Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Rootkit- aplikace Idle

Moderátoři: Rudy, Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Odpovědět
Zpráva
Autor
Marr-keta
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 15 lis 2013 10:43

Re: Rootkit- aplikace Idle

#16 Příspěvek od Marr-keta »

Ten Launcher mi AVG zakázalo, tak tu mám log z toho původního:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Dagmar (administrator) on DAGMAR-PC on 16-11-2013 14:46:11
Running from C:\Users\Dagmar\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\system32\dmwu.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
() C:\Program Files (x86)\Tor\tor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
() C:\Windows\System32\ljkb\stij.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxWow64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(ASUS) C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe
(Malwarebytes Corp.) C:\Users\Dagmar\Desktop\mbar-1.07.0.1007.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) C:\Users\Dagmar\Desktop\mbar\mbar.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-06] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [FortKnoxPersonalFirewall] - C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe [2130752 2013-08-27] (NETGATE Technologies s.r.o.)
HKCU\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKCU\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-04-05] (ICQ, LLC.)
HKCU\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MountPoints2: {262ef01c-e137-11e0-be6f-806e6f6e6963} - E:\Autorun.exe
MountPoints2: {f18b30c5-8e10-11e2-9df8-742f684162b6} - G:\Autorun.exe
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\asus\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1398440 2011-12-14] (Ask)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-04-05] ()
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-09-29] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-14] (AVAST Software)
HKU\Katka\...\Run: [Device Detector] - DevDetect.exe -autorun
HKU\Katka\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\Katka\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKU\Katka\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-04-05] (ICQ, LLC.)
HKU\Katka\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\Katka\...\Run: [AdobeBridge] - [x]
HKU\Katka\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\MaRkI\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKU\MaRkI\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\MaRkI\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [968592 2013-03-14] (BitTorrent, Inc.)
HKU\MaRkI\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\MaRkI\...\Run: [T-Mobile Communication Centre] - C:\Program Files (x86)\T-Mobile Communication Centre\Centre.exe [573511 2013-05-29] ()
IMEO\cdromek.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\gimp-2.6.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\icq.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\icqsetup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\sptdinst-x64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\utorrent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\webcammax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\MaRkI\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = http://eu.ask.com/web?l=dis&o=APN10147& ... earchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6OzeBw ... earchTerms}
SearchScopes: HKCU - {FCCBB04F-FE11-428E-A79E-B1E984F36298} URL = http://searchya.com/?chnl=dcom-100&s=1& ... earchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\bh\searchya.dll (Montera Technologeis LTD)
BHO-x32: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default
FF NewTab: hxxp://www.delta-search.com/?affID=119816&tt=1 ... 2F68405224
FF DefaultSearchEngine: Delta Search
FF SelectedSearchEngine: Delta Search
FF Homepage: www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Ask Toolbar - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\toolbar@ask.com
FF Extension: aTube Toolbar - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\{bfc39e47-d643-4dc2-aa1d-61377501c844}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Extension: (Skype Click to Call) - C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (AVG SafeGuard) - C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.0.9_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0
CHR Extension: (Gmail) - C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\MaRkI\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.0.9\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-14] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 fortknox; C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe [676592 2013-03-11] (NETGATE Technologies s.r.o.)
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-04-05] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1762608 2013-09-15] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-26] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-30] (TuneUp Software)
R2 vToolbarUpdater17.0.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [1734680 2013-09-29] (AVG Secure Search)
S2 HPSLPSVC; C:\Users\MaRkI\AppData\Local\Temp\7zS3305\hpslpsvc64.dll [x]

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-14] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-14] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-09-29] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-16] (DT Soft Ltd)
S3 EagleX64; C:\Windows\system32\drivers\EagleX64.sys [140600 2013-11-13] (AhnLab, Inc.)
R3 Fkndisf; C:\Windows\System32\DRIVERS\fortknoxfw_ndisim.sys [28240 2009-09-17] (NETGATE Technologies s.r.o.)
R1 fortknox_drv; C:\Windows\System32\drivers\fortknoxfw.sys [69200 2009-11-15] (NETGATE Technologies s.r.o.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2013-11-15] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [116440 2013-11-16] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
