prosba o pomoc se zdvojením háčků WIN 7

Zpráva

liceli · #1 Příspěvek od **liceli** » 25 úno 2013 13:58

Prosím o pomoc se zdvojením čárek a háčků WIN 7. Předem děkuji. Libor

Posílám log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Briza at 2013-02-25 13:41:29
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 45 GB (30%) free of 153 GB
Total RAM: 2943 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:42:18, on 25.2.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Briza\AppData\Local\Temp\wininit.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\system32\prevhost.exe
C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Briza\Downloads\RSIT.exe
C:\Program Files\trend micro\Briza.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [PCSpeedUp] C:\Program Files\Zrychleni Pocitace\PCSUNotifier.exe
O4 - HKCU\..\Run: [Nyyxuci] C:\Users\Briza\AppData\Roaming\Ipse\adcuh.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: All History Cleaner Service (HSService) - Unknown owner - C:\Program Files\All History Cleaner\HSService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files\Zrychleni Pocitace\PCSUService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TipCtrl - Utipu inc. - C:\Program Files\uTIPu\TipCtrl.exe

--
End of file - 8294 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PC SpeedUp Service Deactivator.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Briza\AppData\Roaming\Mozilla\Firefox\Profiles\ofzcbymo.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.financnik.cz/komodity/fin_ho ... =undefined;"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
prefs.js - "keyword.URL" - "http://isearch.avg.com/search?cid=%7B19 ... &sap=ku&q="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.168 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npPDFXCviewNPPlugin.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
avg-secure-search.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-14 221184]
"PCSpeedUp"=C:\Program Files\Zrychleni Pocitace\PCSUNotifier.exe [2013-01-04 256448]
"Nyyxuci"=C:\Users\Briza\AppData\Roaming\Ipse\adcuh.exe [2012-11-19 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-08-28 3671904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
C:\Program Files\Samsung\Kies\KiesHelper.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-02-13 844144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Briza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Briza\AppData\Roaming\Dropbox\bin\Dropbox.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Briza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\comupdatus.exe]
"Debugger=""C:\Program Files\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wlmerger.exe]
"Debugger=""C:\Program Files\Zrychleni Pocitace\PCSUSD.exe" /debugexe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "C:\Windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-02-25 13:41:29 ----D---- C:\rsit
2013-02-25 13:41:29 ----D---- C:\Program Files\trend micro
2013-02-25 10:12:57 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-02-25 10:11:36 ----A---- C:\Windows\avastSS.scr
2013-02-25 10:11:34 ----A---- C:\Windows\system32\aswBoot.exe
2013-02-25 10:11:12 ----D---- C:\ProgramData\AVAST Software
2013-02-25 10:11:12 ----D---- C:\Program Files\AVAST Software
2013-02-23 16:04:42 ----D---- C:\Users\Briza\AppData\Roaming\Ykor
2013-02-23 16:04:42 ----D---- C:\Users\Briza\AppData\Roaming\Ipse
2013-02-23 16:04:42 ----D---- C:\Users\Briza\AppData\Roaming\Awfa
2013-02-14 21:25:33 ----RD---- C:\Others
2013-02-14 19:12:09 ----A---- C:\Windows\system32\FsUsbExService.Exe
2013-02-14 19:12:09 ----A---- C:\Windows\system32\FsUsbExDisk.Sys
2013-02-14 19:12:09 ----A---- C:\Windows\system32\FsUsbExDevice.Dll
2013-02-13 09:07:41 ----A---- C:\Windows\system32\mshtmled.dll
2013-02-13 09:07:40 ----A---- C:\Windows\system32\vbscript.dll
2013-02-13 09:07:40 ----A---- C:\Windows\system32\jsproxy.dll
2013-02-13 09:07:39 ----A---- C:\Windows\system32\msfeeds.dll
2013-02-13 09:07:39 ----A---- C:\Windows\system32\ieUnatt.exe
2013-02-13 09:07:39 ----A---- C:\Windows\system32\ieui.dll
2013-02-13 09:07:38 ----A---- C:\Windows\system32\wininet.dll
2013-02-13 09:07:38 ----A---- C:\Windows\system32\jscript9.dll
2013-02-13 09:07:38 ----A---- C:\Windows\system32\jscript.dll
2013-02-13 09:07:37 ----A---- C:\Windows\system32\url.dll
2013-02-13 09:07:37 ----A---- C:\Windows\system32\iertutil.dll
2013-02-13 09:07:36 ----A---- C:\Windows\system32\urlmon.dll
2013-02-13 09:07:35 ----A---- C:\Windows\system32\mshtml.dll
2013-02-13 09:07:34 ----A---- C:\Windows\system32\ieframe.dll
2013-02-13 06:27:09 ----A---- C:\Windows\system32\win32k.sys
2013-02-13 06:27:01 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-02-13 06:27:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-02-13 06:26:59 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-02-13 06:26:58 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 06:26:57 ----A---- C:\Windows\system32\winsrv.dll
2013-02-10 19:16:09 ----A---- C:\Windows\system32\drivers\sscewhnt.sys
2013-02-10 19:16:09 ----A---- C:\Windows\system32\drivers\sscewh.sys
2013-02-10 19:16:08 ----A---- C:\Windows\system32\drivers\sscemdm.sys
2013-02-10 19:16:08 ----A---- C:\Windows\system32\drivers\sscemdfl.sys
2013-02-10 19:16:08 ----A---- C:\Windows\system32\drivers\sscecmnt.sys
2013-02-10 19:16:08 ----A---- C:\Windows\system32\drivers\sscecm.sys
2013-02-10 19:16:08 ----A---- C:\Windows\system32\drivers\sscebus.sys
2013-02-06 17:25:48 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2013-02-25 13:41:41 ----D---- C:\Windows\Prefetch
2013-02-25 13:41:29 ----RD---- C:\Program Files
2013-02-25 13:41:11 ----D---- C:\Windows\Temp
2013-02-25 12:55:30 ----D---- C:\Program Files\All History Cleaner
2013-02-25 12:55:27 ----D---- C:\Program Files\Zrychleni Pocitace
2013-02-25 12:55:20 ----D---- C:\Windows\system32\inetsrv
2013-02-25 12:52:54 ----D---- C:\ProgramData\NVIDIA
2013-02-25 12:50:58 ----D---- C:\Windows\system32\config
2013-02-25 10:15:06 ----SHD---- C:\Windows\Installer
2013-02-25 10:15:04 ----SHD---- C:\Config.Msi
2013-02-25 10:14:50 ----D---- C:\Program Files\Google
2013-02-25 10:12:59 ----D---- C:\Windows\system32\drivers
2013-02-25 10:12:58 ----D---- C:\Windows\system32\Tasks
2013-02-25 10:11:36 ----D---- C:\Windows
2013-02-25 10:11:34 ----D---- C:\Windows\System32
2013-02-25 10:11:12 ----HD---- C:\ProgramData
2013-02-25 10:11:07 ----SHD---- C:\System Volume Information
2013-02-25 06:14:49 ----D---- C:\Windows\inf
2013-02-25 06:14:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-02-24 22:12:11 ----D---- C:\Users\Briza\AppData\Roaming\vlc
2013-02-23 16:04:53 ----SD---- C:\Users\Briza\AppData\Roaming\Microsoft
2013-02-15 06:31:18 ----D---- C:\ProgramData\Adobe
2013-02-15 06:29:30 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-02-14 23:52:21 ----D---- C:\Windows\system32\catroot
2013-02-14 19:50:59 ----RSD---- C:\Windows\assembly
2013-02-14 19:50:59 ----D---- C:\Windows\Microsoft.NET
2013-02-14 19:13:22 ----D---- C:\Windows\system32\DriverStore
2013-02-13 09:46:25 ----D---- C:\Windows\system32\catroot2
2013-02-13 09:19:18 ----D---- C:\Windows\winsxs
2013-02-13 09:15:48 ----D---- C:\Windows\system32\migration
2013-02-13 09:15:46 ----D---- C:\Program Files\Internet Explorer
2013-02-13 09:10:09 ----A---- C:\Windows\system32\MRT.exe
2013-02-13 09:09:40 ----D---- C:\ProgramData\Microsoft Help
2013-02-12 06:47:09 ----D---- C:\Windows\Tasks
2013-02-08 11:18:11 ----D---- C:\Windows\system32\FxsTmp
2013-02-07 06:56:57 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-01-30 11:53:21 ----N---- C:\Windows\system32\MpSigStub.exe
2013-01-26 08:40:56 ----D---- C:\Program Files\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-08-30 193552]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-10-30 477240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-30 242240]
R1 MpKslcf61a01f;MpKslcf61a01f; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BAFBBB44-092E-4A60-ACD9-34C1733D045A}\MpKslcf61a01f.sys [2013-02-25 29904]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 99272]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-20 117760]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-09-10 5120]
R3 dfmirage;dfmirage; C:\Windows\system32\DRIVERS\dfmirage.sys [2008-03-26 34128]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2013-02-05 37344]
R3 MQAC;@mqutil.dll,-6101; C:\Windows\system32\drivers\mqac.sys [2010-11-20 141824]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2012-07-03 149352]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 GemCCID;GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [2009-08-10 89600]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2010-12-09 27632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); C:\Windows\system32\DRIVERS\sscebus.sys [2012-06-27 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; C:\Windows\system32\DRIVERS\sscemdfl.sys [2012-06-27 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; C:\Windows\system32\DRIVERS\sscemdm.sys [2012-06-27 123648]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 30208]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 CISVC;@%systemroot%\system32\CISVC.EXE,-1; C:\Windows\system32\CISVC.EXE [2009-07-14 20480]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2013-02-05 233472]
R2 ftpsvc;@%windir%\system32\inetsrv\ftpres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HSService;All History Cleaner Service; C:\Program Files\All History Cleaner\HSService.exe [2012-08-28 293664]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2009-07-14 13824]
R2 iprip;@%Systemroot%\system32\iprip.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 LPDSVC;@%systemroot%\system32\lpdsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 20472]
R2 MSMQ;@mqutil.dll,-6102; C:\Windows\system32\mqsvc.exe [2009-07-14 8704]
R2 MSMQTriggers;@mqutil.dll,-6203; C:\Windows\system32\mqtgsvc.exe [2010-11-20 126464]
R2 NetPipeActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
R2 NetTcpActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-12-29 639928]
R2 PCSUService;PC Speed Up Service; C:\Program Files\Zrychleni Pocitace\PCSUService.exe [2013-01-04 323008]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 9216]
R2 SNMP;@%SystemRoot%\system32\snmp.exe,-3; C:\Windows\System32\snmp.exe [2010-11-20 47616]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-08 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-15 251248]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2011-04-16 77944]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-08 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-02-06 115608]
S3 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-12-29 1260472]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-10-27 718384]
S3 TipCtrl;TipCtrl; C:\Program Files\uTIPu\TipCtrl.exe [2010-09-28 318144]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-11 1343400]
S3 WMSVC;@%windir%\system32\inetsrv\iisres.dll,-20001; C:\Windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728]
S4 NetMsmqActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
S4 TlntSvr;@%SystemRoot%\system32\tlntsvr.exe,-119; C:\Windows\System32\tlntsvr.exe [2009-07-14 71680]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 25 úno 2013 14:16

