PČR :-/

Zpráva

sorcer · #1 Příspěvek od **sorcer** » 23 čer 2013 21:08

Dobrý den, opět jedno Pc s virem PČR.

Mohu používat Fixlist z předchozích "odstraňovacích" akcí anebo je nutné jej sepsat "na míru" zabordelenému Pc ??

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by Vladimír (administrator) on 23-06-2013 21:37:14
Running from J:\
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2012-07-28] (Analog Devices, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [NWEReboot] [x]
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [InboxToolbar] "C:\Program Files\Inbox Toolbar\Inbox.exe" /STARTUP [1713288 2013-04-12] (Inbox.com, Inc.)
HKLM\...\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe" [320000 2012-10-25] (Crawler, LLC)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1226928 2013-05-20] (AVG Secure Search)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1174016 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" [399736 2012-07-30] (BitTorrent, Inc.)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-01] (Google Inc.)
HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\eljej.dat,XFG00 [260096 2013-06-22] (ggggggggggggggggggggggggggg) <===== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Vladimír\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~2\eljej.dat (ggggggggggggggggggggggggggg)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60282
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={8A64 ... 2013-01-30 17:26:31&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher ... 093&lng=cs
SearchScopes: HKCU - {E8190888-3879-449E-B2C3-FE11FF4A3233} URL = http://search.conduit.com/ResultsExt.as ... =CT3072253
BHO: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll (Crawler, LLC)
BHO: Fast Search - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
BHO: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU -uTorrentControl2 Toolbar - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: msdaipp - No CLSID Value -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR HomePage: hxxp://isearch.avg.com/?cid={8A64DDC9-A8AE-4D04-B3AF-4179160C0E10}&mid=20a0ae29cedf47d0ab39d153d4de7364-9fa57fc08148e4aa7840d409a5b0ad3448b424ae&lang=cs&ds=AVG&pr=fr&d=2013-01-30 17:26:31&v=14.2.0.1&pid=avg&sg=&sap=hp
CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={8A64DDC9-A8AE-4D04-B3AF-4179160C0E10}&mid=20a0ae29cedf47d0ab39d153d4de7364-9fa57fc08148e4aa7840d409a5b0ad3448b424ae&lang=cs&ds=AVG&pr=fr&d=2013-01-30 17:26:31&v=14.2.0.1&pid=avg&sg=&sap=hp"]},"sync":{"suppress_start":true},"sync_promo":{"view_count":1},"tabs":{"use_vertical_tabs":false},"translate_accepted_count":{"en":3},"translate_denied_count":{"en"
CHR Extension: (AVG Security Toolbar) - C:\Users\Vladimír\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0
CHR Extension: (uTorrentControl2) - C:\Users\Vladimír\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.19.11_0

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 HPSLPSVC; C:\Users\Vladimír\AppData\Local\Temp\7zS3ECE\hpslpsvc32.dll [701288 2011-11-14] (Hewlett-Packard Co.)
S2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-05-20] (AVG Technologies)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ADIHdAud.sys B01A51996A3251023A5FD19FC88F5057
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\atikmdag.sys 712D8A95E45B070114C5309ADA7358FF
C:\Windows\System32\DRIVERS\avgidsdriverx.sys EF67527CC2AD77D22AB1405C6470407E
C:\Windows\System32\DRIVERS\avgidsfilterx.sys 61A7E0B02F82CFF3DB2445BBE50B3589
C:\Windows\System32\DRIVERS\avgidshx.sys D63D83659EEDF60B3A3E620281A888E5
C:\Windows\System32\DRIVERS\avgidsshimx.sys BAF975B72062F53D327788E99D64197E
C:\Windows\System32\DRIVERS\avgldx86.sys 6671345A6E2669AF1966BAF68EC5620F
C:\Windows\System32\DRIVERS\avgmfx86.sys CCDD61545AAEA265977E4B1EFDC74E8C
C:\Windows\System32\DRIVERS\avgrkx86.sys 1FD90B28D2C3100BF4500199C8AD6358
C:\Windows\System32\DRIVERS\avgtdix.sys 1647C720358DCC98ACF51E597C461C4D
C:\Windows\system32\drivers\avgtpx86.sys 02A43ADBA362B89B7D5715221D5F3010
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 247B4CE2DAB1160CD422D532D5241E1F
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C
C:\Windows\system32\drivers\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF
C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 16498EBC04AE9DD07049A8884B205C05
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys D30159AC9237519FBC62C6EC247D2D46
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys D48659BB24C48345D926ECB45C1EBDF5
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt86win7.sys 7DFD48E24479B68B258D8770121155A0
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys D32FDAC73FCD76B85389C39BC1087F2A
C:\Windows\System32\DRIVERS\tcpip.sys D32FDAC73FCD76B85389C39BC1087F2A
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\system32\drivers\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-23 21:37 - 2013-06-23 21:37 - 00000000 ____D C:\FRST
2013-06-22 13:42 - 2013-06-23 15:27 - 95023320 ___AT C:\ProgramData\jejle.pad
2013-06-22 13:42 - 2013-06-23 15:24 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-22 13:42 - 2013-06-22 13:42 - 00260096 ____A (ggggggggggggggggggggggggggg) C:\ProgramData\eljej.dat
2013-06-22 13:42 - 2013-06-22 13:42 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-22 13:42 - 2013-06-22 13:42 - 00002656 ____A C:\ProgramData\jejle.js
2013-06-22 13:42 - 2013-06-22 13:42 - 00001011 ____A C:\ProgramData\sdaksda.txt
2013-06-21 18:36 - 2013-06-21 18:38 - 00000000 ____D C:\Users\Vladimír\Downloads\Ilium 2011 - Genetic Memory
2013-06-20 19:01 - 2013-06-20 21:57 - 00000000 ____D C:\Users\Vladimír\Downloads\Chris Caffery - Discography [5 albums] 2004-2009 (320 kbps)
2013-06-12 23:09 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 23:09 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 23:09 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 23:09 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 23:09 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 23:09 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 23:07 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:07 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:07 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:07 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:07 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:07 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:07 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:07 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:07 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:06 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:50 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:50 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 08:50 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 08:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:50 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 08:50 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-11 12:34 - 2013-06-17 22:50 - 00000000 ____D C:\Users\Vladimír\Downloads\Legs Diamond (h) HR x
2013-06-03 16:59 - 2013-06-23 15:23 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

==================== One Month Modified Files and Folders ========

2013-06-23 21:37 - 2013-06-23 21:37 - 00000000 ____D C:\FRST
2013-06-23 21:36 - 2012-07-26 16:54 - 01470062 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-23 15:28 - 2012-07-30 20:30 - 00000000 ____D C:\Users\Vladimír\AppData\Roaming\uTorrent
2013-06-23 15:28 - 2012-07-26 14:43 - 01800305 ____A C:\Windows\WindowsUpdate.log
2013-06-23 15:28 - 2009-07-14 06:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-23 15:28 - 2009-07-14 06:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-23 15:27 - 2013-06-22 13:42 - 95023320 ___AT C:\ProgramData\jejle.pad
2013-06-23 15:24 - 2013-06-22 13:42 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-23 15:23 - 2013-06-03 16:59 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-06-23 15:23 - 2012-08-01 17:34 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-23 15:23 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-23 15:23 - 2009-07-14 06:39 - 00058650 ____A C:\Windows\setupact.log
2013-06-23 15:04 - 2012-07-28 10:53 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-23 15:01 - 2012-08-01 17:35 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-23 14:41 - 2012-07-28 17:04 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-06-23 14:37 - 2012-10-26 12:23 - 00000000 ____D C:\Program Files\SiteRanker
2013-06-22 13:42 - 2013-06-22 13:42 - 00260096 ____A (ggggggggggggggggggggggggggg) C:\ProgramData\eljej.dat
2013-06-22 13:42 - 2013-06-22 13:42 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-22 13:42 - 2013-06-22 13:42 - 00002656 ____A C:\ProgramData\jejle.js
2013-06-22 13:42 - 2013-06-22 13:42 - 00001011 ____A C:\ProgramData\sdaksda.txt
2013-06-21 18:38 - 2013-06-21 18:36 - 00000000 ____D C:\Users\Vladimír\Downloads\Ilium 2011 - Genetic Memory
2013-06-21 14:23 - 2013-04-28 14:21 - 00000000 ____D C:\Program Files\File Type Assistant
2013-06-20 21:57 - 2013-06-20 19:01 - 00000000 ____D C:\Users\Vladimír\Downloads\Chris Caffery - Discography [5 albums] 2004-2009 (320 kbps)
2013-06-20 10:44 - 2012-08-08 22:33 - 00028160 ____A C:\Users\Vladimír\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-17 22:50 - 2013-06-11 12:34 - 00000000 ____D C:\Users\Vladimír\Downloads\Legs Diamond (h) HR x
2013-06-13 10:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-12 23:08 - 2012-11-10 15:56 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 21:04 - 2012-07-28 10:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 21:04 - 2012-07-28 10:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-08 13:42 - 2013-06-12 23:09 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-12 23:09 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-12 23:09 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-12 23:09 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-12 23:09 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-12 23:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-04 14:31 - 2013-04-28 14:21 - 00000000 ____D C:\Users\Vladimír\AppData\Local\FileTypeAssistant
2013-06-03 16:59 - 2013-01-30 18:26 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-05-31 11:47 - 2009-07-14 06:53 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-28 13:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\NDF

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\eljej.dat
C:\ProgramData\jejle.pad

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Spr vce spouçtŘnˇ syst‚mu Windows
--------------------
identifik tor {bootmgr}
device partition=C:
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {2a7cf1f5-d727-11e1-abf9-a130f29f5179}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {2a7cf1f7-d727-11e1-abf9-a130f29f5179}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {2a7cf1f5-d727-11e1-abf9-a130f29f5179}
nx OptIn

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {2a7cf1f7-d727-11e1-abf9-a130f29f5179}
device ramdisk=[C:]\Recovery\2a7cf1f7-d727-11e1-abf9-a130f29f5179\Winre.wim,{2a7cf1f8-d727-11e1-abf9-a130f29f5179}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\2a7cf1f7-d727-11e1-abf9-a130f29f5179\Winre.wim,{2a7cf1f8-d727-11e1-abf9-a130f29f5179}
systemroot \windows
nx OptIn
winpe Yes

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {572bcd56-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[\Device\HarddiskVolume2]\boot\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path \windows\system32\boot\winload.exe
description Windows Recovery Environment WinRE-ATC
osdevice ramdisk=[\Device\HarddiskVolume2]\boot\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Obnovenˇ z hibernace
---------------------
identifik tor {2a7cf1f5-d727-11e1-abf9-a130f29f5179}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae No
debugoptionenabled No

Testov nˇ pamŘti syst‚mu Windows
---------------------
identifik tor {memdiag}
device partition=C:
path \boot\memtest.exe
description Diagnostika pamŘti syst‚mu Windows
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes

Starçˇ zavadŘź operaźnˇho syst‚mu Windows
------------------------
identifik tor {ntldr}
device partition=C:
path \ntldr
description DýˇvŘjçˇ verze syst‚mu Windows

Nastavenˇ slu§by EMS
------------
identifik tor {emssettings}
bootems Yes

Nastavenˇ ladicˇho programu
-----------------
identifik tor {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Chyby pamŘti RAM
-----------
identifik tor {badmemory}

Glob lnˇ nastavenˇ
---------------
identifik tor {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Nastavenˇ spouçtŘcˇho zavadŘźe
--------------------
identifik tor {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Nastavenˇ hypervisoru
-------------------
identifik tor {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Nastavenˇ zavadŘźe obnovenˇ
----------------------
identifik tor {resumeloadersettings}
inherit {globalsettings}

Parametry zaýˇzenˇ
--------------
identifik tor {2a7cf1f8-d727-11e1-abf9-a130f29f5179}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\2a7cf1f7-d727-11e1-abf9-a130f29f5179\boot.sdi

Parametry zaýˇzenˇ
--------------
identifik tor {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Ramdisk Device Options
ramdisksdidevice partition=\Device\HarddiskVolume2
ramdisksdipath \boot\boot.sdi

LastRegBack: 2013-06-13 10:43

==================== End Of Log ============================

#2 Příspěvek od **vyosek** » 23 čer 2013 21:10

Zdravim

Fixlist se pise primo na miru na zaklade logu, dejte mi par minut

#3 Příspěvek od **vyosek** » 23 čer 2013 21:13

To mate nejaky servis nebo co, pred tremi dny jsme tu resili stejny problem s jinym PC

A na zacatku cervna tez

sorcer · #4 Příspěvek od **sorcer** » 23 čer 2013 21:18

Kdepak servis, jen pomáhám lidem ze svého okolí, kterým pojmy jako FRST, log, práce s příkazovým řádkem, a podobné nic neříkají. Respektive mají méně zkušeností.

#5 Příspěvek od **vyosek** » 23 čer 2013 21:26

Docela zajimave okoli, za cca tri tydny tri PC

Fixlist bude mit tento obsah

Kód: Vybrat vše

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [InboxToolbar] "C:\Program Files\Inbox Toolbar\Inbox.exe" /STARTUP [1713288 2013-04-12] (Inbox.com, Inc.)
C:\Program Files\Inbox Toolbar\
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1226928 2013-05-20] (AVG Secure Search)
C:\Program Files\AVG Secure Search
HKCU\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" [399736 2012-07-30] (BitTorrent, Inc.)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-01] (Google Inc.)
HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\eljej.dat,XFG00 [260096 2013-06-22] (ggggggggggggggggggggggggggg) <===== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk
Startup: C:\Users\Vladimír\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~2\eljej.dat (ggggggggggggggggggggggggggg)
URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60282
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={8A64DDC9-A8AE-4D04-B3AF-4179160C0E10}&mid=20a0ae29cedf47d0ab39d153d4de7364-9fa57fc08148e4aa7840d409a5b0ad3448b424ae&lang=cs&ds=AVG&pr=fr&d=2013-01-30 17:26:31&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80093&lng=cs
SearchScopes: HKCU - {E8190888-3879-449E-B2C3-FE11FF4A3233} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
BHO: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll (Crawler, LLC)
BHO: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
C:\Program Files\uTorrentControl2\prxtbuTor.dll 
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU -uTorrentControl2 Toolbar - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKCU -No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
C:\Program Files\Common Files\AVG Secure Search
CHR HomePage: hxxp://isearch.avg.com/?cid={8A64DDC9-A8AE-4D04-B3AF-4179160C0E10}&mid=20a0ae29cedf47d0ab39d153d4de7364-9fa57fc08148e4aa7840d409a5b0ad3448b424ae&lang=cs&ds=AVG&pr=fr&d=2013-01-30 17:26:31&v=14.2.0.1&pid=avg&sg=&sap=hp
CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={8A64DDC9-A8AE-4D04-B3AF-4179160C0E10}&mid=20a0ae29cedf47d0ab39d153d4de7364-9fa57fc08148e4aa7840d409a5b0ad3448b424ae&lang=cs&ds=AVG&pr=fr&d=2013-01-30 17:26:31&v=14.2.0.1&pid=avg&sg=&sap=hp"]},"sync":{"suppress_start":true},"sync_promo":{"view_count":1},"tabs":{"use_vertical_tabs":false},"translate_accepted_count":{"en":3},"translate_denied_count":{"en"
CHR Extension: (AVG Security Toolbar) - C:\Users\Vladimír\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0
CHR Extension: (uTorrentControl2) - C:\Users\Vladimír\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.19.11_0
S2 HPSLPSVC; C:\Users\Vladimír\AppData\Local\Temp\7zS3ECE\hpslpsvc32.dll [701288 2011-11-14] (Hewlett-Packard Co.)
S2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)
2013-06-22 13:42 - 2013-06-23 15:27 - 95023320 ___AT C:\ProgramData\jejle.pad
2013-06-22 13:42 - 2013-06-23 15:24 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-22 13:42 - 2013-06-22 13:42 - 00260096 ____A (ggggggggggggggggggggggggggg) C:\ProgramData\eljej.dat
2013-06-22 13:42 - 2013-06-22 13:42 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-22 13:42 - 2013-06-22 13:42 - 00002656 ____A C:\ProgramData\jejle.js
2013-06-22 13:42 - 2013-06-22 13:42 - 00001011 ____A C:\ProgramData\sdaksda.txt
2013-06-03 16:59 - 2013-06-23 15:23 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\ProgramData\rundll32.exe
C:\ProgramData\eljej.dat
C:\ProgramData\jejle.pad

Po restartu do normalniho rezimu dejte log z RSIT

sorcer · #6 Příspěvek od **sorcer** » 23 čer 2013 21:35

Ani ne, jakmile se rozkřikne (na menším městě), že umíte něco opravit či s něčím pomoci, nemáte o drnčící telefon s naléhavými prosbami nouzi. Věnuji se i opravám mobilních telefonů, notebooků apod. Jen ještě tak umět číst logy a vědět kde zasáhnout, abych minimalizoval své dotazy směrem ke zdejším rádcům

RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Vladimír at 2013-06-23 22:32:05
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 80 GB (55%) free of 145 GB
Total RAM: 3071 MB (69% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}]
Fast Search - C:\Program Files\Surf Canyon\surfcanyon.dll [2013-04-17 187352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-12-18 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-12-18 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2012-07-28 868352]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-11-19 2598520]
"NWEReboot"= []
"SiteRanker"=C:\Program Files\SiteRanker\SiteRankTray.exe [2012-10-25 320000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-06-23 22:32:05 ----D---- C:\rsit
2013-06-23 22:32:05 ----D---- C:\Program Files\trend micro
2013-06-23 21:37:06 ----D---- C:\FRST
2013-06-23 21:32:02 ----A---- C:\Windows\ntbtlog.txt
2013-06-12 23:09:42 ----A---- C:\Windows\system32\urlmon.dll
2013-06-12 23:09:42 ----A---- C:\Windows\system32\ieui.dll
2013-06-12 23:09:41 ----A---- C:\Windows\system32\ieframe.dll
2013-06-12 23:09:39 ----A---- C:\Windows\system32\mshtml.dll
2013-06-12 23:09:38 ----A---- C:\Windows\system32\iertutil.dll
2013-06-12 23:07:04 ----A---- C:\Windows\system32\jscript.dll
2013-06-12 23:07:02 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-12 23:07:02 ----A---- C:\Windows\system32\jscript9.dll
2013-06-12 23:07:02 ----A---- C:\Windows\system32\iesetup.dll
2013-06-12 23:07:00 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-12 23:07:00 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-12 23:07:00 ----A---- C:\Windows\system32\iesysprep.dll
2013-06-12 23:07:00 ----A---- C:\Windows\system32\iernonce.dll
2013-06-12 23:07:00 ----A---- C:\Windows\system32\ie4uinit.exe
2013-06-12 23:06:58 ----A---- C:\Windows\system32\wininet.dll
2013-06-12 08:50:24 ----A---- C:\Windows\system32\d3d11.dll
2013-06-12 08:50:21 ----A---- C:\Windows\system32\cryptdlg.dll
2013-06-12 08:50:17 ----A---- C:\Windows\system32\win32spl.dll
2013-06-12 08:50:13 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-06-12 08:50:13 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-06-12 08:50:11 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-06-12 08:50:08 ----A---- C:\Windows\system32\cryptsvc.dll
2013-06-12 08:50:08 ----A---- C:\Windows\system32\cryptnet.dll
2013-06-12 08:50:08 ----A---- C:\Windows\system32\crypt32.dll
2013-06-12 08:50:08 ----A---- C:\Windows\system32\certutil.exe
2013-06-12 08:50:08 ----A---- C:\Windows\system32\certenc.dll

======List of files/folders modified in the last 1 months======

2013-06-23 22:32:06 ----D---- C:\Windows\Temp
2013-06-23 22:32:05 ----RD---- C:\Program Files
2013-06-23 22:32:02 ----D---- C:\Windows\Prefetch
2013-06-23 22:28:43 ----HD---- C:\ProgramData
2013-06-23 22:28:43 ----D---- C:\Windows\Tasks
2013-06-23 22:28:38 ----D---- C:\Program Files\Common Files\AVG Secure Search
2013-06-23 22:28:37 ----D---- C:\Program Files\uTorrentControl2
2013-06-23 21:59:14 ----D---- C:\Users\Vladimír\AppData\Roaming\uTorrent
2013-06-23 21:37:09 ----D---- C:\Windows
2013-06-23 21:36:26 ----D---- C:\Windows\System32
2013-06-23 21:36:26 ----D---- C:\Windows\inf
2013-06-23 21:36:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-23 15:28:27 ----D---- C:\Windows\system32\config
2013-06-23 14:37:35 ----D---- C:\Program Files\SiteRanker
2013-06-21 14:23:00 ----D---- C:\Program Files\File Type Assistant
2013-06-20 09:04:23 ----SHD---- C:\System Volume Information
2013-06-13 10:50:56 ----D---- C:\Windows\rescache
2013-06-13 10:14:16 ----D---- C:\Windows\winsxs
2013-06-13 10:12:07 ----D---- C:\Windows\system32\cs-CZ
2013-06-13 10:12:06 ----D---- C:\Program Files\Internet Explorer
2013-06-13 10:12:03 ----D---- C:\Windows\system32\drivers
2013-06-12 23:09:51 ----D---- C:\Windows\system32\catroot2
2013-06-12 23:09:51 ----D---- C:\Windows\system32\catroot
2013-06-12 23:08:02 ----A---- C:\Windows\system32\MRT.exe
2013-06-11 21:04:11 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-06-07 15:12:28 ----SHD---- C:\Windows\Installer
2013-06-07 15:12:18 ----HD---- C:\Config.Msi
2013-06-03 16:59:52 ----D---- C:\Windows\system32\Tasks
2013-05-28 13:35:05 ----D---- C:\Windows\system32\NDF