S3 cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-16 14:46 - 2013-11-16 14:48 - 00030389 _____ C:\Users\Dagmar\Desktop\FRST.txt
2013-11-16 14:45 - 2013-11-16 14:45 - 00000000 ____D C:\FRST
2013-11-16 13:49 - 2013-11-16 13:49 - 01957794 _____ (Farbar) C:\Users\Dagmar\Desktop\FRST64.exe
2013-11-16 13:45 - 2013-11-16 13:45 - 00005306 _____ C:\Windows\system32\PerfStringBackup.TMP
2013-11-16 13:41 - 2013-11-16 13:41 - 00000000 ___RD C:\Users\Dagmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-16 13:06 - 2013-11-16 13:09 - 00000000 ____D C:\Users\MaRkI\Desktop\x))
2013-11-15 20:49 - 2013-11-15 20:49 - 00002116 _____ C:\Users\Dagmar\Desktop\aswMBR.txt
2013-11-15 20:49 - 2013-11-15 20:49 - 00000512 _____ C:\Users\Dagmar\Desktop\MBR.dat
2013-11-15 20:19 - 2013-11-15 20:20 - 04745728 _____ (AVAST Software) C:\Users\Dagmar\Desktop\aswMBR.exe
2013-11-15 19:22 - 2013-11-15 19:22 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2013-11-15 18:12 - 2013-11-16 14:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-15 18:12 - 2013-11-16 14:22 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-15 18:12 - 2013-11-15 18:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-15 17:47 - 2013-11-16 14:22 - 00000000 ____D C:\Users\Dagmar\Desktop\mbar
2013-11-15 17:47 - 2013-11-15 17:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-15 17:38 - 2013-11-15 17:39 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Dagmar\Desktop\mbar-1.07.0.1007.exe
2013-11-15 17:17 - 2013-11-15 17:17 - 00000000 ____D C:\Users\Dagmar\AppData\Roaming\AVAST Software
2013-11-14 16:50 - 2013-11-14 16:50 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\AVAST Software
2013-11-14 16:49 - 2013-11-14 16:49 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-14 16:49 - 2013-11-14 16:49 - 00001966 _____ C:\ProgramData\Desktop\avast! Free Antivirus.lnk
2013-11-14 16:48 - 2013-11-16 13:42 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-14 16:47 - 2013-11-14 16:47 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-14 16:47 - 2013-11-14 16:47 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-14 16:38 - 2013-11-14 16:43 - 87227720 _____ (AVAST Software) C:\Users\MaRkI\Desktop\avast_free_antivirus_setup.exe
2013-11-14 16:15 - 2013-11-14 16:15 - 00000000 ____D C:\Program Files\CCleaner
2013-11-14 16:14 - 2013-11-14 16:14 - 04379048 _____ (Piriform Ltd) C:\Users\MaRkI\Desktop\ccsetup407.exe
2013-11-14 14:36 - 2013-11-14 14:36 - 00000000 ___RD C:\Users\MaRkI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-14 14:32 - 2013-10-30 10:45 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-11-14 14:32 - 2013-10-30 10:45 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2013-11-14 14:31 - 2013-10-30 10:45 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2013-11-14 14:31 - 2013-10-30 10:45 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2013-11-14 13:33 - 2013-11-14 13:33 - 00002213 _____ C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2013-11-14 13:33 - 2013-11-14 13:33 - 00002213 _____ C:\ProgramData\Desktop\TuneUp 1-Click Maintenance.lnk
2013-11-14 13:33 - 2013-11-14 13:33 - 00002187 _____ C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2013-11-14 13:33 - 2013-11-14 13:33 - 00002187 _____ C:\ProgramData\Desktop\TuneUp Utilities 2014.lnk
2013-11-14 13:33 - 2013-10-30 10:45 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2013-11-14 13:30 - 2013-11-14 14:30 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2013-11-14 13:25 - 2013-11-14 14:41 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-11-14 13:23 - 2013-11-14 15:25 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-14 13:17 - 2013-11-14 13:20 - 55413160 _____ (TuneUp Software) C:\Users\MaRkI\Desktop\TuneUpUtilities2014.exe
2013-11-14 11:49 - 2013-11-14 11:49 - 00003162 _____ C:\Windows\System32\Tasks\{BF40AB87-333E-4723-A87C-DD07A48C0C10}
2013-11-14 11:49 - 2013-11-14 11:49 - 00003162 _____ C:\Windows\System32\Tasks\{6F178997-F4AE-49ED-A7A2-D2762D55943C}
2013-11-13 20:42 - 2013-11-13 20:42 - 00132010 _____ C:\Users\Dagmar\Downloads\prilohy_5531.zip
2013-11-13 19:31 - 2013-11-13 19:31 - 00000000 ___RD C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-13 16:20 - 2013-11-13 18:18 - 00085842 _____ C:\Users\Katka\Desktop\avgrep.txt
2013-11-13 13:34 - 2013-11-14 11:46 - 00000000 ____D C:\Users\Katka\Documents\Anti-Malware
2013-11-13 13:23 - 2013-11-13 13:33 - 190490568 _____ (Emsisoft GmbH ) C:\Users\Katka\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-13 13:15 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 13:15 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 13:15 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 13:15 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 13:15 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 13:15 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 13:15 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 13:15 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 13:15 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 13:15 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 13:15 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 13:15 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 13:15 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 13:15 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 13:14 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 13:14 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 13:14 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 13:14 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 13:14 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 13:14 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 13:14 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 12:59 - 2013-11-13 12:59 - 00140600 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\EagleX64.sys
2013-11-10 15:42 - 2013-11-10 15:42 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-10 15:42 - 2013-11-10 15:42 - 00002731 _____ C:\ProgramData\Desktop\Skype.lnk