Zdravim, pekne odpoledne preji a vitam Vas u nas na foru

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

liceli · #3 Příspěvek od **liceli** » 25 úno 2013 15:02

Moc děkuji za rychlou reakci.
Přikládám požadovaný log:

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/25/2013 02:35:00 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\FsUsbExService.Exe (PID: 1444) [WD-HEUR]
* C:\Users\Briza\AppData\Local\Temp\wininit.exe (PID: 3472) [SFI]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 02/25/2013 02:35:16 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)

liceli · #4 Příspěvek od **liceli** » 25 úno 2013 15:49

Opět děkuji za rychlou pomoc a posílám požadovaný log:

ComboFix 13-02-24.01 - Briza 25.02.2013 15:20:56.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2943.1727 [GMT 1:00]
Spuštěný z: c:\users\Briza\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Briza\AppData\Local\Microsoft\Windows\Temporary Internet Files\SLOVA.WAV
c:\users\Briza\AppData\Local\Microsoft\Windows\Temporary Internet Files\TMP.WAV
c:\users\Briza\AppData\Local\Microsoft\Windows\Temporary Internet Files\WDICT32.INI
c:\users\Briza\AppData\Local\Microsoft\Windows\Temporary Internet Files\WTRAN32.INI
c:\users\Briza\AppData\Roaming\Ykor
c:\users\Briza\AppData\Roaming\Ykor\vobuq.vaz
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-25 do 2013-02-25 )))))))))))))))))))))))))))))))
.
.
2013-02-25 14:29 . 2013-02-25 14:33 -------- d-----w- c:\users\Briza\AppData\Local\temp
2013-02-25 14:29 . 2013-02-25 14:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-25 14:29 . 2013-02-25 14:29 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-02-25 14:29 . 2013-02-25 14:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-25 14:29 . 2013-02-25 14:29 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-02-25 12:41 . 2013-02-25 12:42 -------- d-----w- C:\rsit
2013-02-25 12:41 . 2013-02-25 12:42 -------- d-----w- c:\program files\trend micro
2013-02-25 11:54 . 2013-02-25 11:54 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAFBBB44-092E-4A60-ACD9-34C1733D045A}\MpKslcf61a01f.sys
2013-02-25 09:12 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-25 09:11 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-02-25 09:11 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-25 09:11 . 2013-02-25 09:11 -------- d-----w- c:\programdata\AVAST Software
2013-02-25 09:11 . 2013-02-25 09:11 -------- d-----w- c:\program files\AVAST Software
2013-02-25 08:59 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAFBBB44-092E-4A60-ACD9-34C1733D045A}\mpengine.dll
2013-02-24 08:06 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-23 15:04 . 2013-02-23 15:20 -------- d-----w- c:\users\Briza\AppData\Roaming\Awfa
2013-02-23 15:04 . 2013-02-23 15:04 -------- d-----w- c:\users\Briza\AppData\Roaming\Ipse
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 20:25 . 2013-02-14 20:29 -------- d-----r- C:\Others
2013-02-14 18:12 . 2013-02-05 08:54 37344 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2013-02-14 18:12 . 2013-02-05 08:54 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2013-02-14 18:12 . 2012-10-29 11:10 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2013-02-13 05:27 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 05:27 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 05:27 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 05:26 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 05:26 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 05:26 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-10 18:16 . 2012-06-27 08:37 12288 ----a-w- c:\windows\system32\drivers\sscewhnt.sys
2013-02-10 18:16 . 2012-06-27 08:37 12288 ----a-w- c:\windows\system32\drivers\sscewh.sys
2013-02-10 18:16 . 2012-06-27 08:37 98560 ----a-w- c:\windows\system32\drivers\sscebus.sys
2013-02-10 18:16 . 2012-06-27 08:37 14848 ----a-w- c:\windows\system32\drivers\sscemdfl.sys
2013-02-10 18:16 . 2012-06-27 08:37 12416 ----a-w- c:\windows\system32\drivers\sscecmnt.sys
2013-02-10 18:16 . 2012-06-27 08:37 12416 ----a-w- c:\windows\system32\drivers\sscecm.sys
2013-02-10 18:16 . 2012-06-27 08:37 123648 ----a-w- c:\windows\system32\drivers\sscemdm.sys
2013-02-01 08:17 . 2013-02-02 08:07 -------- d-----w- c:\users\Briza\AppData\Local\LogMeIn Rescue Applet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-25 14:32 . 2012-07-03 10:29 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-02-15 05:29 . 2012-04-03 04:38 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-15 05:29 . 2011-09-26 03:24 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-03-10 21:33 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-12 02:30 . 2013-01-13 20:26 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-29 10:26 . 2013-01-05 22:29 8904632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 10:26 . 2013-01-05 22:29 6263784 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:26 . 2013-01-05 22:29 2720696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:26 . 2013-01-05 22:29 20450232 ----a-w- c:\windows\system32\nvoglv32.dll
2012-12-29 10:26 . 2013-01-05 22:29 12641120 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-29 10:26 . 2013-01-05 22:29 7931896 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:26 . 2013-01-05 22:29 1985976 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:26 . 2013-01-05 22:29 17560504 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-29 10:26 . 2012-10-10 20:14 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-29 10:26 . 2012-10-10 20:14 15129064 ----a-w- c:\windows\system32\nvd3dum.dll
2012-12-29 10:26 . 2012-02-09 20:43 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-29 10:26 . 2012-01-02 10:08 2504248 ----a-w- c:\windows\system32\nvapi.dll
2012-12-29 08:26 . 2011-03-23 23:29 4129720 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:26 . 2011-03-23 23:29 3001272 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-29 08:25 . 2011-03-23 23:28 639928 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:25 . 2011-03-23 23:28 108984 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 08:25 . 2010-07-09 14:37 62904 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\system32\nvStreaming.exe
2012-12-16 14:13 . 2012-12-22 08:34 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 05:20 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 05:20 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 05:20 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 05:20 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 05:20 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 05:20 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 05:20 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 05:20 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 05:20 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 05:20 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 05:20 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 05:20 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 05:20 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 05:20 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 05:20 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 05:20 51712 ----a-w- c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-09 05:20 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 05:20 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 05:20 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 05:20 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 05:20 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-29 05:57 . 2012-11-29 05:57 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF13E7DE-A45E-4F6F-AC6E-66E2C3701DC5}\gapaengine.dll
2012-11-28 09:35 . 2012-07-02 16:12 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-28 09:35 . 2011-03-28 18:15 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-06 16:26 . 2013-02-06 16:25 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
"PCSpeedUp"="c:\program files\Zrychleni Pocitace\PCSUNotifier.exe" [2013-01-04 256448]
"Nyyxuci"="c:\users\Briza\AppData\Roaming\Ipse\adcuh.exe" [2012-11-19 454656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2010-11-20 152064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Briza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Briza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Briza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Briza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-08-28 13:52 3671904 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2013-02-13 10:38 844144 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]
R3 TipCtrl;TipCtrl;c:\program files\uTIPu\TipCtrl.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 MpKslcf61a01f;MpKslcf61a01f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAFBBB44-092E-4A60-ACD9-34C1733D045A}\MpKslcf61a01f.sys [x]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 ftpsvc;Služba Microsoft FTP Service;c:\windows\system32\svchost.exe [x]
S2 HSService;All History Cleaner Service;c:\program files\All History Cleaner\HSService.exe [x]
S2 iprip;Naslouchání RIP;c:\windows\System32\svchost.exe [x]
S2 PCSUService;PC Speed Up Service;c:\program files\Zrychleni Pocitace\PCSUService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LPDService REG_MULTI_SZ LPDSVC
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ftpsvc REG_MULTI_SZ ftpsvc
ipripsvc REG_MULTI_SZ iprip
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 05:27 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 05:29]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-08 21:47]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-08 21:47]
.
2013-02-25 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files\Zrychleni Pocitace\PCSUSD.exe [2013-01-13 07:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Briza\AppData\Roaming\Mozilla\Firefox\Profiles\ofzcbymo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.financnik.cz/komodity/fin_home/vyso ... =undefined;
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B19aebd06-e620-4e91-bddf-a9788f57b117%7D&mid=8d45882a393848bdb031163633f3bdea-3a6571f6cdc111351a37aba33e643a46c9bdd0b8&ds=or011&v=11.0.0.9&lang=en&pr=sa&d=2012-05-12%2016%3A21%3A36&sap=ku&q=
FF - ExtSQL: 2013-02-25 10:22; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
AddRemove-Microsoft .NET Framework 4 Extended CSY Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-3557573561.www.pcspeedup.com - c:\program files\Microsoft Silverlight\4.0.60310.0\Silverlight.Configuration.exe
AddRemove-407494290.www.pcspeedup.com - c:\program files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\mqsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2013-02-25 15:39:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-25 14:39
.
Před spuštěním: Volných bajtů: 46 997 946 368
Po spuštění: Volných bajtů: 47 279 923 200
.
- - End Of File - - A1798412F8544E92EC3906893FFA1168

