vir z mediafire

Zpráva

2petterson · #1 Příspěvek od **2petterson** » 27 led 2013 15:34

Zdravím, včera mi přišel na fb odkaz s virem a ja de*il sem na něj samozřejmě klikl

.. myslel jsem že už jsem ho odstranil ale teď když jsem připojil SD kartu do PC tak mi to tu kartu asi preformatovalo a misto složek jsou tam zástupci s tím virem...kdyz na nej kliknu tak sem o5 naleti asi 20 viru, windows se vypne a obnovi se na posledni spravny start windows..pak jsem zkousel tam dat i jinou SD a ta se taky preformatovala takze vir musel zustat v pc..diky za pomoc...

log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomášek at 2013-01-27 13:14:42
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 114 GB (23%) free of 500 GB
Total RAM: 3579 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:21:03, on 27.1.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Tomášek\Downloads\RSIT.exe
C:\Program Files\trend micro\Tomášek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 6F65256D0A}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo1.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - D:\programy\Babylon\Utils\BabylonIEPI.dll (file missing)
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo1.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [Microsoft Windows Service] C:\Users\Tomášek\46357865364647353\winsvc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-260079375-1809308530-3501432244-1005\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Hanka')
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\david\Desktop\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\david\Desktop\PartyPoker.lnk
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\programy\Babylon\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\programy\Babylon\Utils\BabylonIEPI.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~1\wi3c8a~1\datamngr\datamngr.dll c:\progra~1\wi3c8a~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Evolve Service (EvoSvc) - Echobit LLC - D:\programy\evolve\EvoSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - D:\programy\3ds\mentalimages\satellite\raysat_3dsmax2011_32server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 9775 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.searchqu.com/406"
prefs.js - "extensions.enabledItems" - "bkmrksync@nokia.com:1.0.0.736, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51, plugin2@gameplaylabs.com:2.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... 00YYCZ&&q="

"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
SearchResults.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\extensions\
{99079a25-328f-4bd4-be04-00955acaa0a7}

C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\searchplugins\
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTo1.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-12 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
Searchqu Toolbar - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll [2011-05-31 88976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - D:\programy\Babylon\Utils\BabylonIEPI.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
UrlHelper Class - C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll [2011-06-01 1236376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-12-10 1520840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-12 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
BandooIEPlugin Class - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll [2011-05-25 2046864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll [2011-05-31 88976]
{687578b9-7132-4a7a-80e4-30ee31099e03} - uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTo1.dll [2011-05-09 176936]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-12-10 1520840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 947176]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"AdobeCS6ServiceManager"=C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-12-10 1573576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedUpMyPC"=C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe -d 20000 []
"AdobeBridge"= []
"NokiaSuite.exe"=C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-08-03 1086376]
"Microsoft Windows Service"=C:\Users\Tomášek\46357865364647353\winsvc.exe [2013-01-26 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\wi3c8a~1\datamngr\datamngr.dll c:\progra~1\wi3c8a~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.CFHD"=CFHD.DLL
"msacm.l3codecp"=l3codecp.acm
"vidc.mjpg"=bdmjpeg.dll
"vidc.mpeg"=bdmpegv.dll
"msacm.bdmpeg"=bdmpega.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-27 13:14:43 ----D---- C:\Program Files\trend micro
2013-01-27 13:14:42 ----D---- C:\rsit
2013-01-27 11:24:13 ----A---- C:\Users\Tomášek\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
2013-01-27 11:24:06 ----A---- C:\Users\Tomášek\AppData\Roaming\nMNtffsdf5ev.exe
2013-01-27 11:23:52 ----AH---- C:\Users\Tomášek\AppData\Roaming\winsvcns.sys
2013-01-24 12:41:48 ----D---- C:\Program Files\Ask.com
2013-01-24 12:31:01 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-01-24 12:31:01 ----A---- C:\Windows\system32\javaw.exe
2013-01-24 12:31:00 ----A---- C:\Windows\system32\java.exe
2013-01-21 17:35:52 ----D---- C:\Users\Tomášek\AppData\Roaming\Need for Speed Most Wanted
2013-01-15 21:36:59 ----D---- C:\Users\Tomášek\AppData\Roaming\ts3overlay
2013-01-15 20:55:55 ----D---- C:\Users\Tomášek\AppData\Roaming\TS3Client
2013-01-15 13:09:30 ----A---- C:\Windows\system32\mshtml.dll
2013-01-14 19:24:21 ----A---- C:\Users\Tomášek\AppData\Roaming\PnkBstrK.sys
2013-01-09 10:14:59 ----A---- C:\Windows\system32\usp10.dll
2013-01-09 10:14:57 ----A---- C:\Windows\system32\win32k.sys
2013-01-09 10:14:54 ----A---- C:\Windows\system32\win32spl.dll
2013-01-09 10:14:42 ----A---- C:\Windows\system32\msxml6.dll
2013-01-09 10:14:39 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-09 10:14:38 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 10:14:38 ----A---- C:\Windows\system32\winsrv.dll
2013-01-09 10:14:38 ----A---- C:\Windows\system32\kernel32.dll
2013-01-09 10:14:38 ----A---- C:\Windows\system32\conhost.exe
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 10:14:37 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 10:14:36 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 10:14:36 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 10:14:36 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 10:14:36 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 10:14:36 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 10:14:36 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 10:14:36 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 10:14:36 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 10:14:36 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 10:14:36 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 10:14:36 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 10:14:36 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 10:14:35 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 10:14:34 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 10:14:14 ----A---- C:\Windows\system32\Wpc.dll
2013-01-09 10:14:14 ----A---- C:\Windows\system32\gameux.dll
2013-01-09 10:14:10 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-09 10:14:09 ----A---- C:\Windows\system32\taskhost.exe
2013-01-03 20:04:26 ----HD---- C:\Windows\BitLockerDiscoveryVolumeContents
2013-01-03 20:04:26 ----D---- C:\Windows\SysWOW64
2013-01-03 20:04:26 ----D---- C:\Windows\system32\1033
2013-01-01 19:41:32 ----A---- C:\Windows\Mhpb.ini

======List of files/folders modified in the last 1 month======

2013-01-27 13:20:46 ----D---- C:\Users\Tomášek\AppData\Roaming\Skype
2013-01-27 13:20:35 ----D---- C:\Windows\Temp
2013-01-27 13:14:43 ----RD---- C:\Program Files
2013-01-27 11:58:21 ----D---- C:\Windows\system32\config
2013-01-27 11:36:38 ----D---- C:\Windows\System32
2013-01-27 11:36:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-27 11:36:37 ----D---- C:\Windows\inf
2013-01-27 11:06:27 ----SHD---- C:\System Volume Information
2013-01-27 10:52:12 ----D---- C:\Windows\Tasks
2013-01-27 10:52:12 ----D---- C:\Windows\system32\wfp
2013-01-27 10:52:12 ----D---- C:\Windows\system32\Tasks
2013-01-27 10:52:12 ----D---- C:\Windows\system32\DriverStore
2013-01-27 10:52:12 ----D---- C:\Windows\system32\drivers\etc
2013-01-27 10:52:12 ----D---- C:\Windows\system32\catroot2
2013-01-27 10:52:12 ----D---- C:\Windows
2013-01-27 10:52:11 ----D---- C:\Windows\system32\wbem
2013-01-27 10:52:11 ----D---- C:\Windows\system32\drivers
2013-01-27 10:52:10 ----D---- C:\Windows\registration
2013-01-26 22:54:56 ----SHD---- C:\Windows\Installer
2013-01-26 22:54:36 ----D---- C:\Users\Tomášek\AppData\Roaming\.minecraft
2013-01-26 22:54:06 ----D---- C:\Program Files\Java
2013-01-26 20:37:38 ----D---- C:\Windows\Prefetch
2013-01-21 20:41:58 ----HD---- C:\Program Files\InstallShield Installation Information
2013-01-21 20:16:59 ----A---- C:\Windows\system32\PnkBstrB.exe
2013-01-21 20:13:51 ----RSD---- C:\Windows\assembly
2013-01-21 10:58:25 ----D---- C:\Windows\system32\NDF
2013-01-15 20:52:22 ----D---- C:\ProgramData\boost_interprocess
2013-01-15 13:41:11 ----D---- C:\ProgramData\tmp
2013-01-15 13:08:29 ----D---- C:\Windows\system32\catroot
2013-01-15 13:08:25 ----D---- C:\Windows\winsxs
2013-01-10 11:58:04 ----D---- C:\Windows\rescache
2013-01-10 11:30:01 ----D---- C:\Windows\Microsoft.NET
2013-01-10 10:27:46 ----D---- C:\Windows\system32\cs-CZ
2013-01-09 22:20:02 ----A---- C:\Windows\system32\MRT.exe
2012-12-28 07:37:21 ----D---- C:\Users\Tomášek\AppData\Roaming\MAXON
2012-12-28 07:37:16 ----HD---- C:\ProgramData
2012-12-28 07:37:14 ----D---- C:\Program Files\MAXON

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-08-30 193552]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-21 691696]
R1 CLBStor;InstantBurn Storage Helper Driver; C:\Windows\system32\drivers\CLBStor.sys [2007-06-04 16048]
R1 MpKsla6e97317;MpKsla6e97317; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6D6C53CF-6BE4-4496-BCFA-F5CFF6408B8C}\MpKsla6e97317.sys [2013-01-27 29904]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2008-01-17 41456]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; C:\Windows\system32\drivers\CLBUDF.sys [2007-06-04 162096]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 99272]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-05-25 7772160]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-05-25 243712]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 104976]
R3 DynCal;Dynamic Calibration Service; C:\Windows\system32\drivers\Dyncal.sys [2007-11-07 12928]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver; C:\Windows\system32\DRIVERS\evolve.sys [2012-10-01 18584]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 a9y6n9fw;a9y6n9fw; C:\Windows\system32\drivers\a9y6n9fw.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ALSysIO;ALSysIO; \??\C:\Users\TOMEK~1\AppData\Local\Temp\ALSysIO.sys []
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-05-25 7772160]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\D:\programy\Garena Plus\Room\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-09-20 25280]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-27 19072]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-07-09 44032]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 xnacc;Služba ovladače pro řadič XBOX 360 pro systém Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 465408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-05-25 176128]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 Bandoo Coordinator;Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [2011-05-25 1617296]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit; D:\programy\3ds\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 20472]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-09-12 76888]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2010-08-19 247152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-08-01 724888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-04 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 EvoSvc;Evolve Service; D:\programy\evolve\EvoSvc.exe [2013-01-14 1531352]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-08-23 1045256]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-04 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 821648]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-14 114144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-10-04 529744]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-19 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 27 led 2013 15:40

Zdravim

Myslim ze data na tech SD kartach jsou, nebojte - ty ale poresime az polecime PC

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

2petterson · #3 Příspěvek od **2petterson** » 27 led 2013 15:49

tady je ten rkill..btw je to presne tohle http://forum.viry.cz/viewtopic.php?f=13&t=127545

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/27/2013 03:43:56 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/27/2013 03:44:11 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

#4 Příspěvek od **vyosek** » 27 led 2013 16:31

Fajn, pockam si na ComboFix

2petterson · #5 Příspěvek od **2petterson** » 27 led 2013 18:06

ComboFix 13-01-27.03 - Tomášek 27.01.2013 17:50:21.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3579.2432 [GMT 1:00]
Spuštěný z: c:\users\Tomášek\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\tmp70B1.tmp
c:\windows\system32\tmp70B2.tmp
c:\windows\system32\tmp7A4D.tmp
c:\windows\system32\tmp7A5E.tmp
c:\windows\UA000079.DLL
c:\windows\UA000106.DLL
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-27 do 2013-01-27 )))))))))))))))))))))))))))))))
.
.
2013-01-27 16:59 . 2013-01-27 17:00 -------- d-----w- c:\users\Tomášek\AppData\Local\temp
2013-01-27 16:59 . 2013-01-27 16:59 -------- d-----w- c:\users\dp92cz\AppData\Local\temp
2013-01-27 16:59 . 2013-01-27 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-27 16:59 . 2013-01-27 16:59 -------- d-----w- c:\users\Milan\AppData\Local\temp
2013-01-27 12:14 . 2013-01-27 12:21 -------- d-----w- c:\program files\trend micro
2013-01-27 12:14 . 2013-01-27 12:21 -------- d-----w- C:\rsit
2013-01-27 11:58 . 2013-01-27 11:58 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D6C53CF-6BE4-4496-BCFA-F5CFF6408B8C}\MpKsla6e97317.sys
2013-01-27 10:59 . 2013-01-27 10:59 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D6C53CF-6BE4-4496-BCFA-F5CFF6408B8C}\offreg.dll
2013-01-27 10:56 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D6C53CF-6BE4-4496-BCFA-F5CFF6408B8C}\mpengine.dll
2013-01-27 10:24 . 2013-01-27 11:00 1252502 ----a-w- c:\users\Tomášek\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
2013-01-27 10:24 . 2013-01-27 11:00 218774 ----a-w- c:\users\Tomášek\AppData\Roaming\nMNtffsdf5ev.exe
2013-01-27 10:23 . 2013-01-27 10:59 0 ---ha-w- c:\users\Tomášek\AppData\Roaming\winsvcns.sys
2013-01-27 10:06 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-26 19:35 . 2013-01-27 10:22 -------- d-sh--r- c:\users\Tomášek\46357865364647353
2013-01-24 11:41 . 2013-01-24 11:41 -------- d-----w- c:\users\Milan\AppData\Local\APN
2013-01-24 11:41 . 2013-01-26 21:54 -------- d-----w- c:\program files\Ask.com
2013-01-24 11:31 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-21 16:35 . 2013-01-21 16:35 -------- d-----w- c:\users\Tomášek\AppData\Roaming\Need for Speed Most Wanted
2013-01-21 09:58 . 2013-01-21 09:58 -------- d-----w- c:\users\Milan\AppData\Local\Diagnostics
2013-01-18 17:52 . 2013-01-18 17:52 -------- d-----w- c:\users\Milan\AppData\Local\Apple Computer
2013-01-17 11:40 . 2013-01-17 11:40 -------- d-----w- c:\users\Milan\AppData\Local\Apple
2013-01-15 20:36 . 2013-01-15 20:36 -------- d-----w- c:\users\Tomášek\AppData\Roaming\ts3overlay
2013-01-15 19:55 . 2013-01-16 20:54 -------- d-----w- c:\users\Tomášek\AppData\Roaming\TS3Client
2013-01-15 12:04 . 2013-01-15 16:37 -------- d-----w- c:\users\Milan\AppData\Local\Adobe
2013-01-14 20:26 . 2013-01-14 20:26 -------- d-----w- c:\users\Tomášek\AppData\Local\Activision
2013-01-14 18:24 . 2013-01-14 18:24 22328 ----a-w- c:\users\Tomášek\AppData\Roaming\PnkBstrK.sys
2013-01-03 19:04 . 2013-01-03 19:04 -------- d--h--w- c:\windows\BitLockerDiscoveryVolumeContents
2013-01-03 19:04 . 2013-01-03 19:04 -------- d-----w- c:\windows\SysWOW64
2013-01-03 19:04 . 2013-01-03 19:04 -------- d-----w- c:\windows\system32\1033
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-27 11:00 . 2013-01-27 10:24 1252502 ----a-w- c:\users\Tomášek\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
2013-01-27 11:00 . 2013-01-27 10:24 1252502 ----a-w- c:\users\Tomášek\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
2013-01-27 11:00 . 2013-01-27 10:24 218774 ----a-w- c:\users\Tomášek\AppData\Roaming\nMNtffsdf5ev.exe
2013-01-27 11:00 . 2013-01-27 10:24 218774 ----a-w- c:\users\Tomášek\AppData\Roaming\nMNtffsdf5ev.exe
2013-01-27 10:59 . 2013-01-27 10:23 0 ---ha-w- c:\users\Tomášek\AppData\Roaming\winsvcns.sys
2013-01-27 10:59 . 2013-01-27 10:23 0 ---ha-w- c:\users\Tomášek\AppData\Roaming\winsvcns.sys
2013-01-21 19:16 . 2012-01-27 20:37 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-01-14 18:24 . 2013-01-14 18:24 22328 ----a-w- c:\users\Tomášek\AppData\Roaming\PnkBstrK.sys
2013-01-14 18:24 . 2013-01-14 18:24 22328 ----a-w- c:\users\Tomášek\AppData\Roaming\PnkBstrK.sys
2013-01-14 18:24 . 2012-05-25 18:34 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-01-14 18:23 . 2012-01-27 20:37 107832 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-16 14:13 . 2012-12-21 22:47 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-28 12:14 . 2012-11-28 12:15 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B72B98AE-4104-4CC8-905E-F5DAFEEF7F8B}\gapaengine.dll
2012-11-21 13:10 . 2012-11-21 13:10 3123272 ----a-r- c:\windows\system32\pbsvc.exe
2012-11-12 11:52 . 2012-12-12 11:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 11:52 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 11:52 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-09-14 09:02 . 2012-09-14 09:01 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTo1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTo1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]
"Microsoft Windows Service"="c:\users\Tomášek\46357865364647353\winsvc.exe" [2013-01-26 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-10 1573576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI3C8A~1\Datamngr\datamngr.dll c:\progra~1\WI3C8A~1\Datamngr\IEBHO.dll c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;d:\programy\3ds\mentalimages\satellite\raysat_3dsmax2011_32server.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\TOMEK~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EvoSvc;Evolve Service;d:\programy\evolve\EvoSvc.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\programy\Garena Plus\Room\safedrv.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 CLBStor;InstantBurn Storage Helper Driver; [x]
S1 MpKsla6e97317;MpKsla6e97317;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D6C53CF-6BE4-4496-BCFA-F5CFF6408B8C}\MpKsla6e97317.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [x]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLA6E97317
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-23 21:30 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-04 11:27]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-04 11:27]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3F743622-AA7E-11E1-A939-1C6F65256D0A}
TCP: DhcpNameServer = 77.48.31.69 192.168.1.1
FF - ProfilePath - c:\users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=58E958B8-CA4C-4EA8-ACC6-AA5DE7D5F961&apn_ptnrs=U3&apn_sauid=AA1CE852-BFDB-46CD-BAAD-BC2405D4F29D&apn_dtid=OSJ000YYCZ&&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
HKCU-Run-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
HKCU-Run-AdobeBridge - (no file)
AddRemove-Fotostar Offline client - d:\programy\Fotostar Offline client\uninstall.exe
AddRemove-GoPro CineForm Studio - d:\programy\CineForm Studio\uninst.exe
AddRemove-GotClip - d:\programy\GotClip\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-260079375-1809308530-3501432244-1003\Software\SecuROM\License information*]
"datasecu"=hex:10,ae,c6,e6,6d,75,25,ec,f8,66,17,c3,cf,25,2b,25,fc,36,bf,7c,d6,
5f,6e,2d,92,6d,09,84,0c,a6,87,d9,96,78,63,8d,9a,04,61,35,40,f2,ef,95,d4,b3,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_USERS\S-1-5-21-260079375-1809308530-3501432244-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\d:\hry\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T16:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T16:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T16:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-260079375-1809308530-3501432244-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\d:\hry\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"2011-10-10T16:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00"
"qkrcodecs4.dll"=multi:"2011-10-10T16:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00"
"qtwcodecs4.dll"=multi:"2011-10-10T16:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00"
.
[HKEY_USERS\S-1-5-21-260079375-1809308530-3501432244-1003\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\d:\hry\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T16:42\00\00"
"qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
[HKEY_USERS\S-1-5-21-260079375-1809308530-3501432244-1003\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\d:\hry\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-01-27 18:02:13
ComboFix-quarantined-files.txt 2013-01-27 17:02
.
Před spuštěním: Volných bajtů: 123 918 389 248
Po spuštění: Volných bajtů: 132 237 168 640
.
- - End Of File - - D7D7C61A1E377C1137C60704D44D2F59