2013-11-10 15:41 - 2013-11-10 15:44 - 35056288 _____ (Skype Technologies S.A.) C:\Users\Katka\Downloads\SkypeSetupFull.exe
2013-11-10 15:39 - 2013-11-16 13:47 - 00003164 _____ C:\Windows\System32\Tasks\{F732A14D-3EEF-421F-9A95-27D8CCED00C8}
2013-11-10 15:34 - 2013-11-10 15:34 - 01550496 _____ (Skype Technologies S.A.) C:\Users\MaRkI\Desktop\SkypeSetup.exe
2013-11-06 17:32 - 2013-11-06 17:37 - 00000000 ____D C:\Users\Dagmar\Desktop\Doručené – Seznam Email_soubory
2013-11-06 17:32 - 2013-11-06 17:32 - 00023708 _____ C:\Users\Dagmar\Desktop\Doručené – Seznam Email.htm
2013-11-05 13:13 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-11-05 13:13 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-05 13:13 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-11-05 13:13 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-11-05 13:13 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-05 13:13 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-11-05 13:13 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-05 13:13 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-11-05 13:12 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-11-05 13:12 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-11-05 13:11 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-11-05 13:11 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-11-05 13:11 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-11-05 13:11 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-11-05 13:11 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-11-05 13:11 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-11-05 13:10 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-11-05 13:10 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-11-05 13:10 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-11-05 13:10 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-11-05 13:10 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-11-05 13:10 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-11-05 13:10 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-11-05 13:10 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-11-05 13:10 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-11-05 13:10 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-11-05 13:10 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-11-05 13:10 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-11-05 13:10 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-11-05 13:10 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-11-05 13:10 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-11-05 13:10 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-11-05 13:10 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-11-05 13:10 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-11-05 13:10 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-11-05 13:10 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-11-05 13:10 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-11-05 13:10 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-11-05 13:10 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-11-05 13:10 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-11-05 13:10 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-11-05 13:10 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-11-05 13:10 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-11-05 13:10 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-11-05 13:10 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-11-05 13:10 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-11-05 13:10 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-11-05 13:10 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-11-05 13:10 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-11-05 13:10 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-11-05 13:09 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-11-05 13:09 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-11-05 13:09 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-11-05 13:09 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-11-05 13:09 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-11-05 13:09 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-11-05 13:09 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-11-05 13:09 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-11-05 13:09 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-11-05 13:09 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-11-05 13:09 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-11-05 13:09 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-11-05 13:09 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-11-05 13:09 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-11-05 13:09 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-11-05 13:09 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-11-05 13:09 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-11-05 13:09 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-11-05 13:09 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-11-05 13:09 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-11-05 13:09 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-11-05 13:09 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-11-05 13:09 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-11-05 13:09 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-11-05 13:09 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-11-05 13:09 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-11-05 13:09 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-11-05 13:09 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-11-05 13:09 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-11-05 13:09 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-11-05 13:09 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-11-05 13:09 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-11-05 13:09 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-11-05 