#5 Příspěvek od **vyosek** » 25 úno 2013 19:40

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Search
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

liceli · #6 Příspěvek od **liceli** » 25 úno 2013 19:50

Opět děkuji a posílám požadovaný log:

# AdwCleaner v2.113 - Logfile created 02/25/2013 at 19:48:21
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Briza - TRADER2-PC
# Boot Mode : Normal
# Running from : C:\Users\Briza\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Users\Briza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Found : C:\Users\Briza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Found : C:\Users\Briza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Briza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Briza\AppData\Local\Conduit
Folder Found : C:\Users\Briza\AppData\Local\OpenCandy
Folder Found : C:\Users\Briza\AppData\LocalLow\Conduit
Folder Found : C:\Users\Briza\AppData\Roaming\Mozilla\Firefox\Profiles\ofzcbymo.default\Conduit
Folder Found : C:\Users\Briza\AppData\Roaming\Mozilla\Firefox\Profiles\ofzcbymo.default\ConduitEngine
Folder Found : C:\Users\Briza\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Briza\AppData\Roaming\pdfforge

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1098640
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-1874530476-975385563-1636237756-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-1874530476-975385563-1636237756-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640

-\\ Mozilla Firefox v18.0.2 (cs)

File : C:\Users\Briza\AppData\Roaming\Mozilla\Firefox\Profiles\ofzcbymo.default\prefs.js