#6 Příspěvek od **vyosek** » 27 led 2013 18:10

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Search
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

2petterson · #7 Příspěvek od **2petterson** » 27 led 2013 18:30

# AdwCleaner v2.109 - Logfile created 01/27/2013 at 18:26:46
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Tomášek - MILAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Tomášek\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : Bandoo Coordinator

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Found : C:\user.js
File Found : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Found : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Found : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage
File Found : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage-journal
File Found : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.sweetim.com_0.localstorage
File Found : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.sweetim.com_0.localstorage-journal
File Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\searchplugins\Conduit.xml
File Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\searchplugins\daemon-search.xml
File Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\searchplugins\SearchResults.xml
File Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\searchplugins\SweetIm.xml
File Found : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\8ysuh2er.default\searchplugins\Askcom.xml
File Found : C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\searchplugins\icqplugin.xml
File Found : C:\Windows\system32\bandoolmx.dll
Folder Found : C:\Program Files\1ClickDownload
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Bandoo
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\DAEMON Tools Toolbar
Folder Found : C:\Program Files\Ilivid
Folder Found : C:\Program Files\SweetIM
Folder Found : C:\Program Files\uTorrentControl2
Folder Found : C:\Program Files\Windows iLivid Toolbar
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Bandoo
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\Users\david\AppData\Local\Babylon
Folder Found : C:\Users\david\AppData\Local\Conduit
Folder Found : C:\Users\david\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\david\AppData\LocalLow\Conduit
Folder Found : C:\Users\david\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\david\AppData\LocalLow\searchquband
Folder Found : C:\Users\david\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\david\AppData\LocalLow\uTorrentControl2
Folder Found : C:\Users\david\AppData\Roaming\Babylon
Folder Found : C:\Users\david\AppData\Roaming\Bandoo
Folder Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\Conduit
Folder Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\ConduitCommon
Folder Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\CT3072253
Folder Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
Folder Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\extensions\ffox@bandoo.com
Folder Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\Searchqutoolbar
Folder Found : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\SweetPacksToolbarData
Folder Found : C:\Users\Hanka\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Hanka\AppData\LocalLow\Conduit
Folder Found : C:\Users\Hanka\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Hanka\AppData\LocalLow\searchquband
Folder Found : C:\Users\Hanka\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Hanka\AppData\LocalLow\SweetIM
Folder Found : C:\Users\Hanka\AppData\LocalLow\uTorrentControl2
Folder Found : C:\Users\Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\hrif2gw0.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Found : C:\Users\Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\hrif2gw0.default\Searchqutoolbar
Folder Found : C:\Users\Milan\AppData\Local\APN
Folder Found : C:\Users\Milan\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Milan\AppData\LocalLow\Conduit
Folder Found : C:\Users\Milan\AppData\LocalLow\searchquband
Folder Found : C:\Users\Milan\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Milan\AppData\LocalLow\uTorrentControl2
Folder Found : C:\Users\Milan\AppData\Roaming\Bandoo
Folder Found : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\8ysuh2er.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Found : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\8ysuh2er.default\extensions\toolbar@ask.com
Folder Found : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\8ysuh2er.default\Searchqutoolbar
Folder Found : C:\Users\Tomášek\AppData\Local\Babylon
Folder Found : C:\Users\Tomášek\AppData\Local\Conduit
Folder Found : C:\Users\Tomášek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Found : C:\Users\Tomášek\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Tomášek\AppData\LocalLow\Conduit
Folder Found : C:\Users\Tomášek\AppData\LocalLow\searchquband
Folder Found : C:\Users\Tomášek\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Tomášek\AppData\LocalLow\SweetIM
Folder Found : C:\Users\Tomášek\AppData\LocalLow\uTorrentControl2
Folder Found : C:\Users\Tomášek\AppData\Roaming\Babylon
Folder Found : C:\Users\Tomášek\AppData\Roaming\Bandoo
Folder Found : C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\Conduit
Folder Found : C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Found : C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\Searchqutoolbar
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Found : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~1\Bandoo\BndHook.dll
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\incredibar.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCoordinator.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\FlashAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator.1
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI.1
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult.1
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier
Key Found : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl
Key Found : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl.1
Key Found : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl
Key Found : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{732F6ADF-ECA5-49A3-A5CE-0A4AB6614716}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A058A7C-D616-49F4-9321-300405C2D076}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\Software\uTorrentControl2
Key Found : HKU\S-1-5-21-260079375-1809308530-3501432244-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-260079375-1809308530-3501432244-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [ffox@bandoo.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_def
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3F743622-AA7E-11E1-A939-1C6F65256D0A}

-\\ Mozilla Firefox v15.0 (cs)

File : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\8ysuh2er.default\prefs.js

Found : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
Found : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1301502527");
Found : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1301502529");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_h", "1301502529");
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&appi[...]

File : C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\prefs.js

Found : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2438727.CTID", "CT2438727");
Found : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("CT2438727.CurrentServerDate", "24-1-2011");
Found : user_pref("CT2438727.DialogsAlignMode", "LTR");
Found : user_pref("CT2438727.DownloadReferralCookieData", "");
Found : user_pref("CT2438727.FirstServerDate", "24-11-2010");
Found : user_pref("CT2438727.FirstTime", true);
Found : user_pref("CT2438727.FirstTimeFF3", true);
Found : user_pref("CT2438727.FirstTimeSettingsDone", true);
Found : user_pref("CT2438727.FixPageNotFoundErrors", true);
Found : user_pref("CT2438727.GroupingInvalidateCache", false);
Found : user_pref("CT2438727.GroupingLastCheckTime", "0");
Found : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2438727.Initialize", true);
Found : user_pref("CT2438727.InitializeCommonPrefs", true);
Found : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2438727.InstalledDate", "Wed Nov 24 2010 14:42:15 GMT+0100");
Found : user_pref("CT2438727.InvalidateCache", false);
Found : user_pref("CT2438727.IsGrouping", false);
Found : user_pref("CT2438727.IsMulticommunity", false);
Found : user_pref("CT2438727.IsOpenThankYouPage", true);
Found : user_pref("CT2438727.IsOpenUninstallPage", true);
Found : user_pref("CT2438727.LanguagePackLastCheckTime", "Mon Jan 24 2011 13:05:20 GMT+0100");
Found : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2438727.LastLogin_2.7.1.3", "Mon Jan 24 2011 13:05:20 GMT+0100");
Found : user_pref("CT2438727.LatestVersion", "2.7.1.3");
Found : user_pref("CT2438727.Locale", "en");
Found : user_pref("CT2438727.LoginCache", 4);
Found : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Found : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Found : user_pref("CT2438727.RadioLastCheckTime", "0");
Found : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
Found : user_pref("CT2438727.RadioLastUpdateServer", "0");
Found : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Found : user_pref("CT2438727.SearchInNewTabEnabled", true);
Found : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Mon Jan 24 2011 13:05:19 GMT+0100");
Found : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2438727.SettingsLastCheckTime", "Mon Jan 24 2011 13:05:52 GMT+0100");
Found : user_pref("CT2438727.SettingsLastUpdate", "1287517459");
Found : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sun Jan 09 2011 10:05:25 GMT+0100");
Found : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2438727.Uninstall", true);
Found : user_pref("CT2438727.UserID", "UN63278650369032219");
Found : user_pref("CT2438727.ValidationData_Search", 0);
Found : user_pref("CT2438727.ValidationData_Toolbar", 2);
Found : user_pref("CT2438727.alertChannelId", "832836");
Found : user_pref("CT2438727.backendstorage.currentgame", "796F76696C6C65");
Found : user_pref("CT2438727.clientLogIsEnabled", false);
Found : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2438727.myStuffEnabled", true);
Found : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Dec 07 2010 15:48:14 GMT+0100");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Dec 07 2010 16:08:30 GMT+0100");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "{e0930d5b-ce60-47a6-a1a9-c23ffed24d42}");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
Found : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1301408931");
Found : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1301408933");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_dealsplugin.com/", "1301408933");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_facebook.com", "1301408933");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_h", "1301408933");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_hxxp", "1301408933");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_iqquizgame.com/", "1301408933");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_play-ga.me/", "1301408933");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_revealmycrush.com/", "1301408933");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1301408933");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/plugin", "1301408933");
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&appi[...]

File : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\prefs.js

Found : user_pref("CT3072253..clientLogIsEnabled", false);
Found : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3072253.AppTrackingLastCheckTime", "Sun May 13 2012 15:56:38 GMT+0200");
Found : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Found : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Found : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Found : user_pref("CT3072253.CTID", "CT3072253");
Found : user_pref("CT3072253.CurrentServerDate", "12-1-2013");
Found : user_pref("CT3072253.DSChangedManually", true);
Found : user_pref("CT3072253.DSInstall", true);
Found : user_pref("CT3072253.DSProtectChoice", true);
Found : user_pref("CT3072253.DSProtectCount", 1);
Found : user_pref("CT3072253.DialogsAlignMode", "LTR");
Found : user_pref("CT3072253.DialogsGetterLastCheckTime", "Sat Jan 12 2013 12:07:01 GMT+0100");
Found : user_pref("CT3072253.DownloadReferralCookieData", "");
Found : user_pref("CT3072253.FirstServerDate", "7-5-2012");
Found : user_pref("CT3072253.FirstTime", true);
Found : user_pref("CT3072253.FirstTimeFF3", true);
Found : user_pref("CT3072253.FixPageNotFoundErrors", true);
Found : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3072253.HPInstall", true);
Found : user_pref("CT3072253.HasUserGlobalKeys", true);
Found : user_pref("CT3072253.HomePageProtectorEnabled", true);
Found : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=[...]
Found : user_pref("CT3072253.Initialize", true);
Found : user_pref("CT3072253.InitializeCommonPrefs", true);
Found : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3072253.InstallationId", "fft7ABE.tmp.exe");
Found : user_pref("CT3072253.InstallationType", "XPE");
Found : user_pref("CT3072253.InstalledDate", "Mon May 07 2012 13:35:04 GMT+0200");
Found : user_pref("CT3072253.IsAlertDBUpdated", true);
Found : user_pref("CT3072253.IsGrouping", false);
Found : user_pref("CT3072253.IsInitSetupIni", true);
Found : user_pref("CT3072253.IsMulticommunity", false);
Found : user_pref("CT3072253.IsOpenThankYouPage", true);
Found : user_pref("CT3072253.IsOpenUninstallPage", false);
Found : user_pref("CT3072253.IsProtectorsInit", true);
Found : user_pref("CT3072253.LanguagePackLastCheckTime", "Sat Jan 12 2013 12:07:02 GMT+0100");
Found : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3072253.LastLogin_3.12.0.8", "Mon May 07 2012 13:35:06 GMT+0200");
Found : user_pref("CT3072253.LastLogin_3.12.2.3", "Wed May 30 2012 23:09:10 GMT+0200");
Found : user_pref("CT3072253.LastLogin_3.13.0.6", "Tue Jul 17 2012 01:18:03 GMT+0200");
Found : user_pref("CT3072253.LastLogin_3.14.1.0", "Thu Aug 30 2012 20:27:44 GMT+0200");
Found : user_pref("CT3072253.LastLogin_3.15.1.0", "Mon Nov 12 2012 20:46:58 GMT+0100");
Found : user_pref("CT3072253.LastLogin_3.16.0.3", "Sat Jan 12 2013 12:07:02 GMT+0100");
Found : user_pref("CT3072253.LatestVersion", "3.16.0.3");
Found : user_pref("CT3072253.Locale", "en");
Found : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Found : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Found : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8");
Found : user_pref("CT3072253.SHRINK_TOOLBAR", 1);
Found : user_pref("CT3072253.SavedHomepage", "hxxp://search.babylon.com/home");
Found : user_pref("CT3072253.SearchBoxWidth", 100);
Found : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Found : user_pref("CT3072253.SearchEngineBeforeUnload", "Google");
Found : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Found : user_pref("CT3072253.SearchInNewTabEnabled", true);
Found : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sat Jan 12 2013 12:07:01 GMT+0100");
Found : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3072253.SearchProtectorEnabled", false);
Found : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Found : user_pref("CT3072253.ServiceMapLastCheckTime", "Sat Jan 12 2013 12:07:01 GMT+0100");
Found : user_pref("CT3072253.SettingsLastCheckTime", "Sat Jan 12 2013 12:07:01 GMT+0100");
Found : user_pref("CT3072253.SettingsLastUpdate", "1357977627");
Found : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Found : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Mon May 07 2012 13:35:01 GMT+0200");
Found : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Found : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3072253.UserID", "UN05884550297346502");
Found : user_pref("CT3072253.ValidationData_Toolbar", 1);
Found : user_pref("CT3072253.alertChannelId", "1463702");
Found : user_pref("CT3072253.autoDisableScopes", -1);
Found : user_pref("CT3072253.backendstorage.cbcountry_000", "435A");
Found : user_pref("CT3072253.backendstorage.cbfirsttime", "4D6F6E204D617920303720323031322031333A33353A31312[...]
Found : user_pref("CT3072253.backendstorage.for_aoi", "31333336333937393136");
Found : user_pref("CT3072253.backendstorage.for_ccid", "427973747269636520506F6420486F7374796E656D");
Found : user_pref("CT3072253.backendstorage.for_cid", "435A");
Found : user_pref("CT3072253.backendstorage.for_ip", "37372E34382E33312E31");
Found : user_pref("CT3072253.backendstorage.for_lcut", "31333337313837323731");
Found : user_pref("CT3072253.backendstorage.for_rid", "3930");
Found : user_pref("CT3072253.backendstorage.for_zoneid", "3136393030");
Found : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6[...]
Found : user_pref("CT3072253.components.129573915102477663", false);
Found : user_pref("CT3072253.components.129593762370823811", false);
Found : user_pref("CT3072253.components.129749445881800338", false);
Found : user_pref("CT3072253.components.129805375651312503", false);
Found : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Mon May 07 2012 13:35:05 GMT+0200");
Found : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3072253.initDone", true);
Found : user_pref("CT3072253.isAppTrackingManagerOn", true);
Found : user_pref("CT3072253.myStuffEnabled", true);
Found : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3072253.navigateToUrlOnSearch", false);
Found : user_pref("CT3072253.revertSettingsEnabled", true);
Found : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Found : user_pref("CT3072253.testingCtid", "");
Found : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sat Jan 12 2013 12:07:01 GMT+0100");
Found : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon May 07 2012 13:35:06 GMT+0200");
Found : user_pref("CT3072253.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3072253&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentControl2 Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"86a[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\david\\AppData\\Roaming\\Mozilla\\F[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=KW_def[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Found : user_pref("CommunityToolbar.globalUserId", "4ede357f-817e-47e8-ad2b-2028a48e5e65");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon May 14 2012 13:35:0[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 16 2012 23:55:54 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "ccac0787-ed3a-4a61-b529-920bc1d83aeb");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/home");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={3F743622-AA7E-11E1-A939-1C6F[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...]
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "eaafd7c80000000000001c6f65256d0a");
Found : user_pref("extensions.BabylonToolbar_i.id", "eaafd7c80000000000001c6f65256d0a");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15376");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_def");
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:42:33");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.enabledAddons", "ffox@bandoo.com:5.1,plugin2@gameplaylabs.com:2.0,{687578b9-71[...]
Found : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1301408464");
Found : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1301408465");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_dealsplugin.com/", "1301408465");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_facebook.com", "1301408465");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_h", "1301408465");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_hxxp", "1301408465");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_iqquizgame.com/", "1301408465");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_play-ga.me/", "1301408465");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_revealmycrush.com/", "1301408465");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1301408465");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/plugin", "1301408465");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]
Found : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Found : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Found : user_pref("sweetim.toolbar.Visibility.enable", "true");
Found : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Found : user_pref("sweetim.toolbar.cargo", "3.1010000.10011");
Found : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Found : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Found : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Found : user_pref("sweetim.toolbar.cda.returnValue", "none");
Found : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Found : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Found : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Found : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Found : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Found : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Found : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Found : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Found : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Found : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Found : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Found : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Found : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Found : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Found : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Found : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Found : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Found : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Found : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Found : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Found : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Found : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Found : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.newtab.created", "true");
Found : user_pref("sweetim.toolbar.newtab.enable", "true");
Found : user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
Found : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Found : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolba ... on=$ITEM_V[...]
Found : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Found : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Found : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Found : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Found : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Found : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Found : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Found : user_pref("sweetim.toolbar.scripts.1.callback", "");
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Found : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Found : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Found : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Found : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Found : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true");
Found : user_pref("sweetim.toolbar.scripts.2.callback", "simVerification");
Found : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Found : user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb");
Found : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_hxxpS");
Found : user_pref("sweetim.toolbar.scripts.2.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "0");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "0");
Found : user_pref("sweetim.toolbar.searchguard.enable", "false");
Found : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Found : user_pref("sweetim.toolbar.simapp_id", "{3F743622-AA7E-11E1-A939-1C6F65256D0A}");
Found : user_pref("sweetim.toolbar.version", "1.7.0.3");

File : C:\Users\Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\hrif2gw0.default\prefs.js

Found : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
Found : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1302801437");
Found : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1302801440");
Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_h", "1302801440");
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&appi[...]

