\system32\drivers\ACRUSBTM.SYS [2007-08-02 28672]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]
R3 USBTurboSpeed;USBTurboSpeed;c:\windows\system32\drivers\USBTurboSpeed.sys [2008-07-03 24576]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-24 691696]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-02-01 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-02-01 410784]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-24 218688]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-02-01 67824]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-08-26 375056]
S2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2010-08-25 49152]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-03-26 1086208]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-31 10:51 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:30]
.
2014-02-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-12-03 15:11]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 15:09]
.
2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 15:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 84.16.96.2 84.16.113.2
FF - ProfilePath - c:\documents and settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\1t6pvlok.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-C-Media Speaker Configuration - d:\sound\Cmi8738-6ch\Xp-2K-Me\drv\Setup.exe
MSConfigStartUp-Clownfish - c:\program files\Clownfish\Clownfish.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.0\ICQ.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-RGSC - c:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
AddRemove-BattlEye - c:\hry\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-Minecraft 1.4.5 - c:\documents and settings\Lynx\Data aplikací\.minecraft\minecraft launcher\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-01 17:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2722186806-3983479735-3738779071-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2722186806-3983479735-3738779071-1004\Software\SecuROM\License information*]
"datasecu"=hex:d7,f4,aa,6d,17,70,35,d3,8f,44,cb,6a,16,68,e8,f4,67,93,cd,f7,99,
e3,3e,c1,93,59,6e,44,2a,72,08,a1,55,5a,32,a3,26,85,5d,0a,22,74,f7,86,64,2f,\
"rkeysecu"=hex:ba,31,89,b2,54,08,4d,cf,0c,fb,6c,d1,29,7e,94,80
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2014-02-01 17:05:04
ComboFix-quarantined-files.txt 2014-02-01 16:05
.
Před spuštěním: Volných bajtů: 660 116 348 928
Po spuštění: Volných bajtů: 665 749 557 248
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - CCA1C2D77CD91E9743212439BC9B81A1
413FC2A0C716421B3158746D63736515