Found : user_pref("CT2475029..clientLogIsEnabled", true);
Found : user_pref("CT2475029..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2475029..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2475029.CT2475029", "CT2475029");
Found : user_pref("CT2475029.CT2481020.CommunityChanged", true);
Found : user_pref("CT2475029.CT2481024.CommunityChanged", true);
Found : user_pref("CT2475029.CT2481025.CommunityChanged", true);
Found : user_pref("CT2475029.CT2481029.CommunityChanged", true);
Found : user_pref("CT2475029.CT2481031.CommunityChanged", true);
Found : user_pref("CT2475029.CT2481032.CommunityChanged", true);
Found : user_pref("CT2475029.CT2481033.CommunityChanged", true);
Found : user_pref("CT2475029.CT2481034.CommunityChanged", true);
Found : user_pref("CT2475029.CT2481035.CommunityChanged", true);
Found : user_pref("CT2475029.CT2481037.CommunityChanged", true);
Found : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Fri May 27 2011 12:05:52 GMT+0200");
Found : user_pref("CT2475029.CommunityChanged", true);
Found : user_pref("CT2475029.CurrentServerDate", "27-5-2011");
Found : user_pref("CT2475029.DialogsAlignMode", "LTR");
Found : user_pref("CT2475029.DialogsGetterLastCheckTime", "Thu May 26 2011 21:52:40 GMT+0200");
Found : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Found : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Thu May 26 2011 21:53:24 GMT+0200");
Found : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201069983");
Found : user_pref("CT2475029.DownloadReferralCookieData", "");
Found : user_pref("CT2475029.EMailNotifierPollDate", "Fri May 27 2011 12:30:53 GMT+0200");
Found : user_pref("CT2475029.FeedLastCount129133095456874337", 206);
Found : user_pref("CT2475029.FeedPollDate129132307482029379", "Fri May 27 2011 11:27:27 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129132307482029381", "Fri May 27 2011 11:27:27 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129132307482029382", "Fri May 27 2011 11:27:27 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129133095459686870", "Fri May 27 2011 11:27:27 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129133095459686871", "Fri May 27 2011 11:27:27 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129137437659687146", "Fri May 27 2011 11:27:27 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129137437659687147", "Fri May 27 2011 11:27:27 GMT+0200");
Found : user_pref("CT2475029.FeedPollDate129137437659687148", "Fri May 27 2011 11:27:27 GMT+0200");
Found : user_pref("CT2475029.FeedTTL129132307482029379", 40);
Found : user_pref("CT2475029.FeedTTL129132307482029381", 40);
Found : user_pref("CT2475029.FeedTTL129132307482029382", 40);
Found : user_pref("CT2475029.FeedTTL129133095459686870", 40);
Found : user_pref("CT2475029.FeedTTL129133095459686871", 40);
Found : user_pref("CT2475029.FeedTTL129137437659687146", 40);
Found : user_pref("CT2475029.FeedTTL129137437659687147", 40);
Found : user_pref("CT2475029.FeedTTL129137437659687148", 40);
Found : user_pref("CT2475029.FirstServerDate", "26-5-2011");
Found : user_pref("CT2475029.FirstTime", true);
Found : user_pref("CT2475029.FirstTimeFF3", true);
Found : user_pref("CT2475029.FixPageNotFoundErrors", true);
Found : user_pref("CT2475029.GroupingLastCheckTime", "Thu May 26 2011 21:53:24 GMT+0200");
Found : user_pref("CT2475029.GroupingLastErrorCode", "");
Found : user_pref("CT2475029.GroupingLastResponse", true);
Found : user_pref("CT2475029.GroupingLastServerUpdateTime", "129484884546300000");
Found : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2475029.HasUserGlobalKeys", true);
Found : user_pref("CT2475029.Initialize", true);
Found : user_pref("CT2475029.InitializeCommonPrefs", true);
Found : user_pref("CT2475029.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2475029.InstalledDate", "Thu May 26 2011 21:52:45 GMT+0200");
Found : user_pref("CT2475029.InvalidateCache", false);
Found : user_pref("CT2475029.IsGrouping", true);
Found : user_pref("CT2475029.IsMulticommunity", true);
Found : user_pref("CT2475029.IsOpenThankYouPage", true);
Found : user_pref("CT2475029.IsOpenUninstallPage", true);
Found : user_pref("CT2475029.LanguagePackLastCheckTime", "Thu May 26 2011 21:52:45 GMT+0200");
Found : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2475029.LastLogin_3.3.3.2", "Fri May 27 2011 11:27:27 GMT+0200");
Found : user_pref("CT2475029.LatestVersion", "3.3.3.2");
Found : user_pref("CT2475029.Locale", "en");
Found : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Found : user_pref("CT2475029.MCDetectTooltipShow", true);
Found : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Found : user_pref("CT2475029.RadioIsPodcast", false);
Found : user_pref("CT2475029.RadioLastCheckTime", "Thu May 26 2011 21:52:38 GMT+0200");
Found : user_pref("CT2475029.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2475029.RadioLastUpdateServer", "129054397178370000");
Found : user_pref("CT2475029.RadioMediaID", "13098944");
Found : user_pref("CT2475029.RadioMediaType", "Media Player");
Found : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT247502913098944");
Found : user_pref("CT2475029.RadioStationName", "Mellesleg%20-%20Rapp");
Found : user_pref("CT2475029.RadioStationURL", "hxxp://195.228.254.168:8060/");
Found : user_pref("CT2475029.SavedHomepage", "hxxp://www.financnik.cz/forum/read.php?23,183980|hxxp://www.fi[...]
Found : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Found : user_pref("CT2475029.SearchInNewTabEnabled", true);
Found : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Thu May 26 2011 21:52:38 GMT+0200");
Found : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2475029.ServiceMapLastCheckTime", "Thu May 26 2011 21:52:36 GMT+0200");
Found : user_pref("CT2475029.SettingsLastCheckTime", "Fri May 27 2011 11:27:25 GMT+0200");
Found : user_pref("CT2475029.SettingsLastUpdate", "1304242869");
Found : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Thu May 26 2011 21:52:36 GMT+0200");
Found : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2475029");
Found : user_pref("CT2475029.UserID", "UN69520950455136480");
Found : user_pref("CT2475029.ValidationData_Toolbar", 1);
Found : user_pref("CT2475029.WeatherNetwork", "");
Found : user_pref("CT2475029.WeatherPollDate", "Fri May 27 2011 12:05:54 GMT+0200");
Found : user_pref("CT2475029.WeatherUnit", "C");
Found : user_pref("CT2475029.approveUntrustedApps", true);
Found : user_pref("CT2475029.components.1000034", true);
Found : user_pref("CT2475029.components.1000234", true);
Found : user_pref("CT2475029.components.1000515", true);
Found : user_pref("CT2475029.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Found : user_pref("CT2475029.globalFirstTimeInfoLastCheckTime", "Fri May 27 2011 11:27:27 GMT+0200");
Found : user_pref("CT2475029.isAppTrackingManagerOn", true);
Found : user_pref("CT2475029.myStuffEnabled", true);
Found : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2475029.oldAppsList", "200,129053524177369346,129053524177525597,129464711670611991,129[...]
Found : user_pref("CT2475029.testingCtid", "");