13:08 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-11-05 13:08 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-11-05 13:08 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-11-05 13:08 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-11-05 13:08 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-11-05 13:08 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-11-05 13:08 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-11-05 13:08 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-11-05 13:08 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-11-05 13:08 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-11-05 13:08 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-11-05 13:08 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-11-05 13:08 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-11-05 13:08 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-11-05 13:08 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-11-05 13:08 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-11-05 13:08 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-11-05 13:08 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-11-05 13:08 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-11-05 13:08 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-11-05 13:08 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-11-05 13:08 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-11-05 13:08 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-11-05 13:08 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-11-05 13:08 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-11-05 13:08 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-11-05 13:07 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-11-05 13:07 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-11-05 13:07 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-11-05 13:07 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-11-05 13:07 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-11-05 13:07 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-11-05 13:07 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-11-05 13:07 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-11-05 13:07 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-11-05 13:07 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-11-05 13:07 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-11-05 13:07 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-11-05 13:06 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-11-05 13:06 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-11-05 13:06 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-11-05 13:06 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-11-05 13:06 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-11-05 13:06 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-11-05 13:05 - 2013-11-05 13:10 - 00012299 _____ C:\Windows\DirectX.log
2013-11-05 13:05 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-11-05 13:05 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-11-05 13:05 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-11-05 13:05 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-11-05 13:05 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-11-05 13:05 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-11-05 13:02 - 2013-11-05 13:02 - 00000661 _____ C:\Users\Public\Desktop\AION Free-to-Play.lnk
2013-11-05 13:02 - 2013-11-05 13:02 - 00000661 _____ C:\ProgramData\Desktop\AION Free-to-Play.lnk
2013-11-05 13:00 - 2013-11-05 13:00 - 00002936 _____ C:\Windows\System32\Tasks\{B18B78EA-F362-424D-A33D-EABD9913D6D1}
2013-11-04 20:19 - 2013-11-04 20:19 - 00002936 _____ C:\Windows\System32\Tasks\{25769BA0-5762-4BAB-AEAB-9CFECE453BB6}
2013-11-04 16:57 - 2013-11-04 17:46 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6.1
2013-11-04 14:16 - 2013-11-04 14:16 - 00002936 _____ C:\Windows\System32\Tasks\{9D279DAE-B4DC-4021-9B41-ADA1F95200AA}
2013-11-03 09:31 - 2013-11-03 09:31 - 00002936 _____ C:\Windows\System32\Tasks\{276E309A-0388-41F8-85C7-6C8332B03104}
2013-11-02 19:30 - 2013-11-02 19:30 - 00002936 _____ C:\Windows\System32\Tasks\{AB96D336-DEF6-402B-A180-B2075EA024A7}
2013-11-02 18:10 - 2013-11-02 18:10 - 00002936 _____ C:\Windows\System32\Tasks\{55C7A00D-8A62-4B0F-8489-9A45EE51BF3D}
2013-11-02 18:02 - 2013-11-02 18:02 - 00002936 _____ C:\Windows\System32\Tasks\{D9CABA56-5E94-4B16-868E-15C8AC5FC8BC}
2013-11-01 13:36 - 2013-11-01 13:36 - 00002936 _____ C:\Windows\System32\Tasks\{C5D41BF5-8805-489D-AD96-2C5BEE8B7AC7}
2013-11-01 13:25 - 2013-11-01 13:25 - 00002936 _____ C:\Windows\System32\Tasks\{4D24DD9B-92CC-4E20-B81D-62561AE13C69}
2013-11-01 13:18 - 2013-11-01 13:18 - 00002936 _____ C:\Windows\System32\Tasks\{EA0F4AA0-E552-4C9C-AF37-392FC05C6D65}
2013-11-01 12:53 - 2013-11-01 12:53 - 00002936 _____ C:\Windows\System32\Tasks\{F614F0A7-D642-470B-B2EA-64C74E3CF429}
2013-10-31 20:49 - 2013-10-31 20:49 - 00002936 _____ C:\Windows\System32\Tasks\{E52531FA-C49A-4AF2-B3FA-092EDE0C49F0}
2013-10-31 14:25 - 2013-11-16 14:41 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-31 14:25 - 2013-10-31 14:42 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-31 12:57 - 2013-10-31 12:57 - 00002936 _____ C:\Windows\System32\Tasks\{90A82AF2-FAAA-40F1-9326-95BAD58E6B5D}
2013-10-31 12:54 - 2013-10-31 12:54 - 00002936 _____ C:\Windows\System32\Tasks\{17F94438-FDCE-4E23-963F-4479E41FC30E}
2013-10-31 12:50 - 2013-10-31 12:50 - 00002936 _____ C:\Windows\System32\Tasks\{4AF82933-E66E-48AD-8D86-ABACAC1C0090}
2013-10-30 21:54 - 2013-10-30 21:54 - 00002936 _____ C:\Windows\System32\Tasks\{355BFD72-986F-46CA-AB68-322ECB09606C}
2013-10-30 20:02 - 2013-10-30 20:02 - 00002936 _____ C:\Windows\System32\Tasks\{309CA862-B5AF-4B0C-9857-7799BD434F43}
2013-10-30 13:41 - 2013-10-30 13:41 - 00002936 _____ C:\Windows\System32\Tasks\{18D5AC8D-4757-4354-9563-291994150B21}
2013-10-30 13:05 - 2013-10-30 13:05 - 00002936 _____ C:\Windows\System32\Tasks\{6239E242-7108-4D71-A424-C9EB5DBEE9E4}