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.47] : icon_url = "hxxp://www.ask.com/favicon.ico",
Found [l.50] : keyword = "ask.com",
Found [l.53] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=58E958B8-CA4C-4EA8-ACC6-AA5DE7D5F961&apn_ptnrs=U3&apn_sauid=AA1CE852-BFDB-46CD-BAAD-BC2405D4F29D&apn_dtid=OSJ000YYCZ&q={searchTerms}",
Found [l.54] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"

File : C:\Users\Tomášek\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.13] : homepage = "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3F743622-AA7E-11E1-A939-1C6F65256D0A}",
Found [l.17] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3F743622-AA7E-11E1-A939-1C6F65256D0A}", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=48" ]
Found [l.48] : keyword = "search.sweetim.com",
Found [l.51] : search_url = "hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={3F743622-AA7E-11E1-A939-1C6F65256D0A}",
Found [l.1674] : homepage = "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3F743622-AA7E-11E1-A939-1C6F65256D0A}",
Found [l.2309] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3F743622-AA7E-11E1-A939-1C6F65256D0A}", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=48" ]

File : C:\Users\Hanka\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Chromium v enable_autospellcorrect: false

File : C:\Users\Tomášek\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [62776 octets] - [27/01/2013 18:26:46]

########## EOF - C:\AdwCleaner[R1].txt - [62837 octets] ##########

#8 Příspěvek od **vyosek** » 27 led 2013 18:36

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Delete
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

2petterson · #9 Příspěvek od **2petterson** » 27 led 2013 18:43

# AdwCleaner v2.109 - Logfile created 01/27/2013 at 18:36:09
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Tomášek - MILAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Tomášek\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Bandoo Coordinator

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Ask.com
Deleted on reboot : C:\Program Files\Windows iLivid Toolbar
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\user.js
File Deleted : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage
File Deleted : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage-journal
File Deleted : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.sweetim.com_0.localstorage
File Deleted : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.sweetim.com_0.localstorage-journal
File Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\searchplugins\Conduit.xml
File Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\searchplugins\daemon-search.xml
File Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\searchplugins\SearchResults.xml
File Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\8ysuh2er.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\searchplugins\icqplugin.xml
File Deleted : C:\Windows\system32\bandoolmx.dll
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Bandoo
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\uTorrentControl2
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Bandoo
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Users\david\AppData\Local\Babylon
Folder Deleted : C:\Users\david\AppData\Local\Conduit
Folder Deleted : C:\Users\david\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\david\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\david\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\david\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\david\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\david\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\david\AppData\Roaming\Babylon
Folder Deleted : C:\Users\david\AppData\Roaming\Bandoo
Folder Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\Conduit
Folder Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\ConduitCommon
Folder Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\CT3072253
Folder Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
Folder Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\extensions\ffox@bandoo.com
Folder Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\Searchqutoolbar
Folder Deleted : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Hanka\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Hanka\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Hanka\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Hanka\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Hanka\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Hanka\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Hanka\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\hrif2gw0.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\Users\Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\hrif2gw0.default\Searchqutoolbar
Folder Deleted : C:\Users\Milan\AppData\Local\APN
Folder Deleted : C:\Users\Milan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Milan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Milan\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Milan\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Milan\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Milan\AppData\Roaming\Bandoo
Folder Deleted : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\8ysuh2er.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\8ysuh2er.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\8ysuh2er.default\Searchqutoolbar
Folder Deleted : C:\Users\Tomášek\AppData\Local\Babylon
Folder Deleted : C:\Users\Tomášek\AppData\Local\Conduit
Folder Deleted : C:\Users\Tomášek\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Tomášek\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tomášek\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Tomášek\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Tomášek\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Tomášek\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Tomášek\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Tomášek\AppData\Roaming\Bandoo
Folder Deleted : C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\Conduit
Folder Deleted : C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\Searchqutoolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~1\Bandoo\BndHook.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCoordinator.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\FlashAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier
Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl
Key Deleted : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl
Key Deleted : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{732F6ADF-ECA5-49A3-A5CE-0A4AB6614716}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A058A7C-D616-49F4-9321-300405C2D076}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\uTorrentControl2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [ffox@bandoo.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_def --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3F743622-AA7E-11E1-A939-1C6F65256D0A} --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (cs)

File : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\8ysuh2er.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1301502527");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1301502529");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_h", "1301502529");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&appi[...]

File : C:\Users\Tomášek\AppData\Roaming\Mozilla\Firefox\Profiles\s0l73o2l.default\prefs.js

Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2438727.CTID", "CT2438727");
Deleted : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2438727.CurrentServerDate", "24-1-2011");
Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
Deleted : user_pref("CT2438727.FirstServerDate", "24-11-2010");
Deleted : user_pref("CT2438727.FirstTime", true);
Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Deleted : user_pref("CT2438727.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2438727.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2438727.GroupingInvalidateCache", false);
Deleted : user_pref("CT2438727.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2438727.Initialize", true);
Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2438727.InstalledDate", "Wed Nov 24 2010 14:42:15 GMT+0100");
Deleted : user_pref("CT2438727.InvalidateCache", false);
Deleted : user_pref("CT2438727.IsGrouping", false);
Deleted : user_pref("CT2438727.IsMulticommunity", false);
Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Mon Jan 24 2011 13:05:20 GMT+0100");
Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2438727.LastLogin_2.7.1.3", "Mon Jan 24 2011 13:05:20 GMT+0100");
Deleted : user_pref("CT2438727.LatestVersion", "2.7.1.3");
Deleted : user_pref("CT2438727.Locale", "en");
Deleted : user_pref("CT2438727.LoginCache", 4);
Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2438727.RadioLastCheckTime", "0");
Deleted : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2438727.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Mon Jan 24 2011 13:05:19 GMT+0100");
Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Mon Jan 24 2011 13:05:52 GMT+0100");
Deleted : user_pref("CT2438727.SettingsLastUpdate", "1287517459");
Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sun Jan 09 2011 10:05:25 GMT+0100");
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2438727.Uninstall", true);
Deleted : user_pref("CT2438727.UserID", "UN63278650369032219");
Deleted : user_pref("CT2438727.ValidationData_Search", 0);
Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2438727.alertChannelId", "832836");
Deleted : user_pref("CT2438727.backendstorage.currentgame", "796F76696C6C65");
Deleted : user_pref("CT2438727.clientLogIsEnabled", false);
Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2438727.myStuffEnabled", true);
Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Dec 07 2010 15:48:14 GMT+0100");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Dec 07 2010 16:08:30 GMT+0100");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{e0930d5b-ce60-47a6-a1a9-c23ffed24d42}");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1301408931");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1301408933");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_dealsplugin.com/", "1301408933");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_facebook.com", "1301408933");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_h", "1301408933");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_hxxp", "1301408933");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_iqquizgame.com/", "1301408933");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_play-ga.me/", "1301408933");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_revealmycrush.com/", "1301408933");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1301408933");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/plugin", "1301408933");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&appi[...]

File : C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\prefs.js

C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\user.js ... Deleted !

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Sun May 13 2012 15:56:38 GMT+0200");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "12-1-2013");
Deleted : user_pref("CT3072253.DSChangedManually", true);
Deleted : user_pref("CT3072253.DSInstall", true);
Deleted : user_pref("CT3072253.DSProtectChoice", true);
Deleted : user_pref("CT3072253.DSProtectCount", 1);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Sat Jan 12 2013 12:07:01 GMT+0100");
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "7-5-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", true);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", true);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=[...]
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "fft7ABE.tmp.exe");
Deleted : user_pref("CT3072253.InstallationType", "XPE");
Deleted : user_pref("CT3072253.InstalledDate", "Mon May 07 2012 13:35:04 GMT+0200");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.IsProtectorsInit", true);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Sat Jan 12 2013 12:07:02 GMT+0100");
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.0.8", "Mon May 07 2012 13:35:06 GMT+0200");
Deleted : user_pref("CT3072253.LastLogin_3.12.2.3", "Wed May 30 2012 23:09:10 GMT+0200");
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Tue Jul 17 2012 01:18:03 GMT+0200");
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Thu Aug 30 2012 20:27:44 GMT+0200");
Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Mon Nov 12 2012 20:46:58 GMT+0100");
Deleted : user_pref("CT3072253.LastLogin_3.16.0.3", "Sat Jan 12 2013 12:07:02 GMT+0100");
Deleted : user_pref("CT3072253.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8");
Deleted : user_pref("CT3072253.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT3072253.SavedHomepage", "hxxp://search.babylon.com/home");
Deleted : user_pref("CT3072253.SearchBoxWidth", 100);
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sat Jan 12 2013 12:07:01 GMT+0100");
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Sat Jan 12 2013 12:07:01 GMT+0100");
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Sat Jan 12 2013 12:07:01 GMT+0100");
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1357977627");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Mon May 07 2012 13:35:01 GMT+0200");
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN05884550297346502");
Deleted : user_pref("CT3072253.ValidationData_Toolbar", 1);
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "435A");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "4D6F6E204D617920303720323031322031333A33353A31312[...]
Deleted : user_pref("CT3072253.backendstorage.for_aoi", "31333336333937393136");
Deleted : user_pref("CT3072253.backendstorage.for_ccid", "427973747269636520506F6420486F7374796E656D");
Deleted : user_pref("CT3072253.backendstorage.for_cid", "435A");
Deleted : user_pref("CT3072253.backendstorage.for_ip", "37372E34382E33312E31");
Deleted : user_pref("CT3072253.backendstorage.for_lcut", "31333337313837323731");
Deleted : user_pref("CT3072253.backendstorage.for_rid", "3930");
Deleted : user_pref("CT3072253.backendstorage.for_zoneid", "3136393030");
Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6[...]
Deleted : user_pref("CT3072253.components.129573915102477663", false);
Deleted : user_pref("CT3072253.components.129593762370823811", false);
Deleted : user_pref("CT3072253.components.129749445881800338", false);
Deleted : user_pref("CT3072253.components.129805375651312503", false);
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Mon May 07 2012 13:35:05 GMT+0200");
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.revertSettingsEnabled", true);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sat Jan 12 2013 12:07:01 GMT+0100");
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon May 07 2012 13:35:06 GMT+0200");
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3072253&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"86a[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\david\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=KW_def[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "4ede357f-817e-47e8-ad2b-2028a48e5e65");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon May 14 2012 13:35:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 16 2012 23:55:54 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "ccac0787-ed3a-4a61-b529-920bc1d83aeb");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/home");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={3F743622-AA7E-11E1-A939-1C6F[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "eaafd7c80000000000001c6f65256d0a");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "eaafd7c80000000000001c6f65256d0a");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15376");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_def");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:42:33");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.enabledAddons", "ffox@bandoo.com:5.1,plugin2@gameplaylabs.com:2.0,{687578b9-71[...]
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1301408464");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1301408465");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_dealsplugin.com/", "1301408465");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_facebook.com", "1301408465");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_h", "1301408465");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_hxxp", "1301408465");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_iqquizgame.com/", "1301408465");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_play-ga.me/", "1301408465");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_revealmycrush.com/", "1301408465");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1301408465");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/plugin", "1301408465");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]
Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Deleted : user_pref("sweetim.toolbar.cargo", "3.1010000.10011");
Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Deleted : user_pref("sweetim.toolbar.cda.returnValue", "none");
Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.newtab.created", "true");
Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Deleted : user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolba ... on=$ITEM_V[...]
Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_hxxpS");
Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "0");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "0");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{3F743622-AA7E-11E1-A939-1C6F65256D0A}");
Deleted : user_pref("sweetim.toolbar.version", "1.7.0.3");

File : C:\Users\Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\hrif2gw0.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1302801437");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1302801440");
Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_h", "1302801440");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&appi[...]

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.47] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.50] : keyword = "ask.com",
Deleted [l.53] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=58[...]
Deleted [l.54] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

File : C:\Users\Tomášek\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.13] : homepage = "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3F743622-AA7E-11E1-A939-1C6F6[...]
Deleted [l.17] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3F7436[...]
Deleted [l.48] : keyword = "search.sweetim.com",
Deleted [l.51] : search_url = "hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&[...]
Deleted [l.1674] : homepage = "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3F743622-AA7E-11E1-A939-1C6F6525[...]
Deleted [l.2309] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3F743622-[...]

File : C:\Users\Hanka\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Chromium v enable_autospellcorrect: false

File : C:\Users\Tomášek\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [62907 octets] - [27/01/2013 18:26:46]
AdwCleaner[S1].txt - [63545 octets] - [27/01/2013 18:36:09]

########## EOF - C:\AdwCleaner[S1].txt - [63606 octets] ##########

#10 Příspěvek od **vyosek** » 27 led 2013 18:44

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

2petterson · #11 Příspěvek od **2petterson** » 27 led 2013 20:57

OTL Extras logfile created on: 27.1.2013 20:26:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tomášek\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,50 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 53,27% Memory free
6,99 Gb Paging File | 4,82 Gb Available in Paging File | 68,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488,18 Gb Total Space | 123,17 Gb Free Space | 25,23% Space Free | Partition Type: NTFS
Drive D: | 908,98 Gb Total Space | 487,35 Gb Free Space | 53,61% Space Free | Partition Type: NTFS