Found : user_pref("CT2475029.toolbarAppMetaDataLastCheckTime", "Thu May 26 2011 21:52:37 GMT+0200");
Found : user_pref("CT2475029.toolbarContextMenuLastCheckTime", "Thu May 26 2011 21:52:47 GMT+0200");
Found : user_pref("CT2475029.usagesFlag", 2);
Found : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874426/870225/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874430/870228/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874431/870229/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874435/870233/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874437/870235/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874438/870236/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874439/870237/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874440/870238/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874441/870239/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874443/870241/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2475029",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2475029/CT2475029[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"cfce4769401cc7a836ed[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"2d502247ac15eff267c[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"59b5af60f34add461fe[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"10c0c7a744426f2bc44[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"7e4633ea527a68a5633[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/34655603.xml", "\"e522a030b29e676b020[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/759251.xml", "\"94a5860cd5d1fb5ad1d2f[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"2bc5db0d9ae97cd57c40d[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Found : user_pref("CommunityToolbar.EngineOwner", "CT2475029");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "myashampoo");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2475029");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "myashampoo");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://results.myway.com/GGmain.jhtml?id[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2475029");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2475029");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu May 26 2011 21:52:39 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertEnabled", true);
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 08:14:18 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 08:14:09 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "04a927d3-6748-4a15-a26e-e47a00e76986");
Found : user_pref("CommunityToolbar.globalUserId", "9d687fe0-9352-4d87-9b8d-0bb8a532ed6e");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2475029");
Found : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200"[...]
Found : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200[...]
Found : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200[...]
Found : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200[...]
Found : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200[...]
Found : user_pref("CommunityToolbar.twitter.user_34655603.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200[...]
Found : user_pref("CommunityToolbar.twitter.user_759251.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200")[...]
Found : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200")[...]
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Jun 18 2011 10:51:53 GMT+0200");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu May 26 2011 21:52:42 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "05/26/2011 22");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Thu May 26 2011 21:52:42 GMT+0200");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu May 26 2011 21:52:39 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri May 27 2011 11:27:29 GMT+0200");
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri May 27 2011 11:27:30 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN94214451531305343");
Found : user_pref("ConduitEngine.engineLocale", "cs");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu May 26 2011 21:52:37 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&Sea[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.IObitBar.openSearchURL", "hxxp://results.myway.com/opensearch.jhtml?osp=mwg&st[...]
Found : user_pref("extensions.IObitBar.prevKwdURL", "hxxp://results.myway.com/GGmain.jhtml?id=YI&ptb=8090482[...]
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B19aebd06-e620-4e91-bddf-a9788f57b117%[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Briza\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.9] : homepage = "hxxp://isearch.avg.com/?cid={9D2FC5F6-F2A9-4C50-B0C1-04BA658D815E}&mid=&lang=&ds=&pr=&d=&v=&sap=hp",
Found [l.53] : icon_url = "hxxp://www.ask.com/favicon.ico",
Found [l.56] : keyword = "ask.com",
Found [l.59] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=1412E1F5-A33E-4289-B07E-D647AD737033&apn_ptnrs=U3&apn_sauid=89ED2A4C-472B-4C33-B30E-17979098E9DF&apn_dtid=OSJ000YYCZ&q={searchTerms}",
Found [l.60] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"
Found [l.1779] : homepage = "hxxp://isearch.avg.com/?cid={9D2FC5F6-F2A9-4C50-B0C1-04BA658D815E}&mid=&lang=&ds=&pr=&d=&v=&sap=hp",

-\\ Opera v12.12.1707.0

File : C:\Users\Briza\AppData\Roaming\Opera\Opera\operaprefs.ini

Found : Home URL=hxxp://my.daemon-search.com/

*************************

AdwCleaner[R1].txt - [24230 octets] - [25/02/2013 19:48:21]

########## EOF - C:\AdwCleaner[R1].txt - [24291 octets] ##########

#7 Příspěvek od **vyosek** » 25 úno 2013 23:55

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Delete
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

liceli · #8 Příspěvek od **liceli** » 26 úno 2013 06:04

Dobré ráno, přikládám log po provedené opravě. Čárka je stále zdvojená.

# AdwCleaner v2.113 - Logfile created 02/26/2013 at 05:55:48
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Briza - TRADER2-PC
# Boot Mode : Normal
# Running from : C:\Users\Briza\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Briza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Briza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Briza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Briza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Briza\AppData\Local\Conduit
Folder Deleted : C:\Users\Briza\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Briza\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Briza\AppData\Roaming\Mozilla\Firefox\Profiles\ofzcbymo.default\Conduit
Folder Deleted : C:\Users\Briza\AppData\Roaming\Mozilla\Firefox\Profiles\ofzcbymo.default\ConduitEngine
Folder Deleted : C:\Users\Briza\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Briza\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1098640
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (cs)

File : C:\Users\Briza\AppData\Roaming\Mozilla\Firefox\Profiles\ofzcbymo.default\prefs.js

C:\Users\Briza\AppData\Roaming\Mozilla\Firefox\Profiles\ofzcbymo.default\user.js ... Deleted !