2013-10-30 13:01 - 2013-10-30 13:01 - 00002936 _____ C:\Windows\System32\Tasks\{07D351A3-29F8-4962-848C-2815128B055B}
2013-10-30 09:53 - 2013-10-30 09:53 - 00002936 _____ C:\Windows\System32\Tasks\{6F20CB80-E327-4ED5-BAC3-5F4545B370BB}
2013-10-30 09:50 - 2013-10-30 09:50 - 00002936 _____ C:\Windows\System32\Tasks\{8F646835-07E7-49F5-BA78-B2E1C7E58DAB}
2013-10-30 09:37 - 2013-10-30 09:38 - 00000000 ____D C:\Users\Dagmar\Downloads\Gameforge Live
2013-10-30 09:37 - 2013-10-30 09:37 - 00000000 ____D C:\Users\Dagmar\AppData\Local\Gameforge4d
2013-10-29 21:42 - 2013-10-29 21:42 - 00002936 _____ C:\Windows\System32\Tasks\{CE38E484-8AA4-4843-9F7E-9F8887402C54}
2013-10-29 14:12 - 2013-10-29 14:12 - 00000000 ____D C:\Users\MaRkI\Downloads\Gameforge Live
2013-10-29 14:12 - 2013-10-29 14:12 - 00000000 ____D C:\Users\MaRkI\AppData\Local\Gameforge4d
2013-10-28 12:46 - 2013-10-28 12:47 - 10702992 _____ ( ) C:\Users\Katka\Downloads\fwinstall.exe
2013-10-28 12:32 - 2013-10-28 12:32 - 00000643 _____ C:\Users\Public\Desktop\Metin2.lnk
2013-10-28 12:32 - 2013-10-28 12:32 - 00000643 _____ C:\ProgramData\Desktop\Metin2.lnk
2013-10-28 12:05 - 2013-10-28 12:07 - 34249488 _____ (Riot Games) C:\Users\Katka\Downloads\LeagueofLegends_EUNE_Installer_06_17_13.exe
2013-10-28 11:46 - 2013-10-30 21:55 - 00000000 ____D C:\Users\Katka\Downloads\Gameforge Live
2013-10-28 11:46 - 2013-10-28 11:46 - 00000000 ____D C:\Users\Katka\AppData\Local\Gameforge4d
2013-10-28 11:45 - 2013-10-28 11:45 - 00000588 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-10-28 11:45 - 2013-10-28 11:45 - 00000588 _____ C:\ProgramData\Desktop\Gameforge Live.lnk
2013-10-28 11:43 - 2013-10-28 11:44 - 19394136 _____ (Gameforge ) C:\Users\Katka\Downloads\Metin2_GameforgeLiveSetup.exe
2013-10-27 13:27 - 2013-10-27 13:27 - 00228864 _____ C:\Users\Dagmar\Downloads\Publicistický styl DRU.ppt
2013-10-26 19:10 - 2013-10-26 19:10 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2013-10-26 19:10 - 2013-10-26 19:10 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2013-10-25 18:24 - 2013-10-25 18:24 - 00000000 ____D C:\Users\MaRkI\Documents\Moje palety
2013-10-25 18:24 - 2013-10-25 18:24 - 00000000 ____D C:\Users\MaRkI\Desktop\The Sims
2013-10-25 18:23 - 2013-11-13 18:44 - 00000000 ____D C:\ProgramData\Protexis
2013-10-25 18:23 - 2013-10-25 18:23 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\Corel
2013-10-25 18:22 - 2013-10-25 18:22 - 00000000 ____D C:\Users\MaRkI\Desktop\Corel
2013-10-25 18:16 - 2013-10-27 15:43 - 00000000 ____D C:\Users\MaRkI\Documents\Corel
2013-10-25 18:15 - 2013-10-25 18:15 - 00000000 ____D C:\Users\MaRkI\Documents\Visual Studio 2008
2013-10-25 18:11 - 2013-10-25 18:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-10-25 18:11 - 2013-10-25 18:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\Users\Public\Documents\Corel
2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\ProgramData\Documents\Corel
2013-10-25 17:54 - 2013-10-25 18:21 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6
2013-10-23 19:50 - 2013-10-23 20:31 - 00014186 _____ C:\Users\Dagmar\Downloads\Kniha+evidence+DPH.xlsx
2013-10-23 19:20 - 2013-10-23 19:44 - 00011559 _____ C:\Users\Dagmar\Downloads\DPH+Daň+povinnost (1).xlsx
2013-10-22 15:15 - 2013-10-22 15:15 - 00003046 _____ C:\Windows\System32\Tasks\{F0B0D277-435D-438E-BC46-E87E96FC90DC}
2013-10-22 13:52 - 2013-10-22 13:52 - 00003046 _____ C:\Windows\System32\Tasks\{685A02F2-D024-4CA3-B3CB-700B0464EDC7}
2013-10-21 12:29 - 2013-10-21 12:29 - 00003046 _____ C:\Windows\System32\Tasks\{8DC4513B-07DE-4CC9-AB03-57FAE6C985DD}
2013-10-21 12:20 - 2013-10-21 12:20 - 00003046 _____ C:\Windows\System32\Tasks\{3854C041-6301-4613-88B7-8D65DA0947A0}
2013-10-20 19:42 - 2013-10-20 19:46 - 00010652 _____ C:\Users\Dagmar\Downloads\DPH+Daň+povinnost.xlsx
2013-10-20 18:43 - 2013-10-20 18:43 - 04993924 _____ C:\Users\Dagmar\Downloads\Majetková práva 1.zip
2013-10-20 12:09 - 2013-10-20 12:09 - 00003046 _____ C:\Windows\System32\Tasks\{672F322A-6657-4FB1-A8DC-3EE7C3E14F9C}
2013-10-20 12:08 - 2013-10-20 12:08 - 00003046 _____ C:\Windows\System32\Tasks\{CB94EB32-BB6D-4351-A372-C9B7A406CB5A}
2013-10-20 10:24 - 2013-10-20 10:24 - 00002974 _____ C:\Windows\System32\Tasks\{AA7631EF-FE61-48F1-9BEA-C50024817221}
2013-10-19 14:57 - 2013-10-19 14:57 - 00003046 _____ C:\Windows\System32\Tasks\{B8B5E478-3D92-4A2A-BE2C-E96DC6B68DC6}
2013-10-19 14:56 - 2013-10-19 14:56 - 00003046 _____ C:\Windows\System32\Tasks\{BDDC03A2-9D58-405F-9989-0A187FFD90CD}
2013-10-18 18:43 - 2013-10-18 18:43 - 00010625 _____ C:\Users\Dagmar\Downloads\Kopie+-+DPH+Daň+povinnost.xlsx
2013-10-18 17:01 - 2013-10-18 17:01 - 00002974 _____ C:\Windows\System32\Tasks\{42478DCE-4497-4CBC-94CD-48837203C4EC}
2013-10-18 14:26 - 2013-10-18 14:26 - 00002974 _____ C:\Windows\System32\Tasks\{39CAFA71-A1F0-4A16-8936-AB2CE4C2B8FA}
2013-10-18 13:10 - 2013-10-18 13:10 - 00002974 _____ C:\Windows\System32\Tasks\{B69F2535-2249-42F7-8ACF-FBF549FE4579}
2013-10-18 12:07 - 2013-10-18 12:07 - 00002948 _____ C:\Windows\System32\Tasks\{38AF87B7-7132-4466-82A0-0268085A4848}

==================== One Month Modified Files and Folders =======

2013-11-16 14:48 - 2013-11-16 14:46 - 00030389 _____ C:\Users\Dagmar\Desktop\FRST.txt
2013-11-16 14:45 - 2013-11-16 14:45 - 00000000 ____D C:\FRST
2013-11-16 14:41 - 2013-10-31 14:25 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-16 14:25 - 2013-11-15 18:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-16 14:22 - 2013-11-15 18:12 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-16 14:22 - 2013-11-15 17:47 - 00000000 ____D C:\Users\Dagmar\Desktop\mbar
2013-11-16 14:06 - 2011-09-23 22:16 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-16 13:51 - 2011-10-18 18:12 - 02014397 _____ C:\Windows\WindowsUpdate.log
2013-11-16 13:49 - 2013-11-16 13:49 - 01957794 _____ (Farbar) C:\Users\Dagmar\Desktop\FRST64.exe
2013-11-16 13:47 - 2013-11-10 15:39 - 00003164 _____ C:\Windows\System32\Tasks\{F732A14D-3EEF-421F-9A95-27D8CCED00C8}