#7 Příspěvek od **vyosek** » 23 čer 2013 21:38

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

sorcer · #8 Příspěvek od **sorcer** » 23 čer 2013 22:07

RKILL

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/23/2013 10:40:26 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 06/23/2013 10:42:12 PM
Execution time: 0 hours(s), 1 minute(s), and 45 seconds(s)

ComboFix

ComboFix 13-06-22.01 - Vladimír 23.06.2013 22:46:48.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.2227 [GMT 2:00]
Spuštěný z: c:\users\VladimÝr\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-23 do 2013-06-23 )))))))))))))))))))))))))))))))
.
.
2013-06-23 21:02 . 2013-06-23 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-23 20:32 . 2013-06-23 20:32 -------- d-----w- c:\program files\trend micro
2013-06-23 20:32 . 2013-06-23 20:32 -------- d-----w- C:\rsit
2013-06-23 19:55 . 2013-06-23 19:55 -------- d-----w- c:\users\Vladimír\AppData\Local\ElevatedDiagnostics
2013-06-23 19:37 . 2013-06-23 20:28 -------- d-----w- C:\FRST
2013-06-12 21:09 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 21:09 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 21:07 . 2013-05-17 01:25 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-12 21:07 . 2013-05-17 01:25 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-12 21:07 . 2013-05-17 01:25 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-12 21:07 . 2013-05-17 01:25 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-06-12 21:07 . 2013-05-17 01:25 235520 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-06-12 21:07 . 2013-05-17 01:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-12 21:07 . 2013-05-14 08:40 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-12 21:06 . 2013-05-17 01:25 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 21:06 . 2013-05-17 02:32 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-06-12 21:06 . 2013-05-17 01:25 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-12 06:50 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 06:50 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 06:50 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 06:50 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 06:50 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 06:50 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 06:50 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 06:50 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 06:50 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 06:50 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 06:50 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 06:50 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 19:04 . 2012-07-28 08:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 19:04 . 2012-07-28 08:53 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-20 16:57 . 2013-01-30 16:26 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-04-30 21:08 . 2013-04-30 21:08 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 21:08 . 2013-04-30 21:08 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 21:08 . 2013-04-30 21:08 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 21:08 . 2013-04-30 21:08 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 21:08 . 2013-04-30 21:08 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 21:08 . 2013-04-30 21:08 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 21:08 . 2013-04-30 21:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 21:08 . 2013-04-30 21:08 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 21:08 . 2013-04-30 21:08 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 21:08 . 2013-04-30 21:08 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 21:08 . 2013-04-30 21:08 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 21:08 . 2013-04-30 21:08 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 21:08 . 2013-04-30 21:08 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 21:08 . 2013-04-30 21:08 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 21:08 . 2013-04-30 21:08 361984 ----a-w- c:\windows\system32\html.iec
2013-04-30 21:08 . 2013-04-30 21:08 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 21:08 . 2013-04-30 21:08 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-13 04:45 . 2013-05-15 08:09 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 08:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 10:50 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 01:18 . 2013-04-11 01:18 302368 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-04-10 05:18 . 2013-05-15 08:09 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 08:09 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 08:09 2347520 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2012-07-28 868352]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe" [2012-10-25 320000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-11-02 5174392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-28 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-11-08 250080]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-04-11 302368]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-05-20 37664]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2012-12-10 142176]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-19 15:01 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 19:04]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-01 15:34]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-01 15:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.1.1 62.240.184.2
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-NWEReboot - (no file)
AddRemove-{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 - c:\program files\Inbox Toolbar\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.032"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.abr"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ani"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.apd"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.arw"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bay"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bmp"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bw"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cr2"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.crw"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cs1"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cur"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcr"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcx"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dib"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (S-1-5-21-1052507345-1661042936-3930814104-1001)
@Denied: (2) (LocalSystem)
"Progid"="DjVuFile"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djvu"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dng"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.emf"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.eps"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.erf"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fff"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fpx"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.gif"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.hdr"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icl"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icn"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iff"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ilbm"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.int"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.inta"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iw4"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2c"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2k"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jbr"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jfif"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jif"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jp2"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpc"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpe"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpeg"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpg"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpk"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpx"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.kdc"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.lbm"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mef"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mos"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mrw"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nef"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nrw"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.orf"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbm"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbr"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pcd"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pct"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pcx"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pef"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pgm"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pic"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pict"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pix"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.png"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ppm"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.psd"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.psp"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspbrush"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspimage"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.raf"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ras"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.raw"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgb"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgba"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rle"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rsb"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rw2"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rwl"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sgi"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sr2"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srf"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srw"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tga"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.thm"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tif"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tiff"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ttc"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ttf"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40po"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40pp"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40ppf"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbm"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbmp"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wmf"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xbm"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xif"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xmp"
.
[HKEY_USERS\S-1-5-21-1052507345-1661042936-3930814104-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-06-23 23:05:57
ComboFix-quarantined-files.txt 2013-06-23 21:05
.
Před spuštěním: Volných bajtů: 83 850 326 016
Po spuštění: Volných bajtů: 86 374 404 096
.
- - End Of File - - F430DB9386DD87E6E263C87B60E58E84
A36C5E4F47E84449FF07ED3517B43A31

#9 Příspěvek od **vyosek** » 23 čer 2013 22:09

Doporucuji vymenu AVG --> Avast Free

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

sorcer · #10 Příspěvek od **sorcer** » 23 čer 2013 22:13

Výměnu AVG -> Avast jsem majiteli doporučoval již behěm našeho prvního setkání.
Má placenou verzi AVG a bohužel jej nejsem schopen přesvědčit o lepších schopnostech neplaceného Avastu

ADWCleaner

# AdwCleaner v2.303 - Log vytvooen 23/06/2013 v 23:11:28
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (32 bits)
# Uživatel : Vladimír - COMFOR
# Spuštin systém : Normální
# Spuštino z : C:\Users\Vladimír\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files\Common Files\AVG Secure Search
Složka Nalezeno : C:\Program Files\Conduit
Složka Nalezeno : C:\Program Files\SiteRanker
Složka Nalezeno : C:\Program Files\Surf Canyon
Složka Nalezeno : C:\Program Files\uTorrentControl2
Složka Nalezeno : C:\ProgramData\APN
Složka Nalezeno : C:\ProgramData\Ask
Složka Nalezeno : C:\ProgramData\AVG Secure Search
Složka Nalezeno : C:\ProgramData\AVG Security Toolbar
Složka Nalezeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Složka Nalezeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
Složka Nalezeno : C:\Users\Vladimír\AppData\Local\AVG Secure Search
Složka Nalezeno : C:\Users\Vladimír\AppData\Local\Conduit
Složka Nalezeno : C:\Users\Vladimír\AppData\LocalLow\AVG Secure Search
Složka Nalezeno : C:\Users\Vladimír\AppData\LocalLow\Conduit
Složka Nalezeno : C:\Users\Vladimír\AppData\LocalLow\Inbox Toolbar
Složka Nalezeno : C:\Users\Vladimír\AppData\LocalLow\PriceGong
Složka Nalezeno : C:\Users\Vladimír\AppData\LocalLow\SiteRanker
Složka Nalezeno : C:\Users\Vladimír\AppData\LocalLow\uTorrentControl2
Soubor Nalezeno : C:\Users\Vladimír\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Soubor Nalezeno : C:\Users\Vladimír\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [Registry] *****

Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Hodnota Nalezeno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\PriceGong
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\uTorrentControl2
Klíe Nalezeno : HKCU\Software\AppDataLow\Toolbar
Klíe Nalezeno : HKCU\Software\AVG Secure Search
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\Inbox Toolbar
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKCU\Software\Surf Canyon
Klíe Nalezeno : HKLM\Software\AVG Secure Search
Klíe Nalezeno : HKLM\Software\AVG Security Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Inbox.AppServer
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Inbox.IBX404
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Inbox.JSServer
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Klíe Nalezeno : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Klíe Nalezeno : HKLM\Software\Inbox Toolbar
Klíe Nalezeno : HKLM\Software\InstallIQ
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1935788-07AB-4DE4-82ED-DA32997FCD23}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF81B7EE-C1F4-4223-8C25-E56B4051FA36}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Klíe Nalezeno : HKLM\Software\uTorrentControl2

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry jsou eisté.

-\\ Google Chrome v27.0.1453.116

Soubor : C:\Users\Vladimír\AppData\Local\Google\Chrome\User Data\Default\Preferences