Deleted : user_pref("CT2475029..clientLogIsEnabled", true);
Deleted : user_pref("CT2475029..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2475029..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2475029.CT2475029", "CT2475029");
Deleted : user_pref("CT2475029.CT2481020.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481024.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481025.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481029.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481031.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481032.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481033.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481034.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481035.CommunityChanged", true);
Deleted : user_pref("CT2475029.CT2481037.CommunityChanged", true);
Deleted : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Fri May 27 2011 12:05:52 GMT+0200");
Deleted : user_pref("CT2475029.CommunityChanged", true);
Deleted : user_pref("CT2475029.CurrentServerDate", "27-5-2011");
Deleted : user_pref("CT2475029.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2475029.DialogsGetterLastCheckTime", "Thu May 26 2011 21:52:40 GMT+0200");
Deleted : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Thu May 26 2011 21:53:24 GMT+0200");
Deleted : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201069983");
Deleted : user_pref("CT2475029.DownloadReferralCookieData", "");
Deleted : user_pref("CT2475029.EMailNotifierPollDate", "Fri May 27 2011 12:30:53 GMT+0200");
Deleted : user_pref("CT2475029.FeedLastCount129133095456874337", 206);
Deleted : user_pref("CT2475029.FeedPollDate129132307482029379", "Fri May 27 2011 11:27:27 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129132307482029381", "Fri May 27 2011 11:27:27 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129132307482029382", "Fri May 27 2011 11:27:27 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129133095459686870", "Fri May 27 2011 11:27:27 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129133095459686871", "Fri May 27 2011 11:27:27 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137437659687146", "Fri May 27 2011 11:27:27 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137437659687147", "Fri May 27 2011 11:27:27 GMT+0200");
Deleted : user_pref("CT2475029.FeedPollDate129137437659687148", "Fri May 27 2011 11:27:27 GMT+0200");
Deleted : user_pref("CT2475029.FeedTTL129132307482029379", 40);
Deleted : user_pref("CT2475029.FeedTTL129132307482029381", 40);
Deleted : user_pref("CT2475029.FeedTTL129132307482029382", 40);
Deleted : user_pref("CT2475029.FeedTTL129133095459686870", 40);
Deleted : user_pref("CT2475029.FeedTTL129133095459686871", 40);
Deleted : user_pref("CT2475029.FeedTTL129137437659687146", 40);
Deleted : user_pref("CT2475029.FeedTTL129137437659687147", 40);
Deleted : user_pref("CT2475029.FeedTTL129137437659687148", 40);
Deleted : user_pref("CT2475029.FirstServerDate", "26-5-2011");
Deleted : user_pref("CT2475029.FirstTime", true);
Deleted : user_pref("CT2475029.FirstTimeFF3", true);
Deleted : user_pref("CT2475029.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2475029.GroupingLastCheckTime", "Thu May 26 2011 21:53:24 GMT+0200");
Deleted : user_pref("CT2475029.GroupingLastErrorCode", "");
Deleted : user_pref("CT2475029.GroupingLastResponse", true);
Deleted : user_pref("CT2475029.GroupingLastServerUpdateTime", "129484884546300000");
Deleted : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2475029.HasUserGlobalKeys", true);
Deleted : user_pref("CT2475029.Initialize", true);
Deleted : user_pref("CT2475029.InitializeCommonPrefs", true);
Deleted : user_pref("CT2475029.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2475029.InstalledDate", "Thu May 26 2011 21:52:45 GMT+0200");
Deleted : user_pref("CT2475029.InvalidateCache", false);
Deleted : user_pref("CT2475029.IsGrouping", true);
Deleted : user_pref("CT2475029.IsMulticommunity", true);
Deleted : user_pref("CT2475029.IsOpenThankYouPage", true);
Deleted : user_pref("CT2475029.IsOpenUninstallPage", true);
Deleted : user_pref("CT2475029.LanguagePackLastCheckTime", "Thu May 26 2011 21:52:45 GMT+0200");
Deleted : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2475029.LastLogin_3.3.3.2", "Fri May 27 2011 11:27:27 GMT+0200");
Deleted : user_pref("CT2475029.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2475029.Locale", "en");
Deleted : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2475029.MCDetectTooltipShow", true);
Deleted : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2475029.RadioIsPodcast", false);
Deleted : user_pref("CT2475029.RadioLastCheckTime", "Thu May 26 2011 21:52:38 GMT+0200");
Deleted : user_pref("CT2475029.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2475029.RadioLastUpdateServer", "129054397178370000");
Deleted : user_pref("CT2475029.RadioMediaID", "13098944");
Deleted : user_pref("CT2475029.RadioMediaType", "Media Player");
Deleted : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT247502913098944");
Deleted : user_pref("CT2475029.RadioStationName", "Mellesleg%20-%20Rapp");
Deleted : user_pref("CT2475029.RadioStationURL", "hxxp://195.228.254.168:8060/");
Deleted : user_pref("CT2475029.SavedHomepage", "hxxp://www.financnik.cz/forum/read.php?23,183980|hxxp://www.fi[...]
Deleted : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Deleted : user_pref("CT2475029.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Thu May 26 2011 21:52:38 GMT+0200");
Deleted : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2475029.ServiceMapLastCheckTime", "Thu May 26 2011 21:52:36 GMT+0200");
Deleted : user_pref("CT2475029.SettingsLastCheckTime", "Fri May 27 2011 11:27:25 GMT+0200");
Deleted : user_pref("CT2475029.SettingsLastUpdate", "1304242869");
Deleted : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Thu May 26 2011 21:52:36 GMT+0200");
Deleted : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2475029");
Deleted : user_pref("CT2475029.UserID", "UN69520950455136480");
Deleted : user_pref("CT2475029.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2475029.WeatherNetwork", "");
Deleted : user_pref("CT2475029.WeatherPollDate", "Fri May 27 2011 12:05:54 GMT+0200");
Deleted : user_pref("CT2475029.WeatherUnit", "C");
Deleted : user_pref("CT2475029.approveUntrustedApps", true);
Deleted : user_pref("CT2475029.components.1000034", true);
Deleted : user_pref("CT2475029.components.1000234", true);
Deleted : user_pref("CT2475029.components.1000515", true);
Deleted : user_pref("CT2475029.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2475029.globalFirstTimeInfoLastCheckTime", "Fri May 27 2011 11:27:27 GMT+0200");
Deleted : user_pref("CT2475029.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2475029.myStuffEnabled", true);
Deleted : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2475029.oldAppsList", "200,129053524177369346,129053524177525597,129464711670611991,129[...]
Deleted : user_pref("CT2475029.testingCtid", "");
Deleted : user_pref("CT2475029.toolbarAppMetaDataLastCheckTime", "Thu May 26 2011 21:52:37 GMT+0200");
Deleted : user_pref("CT2475029.toolbarContextMenuLastCheckTime", "Thu May 26 2011 21:52:47 GMT+0200");
Deleted : user_pref("CT2475029.usagesFlag", 2);
Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874426/870225/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874430/870228/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874431/870229/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874435/870233/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874437/870235/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874438/870236/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874439/870237/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874440/870238/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874441/870239/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874443/870241/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2475029",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2475029/CT2475029[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"cfce4769401cc7a836ed[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"2d502247ac15eff267c[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"59b5af60f34add461fe[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"10c0c7a744426f2bc44[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"7e4633ea527a68a5633[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/34655603.xml", "\"e522a030b29e676b020[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/759251.xml", "\"94a5860cd5d1fb5ad1d2f[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"2bc5db0d9ae97cd57c40d[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2475029");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "myashampoo");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2475029");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "myashampoo");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://results.myway.com/GGmain.jhtml?id[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2475029");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2475029");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu May 26 2011 21:52:39 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 08:14:18 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 08:14:09 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "04a927d3-6748-4a15-a26e-e47a00e76986");
Deleted : user_pref("CommunityToolbar.globalUserId", "9d687fe0-9352-4d87-9b8d-0bb8a532ed6e");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2475029");
Deleted : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200"[...]
Deleted : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200[...]
Deleted : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200[...]
Deleted : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200[...]
Deleted : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200[...]
Deleted : user_pref("CommunityToolbar.twitter.user_34655603.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200[...]
Deleted : user_pref("CommunityToolbar.twitter.user_759251.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200")[...]
Deleted : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200")[...]
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Jun 18 2011 10:51:53 GMT+0200");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu May 26 2011 21:52:42 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "05/26/2011 22");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Thu May 26 2011 21:52:42 GMT+0200");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu May 26 2011 21:52:39 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri May 27 2011 11:27:29 GMT+0200");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri May 27 2011 11:27:30 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN94214451531305343");
Deleted : user_pref("ConduitEngine.engineLocale", "cs");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu May 26 2011 21:52:37 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri May 27 2011 11:27:29 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.IObitBar.openSearchURL", "hxxp://results.myway.com/opensearch.jhtml?osp=mwg&st[...]
Deleted : user_pref("extensions.IObitBar.prevKwdURL", "hxxp://results.myway.com/GGmain.jhtml?id=YI&ptb=8090482[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B19aebd06-e620-4e91-bddf-a9788f57b117%[...]