Computer Name: MILAN-PC | User Name: Tomášek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-260079375-1809308530-3501432244-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\programy\adobe photoshop cs6\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE prezentace fotografií] -- "D:\programy\Fotolab Fotosvet\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet] -- "D:\programy\Fotolab Fotosvet\Fotolab Fotosvet.exe" "%1" ()
Directory [Fotostar Offline client] -- "D:\programy\Fotostar Offline client\Fotostar Offline client.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00336F71-C959-4669-8E97-2D0D51D67464}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{128B122E-DC89-4E98-B013-149087B512EC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{150F41C0-F1A9-4430-80D4-7686BBBD1C1B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2132ECC2-D489-4BF7-9BBF-779942C8FE70}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2288C834-9453-4200-BEE6-70988BE371A4}" = lport=138 | protocol=17 | dir=in | app=system |
"{2AC684DD-E6B6-4D8A-A72C-6D51CEE07A99}" = rport=445 | protocol=6 | dir=out | app=system |
"{399EEB72-0C15-4121-911F-13E56F0C1E87}" = lport=137 | protocol=17 | dir=in | app=system |
"{3AE5672A-1C46-4795-8704-89C30967021C}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B5FA6EA-2244-4246-A964-194F4847E675}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42FC3912-F246-487F-9016-6BB1D0D0E44C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{527A50B0-AE3E-4F54-9795-806484243AF2}" = lport=445 | protocol=6 | dir=in | app=system |
"{544D1CD3-7C54-4CB1-9C59-7F34056D5401}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5DA6D8D8-556E-48A1-94D3-0CEDCE179587}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EFD8CFF-4386-4809-AF86-36B5F5C24551}" = lport=139 | protocol=6 | dir=in | app=system |
"{77FF9630-FD66-4BE6-98B2-9C472AEF5808}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8820EBB9-8A2C-410C-9FBE-55615FCA9854}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AC490D2-C596-4273-B9E3-37F2FA29554C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A9EA0D12-24EB-4713-B53D-0B955790F476}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3F628C5-0B2C-41D1-B7FB-9966566E47CF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E5749178-F194-4CA4-9293-80568B73E323}" = rport=138 | protocol=17 | dir=out | app=system |
"{F12E694F-7FC1-44F4-93F5-D061684CC5F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2D2D1ED-F6BE-4CF4-97FE-D6CF923C5B8E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3B2F029-7681-43BB-934C-A4859B56EFC1}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01788443-3737-455D-AFA9-93362DF573E2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{037782B5-F201-48A8-83B8-80833C7D1CF9}" = protocol=17 | dir=in | app=d:\hry\borderlands 2\binaries\win32\borderlands2.exe |
"{056B57B8-E2EE-4AD3-9084-C43C97FA9ECE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{07EAF108-9C46-47C8-9B3F-398B5EBD2C1F}" = protocol=17 | dir=in | app=c:\users\tomášek\downloads\survivers_beta_3\survivers_beta_3.exe |
"{0821507B-04DA-4336-B8A5-8E229A778D79}" = protocol=6 | dir=in | app=d:\programy\3ds\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{0889AEF2-377D-4108-A369-2076AC585865}" = protocol=17 | dir=in | app=d:\programy\tunngle\tnglctrl.exe |
"{0B9BEF3B-473B-48BE-B4CE-3D30D973E936}" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k11\nba2k11.exe |
"{0E59625B-B120-4980-832B-C3B185B49E26}" = protocol=6 | dir=in | app=d:\programy\3ds\monitor.exe |
"{1397BD57-0E3D-432D-939E-2C8DE61A3C54}" = protocol=6 | dir=in | app=d:\hry\hamachi\hamachi.exe |
"{13F07C2F-D890-4D77-A0E1-18446DB123F3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{144987F2-86E7-4592-B62D-900FCD8A864E}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{15C0652F-F1B1-414D-A321-3F119868F8B0}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{16DCB940-ECD5-4537-BBC7-6F568E4D27B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{191A7AAE-C412-429F-A74B-C196618ECD5E}" = protocol=6 | dir=in | app=d:\hry\combat\combat arms eu\nmservice.exe |
"{1D657F43-183C-4CA9-A957-762ED1A9816F}" = protocol=6 | dir=in | app=d:\hry\battle\bfbc2updater.exe |
"{1E139351-6BB0-4AD9-9387-3C6319B73BF4}" = protocol=17 | dir=in | app=d:\hry\acbsp.exe |
"{2060BF2E-8448-49CA-8CBD-D21748558B2A}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{2134CD53-6009-4568-8D02-DCA5501B265A}" = protocol=6 | dir=in | app=d:\hry\nba2k12\nba2k12.exe |
"{24092CC7-9740-4DEB-89AC-154E98B539D2}" = protocol=17 | dir=in | app=d:\hry\battle\bfbc2updater.exe |
"{266298BB-B3B7-4939-BBB3-874C3F4E5AC9}" = protocol=6 | dir=in | app=c:\users\tomášek\downloads\survivers_beta_3\survivers_beta_3.exe |
"{272039DD-643C-4601-888A-FE619DD3D21D}" = protocol=17 | dir=in | app=d:\hry\s.w.a.t. 4\content\system\swat4.exe |
"{28C2A7E8-21F1-4207-9457-F5819303BA9B}" = dir=in | app=d:\programy\cyberlinkpowerdirector8\powerdirector\pdr.exe |
"{297B00CF-FB4B-483C-9506-24296430380F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{2D599289-6323-4E1A-9F25-67EA4F51E23B}" = protocol=6 | dir=in | app=d:\hry\aciii\ac3sp.exe |
"{2EC2D8DB-48BE-4F94-93FB-F89A13C8EC5E}" = protocol=6 | dir=in | app=d:\hry\s.w.a.t. 4\content\system\swat4.exe |
"{2F0369AE-E199-449F-9538-28594D9515BF}" = protocol=17 | dir=in | app=d:\hry\f.e.a.r. 3\f.e.a.r. 3.exe |
"{31C71648-84A6-4781-B35C-9B91ED6A5B24}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{32F5B7DD-4E7D-43FD-850A-97D22077FB6F}" = protocol=17 | dir=in | app=d:\hry\cod\codwawmp.exe |
"{34BBB7C4-EABE-408B-86B3-077125F4CE6F}" = protocol=17 | dir=in | app=d:\programy\3ds\3dsmax.exe |
"{35584F87-0875-41CE-838A-5C0D0FB8D3BA}" = protocol=6 | dir=in | app=d:\hry\acbsp.exe |
"{3690E581-E0A6-40B1-9BDB-8A34D3630E0C}" = protocol=17 | dir=in | app=d:\programy\3ds\server.exe |
"{3C2F3B14-5181-4968-9D62-7ABC5B76311E}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{3E0B305E-A6D7-4517-BA4A-288E0877255D}" = protocol=17 | dir=in | app=d:\hry\assassinscreedbrotherhood.exe |
"{3FC0EFB0-0D64-460B-B21C-B140D470CC94}" = protocol=6 | dir=in | app=d:\hry\f.e.a.r. 3\f.e.a.r. 3.exe |
"{40E9C25C-8F1B-42B9-9A98-DE7DE7FA1736}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4232E0D2-650E-4E04-8B65-E8C6CB15B167}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{42F7BA1B-95CD-408F-8E34-DB0BE1648A91}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{434DD57F-F0CB-4142-AEB6-CA2077353057}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{44125ACB-62AA-490F-9246-1AB11F0F327D}" = protocol=17 | dir=in | app=d:\hry\gta iv\grand theft auto iv\launchgtaiv.exe |
"{446B6A7F-51DA-43DB-ACC8-28DBBDF480DE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{448AFDA6-60FC-4DDF-BAF0-38DABD9A1A91}" = protocol=6 | dir=in | app=d:\hry\gta iv\grand theft auto iv\launchgtaiv.exe |
"{469A1647-26BF-478D-811F-ACD18D0F7C23}" = protocol=6 | dir=in | app=d:\david\bitlord\downloads\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe |
"{4A817C84-ED1C-441E-8366-882451D3FD7F}" = protocol=17 | dir=in | app=d:\hry\batle\bfbc2updater.exe |
"{4C25D916-8EBB-4D9D-B435-906A4075EE42}" = protocol=6 | dir=in | app=d:\programy\3ds\server.exe |
"{4C2F500F-251D-497F-8012-634878827EBC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F4B30EE-1206-42F6-81F1-A598916F9E0D}" = protocol=6 | dir=in | app=d:\hry\max payne 3\playmaxpayne3.exe |
"{50B31C58-2E62-4B50-ACCB-EAA1659FBCAF}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5543F534-E3A3-4377-A57B-A63B332BF443}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55D06A77-FA6D-4C2A-B5B5-7D531558F7CC}" = protocol=17 | dir=in | app=d:\hry\dirt\dirt3_game.exe |
"{57E75C95-5830-435A-9C19-8EB7CDE21557}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{59474525-D504-4EA6-81B2-EA92C060FCE7}" = protocol=6 | dir=in | app=d:\hry\assassinscreedbrotherhood.exe |
"{5A4BB91C-9AD6-432F-94B5-2F898F7C47DA}" = protocol=17 | dir=in | app=d:\hry\gtaiv\grand theft auto iv\launchgtaiv.exe |
"{5B9BA93F-6705-44F0-8FAB-B2ADF7229CE3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5CA316CE-F63A-4E28-A957-92BAA7274AA3}" = protocol=17 | dir=in | app=d:\hry\max payne 3\playmaxpayne3.exe |
"{5E1ADDEB-827A-4925-90FB-F26CF186D572}" = protocol=17 | dir=in | app=d:\hry\aciii\ac3mp.exe |
"{606FC23A-E9C3-460C-9041-D96199D1F57B}" = protocol=6 | dir=in | app=d:\programy\bsplayer\bsplayer.exe |
"{632CD827-22CA-4104-9567-8913F78CAD27}" = dir=in | app=d:\programy\evolve\evolveclient.exe |
"{635CFE09-F096-40A9-9DC0-90E48EB1A4F7}" = protocol=6 | dir=in | app=d:\programy\3ds\3dsmax.exe |
"{6515F37A-4DD9-4858-8DF6-783864F06C25}" = protocol=6 | dir=in | app=d:\programy\3ds\manager.exe |
"{668DD0EF-6EED-4D80-B8BE-5A995D8D2566}" = protocol=17 | dir=in | app=d:\hry\combat\combat arms eu\nmservice.exe |
"{685C5A4E-E7A1-4356-89E8-0D1F8927D84D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{699B04D0-3117-4CC8-B869-EB4AE7E6EFA9}" = dir=in | app=d:\programy\evolve\evosvc.exe |
"{6E0B188E-AA98-4856-8D65-BE8A5318C2FD}" = protocol=6 | dir=in | app=d:\hry\acbmp.exe |
"{716BC8FF-1940-4AA4-82E0-C51115C29E2C}" = protocol=17 | dir=in | app=d:\hry\cod\codwaw.exe |
"{71B1B219-020D-4BD6-B2BD-09D73DBE74A8}" = dir=in | app=d:\programy\cyberlinkpowerdirector9\powerdirector\pdr9.exe |
"{72698D9B-AEDD-4420-8E8B-D2510CA68515}" = protocol=6 | dir=in | app=d:\hry\gtaiv\rockstar games social club\rgsclauncher.exe |
"{7444CE54-B324-46EB-AAF9-4C0CB3065935}" = protocol=6 | dir=in | app=d:\hry\relevations\acrmp.exe |
"{765933AD-24BE-4B6B-954E-111FC2AB29C2}" = protocol=6 | dir=in | app=d:\programy\3ds\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{79B8FB36-20EE-4D53-8BB6-A86C9110442D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{79E6E614-B7EF-412F-A9CF-E13ABC11A7EE}" = protocol=6 | dir=in | app=d:\programy\garena plus\room\garena_room.exe |
"{7A468BD3-34BF-466C-81AD-2728DAFD82C3}" = protocol=17 | dir=in | app=d:\hry\relevations\acrsp.exe |
"{7AEBD3AA-337D-467D-BE2C-547E2DB35DF8}" = dir=in | app=d:\programy\cyberlink\powerdirector10\pdr10.exe |
"{7B4C8CED-5689-43B9-B175-D5CB25EB1BF6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D07FFA0-A2A0-47B6-A665-B3D2819A933E}" = protocol=17 | dir=in | app=d:\hry\hamachi\hamachi.exe |
"{7D1BE3E5-68FD-4521-87C4-20D446AD5836}" = protocol=6 | dir=in | app=d:\hry\nfs\launcher.exe |
"{7D51CC45-987B-4B01-B2E4-C05B82C272F2}" = protocol=17 | dir=in | app=d:\programy\bsplayer\bsplayer.exe |
"{7DF40725-A658-4C2E-9104-792E73C7A03E}" = protocol=17 | dir=in | app=d:\hry\acbmp.exe |
"{8186DBF8-11CA-4F2A-A8C0-10D9E0568389}" = protocol=17 | dir=in | app=d:\hry\blur\blur.exe |
"{84CE0362-A7A5-40A8-B6A4-AC656334E15B}" = protocol=17 | dir=in | app=d:\hry\nba2k12\nba2k12.exe |
"{84E44D80-5D62-4809-BBEF-185887EE35E1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{85948A10-9E69-4984-86D4-82E05C6C6B9E}" = protocol=6 | dir=in | app=d:\programy\tunngle\tnglctrl.exe |
"{85D85613-D4BF-493D-B5C1-804D4FA63698}" = protocol=17 | dir=in | app=d:\programy\tunngle\tunngle.exe |
"{891FD449-7E2A-4FF5-9860-71A8A6DDD7E5}" = protocol=17 | dir=in | app=d:\hry\max payne3\playmaxpayne3.exe |
"{8BE672E8-7B00-45AF-B6F1-F9CC26A40CF5}" = protocol=6 | dir=in | app=d:\programy\tunngle\tunngle.exe |
"{8D838FFB-D053-4FF3-AE98-D5D142872B7A}" = protocol=17 | dir=in | app=d:\programy\tunngle\tunngle.exe |
"{8F7950F3-C347-4839-AFAB-556FB85C60BC}" = protocol=17 | dir=in | app=d:\hry\fifa 13\game\fifa13.exe |
"{920A1720-7B08-4233-8A32-92F06564E6E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{940C4E4F-B22F-4470-AC7C-8CA671DCE1AC}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{9485D200-D0AC-41C0-B289-1389D6BDA4A1}" = protocol=6 | dir=out | app=system |
"{95AD54DD-C13B-4346-960F-180B9E4F326C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{96BE260D-DCE6-40E9-B22A-E51C12FE729E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9799C726-6EF3-4512-A044-3EEA7F71E41B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97B83031-E010-45A7-96A4-54AEF85BFFA2}" = protocol=17 | dir=in | app=d:\david\bitlord\downloads\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe |
"{97FE8D75-45C2-4E09-94E0-7F9044B707F9}" = protocol=17 | dir=in | app=d:\programy\garena plus\room\garena_room.exe |
"{989735E5-9BA8-4DC9-A6E2-DB3E9278E5DD}" = protocol=17 | dir=in | app=d:\hry\gtaiv\rockstar games social club\rgsclauncher.exe |
"{9A0CDC2F-6A9B-4AB3-9610-89EDB4F908A1}" = protocol=6 | dir=in | app=d:\programy\tunngle\tnglctrl.exe |
"{9D4D5FC6-B649-4AA4-B293-F31213AA6DC1}" = protocol=6 | dir=in | app=d:\hry\fifa 13\game\fifa13.exe |
"{9F0C8C47-EE35-42AC-B6D2-87CAE09A122F}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{A2CC8FA7-8F38-4BD1-A6A7-3CCD688B5729}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{A535E9A3-0E08-49E1-B3FB-C610BF1461A4}" = protocol=6 | dir=in | app=d:\programy\tunngle\tunngle.exe |
"{A9C13013-07C0-4732-AF0A-AF71A823BEA4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9CA1A75-5454-444E-A430-49CCB58DA0E3}" = protocol=6 | dir=in | app=d:\hry\aciii\assassinscreed3.exe |
"{AA6471A7-F796-4020-AE94-C0190F103372}" = protocol=17 | dir=in | app=d:\hry\aciii\assassinscreed3.exe |
"{AB96ACA6-8EFD-4B6C-B4C2-72E3490C0B7D}" = protocol=6 | dir=in | app=d:\hry\borderlands 2\binaries\win32\borderlands2.exe |
"{ABF4577C-C2E3-4FF4-A01D-2A16B311B17F}" = protocol=6 | dir=in | app=d:\hry\l4d\left4dead\left4dead.exe |
"{AD183214-717F-460A-8ECD-224542431930}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{AD23B87B-D50E-408B-9273-85656767E6CC}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{AD6EFB61-1B85-4E5B-B4F7-84F63F75F874}" = protocol=6 | dir=in | app=d:\hry\dirt\dirt2_game.exe |
"{AE2F98A3-AC13-41BB-8741-3595AD7F6423}" = protocol=6 | dir=in | app=d:\hry\relevations\assassinscreedrevelations.exe |
"{B017CB5E-18B8-4261-9778-20FFB0D21E10}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{B0387C6E-ED01-461C-87F5-B720AF60A148}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{B04C1FCB-839D-4915-826C-BD9DDF559094}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5082C3A-D346-41B9-9FE6-B3401A9044B2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B72B4202-A4BF-49D4-81CF-B89341BA5D31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA548A4C-8DA2-4317-88E1-D73C5EC038A4}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{BA88D70E-F2B3-4D48-874D-609F75C22578}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C254DC3E-4844-4013-A5C7-5B6B122CF423}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{C3BF890F-B834-4B06-B674-420A5A8DA26E}" = protocol=17 | dir=in | app=d:\hry\battlefield 3™\bf3.exe |
"{C68FD266-B714-4D3E-B3CB-9208850FBC5A}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{C6955A26-5525-4A9E-87A8-400C43893432}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{C6CEAAE1-4D22-4DB2-8FFC-20941E9C7681}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{C88B2CE1-F3B7-4A6F-B522-11FA962F3B85}" = protocol=17 | dir=in | app=d:\programy\tunngle\tnglctrl.exe |
"{CC62AD82-3CCD-47E9-BF21-8E4222C13288}" = protocol=17 | dir=in | app=d:\programy\3ds\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{CEB87A1B-19DD-457D-8C53-539C32A422C1}" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k11\nba2k11.exe |
"{CFDA65AB-EB47-46B7-969B-3D772EED30E3}" = protocol=6 | dir=in | app=d:\hry\cod\codwaw.exe |
"{D135224F-87EC-4BBE-98CF-A4F82AC7D50E}" = protocol=17 | dir=in | app=d:\programy\3ds\monitor.exe |
"{D20CA15A-AB1D-4265-88F0-1B5D5F33D131}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3E43D20-84A7-488A-BAAF-C4074CA7F7B1}" = protocol=17 | dir=in | app=d:\hry\combat\combat arms eu\nmservice.exe |
"{D59D2994-F203-40C8-B955-531B122788DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D71FCFDE-072F-49DE-ABF6-1CC29EFFF7F3}" = protocol=6 | dir=in | app=d:\hry\fifa 13\game\fifasetup\fifaconfig.exe |
"{D7E214CE-6827-4513-A451-ABF5C3F9D570}" = protocol=6 | dir=in | app=d:\hry\relevations\acrsp.exe |
"{D851E6F2-965F-4618-BF20-305A99E5EB67}" = protocol=17 | dir=in | app=d:\hry\dirt\dirt2_game.exe |
"{D8B292F0-1ECD-4CB8-9AB3-DDE809AEFC71}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{DB0796D4-5559-49E0-80C3-BBBF0A18C066}" = protocol=17 | dir=in | app=d:\hry\relevations\acrmp.exe |
"{DB3B17DD-7E32-4E67-A1C5-3F9946E5DAAA}" = protocol=6 | dir=in | app=d:\hry\aciii\ac3mp.exe |
"{DBF009B7-187C-41F8-8248-C015020E06A3}" = protocol=6 | dir=in | app=d:\hry\max payne3\playmaxpayne3.exe |
"{DDC3E73B-51F1-43A4-AD61-E4D9C4C365F1}" = protocol=6 | dir=in | app=d:\hry\batle\bfbc2updater.exe |
"{DE1173AA-3EBE-443C-A8FF-4BB795CAA06E}" = protocol=17 | dir=in | app=d:\hry\relevations\assassinscreedrevelations.exe |
"{DEB84C2A-B198-49F7-BD80-D7BFDF754D8E}" = protocol=17 | dir=in | app=d:\hry\fifa 13\game\fifasetup\fifaconfig.exe |
"{E19ABED4-D600-4C5A-83C3-933564184003}" = protocol=6 | dir=in | app=d:\hry\uplaybrowser.exe |
"{E332FB8D-85BA-489E-AD2D-D0701998B265}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{E67069B6-D1E4-40BC-BD5A-44159B0573BF}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{E7116429-79E2-4FAF-AB3A-3A9F50ECA006}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7675F3F-1AEE-4DF9-A10F-333D26F71ACC}" = protocol=17 | dir=in | app=d:\hry\uplaybrowser.exe |
"{E811DDDB-CE42-4492-A975-290958618981}" = protocol=6 | dir=in | app=d:\hry\battlefield 3™\bf3.exe |
"{EB438ED4-3508-4DB1-B0B4-4442784E907D}" = protocol=6 | dir=in | app=d:\hry\dirt\dirt3_game.exe |
"{EB89BF2F-8BAA-41A0-A3BE-3D2EFA8F57FE}" = protocol=17 | dir=in | app=d:\programy\3ds\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{ED9CFB49-E815-4716-9FF2-8408C4E90DC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EED0E47E-F922-4812-BC6C-F02CA93373C3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F082AB4C-A7F6-4F9D-B5B5-5B51957E5F5A}" = protocol=6 | dir=in | app=d:\hry\blur\blur.exe |
"{F0982B49-6EC2-4C1F-8F18-A49F2E694E2B}" = protocol=17 | dir=in | app=d:\hry\aciii\ac3sp.exe |
"{F2673DBD-9E5F-4CFE-B8E0-2AE20A8B7375}" = protocol=6 | dir=in | app=d:\hry\gtaiv\grand theft auto iv\launchgtaiv.exe |
"{F4ECEEA8-7D57-4C11-82D3-DE91B0D9F761}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{F546F174-EB48-43EA-9C75-2A17A4AEC637}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{F7725387-1523-4B22-B0D8-CF4DB712CE29}" = protocol=17 | dir=in | app=d:\hry\l4d\left4dead\left4dead.exe |
"{F8B4FA94-550E-4900-BED4-36BB872DEEE8}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{F8BC4369-401C-4494-831F-E6131099CF2C}" = protocol=17 | dir=in | app=d:\programy\steam\steam.exe |
"{F8E77246-7B62-4317-97C7-588C4601B880}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FA6FD041-5610-4CAC-8146-1513E1EA39FF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FB58A7DA-7C6D-4420-AF70-3B4281B3030F}" = protocol=17 | dir=in | app=d:\programy\3ds\manager.exe |
"{FBD94CB5-AE5A-477C-B51A-788776686718}" = protocol=6 | dir=in | app=d:\hry\combat\combat arms eu\nmservice.exe |
"{FC70E79C-5AB4-46D2-91AF-F2F746920E77}" = protocol=17 | dir=in | app=d:\hry\nfs\launcher.exe |
"{FCB8B574-1E77-47D1-9AD7-D5863417119E}" = protocol=6 | dir=in | app=d:\programy\steam\steam.exe |
"{FE68A5A9-780E-4423-99DA-70BFCB4EAEFB}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{FF27ED7B-0363-4A0B-81C9-992144C24754}" = protocol=6 | dir=in | app=d:\hry\cod\codwawmp.exe |
"TCP Query User{033FD5CC-ED99-4AD1-890F-B460F053D6D9}D:\hry\assasin's creed brotherhood\acbsp.exe" = protocol=6 | dir=in | app=d:\hry\assasin's creed brotherhood\acbsp.exe |
"TCP Query User{049CE25B-F325-44C0-A919-2D6EB7907919}D:\hry\need for speed hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=d:\hry\need for speed hot pursuit\nfs11.exe |
"TCP Query User{0A3B83CE-A8A0-4534-92CB-E5B2B2730AE8}D:\hry\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\hry\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{0C3D327C-DEC3-49A6-8A29-6531AEABA142}D:\david\bitlord\bitlord.exe" = protocol=6 | dir=in | app=d:\david\bitlord\bitlord.exe |
"TCP Query User{0CE05564-4288-4E99-937C-05969A6C80F0}D:\hry\medal\binaries\moh.exe" = protocol=6 | dir=in | app=d:\hry\medal\binaries\moh.exe |
"TCP Query User{0CE83CA7-7C71-4657-9A51-18D607DF3451}D:\hry\gtaiva\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\hry\gtaiva\grand theft auto iv\gtaiv.exe |
"TCP Query User{0D1339C9-2648-46B9-8318-5AC4D635AD99}D:\hry\colin mcrae dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=d:\hry\colin mcrae dirt 2\dirt2_game.exe |
"TCP Query User{0DD429F0-E307-453A-A8D0-8C5AB5086587}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{181F07B7-1D21-4944-BA50-43F4B7EED1AA}D:\hry\cry2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\hry\cry2\bin32\crysis2.exe |
"TCP Query User{1FB6BF0A-C7EF-4AB6-A3C0-D0745000EA27}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{25A9845E-061E-4083-B965-4727BA18A452}D:\hry\l4d\left4dead\left4dead.exe" = protocol=6 | dir=in | app=d:\hry\l4d\left4dead\left4dead.exe |