Nalezeno [l.1] : icon_url ={"backup":{"session":{"urls_to_restore_on_startup":["hxxp://isearch.avg.com/?cid={8A64DDC9-A8AE-4D04-B3AF-4179160C0E10}&mid=20a0ae29cedf47d0ab39d153d4de7364-9fa57fc08148e4aa7840d409a5b0ad3448b424ae&lang=cs&ds=AVG&pr=fr&d=2013-01-30 17:26:31&v=14.2.0.1&pid=avg&sg=&sap=hp"]}},"browser":{"check_default_browser":false,"clear_data":{"time_period":4},"clear_lso_data_enabled":true,"last_known_google_url":"hxxps://www.google.cz/","last_prompted_google_u ... rnate_urls":["{google:baseURL}#q={searchTerms}","{google:baseURL}search#q={searchTerms}","{google:baseURL}webhp#q={searchTerms}"],"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","i ... erral_list":[2,["hxxp://ad-emea.doubleclick.net/",["hxxp://www.youtube.com/",0.9853088940871667]],["hxxp://ad-g.doubleclick.net/",["hxxp://googleads.g.doubleclick.net/",2.253575376373090,"hxxp://pagead2.googlesyndication.com/",1.967674022654115]],["hxxp://app.mam.conduit.com/",["hxxp://ajax.googleapis.com/",1.5004309320,"hxxp://api.conduit.com/",1.5004309320,"hxxp://app.mam.conduit.com/",4.3610038640,"hxxp://clientservice.mam.conduit-services.com/",1.9364535960,"hxxp://localizationservice.mam.conduit.com/",1.5004309320,"hxxp://mam-alive-msg.conduit-data.com/",1.5004309320,"hxxp://mam-usage.conduit-data.com/",2.1610713320,"hxxp://pricegong.conduitapps.com/",1.5004309320,"hxxp://www.google-analytics.com/",2.4913915320 ... 5004309320]],["hxxp://d.addelive.com/",["hxxp://cdn.addelive.com/",2.60370040,"hxxp://counter.d.addelive.com/",2.27338020]],["hxxp://facebook.conduitapps.com/",["hxxp://api.conduit.com/",0.8404734686533185,"hxxp://config.conduitapps.com/",1.152996862976311,"hxxp://connect.facebook.net/",1.152996862976311,"hxxp://facebook.conduitapps.com/",3.153785860770231]],["hxxp://googleads.g.doubleclick.net/",["hxxp://pagead2.googlesyndication.com/",1.555921730560101,"hxxp://www.google.com/",0.08113786447838257,"h ... 6447838257]],["hxxp://isearch.avg.com/",["hxxp://ajax.googleapis.com/",1.727992061214127,"hxxp://isearch.avg.com/",4.712925291899881,"hxxp://stats.avg.com/",0.4499278869254480,"hxxp://www.google-analytics.com/",0.7626087955 ... 3693862427]],["hxxp://pricegong.conduitapps.com/",["hxxp://pricegong.conduitapps.com/",2.27338020]],["hxxp://species.wikimedia.org/",["hxxp://bits.wikimedia.org/",6.325330345649895,"hxxp://commons.wikimedia.org/",2.084686339270529,"hxxp://meta.wikimedia.org/",2.993395769208965,"hxxp://upload.wikimedia.org/",4.507911485773024]],["hxxp://toolbar.utorrent.com/",["hxxp://127.0.0.1:10000/",208.7714607083021,"hxxp://bench.utorrent.com/",0.4629786432918413,"hxxp://toolbar.utorrent.com/",8.349048266270545]],["hxxp://www.facebook.com/",["hxxp://creative.ak.fbcdn.net/",3.397180791248985,"hxxp://external.ak.fbcdn.net/",3.683082144967959,"hxxp://photos-c.ak.fbcdn.net/",1.967674022654115,"hxxp://photos-f.ak.fbcdn.net/",2.253575376373090,"hxxp://photos-g.ak.fbcdn.net/",1.967674022654115,"hxxp://pixel.facebook.com/",1.967674022654115,"hxxp://profile.ak.fbcdn.net/",9.401109219347440,"hxxp://sphotos-a.ak.fbcdn.net/",1.967674022654115,"hxxp://static.ak.fbcdn.net/",16.83454441604076,"hxxp://www.facebook.com/",4.826687559843855]],["hxxp://www.freefileviewer.com/",["hxxp://d.addelive.com/",2.60370040,"hxxp://www.freefileviewer.com/",2.448674263365 ... 4063365960]],["hxxp://www.google.com/",["hxxp://isearch.avg.com/",5.416620915711458,"hxxp://www.google.com/",2.084686339270529]],["hxxp://www.google.cz/",["hxxp://ssl.gstatic.com/",2.539476730092064,"hxxp://www.google.cz/",5.112588913562827,"hxxp ... 4022654115]],["hxxp://www.socialgrowthtechnologies.com/",["hxxp://couponbuddy.s3.amazonaws.com/",1.152996862976311,"hxxps://tsjs.s3.amazonaws.com/",1.152996862976311]],["hxxp://www.youtube.com/",["hxxp://csi.gstatic.com/",1.967674022654115,"hxxp://googleads.g.doubleclick.net/",3.111279437530011,"hxxp://i2.ytimg.com/",3.957547444538173,"hxxp://i3.ytimg.com/",3.397180791248985,"hxxp://pagead2.googlesyndication.com/",2.825378083811037,"hxxp://r5---sn-upfn-25g6.c.youtube.com/",2.539476730092064,"hxxp://s.youtube.com/",1.967674022654115,"hxxp://s.ytimg.com/",5.684391621000776,"hxxp://s2.youtube.com/",2.253575376373090,"hxxp://www.youtube.com/",2.539476730092064]],["hxxp://youtube.conduitapps.com/",["hxxp://api.conduit.com/",0.4290876069780953,"hxxp://config.conduitapps.com/",1.261511315631498,"hxxp://youtube.conduitapps.com/",2.523026400320365]]],"startup_list":[1,"hxxp://alert.services.conduit.comalerts/","hxxp://contextmenu.toolbar.conduit-services.com/","hxxp://login.toolbar.conduit-services.com/","hxxp://newtab.settings.conduit-services.com/","hxxp://servicemap.conduit-services.com/","hxxp://settings.toolbar.search.conduit.com/","hxxp://stats.avg.com/","hxxp://translation.toolbar.conduit-services.com/","hxxp://www.freefileviewer.com/","hxxps://www.google.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"13005426813243618","next_check":"13011632054555339"},"blacklistupdate":{"lastpingday":"13005388810475618","version":"0.0.0.140"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://pacgpkgadgmibnhpdidcnfafllnmeomc/Search/NewTabPages/html/new_tab.html"]},"last_chrome_version":"26.0.1410.64","settings":{"aakhlmakppmkkmfkoibponkmmpgpmjgl":{"blacklist":true},"aandpgohbohmlknpjbblpmoladhoochg":{"blacklist":true},"abciiempgohamehppammbkhkicmkgkob":{"blacklist":true},"abfclfmhaemoockhhinpplncjehfpdbd":{"blacklist":true},"acmpfcamncegnhjdeiodgilikjafcamg":{"blacklist":true},"acomnmbomlajgjbcijkflekoojdfcldj":{"blacklist":true},"aconhjfogglfnkjhkjipaifepjklolog":{"blacklist":true},"aebfkgcamgnimcbnbiopgdakknjgggnm":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true},"aglmapjbjphdidmnileogpjkgpdoliep":{"blacklist":true},"agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"n","creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13006543918913582","location":5,"manifest":{"app":{"launch":{"web_url":"hxxps://chrome.google.com/webstore"},"urls":["hxxps://chrome.google.com/webstore"]},"description":"Web Store","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Chrome Web Store","permissions":["appNotifications","webstorePrivate","management"],"version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files\\Google\\Chrome\\Application\\25.0.1364.97\\resources\\web_store","was_installed_by_default":false},"ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true},"aieglpnmmhleoenpbmfaffppfomgjmba":{"blacklist":true},"aieihijcjcccdiepockaiekhpflicdii":{"blacklist":true},"aifmjmboebdkdelpjenakhaodgneempp":{"blacklist":true},"ajlkjjdbgcjdiklbcomhnfghjigfccoh":{"blacklist":true},"akadaakimgegecohlifeejdnnjbnobop":{"blacklist":true},"akbdojiajlefghcdclgkgmbbljamgehd":{"blacklist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"aldalonecchncedclgcndcndgilaclnk":{"blacklist":true},"alfahpoknocfdebmiclonikapcnljlob":{"blacklist":true},"aljdncnajablgppdcfbehhmidlmbndda":{"blacklist":true},"amfgdngndpfldigimkcindjalokfnmem":{"blacklist":true},"amoobcjlpgloocplpikcldcpjjdnoeii":{"blacklist":true},"anmjpohfnlopdfaojooicpemopnliimn":{"blacklist":true},"aofechiiopolnegcjcddgedjabmkemhf":{"blacklist":true},"aojicjocmihiopalnhjikigammkhgckb":{"blacklist":true},"apdebchnkegjokdjplmfmepcdgneemhe":{"blacklist":true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"aphncaagnlabkeipnbbicmcahnamibgb":{"blacklist":true},"bandboadndbkchlpicmfkpoedgnocblf":{"blacklist":true},"bcddmcejgphfgofbpoocakaeapfomlek":{"blacklist":true},"bdgijcibmhjjccgbdohofncdjcophknj":{"blacklist":true},"benclngoadbppljglhphhnfknoppmjoa":{"blacklist":true},"bhdkpmneahdelgdgfhddianklldfoell":{"blacklist":true},"bhmahaiplmeodpakkcchmolaihbhkpdl":{"blacklist":true},"biiponhbbifajapmbggbgaepiedinifm":{"blacklist":true},"bilgncckogfgfipdlejkffnbkgjkmflh":{"blacklist":true},"bioeopenmokdgbekbgpgnacecjmpckbb":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true},"bkhafliomebnpccanacmlfaemgfiofko":{"blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"bkplhcigeaiiliajeehehiikokgocbhb":{"blacklist":true},"bldgnkigdcpgnbfehgbameigoohecdfl":{"blacklist":true},"bndahdijlcnncjbpammoedeapmlobllc":{"blacklist":true},"bnffnggkphadlnoopcoakdnkellnifjp":{"blacklist":true},"boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true},"cbbbpmlnlpnjojeplppgeilanlihoojg":{"blacklist":true},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cbhhdkemlehgodemcigfabmcdnohhhef":{"blacklist":true},"cbjlfaogacjpkplebfbijaakaifoflno":{"blacklist":true},"cdogaeccgljmkecjmoedambgiekkllij":{"blacklist":true},"cedclbokcakighlpbnbhfjffdjeihfdp":{"blacklist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist":true},"cepfogmgfkddnllaopgknbdfkceejmhk":{"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true},"cfnfobbpdaccoljfahpmfjdmbfmmkeof":{"blacklist":true},"cfogpbanfnocakdckmgafapdlmclpiln":{"blacklist":true},"cgnegjfmdfenjojhjffejinpnpoglmlh":{"blacklist":true},"cgnkbnaiipmfbakpmhllalggoepniemh":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"cjohbbapkbkkhpohinffggbphnhoblea":{"blacklist":true},"ckckpgefkpjfopjppjfcikppehdhceah":{"blacklist":true},"ckphhghhpjbfddcgkpfbelfeojcciglo":{"blacklist":true},"clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true},"clfhanhcjmgjnbpjfopldmnabimhmcmp":{"blacklist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"cmlokmkdolieoaoddlfhaidnlmiadhik":{"blacklist":true},"cnimdnlablahacgompaahbgohcokcclp":{"blacklist":true},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true},"copjbedljgpkaakkmbhgkpoaadeahido":{"blacklist":true},"cpiiakoibaohkfoaijaigdnocfolnmll":{"blacklist":true},"dadcalgappognjbjpalfophhcfakoeac":{"blacklist":true},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbanhghadfmjndnjmmejdgfdmgidlbpm":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklist":true},"deocpjmfifplhepinpkmpinpnbiemfje":{"blacklist":true},"deonbedlmakdddidplniclflladdjoep":{"blacklist":true},"dfafokiagoiocidlpglcanjkcdbdnioi":{"blacklist":true},"dfoegfajplmijblljfancdapbdaopebb":{"blacklist":true},"dgaehaeahdegbdlenicbmkbakhdgoeml":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"dhclobcklknojliojkkclgjndemadnig":{"blacklist":true},"dibljdngacjhpccjckmlmeklpgjeinjd":{"blacklist":true},"digmihafmlfkgdbjjdgbcojghcgcoeoa":{"blacklist":true},"diinokaoicgobepmadnmedlhdfnpehcj":{"blacklist":true},"dinhjcapnfbffhiihdlnbdfjdjjfhcbk":{"blacklist":true},"djnahdkbfgnhgpakidinfonfcjbagkgp":{"blacklist":true},"dkhkecikbdfpoiopnnpoeglbdphgflmf":{"blacklist":true},"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true},"dmabikjmolgegjajdhmgpmgffajlmmkb":{"blacklist":true},"dmhgenmamfphbclmhdgmffajkfommkom":{"blacklist":true},"dmhjdbigobajgnfoabodjgmcdgoeoljm":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true},"dnemhlkdpajbbniphgkgceplmnkfnhfo":{"blacklist":true},"doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true},"dpaphgcjeeochbiafgbochohgmpcmlbj":{"blacklist":true},"dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true},"ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true},"echjhfifjidfhoappglfmoffcpmpkigb":{"blacklist":true},"echngajnlpjeacbanjejlhcajjfoedcc":{"blacklist":true},"ecinfbhalenfhdhnljmkglajfjjfehoj":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true},"eemcgdkfndhakfknompkggombfjjjeno":{"active_permissions":{"api":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs"],"explicit_host":["chrome://favicon/*","chrome://resources/*"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13006543918898582","location":5,"manifest":{"chrome_url_overrides":{"bookmarks":"main.html"},"content_security_policy":"object-src 