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Briza\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.9] : homepage = "hxxp://isearch.avg.com/?cid={9D2FC5F6-F2A9-4C50-B0C1-04BA658D815E}&mid=&lang=&ds=[...]
Deleted [l.53] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.56] : keyword = "ask.com",
Deleted [l.59] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=14[...]
Deleted [l.60] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Deleted [l.1779] : homepage = "hxxp://isearch.avg.com/?cid={9D2FC5F6-F2A9-4C50-B0C1-04BA658D815E}&mid=&lang=&ds=&pr[...]

-\\ Opera v12.12.1707.0

File : C:\Users\Briza\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : Home URL=hxxp://my.daemon-search.com/

*************************

AdwCleaner[R1].txt - [24361 octets] - [25/02/2013 19:48:21]
AdwCleaner[R2].txt - [24422 octets] - [25/02/2013 21:00:16]
AdwCleaner[R3].txt - [24483 octets] - [26/02/2013 05:54:22]
AdwCleaner[S1].txt - [24637 octets] - [26/02/2013 05:55:48]

########## EOF - C:\AdwCleaner[S1].txt - [24698 octets] ##########

#9 Příspěvek od **vyosek** » 26 úno 2013 08:42

Odinstalujte MSE, jelikoz je v kolizi s Avastem. Tez odinstalujte Zrychleni Pocitace - zcela zybtecny smejd

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\users\Briza\AppData\Roaming\Awfa
c:\users\Briza\AppData\Roaming\Ipse
c:\program files\Zrychleni Pocitace

File::
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PC SpeedUp Service Deactivator.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=-
"PCSpeedUp"=-
"Nyyxuci"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
[-HKLM\~\startupfolder\C:^Users^Briza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
[-HKLM\~\startupfolder\C:^Users^Briza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

Collect::
c:\users\Briza\AppData\Roaming\Ipse\adcuh.exe

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

liceli · #10 Příspěvek od **liceli** » 26 úno 2013 12:32

Dobrý den, posílám log po aplikaci scriptu. Děkuji.