"TCP Query User{26E03C2B-B71C-4139-BB24-8128A8D8ACA6}D:\programy\sonyvegas\vegsrv90.exe" = protocol=6 | dir=in | app=d:\programy\sonyvegas\vegsrv90.exe |
"TCP Query User{2A82C7E4-C117-48A8-A4AC-204B9541D80B}C:\users\tomášek\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\tomášek\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{32CCBBCF-EAE7-47B7-878E-A672EC09C7C9}D:\hry\gta\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\hry\gta\grand theft auto iv\gtaiv.exe |
"TCP Query User{34007C1F-D512-4DAA-8293-DD92BF8053EC}D:\hry\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\hry\fifa 12\game\fifa.exe |
"TCP Query User{349C7350-8A56-46CD-927D-8C72172454D1}D:\hry\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\hry\batman arkham city\binaries\win32\batmanac.exe |
"TCP Query User{3B9AD9CC-C57D-437E-AE70-6B3054C23F59}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{3D1C642C-356E-4718-BC9E-6F2E9860748D}D:\hry\counter-strike global offensive\steam\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=6 | dir=in | app=d:\hry\counter-strike global offensive\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"TCP Query User{3F9511DD-BCE4-43DC-A23E-D23085A53307}D:\hry\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\hry\f.e.a.r. 3\f.e.a.r. 3.exe |
"TCP Query User{496E26E2-E14C-4CEC-BF87-F3A35913F78E}D:\hry\blur\blur.exe" = protocol=6 | dir=in | app=d:\hry\blur\blur.exe |
"TCP Query User{5167A33D-F295-4142-9311-CC34502D58FE}D:\hry\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\hry\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{52358A9F-22F5-4DC6-9154-FA63CF835DC2}D:\david\bitlord\downloads\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\david\bitlord\downloads\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe |
"TCP Query User{57F240A6-61FC-449A-A1FF-A3E99076EA22}D:\hry\nfs\nfs11.exe" = protocol=6 | dir=in | app=d:\hry\nfs\nfs11.exe |
"TCP Query User{5AAB19F5-0C01-4109-B354-17992911EA80}D:\hry\pes 12\pes2012.exe" = protocol=6 | dir=in | app=d:\hry\pes 12\pes2012.exe |
"TCP Query User{5B520FC8-5076-44BC-B9E0-602A146EFC5E}D:\hry\assasin's creed relevations\acrsp.exe" = protocol=6 | dir=in | app=d:\hry\assasin's creed relevations\acrsp.exe |
"TCP Query User{5D4C9375-10CE-4869-B6E8-13ECC988290E}D:\hry\hamachi\hamachi.exe" = protocol=6 | dir=in | app=d:\hry\hamachi\hamachi.exe |
"TCP Query User{667BADD8-1FED-4567-9264-79A7CDCD976D}D:\hry\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\hry\crysis 2\bin32\crysis2.exe |
"TCP Query User{677A06DF-191A-43BA-93C3-E4BD45D47919}D:\hry\supreme snb\supreme.exe" = protocol=6 | dir=in | app=d:\hry\supreme snb\supreme.exe |
"TCP Query User{6F7A7A67-DF4A-4091-A42D-EBFA366E943D}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{720112CA-5D70-4F20-ADF6-523EE1F268D6}D:\hry\cod\codwaw lanfixed.exe" = protocol=6 | dir=in | app=d:\hry\cod\codwaw lanfixed.exe |
"TCP Query User{7606F169-CBAA-4803-AE06-A2A02A91BB08}C:\users\tomášek\downloads\teamspeak3-server_win32-3.0.6.1\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=c:\users\tomášek\downloads\teamspeak3-server_win32-3.0.6.1\teamspeak3-server_win32\ts3server_win32.exe |
"TCP Query User{777070E7-732F-4487-A422-8B169A34A7F2}D:\david\bitlord\bitlord.exe" = protocol=6 | dir=in | app=d:\david\bitlord\bitlord.exe |
"TCP Query User{7C72817F-BD0A-478D-B274-CA79496E5FB9}D:\hry\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\hry\crysis 2\bin32\crysis2.exe |
"TCP Query User{7D65C8E2-A400-4A2E-9BDA-A22C05FAF5DB}C:\users\tomášek\downloads\survivers_beta_3\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\users\tomášek\downloads\survivers_beta_3\survivers_beta_3.exe |
"TCP Query User{7E0955E5-FC4E-4698-B8CB-2399886D7F43}D:\hry\maxpayne3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\hry\maxpayne3\maxpayne3.exe |
"TCP Query User{7F427E73-92DA-44DD-9D30-F55FABAF8A5A}D:\hry\portal 2\portal2.exe" = protocol=6 | dir=in | app=d:\hry\portal 2\portal2.exe |
"TCP Query User{7F46BA4E-C951-4BC1-AA10-F546C096CF71}D:\hry\nfs shift 2\shift2u.exe" = protocol=6 | dir=in | app=d:\hry\nfs shift 2\shift2u.exe |
"TCP Query User{8274A4ED-A72A-489F-A940-84D68F5FF9D7}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{862D8883-B3F0-4FD2-8C04-25A1BED2576A}D:\hry\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=d:\hry\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{88C0F8BD-9FD2-47AE-BD6F-41DE30416576}D:\hry\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=d:\hry\medal of honor\binaries\moh.exe |
"TCP Query User{8AB9079C-4736-46E7-AAB6-3573CF8FA834}D:\hry\s.w.a.t. 4\content\system\swat4.exe" = protocol=6 | dir=in | app=d:\hry\s.w.a.t. 4\content\system\swat4.exe |
"TCP Query User{8DD4CD11-4C89-4460-A246-02404305AD33}D:\hry\arma 2\arma2.exe" = protocol=6 | dir=in | app=d:\hry\arma 2\arma2.exe |
"TCP Query User{8F6CD941-3D8B-4059-85A5-B8796E27FA20}D:\programy\bsplayer\bsplayer.exe" = protocol=6 | dir=in | app=d:\programy\bsplayer\bsplayer.exe |
"TCP Query User{8FF0136F-6467-4CC2-92B2-AF7E2B110899}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{91162D88-4B57-4C91-B1EA-02FDB2E3D72D}D:\hry\cs\hl.exe" = protocol=6 | dir=in | app=d:\hry\cs\hl.exe |
"TCP Query User{959FB364-A084-46E8-939D-01E7DC1DE827}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{9B183544-24DE-46D6-A1F3-548512DA3F40}D:\hry\colin mcrae dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=d:\hry\colin mcrae dirt 3\dirt3_game.exe |
"TCP Query User{9C9609BB-C89F-4F9F-B9A8-E0EA0930B50B}D:\hry\cs\hl.exe" = protocol=6 | dir=in | app=d:\hry\cs\hl.exe |
"TCP Query User{9EE520FC-862A-4839-B741-71880B48CE06}D:\hry\assasin's creed brotherhood\acbsp.exe" = protocol=6 | dir=in | app=d:\hry\assasin's creed brotherhood\acbsp.exe |
"TCP Query User{A1552292-F028-4EAE-AA54-85B00FFA1C5C}D:\hry\fifa\game\fifa.exe" = protocol=6 | dir=in | app=d:\hry\fifa\game\fifa.exe |
"TCP Query User{AB41FE64-3B9E-41AF-AC75-C329817AAF00}D:\hry\maxpayne3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\hry\maxpayne3\maxpayne3.exe |
"TCP Query User{ACF262C3-0126-4917-B04C-996C6EB8CB63}C:\program files\maxon\net render r13 client\net render client.exe" = protocol=6 | dir=in | app=c:\program files\maxon\net render r13 client\net render client.exe |
"TCP Query User{AFB7FE28-5D6D-4C56-916B-3EBD9BBED236}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B6ACA236-F5C8-4AC0-B964-A500968AC5F7}D:\hry\call of duty black ops 2\t6sp.exe" = protocol=6 | dir=in | app=d:\hry\call of duty black ops 2\t6sp.exe |
"TCP Query User{B9793CE3-E547-47CE-BEB8-497D48B812F2}D:\hry\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\hry\tmnationsforever\tmforever.exe |
"TCP Query User{BB081C43-272D-46B2-8B05-5A72E3D23010}D:\hry\nfs world\data\nfsw.exe" = protocol=6 | dir=in | app=d:\hry\nfs world\data\nfsw.exe |
"TCP Query User{C155655A-95B2-4BB1-8F3D-4627A35E9FD2}D:\hry\orcs must die 2\build\release\orcsmustdie2.exe" = protocol=6 | dir=in | app=d:\hry\orcs must die 2\build\release\orcsmustdie2.exe |
"TCP Query User{C870D921-05C2-46A2-8F17-E5C016E92366}D:\david\bitlord\downloads\nba_2k11-flt\flt-nb11\fairlight\nba2k11.exe" = protocol=6 | dir=in | app=d:\david\bitlord\downloads\nba_2k11-flt\flt-nb11\fairlight\nba2k11.exe |
"TCP Query User{CA3D936D-D415-4DC2-9636-BDA70B1B80C9}C:\users\tomášek\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\tomášek\appdata\roaming\icq\application\icq7.5\icq.exe |
"TCP Query User{CA6DEC54-EC5A-4F94-968D-25DDDF3A4DF7}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{CD28CD0D-4022-4942-9B3C-3E655038CE1E}D:\hry\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\hry\max payne 3\maxpayne3.exe |
"TCP Query User{CE56575F-FC62-4291-B4F2-DD1CFC38B005}D:\hry\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=d:\hry\modern warfare 2\iw4mp.exe |
"TCP Query User{D8597431-3D2F-42B0-AA37-DABFE110F1C5}D:\hry\fifa\game\fifa.exe" = protocol=6 | dir=in | app=d:\hry\fifa\game\fifa.exe |
"TCP Query User{DC41AE28-D3DD-4DBC-A241-62CD65A82AD7}D:\hry\hl.exe" = protocol=6 | dir=in | app=d:\hry\hl.exe |
"TCP Query User{DFA29E45-D430-4813-BC74-BA27566AE735}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{E3C96B7B-60DA-4E80-9B47-B292AFA50773}D:\programy\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=d:\programy\garena plus\room\garena_room.exe |
"TCP Query User{E7052D7C-8C50-4441-B65C-9A57BB6D0D4C}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"TCP Query User{E7457428-49D1-4426-9EF1-09D07B0272FB}D:\hry\cs 1.6\hl.exe" = protocol=6 | dir=in | app=d:\hry\cs 1.6\hl.exe |
"TCP Query User{EE623B76-E0B0-4161-A464-592C809723B8}D:\hry\assassin\server.exe" = protocol=6 | dir=in | app=d:\hry\assassin\server.exe |
"TCP Query User{F0661950-9B02-4059-9126-CA00D4346AB2}D:\hry\brotherhood\acbsp.exe" = protocol=6 | dir=in | app=d:\hry\brotherhood\acbsp.exe |
"TCP Query User{F235DB33-AE3F-436A-B41D-69905883BC3A}D:\hry\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=d:\hry\need for speed most wanted\nfs13.exe |
"TCP Query User{F3082C69-3682-4D28-8D99-B7D311B46E2C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F32333F3-31F1-4387-91F8-A1CD30652144}D:\programy\equilator\equilator.exe" = protocol=6 | dir=in | app=d:\programy\equilator\equilator.exe |
"TCP Query User{FA7B58F7-DE5D-44B7-85C3-E00BAD17A413}D:\hry\medal\mp\mohmpgame.exe" = protocol=6 | dir=in | app=d:\hry\medal\mp\mohmpgame.exe |
"TCP Query User{FCCF91A8-B27C-41AF-92CA-858445C44118}D:\hry\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\hry\max payne 3\maxpayne3.exe |
"TCP Query User{FD62E733-8549-47E8-92DF-3E0AA145E715}D:\hry\nba 2k12\nba2k12.exe" = protocol=6 | dir=in | app=d:\hry\nba 2k12\nba2k12.exe |
"TCP Query User{FD9414B4-C10F-4010-BF07-00C0FA22CD47}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{0118E524-6CDD-456E-B82C-54977A1CB3F5}D:\hry\gtaiva\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\hry\gtaiva\grand theft auto iv\gtaiv.exe |
"UDP Query User{066F0A03-AB70-4A6E-AFBB-C79D07747ED9}D:\hry\hamachi\hamachi.exe" = protocol=17 | dir=in | app=d:\hry\hamachi\hamachi.exe |
"UDP Query User{0AC66F78-33AC-48A7-9D27-4E163BFEEE6E}D:\hry\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\hry\crysis 2\bin32\crysis2.exe |
"UDP Query User{0AE48BC0-2ED9-419B-90AA-97345D26A9AF}D:\hry\assasin's creed brotherhood\acbsp.exe" = protocol=17 | dir=in | app=d:\hry\assasin's creed brotherhood\acbsp.exe |
"UDP Query User{0E4A8237-12BF-4550-92FC-47220B252362}D:\hry\cs\hl.exe" = protocol=17 | dir=in | app=d:\hry\cs\hl.exe |
"UDP Query User{1592928E-FE8A-4301-A95A-D01CF3675CD2}D:\david\bitlord\downloads\nba_2k11-flt\flt-nb11\fairlight\nba2k11.exe" = protocol=17 | dir=in | app=d:\david\bitlord\downloads\nba_2k11-flt\flt-nb11\fairlight\nba2k11.exe |
"UDP Query User{15C7E039-B82E-45EF-891B-9B0514FB7EEC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{1C6A1EA2-E93C-41DB-808F-AAA26B5FBFCD}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1C74893F-053F-420C-904E-F0D5F479E641}D:\hry\fifa\game\fifa.exe" = protocol=17 | dir=in | app=d:\hry\fifa\game\fifa.exe |
"UDP Query User{1DB4FB7F-1ED4-4F90-A4A5-F1C4A48BEE2D}D:\hry\assasin's creed brotherhood\acbsp.exe" = protocol=17 | dir=in | app=d:\hry\assasin's creed brotherhood\acbsp.exe |
"UDP Query User{1FACA51F-F660-4F39-AA4B-A5F3AE1CD2C0}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{228848C8-5C44-4B29-AD67-09704763E25C}D:\hry\l4d\left4dead\left4dead.exe" = protocol=17 | dir=in | app=d:\hry\l4d\left4dead\left4dead.exe |
"UDP Query User{22BD9C34-F2CD-4980-A3CC-4B9A86F0458A}D:\hry\medal\binaries\moh.exe" = protocol=17 | dir=in | app=d:\hry\medal\binaries\moh.exe |
"UDP Query User{238CDA06-0ED1-4C5B-9B18-C44BBFA13447}C:\users\tomášek\downloads\teamspeak3-server_win32-3.0.6.1\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=c:\users\tomášek\downloads\teamspeak3-server_win32-3.0.6.1\teamspeak3-server_win32\ts3server_win32.exe |
"UDP Query User{253166F5-B55C-4098-9223-2BD18EFA7250}D:\hry\maxpayne3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\hry\maxpayne3\maxpayne3.exe |
"UDP Query User{2CCF37BD-37B3-4901-9615-801106DF73B7}D:\hry\assasin's creed relevations\acrsp.exe" = protocol=17 | dir=in | app=d:\hry\assasin's creed relevations\acrsp.exe |
"UDP Query User{3D4474E4-3DA9-447F-B3FB-C2E40117463E}D:\hry\supreme snb\supreme.exe" = protocol=17 | dir=in | app=d:\hry\supreme snb\supreme.exe |
"UDP Query User{3F95F116-5606-4A70-9D1F-18A420DB2EEC}D:\hry\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\hry\max payne 3\maxpayne3.exe |
"UDP Query User{418F316D-19EA-4464-AC81-38AE10807E72}D:\hry\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\hry\batman arkham city\binaries\win32\batmanac.exe |
"UDP Query User{424AB7FB-87F9-4767-92A4-1E074AE8F3FB}D:\hry\gta\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\hry\gta\grand theft auto iv\gtaiv.exe |
"UDP Query User{431ACBF9-5CAB-40B3-BB3B-400AE3BE8E9E}D:\hry\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=d:\hry\medal of honor\binaries\moh.exe |
"UDP Query User{44FAD1EC-57E7-40A9-9653-52B2045E54DC}C:\program files\maxon\net render r13 client\net render client.exe" = protocol=17 | dir=in | app=c:\program files\maxon\net render r13 client\net render client.exe |
"UDP Query User{45ADF1D2-F7EB-49D8-B971-C6FC6A26025B}D:\hry\cs 1.6\hl.exe" = protocol=17 | dir=in | app=d:\hry\cs 1.6\hl.exe |
"UDP Query User{45D80DE0-A368-4F88-B9D6-AD1E5374A97B}D:\hry\brotherhood\acbsp.exe" = protocol=17 | dir=in | app=d:\hry\brotherhood\acbsp.exe |
"UDP Query User{473D7143-A3B7-418B-9A4C-D4334CAB4D8B}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{497B37F6-FD66-41B9-9BE7-BB7D9604A081}D:\hry\need for speed hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=d:\hry\need for speed hot pursuit\nfs11.exe |
"UDP Query User{500119B0-DEB9-4073-A323-540328E05553}D:\programy\sonyvegas\vegsrv90.exe" = protocol=17 | dir=in | app=d:\programy\sonyvegas\vegsrv90.exe |
"UDP Query User{5023F13C-9E70-4B58-9906-8626E6A01D4D}D:\programy\bsplayer\bsplayer.exe" = protocol=17 | dir=in | app=d:\programy\bsplayer\bsplayer.exe |
"UDP Query User{5094AF3B-B90F-40B2-823D-3BC9C3ED99BE}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{5163ED38-30D8-4182-8C14-1C3484E17D76}D:\hry\cry2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\hry\cry2\bin32\crysis2.exe |
"UDP Query User{520E2988-D3B4-4A92-B6CD-711840A2931B}D:\hry\medal\mp\mohmpgame.exe" = protocol=17 | dir=in | app=d:\hry\medal\mp\mohmpgame.exe |
"UDP Query User{52DC2FE1-F6F9-4377-A282-A6AD836B417F}D:\hry\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\hry\f.e.a.r. 3\f.e.a.r. 3.exe |
"UDP Query User{53F3BFE2-B577-4D2E-9BDA-952FE24F95E4}C:\users\tomášek\downloads\survivers_beta_3\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\users\tomášek\downloads\survivers_beta_3\survivers_beta_3.exe |
"UDP Query User{55C79CCA-D561-4ED1-8DF6-1D1A56A1F7BF}D:\hry\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\hry\max payne 3\maxpayne3.exe |
"UDP Query User{59FE8134-E094-4ECE-BBA5-DC23049F5262}D:\hry\hl.exe" = protocol=17 | dir=in | app=d:\hry\hl.exe |
"UDP Query User{61A37E6F-82CC-4C4F-BEC2-4F31505D5A55}D:\hry\pes 12\pes2012.exe" = protocol=17 | dir=in | app=d:\hry\pes 12\pes2012.exe |
"UDP Query User{63AD6429-6C7F-4C14-A97C-D055B7CB3F28}D:\hry\assassin\server.exe" = protocol=17 | dir=in | app=d:\hry\assassin\server.exe |
"UDP Query User{67217D2F-0FFB-403C-95A1-7BFF4AE3C479}D:\hry\maxpayne3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\hry\maxpayne3\maxpayne3.exe |
"UDP Query User{68D747C3-5E76-42D3-9776-2458532D11FC}D:\programy\equilator\equilator.exe" = protocol=17 | dir=in | app=d:\programy\equilator\equilator.exe |
"UDP Query User{6AA2A441-127A-4E78-A8E1-927998C078DF}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{6B226226-C4B4-498F-819D-DC60E1B4D125}D:\programy\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=d:\programy\garena plus\room\garena_room.exe |
"UDP Query User{6F767746-3271-4068-B53C-8BEE62244CEC}D:\hry\orcs must die 2\build\release\orcsmustdie2.exe" = protocol=17 | dir=in | app=d:\hry\orcs must die 2\build\release\orcsmustdie2.exe |
"UDP Query User{70A01876-5C1D-4A14-8712-2A1D4EBD33F3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{82175191-CD2D-4FC4-B803-946A7C55DD74}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{825554E1-619A-494F-AE56-03A06272B79F}D:\hry\counter-strike global offensive\steam\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=17 | dir=in | app=d:\hry\counter-strike global offensive\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"UDP Query User{8B004002-6855-4A9D-9D96-26BCD8B8B5A4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{91826C99-E54B-41A0-B696-71D73D1662BD}D:\hry\fifa\game\fifa.exe" = protocol=17 | dir=in | app=d:\hry\fifa\game\fifa.exe |
"UDP Query User{91C10D49-1A6A-4F8C-966F-2AAB152BF14D}D:\hry\arma 2\arma2.exe" = protocol=17 | dir=in | app=d:\hry\arma 2\arma2.exe |
"UDP Query User{971F7109-4534-4558-B707-A58FD95E8D26}D:\david\bitlord\bitlord.exe" = protocol=17 | dir=in | app=d:\david\bitlord\bitlord.exe |
"UDP Query User{973010E7-D98B-4FD4-A353-7EEF5ACFF86A}D:\hry\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\hry\crysis 2\bin32\crysis2.exe |
"UDP Query User{98638869-DB53-4E8F-8089-F16253BE8702}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{98F9592A-3B4F-4F5E-B78C-AFBC80B7EDBB}D:\hry\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\hry\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{9E581BAE-CFAE-43CD-A742-D57FE720D610}D:\hry\nfs\nfs11.exe" = protocol=17 | dir=in | app=d:\hry\nfs\nfs11.exe |
"UDP Query User{9EEF0D1F-935E-485F-B027-5B265BF71835}D:\david\bitlord\downloads\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\david\bitlord\downloads\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe |
"UDP Query User{A30B0066-29E7-4A13-ADF3-F4F6BB31073A}D:\hry\call of duty black ops 2\t6sp.exe" = protocol=17 | dir=in | app=d:\hry\call of duty black ops 2\t6sp.exe |
"UDP Query User{A7DF673E-83C9-417D-9BF8-6DF8DC7AC103}D:\hry\colin mcrae dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=d:\hry\colin mcrae dirt 2\dirt2_game.exe |
"UDP Query User{B18DA6FF-DCDA-4797-898F-503E52D6F2C4}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{BA621498-5AD1-4633-967F-E46A4A947FFA}D:\hry\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=d:\hry\modern warfare 2\iw4mp.exe |
"UDP Query User{BAB8EB53-A920-48A8-83BE-FF916C8CC173}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{BF1CD771-5674-453D-8489-D5D73EE01C0B}D:\hry\cs\hl.exe" = protocol=17 | dir=in | app=d:\hry\cs\hl.exe |
"UDP Query User{BF41B6B2-1DEC-4BDA-8905-E80D3AEFA2F3}D:\hry\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\hry\fifa 12\game\fifa.exe |
"UDP Query User{C634A5E2-F63A-47EB-83D8-6D795F940058}D:\hry\colin mcrae dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=d:\hry\colin mcrae dirt 3\dirt3_game.exe |
"UDP Query User{C6DD8973-E356-496E-976B-51F42C4CA391}D:\hry\s.w.a.t. 4\content\system\swat4.exe" = protocol=17 | dir=in | app=d:\hry\s.w.a.t. 4\content\system\swat4.exe |
"UDP Query User{D525724F-5DAF-4F55-A01C-D93DC35A8C41}D:\hry\cod\codwaw lanfixed.exe" = protocol=17 | dir=in | app=d:\hry\cod\codwaw lanfixed.exe |
"UDP Query User{DDF57889-F674-45B7-A075-AD9F2B7CBA51}D:\hry\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=d:\hry\need for speed most wanted\nfs13.exe |
"UDP Query User{E034110F-C544-4F16-86A1-4FF37DCC2682}D:\hry\blur\blur.exe" = protocol=17 | dir=in | app=d:\hry\blur\blur.exe |
"UDP Query User{E0F69F74-F652-41D3-ABF2-98BDE4437AF7}D:\hry\nfs world\data\nfsw.exe" = protocol=17 | dir=in | app=d:\hry\nfs world\data\nfsw.exe |
"UDP Query User{E31A2170-24F0-46A5-9A7F-FD732CE3BE3E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{E5BFE8F3-B358-4C66-842F-4D57F43EDDB1}D:\hry\nba 2k12\nba2k12.exe" = protocol=17 | dir=in | app=d:\hry\nba 2k12\nba2k12.exe |
"UDP Query User{E6BB59F8-2792-4DF4-B161-475C52A1D5D8}D:\hry\portal 2\portal2.exe" = protocol=17 | dir=in | app=d:\hry\portal 2\portal2.exe |
"UDP Query User{EAA427FE-89CF-49E8-B05E-58084FA9CD61}C:\users\tomášek\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\tomášek\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{EAC601FC-A6FC-4CEB-9996-3477D927D1E1}D:\david\bitlord\bitlord.exe" = protocol=17 | dir=in | app=d:\david\bitlord\bitlord.exe |
"UDP Query User{F2C176F7-7442-490C-8EE6-47B7809D27CD}D:\hry\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\hry\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{F76D8B22-ACD6-4C12-982E-4D28E6980012}D:\hry\nfs shift 2\shift2u.exe" = protocol=17 | dir=in | app=d:\hry\nfs shift 2\shift2u.exe |
"UDP Query User{FAA38156-3263-4674-9523-8802D0C4B006}C:\users\tomášek\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\tomášek\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{FDB48AA3-7CE4-41E5-98DC-DBC0A8E070AD}D:\hry\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\hry\tmnationsforever\tmforever.exe |
"UDP Query User{FE1FEC4E-444C-4CF4-835B-2B6D8005AE39}D:\hry\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=d:\hry\saints row the third\saintsrowthethird_dx11.exe |