'none'; script-src chrome://resources 'self'","description":"Bookmark Manager","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB","manifest_version":2,"name":"Bookmark Manager","permissions":["bookmarks","bookmarkManagerPrivate","systemPrivate","tabs","chrome://favicon/","chrome://resources/"],"version":"0.1"},"path":"C:\\Program Files\\Google\\Chrome\\Application\\25.0.1364.97\\resources\\bookmark_manager","was_installed_by_default":false},"efbeabpbbkahnnjalakldjfhljboclkf":{"blacklist":true},"efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true},"ehmjnpjodmgeocfphkjjnheiheehcoid":{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true},"eiflkkehgogioennialfbilppmegcpoa":{"blacklist":true},"eihjeehdobnpkonebmpanonopghepfle":{"blacklist":true},"eijbdinddjecmebnlienfoijpjjobkjh":{"blacklist":true},"ejakhnjbomgngodiidgbkapjgbdckhnh":{"blacklist":true},"ejijgghlncnaphklndknkbkclebfboca":{"blacklist":true},"ejlekamipdcfcfpgfepjmklllbpeecaj":{"blacklist":true},"elcaigjcaijbfpjngaekbblphmfjdhfo":{"blacklist":true},"emcdpbapjmnjgoannclkongdfboaabho":{"blacklist":true},"ennkphjdgehloodpbhlhldgbnhmacadg":{"active_permissions":{"api":["app.currentWindowInternal","app.runtime","app.window"],"explicit_host":["chrome://settings-frame/*"]},"app_launcher_ordinal":"t","creation_flags":1,"events":["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":false,"install_time":"13006543918913582","location":5,"manifest":{"app":{"background":{"scripts":["settings_app.js"]}},"description":"Settings","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"settings_app_icon_128.png","16":"settings_app_icon_16.png","32":"settings_app_icon_32.png","48":"settings_app_icon_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB","manifest_version":2,"name":"Settings","permissions":["chrome://settings-frame/"],"version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files\\Google\\Chrome\\Application\\25.0.1364.97\\resources\\settings_app","running":false,"was_installed_by_default":false},"eofejpelggimkodeojpeojnbijgiglgh":{"blacklist":true},"eopmhecjnginkckggjmhombbopmkjpam":{"blacklist":true},"epbmnbdplhcomkedpjfceakddnbgfjmf":{"blacklist":true},"fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true},"fbjjhbijaiopkcdolheliknnjlkaekeb":{"blacklist":true},"fcfepemfihgibdacjlnlecebknaaepmj":{"blacklist":true},"fclheclkknbgfndeahkfdomollhmfkcn":{"blacklist":true},"ffgfbfakpcnngelphjnppokmoicdollk":{"blacklist":true},"fhlkffpjoajppmhcakbkjndbjfljccpi":{"blacklist":true},"fiapkdjniadkodmdibdnchoifkpfoiid":{"blacklist":true},"fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true},"fihepkmlkmciffbhijldnpmifhbkiinp":{"blacklist":true},"fiiblakkkkgeljngobmpeljjapemenhi":{"blacklist":true},"fjhfnfakmfcejgmfkmnapemgblmehppf":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true},"fleljamdchegbjeiipbnmiebnhgheeld":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true},"fngolbdmkneakeaoiieafkilnogbocda":{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true},"fnkaadkanmfgpfbmdcllhjdgmdbgljpi":{"blacklist":true},"fnnmbghphdnmmjdapccfobgjemjadeli":{"blacklist":true},"fnoadkjdjfgafomgmablhmffooijcfbn":{"blacklist":true},"foenbafkkmajnmfnlcmejonkfaipdmme":{"blacklist":true},"fomljmklmcefndkgpakgifbiiidgbjej":{"blacklist":true},"fommcgokigkhmnhlhlkckfjhefnmfohd":{"blacklist":true},"fopgndklnkecillfbdmfknhmadmenikm":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true},"fpbkafpphnhlpakobppekmkebmbhkoco":{"blacklist":true},"fpjdackpllilinpkgmhkpidkanmccblc":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true},"fpoajjnnpmledpmohlgpgbmlhbgkgahg":{"blacklist":true},"fpokembamndopkflopmplkklbdngnknd":{"blacklist":true},"gaicmfjflflabagobdiodejfpjikheeo":{"blacklist":true},"gandihaiobadcggbfkhpbkocmiemjlnf":{"blacklist":true},"gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"gchbiabnbdikkgfhnkclecjncojnkmhb":{"blacklist":true},"gdggdkkjecogagaffaemnbfmllcoihjp":{"blacklist":true},"geggofhlfbcmanadhknllmlajiafopoh":{"blacklist":true},"gekkhpjigmckhgmgngadbeknekgpgolb":{"blacklist":true},"gfjfhihpkmehdmblhfaikkipeplpdcla":{"blacklist":true},"gfmmoiakbmdohkgeoekiokjgljcminig":{"blacklist":true},"ggkpicnfnljflddbdoeeaajjgepapcbf":{"blacklist":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true},"ghmaokcegalalefnhlfcnjhnpdbanjkj":{"blacklist":true},"gifglngcdbggmlgkcombebegdaoknkho":{"blacklist":true},"gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true},"gjmhdmobkhfhkpfmfegnkkimlamjdldi":{"blacklist":true},"gkhbgnodbilglgholifcjdblbgdaieah":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true},"gkjmgdpdndoaiholejnmdbbpdaafahmm":{"blacklist":true},"glhhlafadlhkgbklgbjnmblfhnkfknbm":{"blacklist":true},"gmghjgfdialcnhadahmjefeflgnhcjeb":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"goedioiidkokkbobdnopnlnaaalniegm":{"blacklist":true},"gpdcodmabpgmncbkhpipakhehepmpopk":{"blacklist":true},"gpgehbjbkfhngdlfpfeokjgbkmmokjhe":{"blacklist":true},"gplgjmecjpbfcdikpbicknafcnfcidek":{"blacklist":true},"hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hbdhabpmbbanaopgkbaondabkkepjfaf":{"blacklist":true},"hbmlheccjkodhfejcmblndjodllmnlnl":{"blacklist":true},"hcapokajkngndbglnfglpfdpoeidmpha":{"blacklist":true},"hcpndbchnlgojmnijaldkicigmihmdca":{"blacklist":true},"hdijkiondgomjpehfhopomicjbiodmcm":{"blacklist":true},"hdnbmmfjbblajkjkcaeofolgfnljpnim":{"blacklist":true},"hecijapnccjhonbmacmkmffooodfokoo":{"blacklist":true},"hefmoncdemhjembgbnkgglhlookbipdc":{"blacklist":true},"hfcgbiofoebieldldghfocjfnnajmpej":{"blacklist":true},"hfjpjodbolkmheaehcnmfhjakjileoof":{"blacklist":true},"hfpfbhnmbbigpmoodjemilggabklpopj":{"blacklist":true},"hgbaomphocgmdpmiohjclchaaljpaelp":{"blacklist":true},"hgboiaecclcbjphldpbgfgggcbihmnai":{"blacklist":true},"hgjgaeknhmidehalnmokomhpfhbfmpcm":{"blacklist":true},"hhbihfbjoifhhebcnchglobmkmapgjkm":{"blacklist":true},"hhfffemhgkginfafaoapljdllodppana":{"blacklist":true},"hhfiljkpjapjjphcocclhhaldpfkkjbi":{"blacklist":true},"hhjmkijkgojfifipdgmiemghfikbohcm":{"blacklist":true},"hhlgbfcfbkhlmajakkcjippgpcmejkko":{"blacklist":true},"hilncbjbdpnfepdidfchmdclhpnlegpj":{"blacklist":true},"hjkhligcnpfjhjlapmejaiaiigibofif":{"blacklist":true},"hjnigaibahdeadcdnpnommdehajodlhc":{"blacklist":true},"hkbgccpdcpbdckohbknjlamamelcnlki":{"blacklist":true},"hkjcejgfmaanpncnpoidgbhoikcaeepd":{"blacklist":true},"hkjfdgjkgpbbdmadbglcgljjjddkcdha":{"blacklist":true},"hmmoglffhpmacaacfbbmbbkcbdkjphnc":{"blacklist":true},"hnbcdmfeoldeppcbnnjmjkdofohaljbn":{"blacklist":true},"hncomkjbbkchfjelocejkbbflmjhlhfp":{"blacklist":true},"hnipgljcblpgnnojcfldehpeknhakbgj":{"blacklist":true},"hnkcpoijaeegompjgbjjhkdmljldaccg":{"blacklist":true},"hnnebfeppcbhhbhiifeaajgcjnkljlld":{"blacklist":true},"hnonhhpgjnjcjfbkjdpfbkfpaodcmncb":{"blacklist":true},"hpcdoodjfcmpcpkeendjnjkeinimhkih":{"blacklist":true},"hpibmhghjndideebpackbdlpncgkcppp":{"blacklist":true},"iablioliielnhdianpbiijaoncbmfend":{"blacklist":true},"iccblehkchfmjgfafjcpjlkjcponhdhl":{"blacklist":true},"icihfeaofpcfehanhbnjigdlpfahjlee":{"blacklist":true},"idbdlnkdnaodonmgnimcfelpngbmcpjk":{"blacklist":true},"iedogbkombgmapifenoojnmpcnjighfm":{"blacklist":true},"iemfpgbdjfoihicbocpbjppipdbfimeh":{"blacklist":true},"ifbkndkaolfbjjhnnhfmkbkoclpdkpli":{"blacklist":true},"ifeijfpkjckedpclgncedmgdiaoeahmk":{"blacklist":true},"igaajdmlejbjcbmpmnigopikfdaccdcm":{"blacklist":true},"igbaoknfddliiaoimhehfbkfekpmmfll":{"blacklist":true},"igghanohiioehififjoalfkdoicafjof":{"blacklist":true},"iggjepemmdkieakihpomccndhdfcljdp":{"blacklist":true},"igkdgkdiiolilocklmiolkpoohacojop":{"blacklist":true},"ihnembcpodnfgkafmiojebccomjekopm":{"blacklist":true},"iiiinekimabooeihccihfopoadcaaphn":{"blacklist":true},"ijecjbcgpblkacpijljpaienknanaloa":{"blacklist":true},"ijenlpgidnapbndonoinbkhekgjonojg":{"blacklist":true},"ijjmbbddenkbenbcfldgghhjgjmcnioo":{"blacklist":true},"ilhjicgcglhjigdehkcehjdokmkahbjl":{"blacklist":true},"iljfgjkppapinhcgonhjnipfppfmfedh":{"blacklist":true},"ilmknaabackgdbnkgbihgpgiopnlkjek":{"blacklist":true},"imfbomjbodpfgfhfahlgkkcllmhbelhk":{"blacklist":true},"imkffpjpdngdkpgadcmnlkhhmhdocijn":{"blacklist":true},"indfhnliadamglhalanplbajgenpjdml":{"blacklist":true},"iobnpmeeecphddicmhhmdjbnlbdhjlne":{"blacklist":true},"iomejadoamfilglofmeaffghddcgapmf":{"blacklist":true},"jabpdgllijbnknhkgjideeajfofafckp":{"blacklist":true},"jaejgaoiipdjjlbnapngknalafalbkej":{"blacklist":true},"jafnimahlamccccjbkhjjpeiipiedpik":{"blacklist":true},"janhdpmhnighonkkbkdpnljcoenpfkbh":{"blacklist":true},"jbfebbkjjmkcoldeaeelhpconkmgjhbg":{"blacklist":true},"jbmbiepnidbnhbbfdbgioomdkgnbcacj":{"blacklist":true},"jbnafcjbcfgejacaanogofkkehcomamp":{"blacklist":true},"jcmipejepoimfflnoapdmkdephgjinck":{"blacklist":true},"jddbdddmbfencninofcgnodekclofpaj":{"blacklist