ComboFix 13-02-24.01 - Briza 26.02.2013 12:11:25.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2943.1876 [GMT 1:00]
Spuštěný z: c:\users\Briza\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Briza\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\PC SpeedUp Service Deactivator.job"
.
file zipped: c:\users\Briza\AppData\Roaming\Ipse\adcuh.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Briza\AppData\Roaming\Awfa
c:\users\Briza\AppData\Roaming\Awfa\ytyxy.tmp
c:\users\Briza\AppData\Roaming\Ipse
c:\users\Briza\AppData\Roaming\Ipse\adcuh.exe
c:\users\Briza\AppData\Roaming\Ipse\libnspr4.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-26 do 2013-02-26 )))))))))))))))))))))))))))))))
.
.
2013-02-26 11:21 . 2013-02-26 11:24 -------- d-----w- c:\users\Briza\AppData\Local\temp
2013-02-26 11:21 . 2013-02-26 11:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-26 11:21 . 2013-02-26 11:21 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-02-26 11:21 . 2013-02-26 11:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-26 11:21 . 2013-02-26 11:21 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-02-26 09:14 . 2013-02-26 09:14 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01AF946C-6037-4C26-A1CA-8BB1B31EC200}\offreg.dll
2013-02-26 05:46 . 2013-02-26 05:47 172 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-25 12:41 . 2013-02-25 12:42 -------- d-----w- C:\rsit
2013-02-25 12:41 . 2013-02-25 12:42 -------- d-----w- c:\program files\trend micro
2013-02-25 09:12 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-25 09:11 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-02-25 09:11 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-25 09:11 . 2013-02-25 09:11 -------- d-----w- c:\programdata\AVAST Software
2013-02-25 09:11 . 2013-02-25 09:11 -------- d-----w- c:\program files\AVAST Software
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 20:25 . 2013-02-14 20:29 -------- d-----r- C:\Others
2013-02-14 18:12 . 2013-02-05 08:54 37344 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2013-02-14 18:12 . 2013-02-05 08:54 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2013-02-14 18:12 . 2012-10-29 11:10 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2013-02-13 05:27 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 05:27 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 05:27 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 05:26 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 05:26 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 05:26 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-10 18:16 . 2012-06-27 08:37 12288 ----a-w- c:\windows\system32\drivers\sscewhnt.sys
2013-02-10 18:16 . 2012-06-27 08:37 12288 ----a-w- c:\windows\system32\drivers\sscewh.sys
2013-02-10 18:16 . 2012-06-27 08:37 98560 ----a-w- c:\windows\system32\drivers\sscebus.sys
2013-02-10 18:16 . 2012-06-27 08:37 14848 ----a-w- c:\windows\system32\drivers\sscemdfl.sys
2013-02-10 18:16 . 2012-06-27 08:37 12416 ----a-w- c:\windows\system32\drivers\sscecmnt.sys
2013-02-10 18:16 . 2012-06-27 08:37 12416 ----a-w- c:\windows\system32\drivers\sscecm.sys
2013-02-10 18:16 . 2012-06-27 08:37 123648 ----a-w- c:\windows\system32\drivers\sscemdm.sys
2013-02-01 08:17 . 2013-02-02 08:07 -------- d-----w- c:\users\Briza\AppData\Local\LogMeIn Rescue Applet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-26 11:23 . 2012-07-03 10:29 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-02-15 05:29 . 2012-04-03 04:38 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-15 05:29 . 2011-09-26 03:24 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-03-10 21:33 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-12 02:30 . 2013-01-13 20:26 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-29 10:26 . 2013-01-05 22:29 8904632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 10:26 . 2013-01-05 22:29 6263784 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:26 . 2013-01-05 22:29 2720696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:26 . 2013-01-05 22:29 20450232 ----a-w- c:\windows\system32\nvoglv32.dll
2012-12-29 10:26 . 2013-01-05 22:29 12641120 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-29 10:26 . 2013-01-05 22:29 7931896 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:26 . 2013-01-05 22:29 1985976 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:26 . 2013-01-05 22:29 17560504 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-29 10:26 . 2012-10-10 20:14 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-29 10:26 . 2012-10-10 20:14 15129064 ----a-w- c:\windows\system32\nvd3dum.dll
2012-12-29 10:26 . 2012-02-09 20:43 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-29 10:26 . 2012-01-02 10:08 2504248 ----a-w- c:\windows\system32\nvapi.dll
2012-12-29 08:26 . 2011-03-23 23:29 4129720 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:26 . 2011-03-23 23:29 3001272 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-29 08:25 . 2011-03-23 23:28 639928 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:25 . 2011-03-23 23:28 108984 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 08:25 . 2010-07-09 14:37 62904 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\system32\nvStreaming.exe
2012-12-16 14:13 . 2012-12-22 08:34 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 05:20 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 05:20 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 05:20 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 05:20 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 05:20 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 05:20 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 05:20 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 05:20 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 05:20 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 05:20 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 05:20 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 05:20 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 05:20 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 05:20 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 05:20 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 05:20 51712 ----a-w- c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-09 05:20 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 05:20 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 05:20 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 05:20 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 05:20 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 05:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 05:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-02-06 16:26 . 2013-02-06 16:25 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 CFcatchme;CFcatchme;c:\users\Briza\AppData\Local\Temp\CFcatchme.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]
R3 TipCtrl;TipCtrl;c:\program files\uTIPu\TipCtrl.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 ftpsvc;Služba Microsoft FTP Service;c:\windows\system32\svchost.exe [x]
S2 HSService;All History Cleaner Service;c:\program files\All History Cleaner\HSService.exe [x]
S2 iprip;Naslouchání RIP;c:\windows\System32\svchost.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LPDService REG_MULTI_SZ LPDSVC
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ftpsvc REG_MULTI_SZ ftpsvc
ipripsvc REG_MULTI_SZ iprip
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-25 20:32 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 05:29]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-08 21:47]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-08 21:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Briza\AppData\Roaming\Mozilla\Firefox\Profiles\ofzcbymo.default\
FF - prefs.js: browser.startup.homepage - hxxp://forum.viry.cz/viewtopic.php?uid=51357&f=13&t=128349&start=0|http://forum.viry.cz/viewtopic.php?f=13 ... 3#p1197893
FF - ExtSQL: 2013-02-25 10:22; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\mqsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\WUDFHost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2013-02-26 12:28:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-26 11:28
ComboFix2.txt 2013-02-25 14:39
.
Před spuštěním: Volných bajtů: 47 019 212 800
Po spuštění: Volných bajtů: 47 087 538 176
.
- - End Of File - - 29A371A978F7B50B4A10C110FB58941B
Nahr nˇ probŘhlo ŁspŘçnŘ

#11 Příspěvek od **vyosek** » 26 úno 2013 15:42

Zdravim

Stahnete Service Repair http://kb.eset.com/library/ESET/KB%20Te ... Repair.exe

Ulozte nejlepe na Plochu
Spustte a potvrdte Yes abyste potvrdil reinstalaci sluzeb
Nasledne kliknutim na Yes potvrdte restart PC
Na Plose vznikne slozka CC Support, najdete tam log SvcRepair.txt - mel by byt CC Support\Logs\SvcRepair.txt - vlozte mi jej sem

liceli · #12 Příspěvek od **liceli** » 26 úno 2013 16:03

Dobrý den, posílám požadovaný log. Moc děkuji za pomoc.

Log Opened: 2013-02-26 @ 15:57:37
15:57:37 - -----------------
15:57:37 - | Begin Logging |
15:57:37 - -----------------
15:57:37 - Fix started on a WIN_7 X86 computer
15:57:37 - Prep in progress. Please Wait.
15:57:39 - Prep complete
15:57:39 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
15:57:42 - Services Repair Complete.
15:57:46 - Reboot Initiated

#13 Příspěvek od **vyosek** » 26 úno 2013 19:07

Ten system je teda pekne naboreny

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

Ulozte nejlepe na Plochu
U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
Kliknete na Scan
Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

liceli · #14 Příspěvek od **liceli** » 26 úno 2013 21:03

Dobrý večer, opět děkuji a vkládám scan:

Farbar Service Scanner Version: 20-02-2013
Ran by Briza (administrator) on 26-02-2013 at 21:01:44
Running from "C:\Users\Briza\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-13 06:26] - [2013-01-03 06:05] - 1293672 ____A (Microsoft Corporation) 7C0507D2391AF5933600CBCED799F277

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#15 Příspěvek od **vyosek** » 27 úno 2013 08:27

Zdravicko,

jak se chova nas pacient??

VIRY.CZ

prosba o pomoc se zdvojením háčků WIN 7

prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7

Re: prosba o pomoc se zdvojením háčků WIN 7