2013-11-16 13:47 - 2011-09-23 22:16 - 00003956 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-16 13:47 - 2011-09-23 22:16 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-16 13:47 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-16 13:47 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-16 13:46 - 2011-09-23 22:16 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-16 13:45 - 2013-11-16 13:45 - 00005306 _____ C:\Windows\system32\PerfStringBackup.TMP
2013-11-16 13:45 - 2009-07-14 16:18 - 00647390 _____ C:\Windows\system32\perfh005.dat
2013-11-16 13:45 - 2009-07-14 16:18 - 00127734 _____ C:\Windows\system32\perfc005.dat
2013-11-16 13:42 - 2013-11-14 16:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-16 13:41 - 2013-11-16 13:41 - 00000000 ___RD C:\Users\Dagmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-16 13:40 - 2011-09-17 11:11 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-11-16 13:40 - 2011-09-17 11:11 - 00000035 _____ C:\ProgramData\Documents\AtherosServiceConfig.ini
2013-11-16 13:37 - 2013-09-29 18:10 - 00006056 _____ C:\Windows\setupact.log
2013-11-16 13:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-16 13:20 - 2009-07-14 06:13 - 01478822 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-16 13:19 - 2013-08-30 11:28 - 00000000 ____D C:\ProgramData\MFAData
2013-11-16 13:09 - 2013-11-16 13:06 - 00000000 ____D C:\Users\MaRkI\Desktop\x))
2013-11-15 20:49 - 2013-11-15 20:49 - 00002116 _____ C:\Users\Dagmar\Desktop\aswMBR.txt
2013-11-15 20:49 - 2013-11-15 20:49 - 00000512 _____ C:\Users\Dagmar\Desktop\MBR.dat
2013-11-15 20:20 - 2013-11-15 20:19 - 04745728 _____ (AVAST Software) C:\Users\Dagmar\Desktop\aswMBR.exe
2013-11-15 19:22 - 2013-11-15 19:22 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2013-11-15 19:00 - 2011-11-12 03:06 - 00000266 _____ C:\Windows\Tasks\RMSchedule.job
2013-11-15 18:12 - 2013-11-15 18:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-15 17:47 - 2013-11-15 17:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-15 17:43 - 2011-09-17 13:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 17:39 - 2013-11-15 17:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Dagmar\Desktop\mbar-1.07.0.1007.exe
2013-11-15 17:23 - 2013-09-29 13:42 - 00000000 ____D C:\Users\Dagmar\AppData\Roaming\TuneUp Software
2013-11-15 17:17 - 2013-11-15 17:17 - 00000000 ____D C:\Users\Dagmar\AppData\Roaming\AVAST Software
2013-11-14 17:31 - 2013-10-06 09:32 - 00044986 _____ C:\Windows\PFRO.log
2013-11-14 17:31 - 2011-10-29 16:13 - 00000982 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005UA.job
2013-11-14 17:31 - 2011-10-29 16:13 - 00000960 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005Core.job
2013-11-14 16:50 - 2013-11-14 16:50 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\AVAST Software
2013-11-14 16:49 - 2013-11-14 16:49 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-14 16:49 - 2013-11-14 16:49 - 00001966 _____ C:\ProgramData\Desktop\avast! Free Antivirus.lnk
2013-11-14 16:47 - 2013-11-14 16:47 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-14 16:47 - 2013-11-14 16:47 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-14 16:47 - 2011-09-17 15:07 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-14 16:43 - 2013-11-14 16:38 - 87227720 _____ (AVAST Software) C:\Users\MaRkI\Desktop\avast_free_antivirus_setup.exe
2013-11-14 16:43 - 2011-09-17 15:06 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-14 16:15 - 2013-11-14 16:15 - 00000000 ____D C:\Program Files\CCleaner
2013-11-14 16:14 - 2013-11-14 16:14 - 04379048 _____ (Piriform Ltd) C:\Users\MaRkI\Desktop\ccsetup407.exe
2013-11-14 15:25 - 2013-11-14 13:23 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-14 14:57 - 2013-06-15 08:27 - 00002956 _____ C:\Windows\System32\Tasks\{7ACC731A-E804-4F4B-B064-C08882F3B4D8}
2013-11-14 14:57 - 2013-06-15 08:27 - 00002956 _____ C:\Windows\System32\Tasks\{492C00E7-ACA2-46D8-B73B-7EAF5ADE7419}
2013-11-14 14:56 - 2011-10-14 19:44 - 00002976 _____ C:\Windows\System32\Tasks\{D7043364-BFF3-4B7D-A8B7-0D850D186EA7}
2013-11-14 14:56 - 2011-09-17 13:25 - 00003824 _____ C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2013-11-14 14:54 - 2013-09-29 18:30 - 00003678 _____ C:\Windows\System32\Tasks\Online aktualizační program HP
2013-11-14 14:54 - 2011-10-21 15:59 - 00002966 _____ C:\Windows\System32\Tasks\{8DAA1DF5-B564-4D25-A452-8A4F14D6CE2B}
2013-11-14 14:54 - 2011-10-21 15:54 - 00002966 _____ C:\Windows\System32\Tasks\{9E1041A9-C1AD-4D94-B849-8BD2D89FBF62}
2013-11-14 14:54 - 2011-10-20 14:38 - 00002966 _____ C:\Windows\System32\Tasks\{87CAD921-26F1-4AD8-8793-0A77D751A3D3}
2013-11-14 14:53 - 2011-10-29 16:13 - 00003970 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005UA
2013-11-14 14:53 - 2011-10-29 16:13 - 00003602 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005Core
2013-11-14 14:53 - 2011-10-21 15:55 - 00002966 _____ C:\Windows\System32\Tasks\{6379F684-5585-42E3-9434-F57736ADB069}
2013-11-14 14:53 - 2011-10-21 15:49 - 00002966 _____ C:\Windows\System32\Tasks\{7760B9A0-BA5F-473D-A74F-CA7DF8F2E00D}
2013-11-14 14:41 - 2013-11-14 13:25 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-11-14 14:37 - 2012-11-14 12:25 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\uTorrent
2013-11-14 14:36 - 2013-11-14 14:36 - 00000000 ___RD C:\Users\MaRkI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-14 14:30 - 2013-11-14 13:30 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2013-11-14 13:33 - 2013-11-14 13:33 - 00002213 _____ C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2013-11-14 13:33 - 2013-11-14 13:33 - 00002213 _____ C:\ProgramData\Desktop\TuneUp 1-Click Maintenance.lnk
2013-11-14 13:33 - 2013-11-14 13:33 - 00002187 _____ C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2013-11-14 13:33 - 2013-11-14 13:33 - 00002187 _____ C:\ProgramData\Desktop\TuneUp Utilities 2014.lnk
2013-11-14 13:32 - 2013-08-30 14:44 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\TuneUp Software