":true},"jdiakcmbpmcnniggjcmcjknnklpdlogc":{"blacklist":true},"jeehjhnmgohgpfpjneglogiholalkeip":{"blacklist":true},"jfalnphfjdoalcdhlnhdpekbmmopkgkj":{"blacklist":true},"jfhmafmjfdblceidmfdmoihamolaaeco":{"blacklist":true},"jfjagidcpadkoaonbogmbgfimmnefeie":{"blacklist":true},"jgdkappiifgomhgikcjbanhnmlekpeje":{"blacklist":true},"jgmpapdckakiohhebmeoemejibommimi":{"blacklist":true},"jgoljhcbgajhbhnchplgjdkknendhjnn":{"blacklist":true},"jhhabiomopkibeecgngiggmopkeofacl":{"blacklist":true},"jindbcpkhnnnjgcjgmkjedbibibiojjf":{"blacklist":true},"jiofcofpcbijcnlpekdkpmgjdppajbjb":{"blacklist":true},"jjnkfllhcgkgnfbekpnmoikpfihpjfli":{"blacklist":true},"jkihmglffmfjedfbpbpdbbimcodjbmdh":{"blacklist":true},"jkmhalpofmlfeglboejbchpoijnkmcgh":{"blacklist":true},"jljfnkmkkdkppfndippkedacgfkafped":{"blacklist":true},"jmbkhogpjgjpfjhpdikloblkbkljkgao":{"blacklist":true},"jmeanodbelbflfmnkfdjgpikmldgjjko":{"blacklist":true},"jmifipgdcllamghkhdplfjffkciekbgo":{"blacklist":true},"jpehgolpfgnknboibogccapmdcadjkbd":{"blacklist":true},"jpeijjbllejgmokmahkeommcodahoobm":{"blacklist":true},"jpgidahfcgiajlcbleeiaibpmmblcmnb":{"blacklist":true},"jpkdlckejfjidmplieobnhijmoiecbhl":{"blacklist":true},"kbipembkfhbdmkkkfbigmohilmknjnof":{"blacklist":true},"kcanfkmhccbaheheaackijegkclkaeic":{"blacklist":true},"kcfnnanmpghdnoompcfclakpacapnfbn":{"blacklist":true},"kcgplbmkmfcpngilmhjmebdgkkpbdemp":{"blacklist":true},"kdchmeaiapjkejkcbeclgjklemecieeg":{"blacklist":true},"kdcnnmifdmlmjffdgeieikcokcogpbej":{"blacklist":true},"kdfahjokahcbmecgaandpobmgiiknagf":{"blacklist":true},"kdjhalklkkcmodeicjiaekcgifkcepaf":{"blacklist":true},"kelcbonmemlciepjdmfcifnhloeammhj":{"blacklist":true},"kelljdoinjlkmkncffgadbebgpmlcang":{"blacklist":true},"kffhenjbibjnbnjhlkcdlmpeccpaohio":{"blacklist":true},"kgbkdabomfdpfoibliicpmibceaoohgh":{"blacklist":true},"kgdhnhadbnpeibkghaebmhmngobdafag":{"blacklist":true},"kgdkcodealpfjolmiagcogfbgmaamegh":{"blacklist":true},"kgdmldjagfciieddcnlhampgkajkpanc":{"blacklist":true},"kibgmcdcfmcglajcfbecilngejnfppjp":{"blacklist":true},"kiipngoehgkgkackngaidmhmnchfbmio":{"blacklist":true},"kincjchfokkeneeofpeefomkikfkiedl":{"blacklist":true},"kinhljbhjmcmoddhdoodekeklmjapjff":{"blacklist":true},"kkhomejdleoonmbdhcigkhkjcghngncf":{"blacklist":true},"kleaapgdkahaekcocmkbgfainbhihccj":{"blacklist":true},"kljhmdlkclaglodecegamnpioaflmage":{"blacklist":true},"kmlebjoghkhpapfhbdikannggmmffnco":{"blacklist":true},"kojkdbedffnppdoalcfkkeelbhbklhgp":{"blacklist":true},"kolbbghckjilleabphhgeggcgpfidofi":{"blacklist":true},"lambangeielkjcnmioccboaphdfcffib":{"blacklist":true},"lbaddolhebpnhdcdkicpcflhnfamcemn":{"blacklist":true},"lbficnmfealeidppcbgdcbemgfjodbkg":{"blacklist":true},"lceaiepehinnomgijphkmjccbigkljkj":{"blacklist":true},"lcfkojlnjnedeoepfemhdgkhiabkeadc":{"blacklist":true},"lcmpleboacinanffcdgenhhbkboclkjb":{"blacklist":true},"ldgfapfmnplpaohbbadnecegcpfkfall":{"blacklist":true},"ldmoahefokhfelhpbgfjpelcdbahdofk":{"blacklist":true},"leccghfplhenabeogpibljliijgapfgb":{"blacklist":true},"lfggokjjaanlfikbbapgnfemifmddalf":{"blacklist":true},"lgalokbapphhklmilicdefmgbjkcmldf":{"blacklist":true},"lgcnahanhlfpceencjmlehpfklokhojk":{"blacklist":true},"lhajoamjgchgljkdjigcgmmcehjkagan":{"blacklist":true},"likifpgnijjfbdegfepoalpamlgnfofi":{"blacklist":true},"liomofjeffddiiccaolcnllbhnipbkhe":{"blacklist":true},"ljcicfibknpmlcmcecddjlbgkejehhpa":{"blacklist":true},"ljeihpebkahejeacdalhkhmckmggppif":{"blacklist":true},"ljmjoloiepllcndinchenhomcdcgbgef":{"blacklist":true},"lkdimamelhbiijkiljlnedmhnnkkmlbl":{"blacklist":true},"lkfdchejjogilmloogbbjlnlpbhgjfab":{"blacklist":true},"lkhcbijhgfchgdmklonlobkfbcadbokg":{"blacklist":true},"lljnngafekbnkpdfophmcdlbfebcbcld":{"blacklist":true},"lnahlgmhpghkhmafjppdidhcoaomipfg":{"blacklist":true},"lnbeebaenahmkbffnimghceldeeihfak":{"blacklist":true},"lncjcfkpannmofmpgdfoonkniofdnaba":{"blacklist":true},"lndempehphjoeimfchjflohpmhamiamf":{"blacklist":true},"lnjgjionmhobdfdegbciceafphgemjnc":{"blacklist":true},"lnlaeblencbjjjeaanegaldcjfekeled":{"blacklist":true},"lodollblmkailkkdiijmoccefdfjohgk":{"blacklist":true},"loggadfheaoeabmkgolecncpfdfioefa":{"blacklist":true},"lojppnndedobolgfepahepphhloediji":{"blacklist":true},"loldehkdjdncebfnncknlkdchjclifbn":{"blacklist":true},"lookpbabilcplifjdeifacodednpacmk":{"blacklist":true},"lpgiafapdmlapiokjnmpbbfkomiceoml":{"blacklist":true},"lplmcpcnhpbffpcfiaddbeaplhhbengd":{"blacklist":true},"maakimnachffhlgdhfomaejeeaikgjap":{"blacklist":true},"magllcifjcllaafcdplnajmobccbcdlo":{"blacklist":true},"mamfageekafifnickhgkibkofcclfefe":{"blacklist":true},"mandondadnlimicalgkbkaohmeopdojj":{"blacklist":true},"mbmdaiddhfoljplpdhohimgieioblfif":{"blacklist":true},"mcbkimglepddodbiongpohpeidioafgk":{"blacklist":true},"mcknnlhkkdbcppajgefagceglahcafjd":{"blacklist":true},"mdiehnlecbjlppbpaaipmlnhhjgepfcg":{"blacklist":true},"mdngbiejioalifclonjepjjfppmbgned":{"blacklist":true},"megkcfpbmemnpkgadkoompnoajcolpni":{"blacklist":true},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13006543918913582","location":5,"manifest":{"app":{"launch":{"web_url":"hxxps://www.google.com/cloudprint"},"urls":["hxxps://www.google.com/cloudprint","hxxps://www ... _connector"]},"description":"Cloud Print","display_in_launcher":false,"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files\\Google\\Chrome\\Application\\25.0.1364.97\\resources\\cloud_print","was_installed_by_default":false},"mfffdpnblflpobcnekhekiahepofaane":{"blacklist":true},"mfhfkclojmdocagbmecgcnlofppebebd":{"blacklist":true},"mfncimdpmknolnnnccdmkpnpkaofonkc":{"blacklist":true},"mfooalpniplhaaealemjpchkchmmgdko":{"blacklist":true},"mgdgiplcofghdmpekdeeceolepakodcb":{"blacklist":true},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"app_launcher_ordinal":"t","creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13011625310892805","location":5,"manifest":{"app":{"launch":{"web_url":"hxxp://THIS-WILL-BE-REPLACED"}},"description":"Chrome as an app","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"product_logo_128.png","16":"product_logo_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\program files\\google\\chrome\\application\\26.0.1410.64\\resources\\chrome_app","was_installed_by_default":false},"mhbffdldpckobeihgebaamjalehefnia":{"blacklist":true},"mjalegijammcloleihdmooifidcjggjp":{"blacklist":true},"mjgobkikdipfikmaoakdcdbicpioljgg":{"blacklist":true},"mjhlngjakabhonjagnlimeicooahajpl":{"blacklist":true},"mjolnadmlahbpepjaemohnkhpjkbhmef":{"blacklist":true},"mknjbohhleiicbpagpgmhoaigbblmnic":{"blacklist":true},"mkobblpffgbncfhijabakfafmkjdmmnm":{"blacklist":true},"mlmegahemifabfmdnndafagnncfbnahn":{"blacklist":true},"mlmmbepkgelpbenpobinockmiehdahai":{"blacklist":true},"mlnoedbhndgbjcbeadjfnmjloejlgojk":{"blacklist":true},"mmjodihhmnpkldljaifiajmlnpflfhpm":{"blacklist":true},"mndoohjdoechinpkfbkolflbonciahfo":{"blacklist":true},"mnhcgaghminpdabllkbkecahjfkdiabk":{"blacklist":true},"mnichagcickblneeijmfnmoiakigmmhf":{"blacklist":true},"mnllienogacopjnkmhgnniopjpgjpopp":{"blacklist":true},"mogepbcllienegdibkfpmombhefhcoic":{"blacklist":true},"mpgehpkneknbopplhmmkfijfiniddipf":{"blacklist":true},"mplhbhmkccidaokcelbcbcmhhedebcng":{"blacklist":true},"mplpabdbfbloeiboikmdbnggfnjbjmlh":{"blacklist":true},"naopgnjebjeeedbbhcadkhkmeefmloho":{"blacklist":true},"nbieffehfdniifkgdckbndjhojohbfjj":{"blacklist":true},"nckmikohoilfkcoahbjpbgbpegcjgngm":{"blacklist":true},"ncpdanjmicnihdlijomcggnnekloephc":{"blacklist":true},"ndhkiimgbjnendpcfbiadlifmangejoa":{"blacklist":true},"ndibdjnfmopecpmkdieinmbadjfpblof":{"ack_external":true,"active_permissions":{"api":["cookies","management","plugin","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["<all_urls>","hxxp://dnt.cloud.avg.com/*","hxxp://dntf.cloud.avg.com/*"],"scriptable_host":["<all_urls>","hxxp://toolbar.avg.com/*"]},"allowFileAccess":true,"creation_flags":1,"from_bookmark":false,"from_webstore":false,"incognito":false,"install_time":"13006212277330641","lastpingday":"13003747201302750","location":3,"manifest":{"background":{"page":"content/background.html"},"browser_action":{"default_icon":"content/icons/logoAVG.png","default_title":"AVG Do Not Track"},"content_scripts":[{"all_frames":false,"js":["content/js/content.js"],"matches":["<all_urls>"],"run_at":"document_end"},{"js":["content/js/ntinject.js"],"matches":["hxxp://toolbar.avg.com/*"]}],"content_security_policy":"script-src 'self' 'unsafe-eval'; object-src 'self'","current_locale":"cs","default_locale":"en","description":"AVG Security Toolbar","icons":{"128":"content/icons/128-AVG-logo.png","16":"content/icons/16-AVG-logo.png","48":"content/icons/48-AVG-logo.