2petterson · #12 Příspěvek od **2petterson** » 27 led 2013 21:01

OTL logfile created on: 27.1.2013 20:26:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tomášek\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,50 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 53,27% Memory free
6,99 Gb Paging File | 4,82 Gb Available in Paging File | 68,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488,18 Gb Total Space | 123,17 Gb Free Space | 25,23% Space Free | Partition Type: NTFS
Drive D: | 908,98 Gb Total Space | 487,35 Gb Free Space | 53,61% Space Free | Partition Type: NTFS

Computer Name: MILAN-PC | User Name: Tomášek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.01.27 20:22:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tomášek\Desktop\OTL.exe
PRC - [2013.01.26 20:35:52 | 000,079,872 | RHS- | M] () -- C:\Users\Tomášek\46357865364647353\winsvc.exe
PRC - [2013.01.18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012.08.03 15:06:06 | 001,086,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.08.01 15:07:16 | 000,724,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.08.01 15:07:06 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.08.01 15:07:00 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012.08.01 15:06:58 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011.06.14 16:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011.05.25 05:07:48 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.05.25 05:07:18 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.03.25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010.03.10 01:10:38 | 000,086,016 | ---- | M] () -- D:\programy\3ds\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

========== Modules (No Company Name) ==========

MOD - [2013.01.26 20:35:52 | 000,079,872 | RHS- | M] () -- C:\Users\Tomášek\46357865364647353\winsvc.exe
MOD - [2013.01.18 09:07:02 | 012,459,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
MOD - [2013.01.18 09:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013.01.18 09:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013.01.18 09:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013.01.18 09:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013.01.18 09:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
MOD - [2012.08.03 15:07:06 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.08.03 15:06:50 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.08.03 15:06:50 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.08.03 15:06:48 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.08.03 15:06:46 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.08.03 15:06:44 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.08.03 15:06:44 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.08.03 15:06:42 | 008,506,792 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.08.03 15:06:42 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.08.03 15:06:42 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.08.03 15:06:40 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.08.03 15:06:40 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.08.03 15:06:36 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.08.03 15:06:32 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.08.03 15:06:32 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.08.03 15:06:30 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.08.03 15:06:02 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012.08.03 15:05:24 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.07.02 10:29:08 | 000,391,600 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.07.02 10:29:08 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.07.02 10:28:20 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2010.02.10 17:10:12 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - [2013.01.14 21:23:40 | 001,531,352 | ---- | M] (Echobit LLC) [On_Demand | Stopped] -- D:\programy\evolve\EvoSvc.exe -- (EvoSvc)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.04 18:24:16 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.14 10:01:59 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.23 10:23:35 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.08.01 15:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.05.25 05:07:18 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.10.19 22:28:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.10 01:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\programy\3ds\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\programy\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\TOMEK~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aup8lr3w)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\TOMEK~1\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012.10.01 18:44:00 | 000,018,584 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\evolve.sys -- (EvolveVirtualAdapter)
DRV - [2012.09.20 21:38:45 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.06.27 14:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 16:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 16:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.05.25 07:25:22 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.05.25 07:25:22 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.05.25 04:24:52 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.10.21 14:37:17 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.04.12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.09.30 15:33:56 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.01.17 21:35:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007.11.07 19:15:44 | 000,012,928 | ---- | M] (Padix Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DynCal.sys -- (DynCal)
DRV - [2007.06.04 17:25:14 | 000,016,048 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2007.06.04 17:25:12 | 000,162,096 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\CLBUDF.sys -- (CLBUDF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-260079375-1809308530-3501432244-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-260079375-1809308530-3501432244-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-260079375-1809308530-3501432244-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-260079375-1809308530-3501432244-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-260079375-1809308530-3501432244-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: plugin2@gameplaylabs.com:2.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.02.04 20:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 10:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.09 10:44:10 | 000,000,000 | ---D | M]