2013-11-14 13:23 - 2013-08-30 14:38 - 00000000 ____D C:\Program Files (x86)\AVG
2013-11-14 13:20 - 2013-11-14 13:17 - 55413160 _____ (TuneUp Software) C:\Users\MaRkI\Desktop\TuneUpUtilities2014.exe
2013-11-14 12:10 - 2013-07-12 22:45 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 11:55 - 2011-09-30 05:38 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 11:49 - 2013-11-14 11:49 - 00003162 _____ C:\Windows\System32\Tasks\{BF40AB87-333E-4723-A87C-DD07A48C0C10}
2013-11-14 11:49 - 2013-11-14 11:49 - 00003162 _____ C:\Windows\System32\Tasks\{6F178997-F4AE-49ED-A7A2-D2762D55943C}
2013-11-14 11:49 - 2012-02-03 13:23 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2013-11-14 11:46 - 2013-11-13 13:34 - 00000000 ____D C:\Users\Katka\Documents\Anti-Malware
2013-11-13 20:42 - 2013-11-13 20:42 - 00132010 _____ C:\Users\Dagmar\Downloads\prilohy_5531.zip
2013-11-13 19:31 - 2013-11-13 19:31 - 00000000 ___RD C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-13 18:44 - 2013-10-25 18:23 - 00000000 ____D C:\ProgramData\Protexis
2013-11-13 18:44 - 2012-10-13 20:13 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-13 18:44 - 2011-09-20 11:45 - 00000000 ____D C:\Users\Katka
2013-11-13 18:44 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-11-13 18:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-13 18:34 - 2011-10-14 20:15 - 00000000 ____D C:\Users\Katka\AppData\Local\CrashDumps
2013-11-13 18:18 - 2013-11-13 16:20 - 00085842 _____ C:\Users\Katka\Desktop\avgrep.txt
2013-11-13 16:09 - 2009-07-14 06:08 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-13 13:33 - 2013-11-13 13:23 - 190490568 _____ (Emsisoft GmbH ) C:\Users\Katka\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-13 12:59 - 2013-11-13 12:59 - 00140600 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\EagleX64.sys
2013-11-12 20:48 - 2011-09-20 11:46 - 00000000 ____D C:\Users\Katka\Documents\Bluetooth Folder
2013-11-12 19:04 - 2011-09-24 07:51 - 00000000 ____D C:\Users\Katka\AppData\Local\Google
2013-11-12 14:21 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-11 12:46 - 2011-09-24 15:03 - 00000000 ____D C:\Users\Katka\AppData\Roaming\Skype
2013-11-11 08:27 - 2013-01-13 20:42 - 00000000 ____D C:\Users\Dagmar\AppData\Roaming\Skype
2013-11-10 18:43 - 2011-09-23 22:16 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\Skype
2013-11-10 15:44 - 2013-11-10 15:41 - 35056288 _____ (Skype Technologies S.A.) C:\Users\Katka\Downloads\SkypeSetupFull.exe
2013-11-10 15:43 - 2011-09-23 22:16 - 00000000 ____D C:\ProgramData\Skype
2013-11-10 15:42 - 2013-11-10 15:42 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-10 15:42 - 2013-11-10 15:42 - 00002731 _____ C:\ProgramData\Desktop\Skype.lnk
2013-11-10 15:42 - 2013-01-24 18:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-10 15:34 - 2013-11-10 15:34 - 01550496 _____ (Skype Technologies S.A.) C:\Users\MaRkI\Desktop\SkypeSetup.exe
2013-11-08 00:49 - 2011-09-17 10:57 - 00000000 ____D C:\Users\Dagmar\Documents\Bluetooth Folder
2013-11-06 18:49 - 2011-09-19 15:30 - 00000000 ____D C:\Users\MaRkI\Documents\Bluetooth Folder
2013-11-06 17:37 - 2013-11-06 17:32 - 00000000 ____D C:\Users\Dagmar\Desktop\Doručené – Seznam Email_soubory
2013-11-06 17:32 - 2013-11-06 17:32 - 00023708 _____ C:\Users\Dagmar\Desktop\Doručené – Seznam Email.htm
2013-11-05 13:10 - 2013-11-05 13:05 - 00012299 _____ C:\Windows\DirectX.log
2013-11-05 13:02 - 2013-11-05 13:02 - 00000661 _____ C:\Users\Public\Desktop\AION Free-to-Play.lnk
2013-11-05 13:02 - 2013-11-05 13:02 - 00000661 _____ C:\ProgramData\Desktop\AION Free-to-Play.lnk
2013-11-05 13:00 - 2013-11-05 13:00 - 00002936 _____ C:\Windows\System32\Tasks\{B18B78EA-F362-424D-A33D-EABD9913D6D1}
2013-11-04 20:19 - 2013-11-04 20:19 - 00002936 _____ C:\Windows\System32\Tasks\{25769BA0-5762-4BAB-AEAB-9CFECE453BB6}
2013-11-04 17:46 - 2013-11-04 16:57 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6.1
2013-11-04 16:24 - 2011-09-24 15:18 - 00000000 ____D C:\ProgramData\Corel
2013-11-04 14:16 - 2013-11-04 14:16 - 00002936 _____ C:\Windows\System32\Tasks\{9D279DAE-B4DC-4021-9B41-ADA1F95200AA}
2013-11-04 14:05 - 2013-10-15 14:31 - 00000452 ____H C:\Windows\Tasks\Norton Security Scan for MaRkI.job
2013-11-03 09:31 - 2013-11-03 09:31 - 00002936 _____ C:\Windows\System32\Tasks\{276E309A-0388-41F8-85C7-6C8332B03104}
2013-11-02 19:30 - 2013-11-02 19:30 - 00002936 _____ C:\Windows\System32\Tasks\{AB96D336-DEF6-402B-A180-B2075EA024A7}
2013-11-02 18:10 - 2013-11-02 18:10 - 00002936 _____ C:\Windows\System32\Tasks\{55C7A00D-8A62-4B0F-8489-9A45EE51BF3D}
2013-11-02 18:02 - 2013-11-02 18:02 - 00002936 _____ C:\Windows\System32\Tasks\{D9CABA56-5E94-4B16-868E-15C8AC5FC8BC}
2013-11-01 13:36 - 2013-11-01 13:36 - 00002936 _____ C:\Windows\System32\Tasks\{C5D41BF5-8805-489D-AD96-2C5BEE8B7AC7}
2013-11-01 13:25 - 2013-11-01 13:25 - 00002936 _____ C:\Windows\System32\Tasks\{4D24DD9B-92CC-4E20-B81D-62561AE13C69}
2013-11-01 13:18 - 2013-11-01 13:18 - 00002936 _____ C:\Windows\System32\Tasks\{EA0F4AA0-E552-4C9C-AF37-392FC05C6D65}
2013-11-01 12:53 - 2013-11-01 12:53 - 00002936 _____ C:\Windows\System32\Tasks\{F614F0A7-D642-470B-B2EA-64C74E3CF429}
2013-10-31 20:49 - 2013-10-31 20:49 - 00002936 _____ C:\Windows\System32\Tasks\{E52531FA-C49A-4AF2-B3FA-092EDE0C49F0}
2013-10-31 14:42 - 2013-10-31 14:25 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-31 14:42 - 2012-10-13 20:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-31 14:42 - 2011-09-17 13:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-31 12:57 - 2013-10-31 12:57 - 00002936 _____ C:\Windows\System32\Tasks\{90A82AF2-FAAA-40F1-9326-95BAD58E6B5D}
2013-10-31 12:54 - 2013-10-31 12:54 - 00002936 _____ C:\Windows\System32\Tasks\{17F94438-FDCE-4E23-963F-4479E41FC30E}
2013-10-31 12:50 - 2013-10-31 12:50 - 00002936 _____ C:\Windows\System32\Tasks\{4AF82933-E66E-48AD-8D86-ABACAC1C0090}
2013-10-30 21:55 - 2013-10-28 11:46 - 00000000 ____D C:\Users\Katka\Downloads\Gameforge Live
2013-10-30 21:54 - 2013-10-30 21:54 - 00002936 _____ C:\Windows\System32\Tasks\{355BFD72-986F-46CA-AB68-322ECB09606C}