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","manifest_version":2,"name":"AVG Security Toolbar","options_page":"content/options.html","permissions":["<all_urls>","tabs","webNavigation","unlimitedStorage","cookies","management","plugin","webRequest","webRequestBlocking","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"14.2.0.1"},"path":"ndibdjnfmopecpmkdieinmbadjfpblof\\14.2.0.1_0","state":1,"was_installed_by_default":false},"ndiogongcmocdgjciemhagfhpjamehpe":{"blacklist":true},"negkalblfongjbphdcbbhddlickhlamd":{"blacklist":true},"nepfiodmbijheamafkiglonfkjebdjmf":{"blacklist":true},"nfecfkjnlkbphobjbcnphimihniieehc":{"blacklist":true},"nhbfbnmmdjkjahhfdeklgphihfodfgnb":{"blacklist":true},"nhboiakpmibkbkbeehchlfkggmhphpnk":{"blacklist":true},"nhkmojkfnknbbmhbnacjdlodokeophkl":{"blacklist":true},"nhooocacdhkpbmoocdclodjlddcebfoe":{"blacklist":true},"nibohffepnilngkecenfdgnokfhmnkod":{"blacklist":true},"nidmbljkkcbdfklgdkklgjgmhejmbojn":{"blacklist":true},"nidodbfomffkfabciljelkbdiabkeehe":{"blacklist":true},"nifbebeekindefklojhchehidpikbjfc":{"blacklist":true},"nihhbeikpchdddoillfdcdinnnnllmna":{"blacklist":true},"nlgapikcofpablcmfgaoodlhiejiehhh":{"blacklist":true},"nloaaepkhcnmoakooihnefhhggbmemed":{"blacklist":true},"nmgpbidjnaebdlbdbpjggenmbaolmfoi":{"blacklist":true},"nmmnodocfckpoddcgihiihcdinaonckb":{"blacklist":true},"nmphbnbmgfccfhcmibikmhcgajjpelpf":{"blacklist":true},"nnioepmjbjjlflmdgjanlcmbjahljeeo":{"blacklist":true},"nochkknnbahbhmmknnmdhagelcnfagom":{"blacklist":true},"noefghcilkpcabnhhilojimkkjplhcnd":{"blacklist":true},"npadaghbcdejfngcjpbnoikajdnongca":{"blacklist":true},"npolaghondefgiomhkbiiompikfjneep":{"blacklist":true},"oakhllhnbcpgagdafgbninlpjdemdmjk":{"blacklist":true},"oanjogmonneelfpnfmdlalfddkeckdej":{"blacklist":true},"obfnipbbnnhkbafmdbbfpgfgbjmmkgpm":{"blacklist":true},"obgljnmbldahelaakfdbjkplokjoneip":{"blacklist":true},"ocmhjnhildbnglmlfimkjnnfgddelacb":{"blacklist":true},"ocnlnkjmfnolmbclblfhfhcakldceiec":{"blacklist":true},"odeckaficnaplobiiaomegfbokokehhb":{"blacklist":true},"odnamglmogfldajnhkfodmloofeokcmm":{"blacklist":true},"oghphhcagopecifjblgdcfihjnlcbcfc":{"blacklist":true},"ogjbodghhojomghbdfnlkppdagkfjede":{"blacklist":true},"oidjdpbndkjhmhmgdoggibcjnippkcgo":{"blacklist":true},"oilfokmpgejhjhecdjjpikloibggpenf":{"blacklist":true},"ojglppmhgfohhfeinlhklglifnbfebak":{"blacklist":true},"ojmdhklabgbnnkkilmkcfcemdhognifc":{"blacklist":true},"omceiakkomngangmllpgbjcoeloglald":{"blacklist":true},"omnicnmbagoinlpamknknbcgopadcoci":{"blacklist":true},"onfbaaifbbahonepmednhkjbhdgogkbl":{"blacklist":true},"onjaecbdddgibdijafoemfiachlbcgkj":{"blacklist":true},"onpnpccdagncipgnoofbhchlbajcjnkd":{"blacklist":true},"oocfbmollajebjjpkahmlnclfhkjijea":{"blacklist":true},"ookcgejbfhcmcanfkfmmmpahflnlajbl":{"blacklist":true},"oomelpjfeldbopnleifpjibbpekflhlg":{"blacklist":true},"opnnngnphijodjhemhdafpnnpdjggofe":{"blacklist":true},"pacgpkgadgmibnhpdidcnfafllnmeomc":{"ack_external":true,"active_permissions":{"api":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","plugin","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*","hxxps://*/*","hxxps://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*"]},"allowFileAccess":true,"creation_flags":1,"disable_reasons":128,"from_bookmark":false,"from_webstore":false,"incognito":false,"install_time":"13005426827445618","location":3,"manifest":{"background_page":"Controller.html","browser_action":{"default_icon":"634583052885979538.png","default_title":"uTorrentControl2 Community Toolbar","popup":"js/popup/view/popup.html"},"chrome_url_overrides":{"newtab":"Search/NewTabPages/html/new_tab.html"},"content_scripts":[{"all_frames":false,"js":["js/everypage_early.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"all_frames":true,"js":["js/clicksHandler.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"all_frames":false,"js":["js/compatibility/compatibility.start.js","js/compatibility/match.sb.js","js/compatibility/compatibility.start.sb.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"all_frames":true,"css":["css/ctbmain.css"],"js":["js/contentScript.js","js/API/component/view/BrowserCompApi.js","js/compatibility/compatibility.end.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_end"},{"all_frames":true,"js":["js/jdAPIext.js"],"matches":["hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*","hxxps://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*"],"run_at":"document_end"},{"all_frames":true,"css":["css/ctbmain.css"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_end"}],"description":"Delivers all our best apps to your browser.","icons":{"128":"634520779497696087.png","16":"634520779497696087.png","48":"634520779497696087.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzHp+bci0+9DMludJfiRs2Fk6GCO3pHi9m/qcTqhXCFQJriRFZ51TlY9IX6puGA9PYGESgd0uvLUvtk+2Q7heOBK37V6WAaLjgns010kKVfm36A9MTPbrGzDLiVvhEZafRWiDGoxGroV4dDeiGuYiwAUcOigOqwc2HzebKb8MjSQIDAQAB","name":"uTorrentControl2","options_page":"options.html","permissions":["tabs","hxxp://*/*","hxxps://*/*","notifications","management","unlimitedStorage","bookmarks","contextMenus","cookies","geolocation","history","idle","webRequest","webRequestBlocking","webNavigation","chrome://favicon/*"],"plugins":[{"path":"plugins/ChromeApproveTBPlugin.dll","public":true}],"update_url":"hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT3072253&extensionData=<extension_data>","version":"2.3.19.11"},"path":"pacgpkgadgmibnhpdidcnfafllnmeomc\\2.3.19.11_0","state":1,"was_installed_by_default":false},"pajgiddgjidlcajihkjoacjbplimkgfe":{"blacklist":true},"pbdgmppmccanplobanhfkjndjkmmabgk":{"blacklist":true},"pbekednmpdekknlffkiopooofokfmkla":{"blacklist":true},"pbglijbamgmlcpnnpbfjkbdeheejjloj":{"blacklist":true},"pcaedgdgamlfffkfblocmakhgieggoak":{"blacklist":true},"peahabnpipmmfiajjjhgfggbeigbmbgp":{"blacklist":true},"peiijdmlgbelnnmnkighhkpeihmmamio":{"blacklist":true},"pfaooklcbjnkgconjjepimkohgcjmdji":{"blacklist":true},"pfcelnbmkeoaeicedjomcjkcammlkdbk":{"blacklist":true},"pfgmgcnbngcnhjddppmnloflcidemopc":{"blacklist":true},"pfhlnanelpgjbhndafjamnpfhkjadoip":{"blacklist":true},"pfoiaildicnbcjojocjlpcibenphhbln":{"blacklist":true},"pfonklmafadkmcedjlodommcoipgbcde":{"blacklist":true},"pgelifedkjaohmjehecojkfldinjlamn":{"blacklist":true},"pgjpnfpidejcmjibaaohcmehfohacckf":{"blacklist":true},"pgldfhecfiofkhnbgcncepnkjkeoahlk":{"blacklist":true},"phkpgooenaonkpnabopdbjjfmphclela":{"blacklist":true},"pihcfdffalbcnmbghijdfcaanagapelf":{"blacklist":true},"pjdhkkcnlbfebiokpeghfffajaabahfo":{"blacklist":true},"pjgbfgdpkbfimabdalhjmmeeelbmkcac":{"blacklist":true},"pjloefkigphblpjminnlpbhjchjafcfc":{"blacklist":true},"pkbbbncikcipejaiiiioboongndhmjgl":{"blacklist":true},"pkbkgagehkkoajkpgnmjegibihpalfdk":{"blacklist":true},"pkbkkendemaimikinaefldfljliecapm":{"blacklist":true},"pkcbihpffghlanbclfmkegjmbijcpobj":{"blacklist":true},"pkdlpbfmpolnhligegklimbccminkioc":{"blacklist":true},"pkhidkonipdjidjglnkfcfhnkfnlefbk":{"blacklist":true},"plfijddblbcdcnammpdmfccchkbdekmm":{"blacklist":true},"pnaiiipilbpcceggeanphcpkkihnojan":{"blacklist":true},"pndadpldhngimdmhnajebjldbmcbpjol":{"blacklist":true},"pnnbdjcjeiobikdfikegpclkcimgafpp":{"blacklist":true},"pnpfkfanlgljpkpilhgiimfadggfmhcd":{"blacklist":true},"pnpgiaejfbdapllkchhgchjpdbcpiooa":{"blacklist":true},"pobponmhkpmphbnfhpjdagklbkmjhked":{"blacklist":true},"ppmfajacidhcjbddpgmcmigffpppcadd":{"blacklist":true}},"toolbar":["pacgpkgadgmibnhpdidcnfafllnmeomc","ndibdjnfmopecpmkdieinmbadjfpblof"],"toolbarsize":-1},"google":{"services":{"username":""}},"homepage":"hxxp://isearch.avg.com/?cid={8A64DDC9-A8AE-4D04-B3AF-4179160C0E10}&mid=20a0ae29cedf47d0ab39d153d4de7364-9fa57fc08148e4aa7840d409a5b0ad3448b424ae&lang=cs&ds=AVG&pr=fr&d=2013-01-30 17:26:31&v=14.2.0.1&pid=avg&sg=&sap=hp","homepage_is_newtabpage":false,"net":{"hxxp_server_properties":{"servers":{"accounts.google.com:443":{"settings":{"4":100},"supports_spdy":true},"accounts.youtube.com:443":{"settings":{"4":100},"supports_spdy":true},"ajax.googleapis.com:443":{"settings":{"4":100,"5":10,"6":0},"supports_spdy":true},"apis.google.com:443":{"settings":{"4":100,"5":13,"6":0},"supports_spdy":true},"clients1.google.com:443":{"settings":{"4":100,"5":23,"6":0},"supports_spdy":true},"clients2.google.com:443":{"settings":{"4":100,"5":16,"6":0},"supports_spdy":true},"cs-cz.facebook.com:443":{"settings":{"4":100,"7":16384},"supports_spdy":true},"csi.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"googleads.g.doubleclick.net:443":{"settings":{"4":100,"5":16,"6":0},"supports_spdy":true},"lh3.googleusercontent.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"lh4.googleusercontent.com:443":{"settings":{"4":100,"5":11,"6":9},"supports_spdy":true},"lh5.googleusercontent.com:443":{"settings":{"4":100,"5":16,"6":0},"supports_spdy":true},"lh6.googleusercontent.com:443":{"settings":{"4":100,"5":11,"6":0},"supports_spdy":true},"plus.google.com:443":{"supports_spdy":true},"plusone.google.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"ssl.google-analytics.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"ssl.gstatic.com:443":{"settings":{"4":100,"5":17,"6":0},"supports_spdy":true},"twitter.com:443":{"supports_spdy":true},"www.google.com:443":{"settings":{"4":100,"5":16,"6":0},"supports_spdy":true},"www.googleapis.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"www.gstatic.com:443":{"settings":{"4":100,"5":16,"6":0},"supports_spdy":true}},"version":1}},"ntp":{"app_page_names":["Aplikace"],"pref_version":3,"shown_page":2048},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"c:\\program files\\google\\chrome\\application\\26.0.1410.64","migrated_to_pepper_flash":true,"plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files\\Google\\Chrome\\Application\\21.0.1180.60\\PepperFlash\\pepflashplayer.dll","version":"11.3.31.222"},{"enabled":true,"name":"Shockwave Flash","path":"c:\\program files\\google\\chrome\\application\\26.0.1410.64\\gcswf32.dll","version":"11,3,300,268"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"c:\\program files\\google\\chrome\\application\\26.0.1410.64\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"c:\\program files\\google\\chrome\\application\\26.0.1410.64\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Conduit Chrome Plugin","path":"C:\\Users\\Vladimír\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pacgpkgadgmibnhpdidcnfafllnmeomc\\2.3.15.10_0\\plugins/ConduitChromeApiPlugin.dll","version":"1.0.6.9"},{"enabled":true,"name":"Conduit Chrome Plugin"},{"enabled":false,"name":"Adobe Acrobat","path":"C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.3.23"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files\\Google\\Update\\1.3.21.115\\npGoogleUpdate3.dll","version":"1.3.21.115"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Java(TM) Platform SE 7 U5","path":"C:\\Program Files\\Oracle\\JavaFX 2.1 Runtime\\bin\\plugin2\\npjp2.dll","version":"10.5.1.255"},{"enabled":true,"name":"Java Deployment Toolkit 7.0.50.255","path":"C:\\Windows\\system32\\npDeployJava1.dll","version":"10.5.1.255"},{"enabled":true,"name":"Java"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"is_managed":false,"name":"První uživatel"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp://isearch.avg.com/?cid={8A64DDC9-A8AE-4D04-B3AF-4179160C0E10}&mid=20a0ae29cedf47d0ab39d153d4de7364-9fa57fc08148e4aa7840d409a5b0ad3448b424ae&lang=cs&ds=AVG&pr=fr&d=2013-01-30 17:26:31&v=14.2.0.1&pid=avg&sg=&sap=hp"]},"sync":{"suppress_start":true},"sync_promo":{"view_count":1},"tabs":{"use_vertical_tabs":false},"translate_accepted_count":{"en":3},"translate_denied_count":{"en":0}}