[2010.10.20 14:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomášek\AppData\Roaming\mozilla\Extensions
[2013.01.27 18:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomášek\AppData\Roaming\mozilla\Firefox\Profiles\s0l73o2l.default\extensions
[2012.09.14 10:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.09.14 10:02:00 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.12 23:04:35 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.02.12 23:04:35 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.02.12 23:04:35 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.02.12 23:04:35 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.02.12 23:04:35 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tom\u00E1\u0161ek\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Tom\u00E1\u0161ek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - Extension: Entanglement = C:\Users\Tomášek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube = C:\Users\Tomášek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Tomášek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Play Music = C:\Users\Tomášek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\
CHR - Extension: AudioSauna = C:\Users\Tomášek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae\0.402_0\
CHR - Extension: Rychl\u00E9 p\u0159em\u00EDst\u011Bn\u00ED Google = C:\Users\Tomášek\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2_0\
CHR - Extension: Marc Ecko = C:\Users\Tomášek\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk\2_0\
CHR - Extension: Zynga Poker = C:\Users\Tomášek\AppData\Local\Google\Chrome\User Data\Default\Extensions\peddmilojilieaeimfbohkbefjkdlgkl\1_0\
CHR - Extension: Gmail = C:\Users\Tomášek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013.01.27 18:00:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-260079375-1809308530-3501432244-1003..\Run: [Microsoft Windows Service] C:\Users\Tomášek\46357865364647353\winsvc.exe ()
O4 - HKU\S-1-5-21-260079375-1809308530-3501432244-1003..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Live.lnk = C:\Program Files\JRE\Folding@home.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-260079375-1809308530-3501432244-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-260079375-1809308530-3501432244-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\david\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\david\Desktop\PartyPoker.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.48.31.69 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0885B3D9-FAE8-44EA-9810-D2E3A2C52F3C}: DhcpNameServer = 77.48.31.69 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AD809A9-BDE7-4BD2-98D9-577DF3A99B80}: DhcpNameServer = 93.153.117.33 93.153.117.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.CFHD - C:\Windows\System32\CFHD.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.mjpg - C:\Windows\System32\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.01.27 20:22:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tomášek\Desktop\OTL.exe
[2013.01.27 18:02:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.27 18:02:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.27 18:02:14 | 000,000,000 | ---D | C] -- C:\Users\Tomášek\AppData\Local\temp
[2013.01.27 17:46:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.27 17:46:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.27 17:46:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.27 17:45:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.27 17:44:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.27 17:36:43 | 005,027,618 | R--- | C] (Swearware) -- C:\Users\Tomášek\Desktop\ComboFix.exe
[2013.01.27 15:41:05 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Tomášek\Desktop\rkill.com
[2013.01.27 13:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.01.27 13:14:42 | 000,000,000 | ---D | C] -- C:\rsit
[2013.01.26 20:35:53 | 000,000,000 | RHSD | C] -- C:\Users\Tomášek\46357865364647353
[2013.01.24 12:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2013.01.24 12:31:01 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.24 12:31:01 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.24 12:31:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.21 21:05:43 | 000,000,000 | ---D | C] -- C:\Users\Tomášek\Documents\Assassin's Creed III
[2013.01.21 20:16:19 | 000,000,000 | ---D | C] -- C:\Users\Tomášek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013.01.21 17:35:52 | 000,000,000 | ---D | C] -- C:\Users\Tomášek\AppData\Roaming\Need for Speed Most Wanted
[2011.04.24 11:47:59 | 012,418,248 | ---- | C] (Mozilla) -- C:\Users\Tomášek\Firefox Setup 4.0.exe

========== Files - Modified Within 7 Days ==========

[2013.01.27 20:30:04 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.27 20:27:46 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.01.27 20:22:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tomášek\Desktop\OTL.exe
[2013.01.27 20:21:16 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.27 18:45:13 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 18:45:13 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 18:38:29 | 000,000,000 | -H-- | M] () -- C:\Users\Tomášek\AppData\Roaming\winsvcns.sys
[2013.01.27 18:37:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.27 18:37:50 | 2815,025,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.27 18:36:46 | 000,000,147 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.01.27 18:26:18 | 000,580,235 | ---- | M] () -- C:\Users\Tomášek\Desktop\adwcleaner.exe
[2013.01.27 18:00:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.27 17:37:30 | 005,027,618 | R--- | M] (Swearware) -- C:\Users\Tomášek\Desktop\ComboFix.exe
[2013.01.27 15:41:23 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Tomášek\Desktop\rkill.com
[2013.01.27 12:02:30 | 000,002,117 | ---- | M] () -- C:\Users\Tomášek\Desktop\Microsoft Security Essentials.lnk
[2013.01.27 12:00:17 | 001,252,502 | ---- | M] () -- C:\Users\Tomášek\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
[2013.01.27 12:00:07 | 000,218,774 | ---- | M] () -- C:\Users\Tomášek\AppData\Roaming\nMNtffsdf5ev.exe
[2013.01.27 11:36:38 | 000,674,520 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.01.27 11:36:38 | 000,660,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.27 11:36:38 | 000,143,280 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.01.27 11:36:38 | 000,124,260 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.22 14:41:26 | 000,000,554 | ---- | M] () -- C:\Users\Tomášek\Desktop\AC3SP – zástupce.lnk
[2013.01.21 20:16:02 | 000,001,159 | ---- | M] () -- C:\Users\Tomášek\Desktop\Uplay.lnk
[2013.01.21 20:13:02 | 000,002,082 | ---- | M] () -- C:\Users\Tomášek\Desktop\floor_wood_board_textures_wood_panels_wood_texture_1680x1050_wallpaper_Wallpaper_2560x1600_www.wallpaperswa.com – zástupce.lnk
[2013.01.21 17:35:57 | 000,000,721 | ---- | M] () -- C:\Users\Tomášek\Desktop\Need for Speed Most Wanted.lnk

========== Files Created - No Company Name ==========

[2013.01.27 20:27:46 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.01.27 18:36:23 | 000,000,147 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.01.27 18:26:16 | 000,580,235 | ---- | C] () -- C:\Users\Tomášek\Desktop\adwcleaner.exe
[2013.01.27 17:46:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.27 17:46:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.27 17:46:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.27 17:46:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.27 17:46:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.27 12:02:30 | 000,002,117 | ---- | C] () -- C:\Users\Tomášek\Desktop\Microsoft Security Essentials.lnk
[2013.01.27 11:24:13 | 001,252,502 | ---- | C] () -- C:\Users\Tomášek\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
[2013.01.27 11:24:06 | 000,218,774 | ---- | C] () -- C:\Users\Tomášek\AppData\Roaming\nMNtffsdf5ev.exe
[2013.01.27 11:23:52 | 000,000,000 | -H-- | C] () -- C:\Users\Tomášek\AppData\Roaming\winsvcns.sys
[2013.01.22 14:41:26 | 000,000,554 | ---- | C] () -- C:\Users\Tomášek\Desktop\AC3SP – zástupce.lnk
[2013.01.21 20:16:02 | 000,001,159 | ---- | C] () -- C:\Users\Tomášek\Desktop\Uplay.lnk
[2013.01.21 17:35:57 | 000,000,721 | ---- | C] () -- C:\Users\Tomášek\Desktop\Need for Speed Most Wanted.lnk
[2013.01.14 19:24:21 | 000,022,328 | ---- | C] () -- C:\Users\Tomášek\AppData\Roaming\PnkBstrK.sys
[2013.01.01 19:41:32 | 000,000,838 | ---- | C] () -- C:\Windows\Mhpb.ini
[2012.12.05 20:46:20 | 000,000,132 | ---- | C] () -- C:\Users\Tomášek\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012.11.21 14:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.11.08 20:25:57 | 000,000,132 | ---- | C] () -- C:\Users\Tomášek\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.10.27 16:34:09 | 000,000,218 | ---- | C] () -- C:\Users\Tomášek\AppData\Local\recently-used.xbel
[2012.09.28 22:23:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2012.09.11 20:25:40 | 000,007,627 | ---- | C] () -- C:\Users\Tomášek\AppData\Local\resmon.resmoncfg
[2012.08.09 08:40:32 | 000,065,576 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2012.08.09 08:40:28 | 000,022,560 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2012.05.25 19:34:29 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.01.27 21:37:07 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.01.27 21:37:04 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.01.08 21:24:39 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2011.10.26 11:20:23 | 000,004,951 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.10.11 13:32:15 | 000,003,584 | ---- | C] () -- C:\Users\Tomášek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.02.28 22:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.10.06 21:42:52 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\.minecraft
[2012.04.07 17:36:48 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\2K Sports
[2012.08.23 10:23:37 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Autodesk
[2012.10.05 13:41:29 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\BANDISOFT
[2012.05.30 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\bizarre creations
[2010.10.28 22:19:15 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\BlackBean
[2012.01.02 18:07:30 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\BSplayer
[2010.12.23 20:07:04 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\BSplayer Pro
[2011.09.29 19:02:13 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\com.adobe.ExMan
[2012.04.08 20:10:20 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\DAEMON Tools Lite
[2012.09.24 13:35:00 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\GarenaPlus
[2011.09.29 21:54:56 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\GoPro
[2010.10.20 19:53:52 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Leadertech
[2011.07.03 10:45:20 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\LolClient
[2012.09.21 00:17:23 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Microgaming
[2011.07.28 17:06:24 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Nokia
[2011.10.22 16:44:31 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Origin
[2012.05.06 09:47:55 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\PacificPoker
[2012.12.02 12:34:56 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Party
[2013.01.13 15:42:15 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\PC Suite
[2012.11.18 18:56:50 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Publish Providers
[2012.01.27 21:37:01 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\PunkBuster
[2012.11.18 18:56:44 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Sony
[2012.09.28 22:21:30 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Tunngle
[2012.10.14 18:38:50 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Ubisoft
[2011.11.04 15:54:15 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Ulead Systems
[2011.08.09 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Hanka\AppData\Roaming\Nokia
[2011.08.09 16:03:20 | 000,000,000 | ---D | M] -- C:\Users\Hanka\AppData\Roaming\Nokia Ovi Suite
[2011.08.09 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Hanka\AppData\Roaming\PC Suite
[2011.11.19 13:35:17 | 000,000,000 | ---D | M] -- C:\Users\Hanka\AppData\Roaming\Ulead Systems
[2010.10.29 17:01:06 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\BlackBean
[2011.04.10 17:14:40 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\BSplayer
[2010.10.29 17:00:51 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\DAEMON Tools Lite
[2010.10.16 10:10:26 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\GHISLER
[2012.12.24 09:51:32 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\MetaQuotes
[2011.02.04 15:27:51 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\Nokia
[2011.01.08 11:34:59 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\Nokia Ovi Suite
[2012.10.29 12:03:22 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\Nokia Suite
[2011.08.09 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\PC Suite
[2011.11.04 09:35:03 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\Ulead Systems
[2013.01.26 22:54:36 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\.minecraft
[2012.08.23 12:33:37 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Autodesk
[2012.10.15 14:10:19 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\BANDISOFT
[2012.10.30 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\BitLord
[2012.06.01 14:27:29 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\bizarre creations
[2010.10.30 12:47:48 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\BlackBean
[2012.11.16 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\BSplayer
[2012.11.26 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Call of Duty Black Ops 2
[2010.10.30 12:47:40 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\DAEMON Tools Lite
[2012.09.29 19:31:53 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Day 1 Studios
[2012.04.26 18:39:45 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\FileZilla
[2012.09.29 20:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\GarenaPlus
[2011.08.06 18:13:39 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\GHISLER
[2011.07.03 16:59:10 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\LolClient
[2012.12.28 07:37:21 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\MAXON
[2012.01.30 18:04:11 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Microgaming
[2013.01.21 17:35:52 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Need for Speed Most Wanted
[2012.03.11 20:00:11 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Need for Speed World
[2011.12.22 18:51:58 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Nokia
[2011.05.21 12:41:09 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Nokia Ovi Suite
[2012.01.22 14:48:24 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Origin
[2011.02.10 16:48:46 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\PC Suite
[2012.03.23 20:50:02 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Publish Providers
[2012.10.26 22:56:02 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Python-Eggs

2petterson · #13 Příspěvek od **2petterson** » 27 led 2013 21:01

[2012.10.15 16:14:00 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Sony
[2012.06.25 15:05:43 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Sony Creative Software
[2012.10.15 16:28:34 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Sony Creative Software Inc
[2012.10.27 14:52:14 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Spirited Machine
[2011.11.12 17:39:43 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.08.08 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\The Creative Assembly
[2013.01.16 21:54:21 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\TS3Client
[2013.01.15 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\ts3overlay
[2012.10.30 15:21:05 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Tunngle
[2012.09.12 21:03:38 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Ubisoft
[2011.11.04 14:12:11 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Ulead Systems
[2012.10.15 15:02:01 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Uniblue
[2012.10.15 15:09:05 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 05:53:46 | 000,032,624 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.02.04 12:28:01 | 000,000,934 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.02.04 12:28:04 | 000,000,938 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 05:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 06:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.09.29 17:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2012.08.22 18:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011.04.25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 17:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2012.03.30 11:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011.09.29 16:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2010.04.09 08:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
[2010.04.09 08:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
[2011.09.29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011.04.25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012.03.30 11:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011.04.25 05:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012.03.30 10:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011.06.21 06:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010.06.14 07:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2012.08.22 18:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2010.06.14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011.06.21 06:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2012.10.03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2011.06.21 07:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012.10.03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\erdnt\cache\tcpip.sys
[2012.10.03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\System32\drivers\tcpip.sys
[2012.10.03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2012.03.30 11:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< >

< %systemroot%*.* /U /s >
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Globalization\*.tmp files -> C:\Windows\Globalization\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\*.tmp files -> C:\Windows\inf\Ovi Player\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\0000\*.tmp files -> C:\Windows\inf\Ovi Player\0000\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\0005\*.tmp files -> C:\Windows\inf\Ovi Player\0005\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\0009\*.tmp files -> C:\Windows\inf\Ovi Player\0009\*.tmp -> ]
[5 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\c1478e60817548b20a3734dbc43fdd8f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c1478e60817548b20a3734dbc43fdd8f\*.tmp -> ]
[5 C:\Windows\System32\config\systemprofile\AppData\Roaming\CyberLink\RVInfo\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Roaming\CyberLink\RVInfo\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.01.26 22:54:36 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\.minecraft
[2012.11.25 22:06:02 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Adobe
[2011.11.12 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Adobe Mini Bridge CS5
[2012.12.25 00:29:06 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Apple Computer
[2010.10.20 14:30:01 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\ATI
[2012.08.23 12:33:37 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Autodesk
[2012.10.15 14:10:19 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\BANDISOFT
[2012.10.30 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\BitLord
[2012.06.01 14:27:29 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\bizarre creations
[2010.10.30 12:47:48 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\BlackBean
[2012.11.16 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\BSplayer
[2012.11.26 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Call of Duty Black Ops 2
[2012.02.11 13:19:58 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\CyberLink
[2010.10.30 12:47:40 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\DAEMON Tools Lite
[2012.09.29 19:31:53 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Day 1 Studios
[2012.04.26 18:39:45 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\FileZilla
[2012.09.29 20:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\GarenaPlus
[2011.08.06 18:13:39 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\GHISLER
[2012.10.01 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Hamachi
[2010.10.20 14:29:27 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Identities
[2011.06.18 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\InstallShield Installation Information
[2011.07.03 16:59:10 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\LolClient
[2010.10.20 14:38:11 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Macromedia
[2012.12.28 07:37:21 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\MAXON
[2009.07.14 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Media Center Programs
[2012.01.30 18:04:11 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Microgaming
[2012.11.03 14:57:25 | 000,000,000 | --SD | M] -- C:\Users\Tomášek\AppData\Roaming\Microsoft
[2010.10.20 14:31:34 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Mozilla
[2013.01.21 17:35:52 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Need for Speed Most Wanted
[2012.03.11 20:00:11 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Need for Speed World
[2010.10.20 14:29:59 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Nero
[2011.12.22 18:51:58 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Nokia
[2011.05.21 12:41:09 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Nokia Ovi Suite
[2012.01.22 14:48:24 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Origin
[2011.02.10 16:48:46 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\PC Suite
[2012.03.23 20:50:02 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Publish Providers
[2012.10.26 22:56:02 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Python-Eggs
[2012.05.01 18:38:26 | 000,000,000 | RH-D | M] -- C:\Users\Tomášek\AppData\Roaming\SecuROM
[2013.01.27 17:25:52 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Skype
[2012.10.15 16:14:00 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Sony
[2012.06.25 15:05:43 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Sony Creative Software
[2012.10.15 16:28:34 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Sony Creative Software Inc
[2012.10.27 14:52:14 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Spirited Machine
[2011.11.12 17:39:43 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.08.08 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\The Creative Assembly
[2013.01.16 21:54:21 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\TS3Client
[2013.01.15 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\ts3overlay
[2012.10.30 15:21:05 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Tunngle
[2012.09.12 21:03:38 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Ubisoft
[2011.11.04 14:12:11 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Ulead Systems
[2012.10.15 15:02:01 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\Uniblue
[2012.10.15 15:09:05 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\uTorrent
[2011.01.20 13:46:01 | 000,000,000 | ---D | M] -- C:\Users\Tomášek\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2013.01.27 12:00:17 | 001,252,502 | ---- | M] () -- C:\Users\Tomášek\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
[2013.01.27 12:00:07 | 000,218,774 | ---- | M] () -- C:\Users\Tomášek\AppData\Roaming\nMNtffsdf5ev.exe
[2012.11.26 16:13:00 | 001,144,446 | ---- | M] () -- C:\Users\Tomášek\AppData\Roaming\Call of Duty Black Ops 2\Uninstall\unins000.exe
[2013.01.21 17:16:23 | 000,932,480 | ---- | M] () -- C:\Users\Tomášek\AppData\Roaming\Need for Speed Most Wanted\Uninstall\unins000.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2013.01.27 20:21:16 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.01.27 20:30:04 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.10.21 14:37:17 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.01.27 18:45:13 | 000,015,344 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 18:45:13 | 000,015,344 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 11:36:38 | 000,143,280 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2013.01.27 11:36:38 | 000,124,260 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2013.01.27 11:36:38 | 000,674,520 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2013.01.27 11:36:38 | 000,660,264 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2013.01.27 11:36:38 | 001,600,604 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"NokiaSuite.exe" = C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray -- [2012.08.03 15:06:06 | 001,086,376 | ---- | M] (Nokia)
"Microsoft Windows Service" = C:\Users\Tomášek\46357865364647353\winsvc.exe -- [2013.01.26 20:35:52 | 000,079,872 | RHS- | M] ()