*************************

AdwCleaner[R1].txt - [56061 octets] - [23/06/2013 23:11:28]

########## EOF - C:\AdwCleaner[R1].txt - [56122 octets] ##########

#11 Příspěvek od **vyosek** » 23 čer 2013 22:17

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

sorcer · #12 Příspěvek od **sorcer** » 23 čer 2013 22:21

AdwCleaner

# AdwCleaner v2.303 - Log vytvooen 23/06/2013 v 23:17:45
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (32 bits)
# Uživatel : Vladimír - COMFOR
# Spuštin systém : Normální
# Spuštino z : C:\Users\Vladimír\Desktop\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files\Common Files\AVG Secure Search
Složka Vymazáno : C:\Program Files\Conduit
Složka Vymazáno : C:\Program Files\SiteRanker
Složka Vymazáno : C:\Program Files\Surf Canyon
Složka Vymazáno : C:\Program Files\uTorrentControl2
Složka Vymazáno : C:\ProgramData\APN
Složka Vymazáno : C:\ProgramData\Ask
Složka Vymazáno : C:\ProgramData\AVG Secure Search
Složka Vymazáno : C:\ProgramData\AVG Security Toolbar
Složka Vymazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Složka Vymazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
Složka Vymazáno : C:\Users\Vladimír\AppData\Local\AVG Secure Search
Složka Vymazáno : C:\Users\Vladimír\AppData\Local\Conduit
Složka Vymazáno : C:\Users\Vladimír\AppData\LocalLow\AVG Secure Search
Složka Vymazáno : C:\Users\Vladimír\AppData\LocalLow\Conduit
Složka Vymazáno : C:\Users\Vladimír\AppData\LocalLow\Inbox Toolbar
Složka Vymazáno : C:\Users\Vladimír\AppData\LocalLow\PriceGong
Složka Vymazáno : C:\Users\Vladimír\AppData\LocalLow\SiteRanker
Složka Vymazáno : C:\Users\Vladimír\AppData\LocalLow\uTorrentControl2
Soubor Vymazáno : C:\Users\Vladimír\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Soubor Vymazáno : C:\Users\Vladimír\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [Registry] *****

Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Hodnota Vymazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\PriceGong
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\uTorrentControl2
Klíe Vymazáno : HKCU\Software\AppDataLow\Toolbar
Klíe Vymazáno : HKCU\Software\AVG Secure Search
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\Inbox Toolbar
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKCU\Software\Surf Canyon
Klíe Vymazáno : HKLM\Software\AVG Secure Search
Klíe Vymazáno : HKLM\Software\AVG Security Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Inbox.AppServer
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Inbox.IBX404
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Inbox.JSServer
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Klíe Vymazáno : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Klíe Vymazáno : HKLM\Software\Inbox Toolbar
Klíe Vymazáno : HKLM\Software\InstallIQ
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1935788-07AB-4DE4-82ED-DA32997FCD23}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF81B7EE-C1F4-4223-8C25-E56B4051FA36}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Klíe Vymazáno : HKLM\Software\uTorrentControl2

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry jsou eisté.

-\\ Google Chrome v27.0.1453.116

Soubor : C:\Users\Vladimír\AppData\Local\Google\Chrome\User Data\Default\Preferences

Vymazáno [l.1] : icon_url ={"backup":{"session":{"urls_to_restore_on_startup":["hxxp://isearch.avg.com/?cid={8A64DDC9-A8AE-4D04[...]

*************************

AdwCleaner[R1].txt - [56192 octets] - [23/06/2013 23:11:28]
AdwCleaner[S1].txt - [9914 octets] - [23/06/2013 23:17:45]

########## EOF - C:\AdwCleaner[S1].txt - [9974 octets] ##########

#13 Příspěvek od **vyosek** » 23 čer 2013 22:23

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

sorcer · #14 Příspěvek od **sorcer** » 24 čer 2013 08:02

Děkuji. Odeslal jsem menší podporu, za Vaši snahu.

#15 Příspěvek od **vyosek** » 24 čer 2013 20:59

Nemate zac, za podporu fora jmenem celeho tymu dekuji

A na zaklade Pravidla o zamykani temat

VIRY.CZ

PČR :-/

PČR :-/

Re: PČR :-/

Re: PČR :-/

Re: PČR :-/

Re: PČR :-/

Re: PČR :-/

Re: PČR :-/

Re: PČR :-/

Re: PČR :-/

Re: PČR :-/

Re: PČR :-/

Re: PČR :-/

Re: PČR :-/

Re: PČR :-/

Re: PČR :-/