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.09.14 10:02:00 | 000,917,984 | ---- | M] (Mozilla Corporation) MD5=9C376F42BDE37F18D0A39AF7415D9BE6 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2010.11.20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.01.18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.) MD5=CEB132745142C85988317E9A4CA36B08 -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.01.27 20:27:46 | 000,000,512 | ---- | M] () MD5=292D09DC7E84EA1CE3388059CEFC0D3F -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2011.11.06 17:04:10 | 000,213,474 | ---- | M] () -- \Poker\William Hill Poker\data\slots_pinkpanther40line\animations\bonus_crack\crack_intro.swf
[2011.11.06 17:05:15 | 000,028,809 | ---- | M] () -- \Poker\William Hill Poker\data\slots_pinkpanther40line\bonus\win_msg\bonus_crackpink_txt.png
[2011.11.06 17:05:34 | 000,002,094 | ---- | M] () -- \Poker\William Hill Poker\data\slots_pinkpanther40line\sounds\bonus\crack_the_pink_bonus\crack_mouse_over.mp3
[2011.11.06 17:05:34 | 000,025,082 | ---- | M] () -- \Poker\William Hill Poker\data\slots_pinkpanther40line\sounds\bonus\crack_the_pink_bonus\crack_open_door_2.mp3
[2011.11.06 17:05:34 | 000,122,884 | ---- | M] () -- \Poker\William Hill Poker\data\slots_pinkpanther40line\sounds\bonus\crack_the_pink_bonus\crack_open_door_bomb.mp3
[2011.11.06 17:05:34 | 000,109,927 | ---- | M] () -- \Poker\William Hill Poker\data\slots_pinkpanther40line\sounds\bonus\crack_the_pink_bonus\crack_pending_eff.mp3
[2010.03.24 21:18:09 | 000,243,712 | ---- | M] () -- \Program Files\Adobe\Adobe After Effects CS4\Support Files\Plug-ins\Optical Flares\OpticalFlaresCrack(Spider).exe
[2008.08.07 11:28:04 | 001,159,409 | ---- | M] () -- \Program Files\Adobe\Adobe After Effects CS4\Support Files\Presets\Image - Special Effects\Cracked Tiles.ffx
[2012.05.30 21:04:24 | 000,000,628 | ---- | M] () -- \Users\david\AppData\Roaming\Microsoft\Windows\Recent\Blur_Crack.lnk
[2013.01.03 20:26:28 | 000,000,659 | ---- | M] () -- \Users\Tomášek\AppData\Roaming\Microsoft\Windows\Recent\CS GO Steam Crack [UPDATED].lnk
[2013.01.26 21:35:59 | 000,032,975 | ---- | M] () -- \Users\Tomášek\Downloads\Call.of.Duty4-Razor1911+Keygen.and.Crack.torrent
[2013.01.03 20:36:01 | 000,273,408 | ---- | M] () -- \Users\Tomášek\Downloads\Crack All Steam Games.exe
[2013.01.03 20:26:01 | 000,538,660 | ---- | M] () -- \Users\Tomášek\Downloads\CS GO Steam Crack [UPDATED].rar
[2012.11.10 07:26:51 | 000,717,824 | ---- | M] () -- \Users\Tomášek\Downloads\CS GO Steam Crack [UPDATED]\CS GO Crack for Steam [UPDATE].Exe
[2011.02.18 15:13:50 | 000,093,440 | ---- | M] () -- \Windows\Fonts\crackin.ttf
[2011.02.18 15:13:50 | 000,093,440 | ---- | M] () -- \Windows\Fonts\crackin_0.ttf

< *keygen* /s >
[2013.01.26 21:35:59 | 000,032,975 | ---- | M] () -- \Users\Tomášek\Downloads\Call.of.Duty4-Razor1911+Keygen.and.Crack.torrent

< *loader* /s >
[2012.12.02 12:32:31 | 000,610,176 | ---- | M] () -- \Poker\Poker at bet365\data\loader.dll
[2012.12.02 12:32:29 | 000,002,694 | ---- | M] () -- \Poker\Poker at bet365\data\loader.gam
[2012.12.02 12:31:58 | 000,002,608 | ---- | M] () -- \Poker\Poker at bet365\widgetbar\widgets\themecloud\resources\html\img\ajax-loader.gif
[2012.12.02 12:40:20 | 000,610,176 | ---- | M] () -- \Poker\William Hill Poker\data\loader.dll
[2012.03.07 14:46:07 | 000,002,716 | ---- | M] () -- \Poker\William Hill Poker\data\loader.gam
[2012.12.02 12:41:12 | 000,005,265 | ---- | M] () -- \Poker\William Hill Poker\data\mgames\[en]\as2\movies\shared\loader.swf
[2011.12.25 14:05:48 | 000,002,608 | ---- | M] () -- \Poker\William Hill Poker\widgetbar\widgets\themecloud\resources\html\img\ajax-loader.gif
[2008.09.03 02:14:34 | 000,217,088 | ---- | M] () -- \Program Files\Adobe\Adobe After Effects CS4\Support Files\MXF_SDK_MetaMetadata_BinaryLoader_r.4.1.1.223.dll
[2008.08.28 19:34:20 | 004,965,736 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\Photodownloader.exe
[2008.08.28 16:42:12 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\de_de\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\en_us\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\es_es\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\it_it\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\no_no\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,308 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2008.08.28 16:42:16 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2008.08.26 01:32:24 | 000,217,088 | ---- | M] () -- \Program Files\Adobe\Adobe Media Encoder CS4\MXF_SDK_MetaMetadata_BinaryLoader_r.4.1.1.223.dll
[2012.02.22 23:11:56 | 000,078,336 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_BinaryLoader_4.4.3.dll
[2012.02.22 23:11:56 | 000,155,136 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader2_4.4.3.dll
[2012.02.22 23:11:56 | 000,117,248 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader_4.4.3.dll
[2006.07.14 09:39:46 | 000,106,496 | ---- | M] () -- \Program Files\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2012.08.27 20:33:18 | 000,008,827 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2012.05.28 03:08:10 | 000,112,128 | ---- | M] () -- \Program Files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2010.11.26 00:00:16 | 002,525,480 | ---- | M] () -- \Program Files\CyberLink\Shared Files\Plugin\7.0\CES_3DLoaderFBX.dll
[2011.10.04 10:00:08 | 002,532,136 | ---- | M] () -- \Program Files\CyberLink\Shared Files\Plugin\8.0\CES_3DLoaderFBX.dll
[2010.12.09 13:10:30 | 000,003,072 | ---- | M] () -- \Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.NLR
[2009.05.31 02:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012.02.27 22:58:46 | 000,008,787 | ---- | M] () -- \Program Files\Rockstar Games\Social Club\UI\images\loaderLargeBlue.gif
[2012.02.27 22:58:46 | 000,008,787 | ---- | M] () -- \Program Files\Rockstar Games\Social Club\UI\images\loaderLargeGrey.gif
[2012.02.27 22:58:46 | 000,001,737 | ---- | M] () -- \Program Files\Rockstar Games\Social Club\UI\images\loaderSmallBlue.gif
[2012.02.27 22:58:46 | 000,001,737 | ---- | M] () -- \Program Files\Rockstar Games\Social Club\UI\images\loaderSmallGold.gif
[2012.10.17 10:13:16 | 000,329,056 | ---- | M] () -- \Program Files\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2_loader.dll
[2012.10.17 10:10:06 | 000,292,352 | ---- | M] () -- \Program Files\Ubisoft\Ubisoft Game Launcher\uplay_r1_loader.dll
[3 \Program Files\Ubisoft\Ubisoft Game Launcher\*.tmp files -> \Program Files\Ubisoft\Ubisoft Game Launcher\*.tmp -> ]
[2011.05.31 13:29:58 | 000,004,176 | ---- | M] () -- \Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
[2010.02.10 17:10:14 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2010.03.15 11:33:54 | 000,000,232 | ---- | M] () -- \ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.11.08 15:16:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.11.08 15:16:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.11.08 15:16:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2010.03.15 11:33:54 | 000,000,232 | ---- | M] () -- \Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.11.08 15:16:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.11.08 15:16:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.11.08 15:16:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2013.01.19 15:32:46 | 000,009,427 | ---- | M] () -- \Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B81R1XZN\ajax-loader[2].gif
[2012.05.02 15:32:21 | 000,000,121 | ---- | M] () -- \Users\david\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\C8DQ49T9\service.cdn.videoplaza.com\com.videoplaza.bootloader.sol
[2012.07.23 18:33:47 | 000,216,359 | ---- | M] () -- \Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\rmllqrbv.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[2011.08.23 10:34:45 | 000,008,933 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\007FG\rlngcoolbananas\PreLoader.swf
[2011.08.23 10:26:28 | 000,008,933 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\012FG\rlngdrlove\PreLoader.swf
[2011.08.23 10:24:22 | 000,008,933 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\013FG\rlngfirehawk\PreLoader.swf
[2011.08.23 10:26:15 | 000,008,933 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\015FG\rlngeasterndragon\PreLoader.swf
[2011.08.23 10:25:50 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\016FG\rlclfantasticfour\PreLoader.swf
[2011.08.23 10:23:05 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\017FG\rlclspiderman\Preloader.swf
[2011.08.23 10:34:01 | 000,008,933 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\068FG\rlngdolphinreef\PreLoader.swf
[2011.08.23 10:34:17 | 000,008,933 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\069FG\rlngdragonmaster\PreLoader.swf
[2011.08.23 10:26:45 | 000,008,933 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\070FG\rlngspeeddemon\PreLoader.swf
[2011.08.23 10:27:01 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\071FG\rlngirisheyes\PreLoader.swf
[2011.08.23 10:27:20 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\072FG\rlngbeatthebank\PreLoader.swf
[2011.08.23 10:27:31 | 000,008,933 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\073FG\rlngcityofgold\PreLoader.swf
[2011.08.23 10:28:10 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\087FG\rlclhulkrevenge\Preloader.swf
[2011.08.23 10:28:42 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\090FG\rlfgblanketyblank\Preloader.swf
[2011.08.23 10:29:07 | 000,129,520 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\091FG\rlclcallofduty4\PreLoader.swf
[2011.08.23 10:29:25 | 000,129,520 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\092FG\rlclkingkong\PreLoader.swf
[2011.08.23 10:29:38 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\095FG\rlfgsaleofthecentury\PreLoader.swf
[2011.08.23 10:29:58 | 000,129,520 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\096FG\rlclthor\PreLoader.swf
[2011.08.23 10:31:16 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\FlashGames\106FG\rlfgpriceisright\Preloader.swf
[2012.05.06 10:03:12 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2140007\Media\rlfgpriceisright\Preloader.swf
[2012.05.06 10:03:27 | 000,129,520 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2140008\Media\rlclcallofduty4\PreLoader.swf
[2012.05.06 10:04:06 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2200001\Media\rlngcoolbananas\PreLoader.swf
[2012.05.06 10:04:18 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2260001\Media\rlngdrlove\PreLoader.swf
[2012.05.06 10:04:26 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2270001\Media\rlngfirehawk\PreLoader.swf
[2012.05.06 10:04:33 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2290002\Media\rlngeasterndragon\PreLoader.swf
[2012.05.06 10:00:19 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310001\Media\rlclspiderman\Preloader.swf
[2012.05.06 09:54:40 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310002\Media\rlclfantasticfour\PreLoader.swf
[2012.05.06 10:04:43 | 000,008,933 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310008\Media\rlngdolphinreef\PreLoader.swf
[2012.05.06 10:04:52 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310009\Media\rlngdragonmaster\PreLoader.swf
[2012.05.06 10:05:03 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310010\Media\rlngspeeddemon\PreLoader.swf
[2012.05.06 10:05:12 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310011\Media\rlngirisheyes\PreLoader.swf
[2012.05.06 10:05:23 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310012\Media\rlngbeatthebank\PreLoader.swf
[2012.05.06 10:05:29 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310013\Media\rlngcityofgold\PreLoader.swf
[2012.05.06 10:05:45 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310017\Media\rlfgblanketyblank\Preloader.swf
[2012.05.06 10:05:52 | 000,127,998 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310018\Media\rlfgsaleofthecentury\PreLoader.swf
[2012.05.06 09:58:54 | 000,129,520 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310020\Media\rlclhulkrevenge\Preloader.swf
[2012.05.06 10:06:20 | 000,129,520 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310023\Media\rlclkingkong\PreLoader.swf
[2012.05.06 10:00:44 | 000,129,520 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\casinopoker\games\81\2310026\Media\rlclthor\PreLoader.swf
[2012.04.23 16:39:44 | 000,000,770 | ---- | M] () -- \Users\david\AppData\Roaming\PacificPoker\media\loader.swf
[2011.02.20 17:39:18 | 000,000,162 | ---- | M] () -- \Users\david\Doctor Alex\Undo\AdwareBHODownloaderSmall.zip
[2011.05.29 00:02:58 | 000,000,162 | ---- | M] () -- \Users\david\Doctor Alex\Undo\AdwareBHODownloaderSmall0.zip
[2012.08.17 10:25:37 | 000,001,737 | ---- | M] () -- \Users\Hanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1M5GHPJC\loader1[1].gif
[2012.08.17 10:25:16 | 000,005,233 | ---- | M] () -- \Users\Hanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2RZBNQDE\loader-logo[1].png
[2012.09.06 17:27:49 | 000,004,178 | ---- | M] () -- \Users\Hanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\41R1MXXB\ajax-loader[1].gif
[2012.08.28 18:51:54 | 000,016,516 | ---- | M] () -- \Users\Hanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\41R1MXXB\preloader[1].gif
[2012.08.17 10:25:16 | 000,008,043 | ---- | M] () -- \Users\Hanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FM1U0C8Z\loader-big2[2].gif
[2011.04.17 16:54:22 | 000,052,284 | ---- | M] () -- \Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\381WOTW7\PitsiLoader[1].swf
[2011.04.10 12:54:36 | 000,001,849 | ---- | M] () -- \Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DE3Z88E0\ajax-loader[1].gif
[2011.04.14 13:43:22 | 000,002,004 | ---- | M] () -- \Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6I8N2KV\loader[1].js
[2011.04.14 13:43:22 | 000,001,047 | ---- | M] () -- \Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y33XV40D\logoloader[1].js
[2012.09.28 11:30:45 | 000,002,074 | ---- | M] () -- \Users\Public\Desktop\MP3 Downloader.lnk
[2012.01.20 19:48:20 | 000,013,003 | ---- | M] () -- \Users\Tomášek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EKO4I7NC\loader[1].js
[2012.05.21 11:42:44 | 000,018,788 | ---- | M] () -- \Users\Tomášek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K20COD5U\preloader[1].gif
[2011.08.04 12:31:00 | 000,002,074 | ---- | M] () -- \Users\Tomášek\Desktop\MP3 Downloader.lnk
[2012.11.08 21:33:38 | 004,157,360 | ---- | M] () -- \Users\Tomášek\Downloads\cc_light_sweep_cs4.rar_downloader_224.exe
[2011.07.08 18:47:26 | 000,446,464 | ---- | M] () -- \Windows\NEXON_EU_DownloaderUpdater.exe
[2010.11.20 06:28:20 | 000,002,838 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_178685823786d34d.manifest
[2010.11.20 06:38:52 | 000,002,838 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_d8268e5f2967c990.manifest
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 09:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 09:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 09:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2011.07.10 11:39:05 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2011.07.10 11:39:05 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2011.07.10 11:39:05 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 09:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 08:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 08:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 04:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 07:22:35 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.02 06:45:50 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:19:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.18 12:09:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 06:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 07:13:36 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 06:47:28 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:15:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:054203E4

< End of report >

2petterson · #14 Příspěvek od **2petterson** » 27 led 2013 21:07

mam v tom trochu bordel ale si tam neco chybi že??

#15 Příspěvek od **vyosek** » 27 led 2013 23:24

Logy jsou OK

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
MOD - [2013.01.26 20:35:52 | 000,079,872 | RHS- | M] () -- C:\Users\Tomášek\46357865364647353\winsvc.exe
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\programy\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\TOMEK~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aup8lr3w)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\TOMEK~1\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-260079375-1809308530-3501432244-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-260079375-1809308530-3501432244-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-21-260079375-1809308530-3501432244-1003..\Run: [Microsoft Windows Service] C:\Users\Tomášek\46357865364647353\winsvc.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013.01.27 11:24:13 | 001,252,502 | ---- | C] () -- C:\Users\Tomášek\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
[2013.01.27 11:24:06 | 000,218,774 | ---- | C] () -- C:\Users\Tomášek\AppData\Roaming\nMNtffsdf5ev.exe
[2013.01.27 11:23:52 | 000,000,000 | -H-- | C] () -- C:\Users\Tomášek\AppData\Roaming\winsvcns.sys
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Globalization\*.tmp files -> C:\Windows\Globalization\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\*.tmp files -> C:\Windows\inf\Ovi Player\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\0000\*.tmp files -> C:\Windows\inf\Ovi Player\0000\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\0005\*.tmp files -> C:\Windows\inf\Ovi Player\0005\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\0009\*.tmp files -> C:\Windows\inf\Ovi Player\0009\*.tmp -> ]
[5 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\c1478e60817548b20a3734dbc43fdd8f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c1478e60817548b20a3734dbc43fdd8f\*.tmp -> ]
[5 C:\Windows\System32\config\systemprofile\AppData\Roaming\CyberLink\RVInfo\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Roaming\CyberLink\RVInfo\*.tmp -> ]
[2013.01.27 20:21:16 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.01.27 20:30:04 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:054203E4

:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"=-
"Microsoft Windows Service"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe ARM"=-
"AdobeAAMUpdater-1.0"=-
"AdobeCS6ServiceManager"=-
"ApnUpdater"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

:files
C:\Users\Tomášek\AppData\Roaming\*.exe
C:\Users\Tomášek\46357865364647353
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

VIRY.CZ

vir z mediafire

vir z mediafire

Re: vir z mediafire

Re: vir z mediafire

Re: vir z mediafire

Re: vir z mediafire

Re: vir z mediafire

Re: vir z mediafire

Re: vir z mediafire

Re: vir z mediafire

Re: vir z mediafire

Re: vir z mediafire

Re: vir z mediafire

Re: vir z mediafire

Re: vir z mediafire

Re: vir z mediafire