2013-10-30 20:22 - 2011-12-17 20:19 - 00000000 ____D C:\Users\Dagmar\Desktop\Dagmar
2013-10-30 20:02 - 2013-10-30 20:02 - 00002936 _____ C:\Windows\System32\Tasks\{309CA862-B5AF-4B0C-9857-7799BD434F43}
2013-10-30 13:41 - 2013-10-30 13:41 - 00002936 _____ C:\Windows\System32\Tasks\{18D5AC8D-4757-4354-9563-291994150B21}
2013-10-30 13:05 - 2013-10-30 13:05 - 00002936 _____ C:\Windows\System32\Tasks\{6239E242-7108-4D71-A424-C9EB5DBEE9E4}
2013-10-30 13:01 - 2013-10-30 13:01 - 00002936 _____ C:\Windows\System32\Tasks\{07D351A3-29F8-4962-848C-2815128B055B}
2013-10-30 10:45 - 2013-11-14 14:32 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-10-30 10:45 - 2013-11-14 14:32 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2013-10-30 10:45 - 2013-11-14 14:31 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2013-10-30 10:45 - 2013-11-14 14:31 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2013-10-30 10:45 - 2013-11-14 13:33 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2013-10-30 09:53 - 2013-10-30 09:53 - 00002936 _____ C:\Windows\System32\Tasks\{6F20CB80-E327-4ED5-BAC3-5F4545B370BB}
2013-10-30 09:50 - 2013-10-30 09:50 - 00002936 _____ C:\Windows\System32\Tasks\{8F646835-07E7-49F5-BA78-B2E1C7E58DAB}
2013-10-30 09:38 - 2013-10-30 09:37 - 00000000 ____D C:\Users\Dagmar\Downloads\Gameforge Live
2013-10-30 09:37 - 2013-10-30 09:37 - 00000000 ____D C:\Users\Dagmar\AppData\Local\Gameforge4d
2013-10-29 21:42 - 2013-10-29 21:42 - 00002936 _____ C:\Windows\System32\Tasks\{CE38E484-8AA4-4843-9F7E-9F8887402C54}
2013-10-29 14:12 - 2013-10-29 14:12 - 00000000 ____D C:\Users\MaRkI\Downloads\Gameforge Live
2013-10-29 14:12 - 2013-10-29 14:12 - 00000000 ____D C:\Users\MaRkI\AppData\Local\Gameforge4d
2013-10-28 12:47 - 2013-10-28 12:46 - 10702992 _____ ( ) C:\Users\Katka\Downloads\fwinstall.exe
2013-10-28 12:32 - 2013-10-28 12:32 - 00000643 _____ C:\Users\Public\Desktop\Metin2.lnk
2013-10-28 12:32 - 2013-10-28 12:32 - 00000643 _____ C:\ProgramData\Desktop\Metin2.lnk
2013-10-28 12:07 - 2013-10-28 12:05 - 34249488 _____ (Riot Games) C:\Users\Katka\Downloads\LeagueofLegends_EUNE_Installer_06_17_13.exe
2013-10-28 11:46 - 2013-10-28 11:46 - 00000000 ____D C:\Users\Katka\AppData\Local\Gameforge4d
2013-10-28 11:45 - 2013-10-28 11:45 - 00000588 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-10-28 11:45 - 2013-10-28 11:45 - 00000588 _____ C:\ProgramData\Desktop\Gameforge Live.lnk
2013-10-28 11:44 - 2013-10-28 11:43 - 19394136 _____ (Gameforge ) C:\Users\Katka\Downloads\Metin2_GameforgeLiveSetup.exe
2013-10-28 11:40 - 2011-11-05 18:04 - 00000000 ____D C:\Program Files (x86)\Metin2
2013-10-27 21:01 - 2011-09-22 07:48 - 00000000 ____D C:\Users\MaRkI\AppData\Local\CrashDumps
2013-10-27 15:51 - 2009-07-14 03:34 - 00000546 _____ C:\Windows\win.ini
2013-10-27 15:43 - 2013-10-25 18:16 - 00000000 ____D C:\Users\MaRkI\Documents\Corel
2013-10-27 13:27 - 2013-10-27 13:27 - 00228864 _____ C:\Users\Dagmar\Downloads\Publicistický styl DRU.ppt
2013-10-27 12:33 - 2011-09-17 10:31 - 00136280 _____ C:\Users\Dagmar\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-26 19:10 - 2013-10-26 19:10 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2013-10-26 19:10 - 2013-10-26 19:10 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2013-10-26 11:09 - 2011-09-20 11:47 - 00136280 _____ C:\Users\Katka\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-26 11:07 - 2009-07-14 05:45 - 05049432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-25 18:24 - 2013-10-25 18:24 - 00000000 ____D C:\Users\MaRkI\Documents\Moje palety
2013-10-25 18:24 - 2013-10-25 18:24 - 00000000 ____D C:\Users\MaRkI\Desktop\The Sims
2013-10-25 18:23 - 2013-10-25 18:23 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\Corel
2013-10-25 18:23 - 2011-09-19 15:30 - 00136280 _____ C:\Users\MaRkI\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-25 18:22 - 2013-10-25 18:22 - 00000000 ____D C:\Users\MaRkI\Desktop\Corel
2013-10-25 18:22 - 2011-09-19 15:37 - 00000000 ___RD C:\Users\MaRkI\Desktop\Markét x33
2013-10-25 18:21 - 2013-10-25 17:54 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6
2013-10-25 18:15 - 2013-10-25 18:15 - 00000000 ____D C:\Users\MaRkI\Documents\Visual Studio 2008
2013-10-25 18:12 - 2013-10-25 18:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-10-25 18:11 - 2013-10-25 18:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\Users\Public\Documents\Corel
2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\ProgramData\Documents\Corel
2013-10-25 17:56 - 2011-09-24 15:05 - 00000000 ____D C:\Program Files (x86)\Corel
2013-10-23 20:31 - 2013-10-23 19:50 - 00014186 _____ C:\Users\Dagmar\Downloads\Kniha+evidence+DPH.xlsx
2013-10-23 19:44 - 2013-10-23 19:20 - 00011559 _____ C:\Users\Dagmar\Downloads\DPH+Daň+povinnost (1).xlsx
2013-10-23 15:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-23 14:39 - 2013-10-16 08:30 - 00000000 ____D C:\Users\Dagmar\Documents\Věcná práva, vlastnictví a spoluvlastnictví Univerzita Online_files
2013-10-23 14:39 - 2013-10-01 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-23 14:39 - 2013-03-13 21:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-23 14:39 - 2013-03-13 21:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-23 14:39 - 2011-11-05 20:28 - 00000000 ____D C:\ProgramData\Norton
2013-10-23 14:39 - 2011-09-19 15:29 - 00000000 ____D C:\Users\MaRkI
2013-10-23 14:39 - 2011-09-16 18:22 - 00000000 ____D C:\Users\Dagmar
2013-10-23 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-23 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-23 13:51 - 2011-09-17 10:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-22 15:15 - 2013-10-22 15:15 - 00003046 _____ C:\Windows\System32\Tasks\{F0B0D277-435D-438E-BC46-E87E96FC90DC}
2013-10-22 13:52 - 2013-10-22 13:52 - 00003046 _____ C:\Windows\System32\Tasks\{685A02F2-D024-4CA3-B3CB-700B0464EDC7}
2013-10-21 12:29 - 2013-10-21 12:29 - 00003046 _____ C:\Windows\System32\Tasks\{8DC4513B-07DE-4CC9-AB03-57FAE6C985DD}
2013-10-21 12:20 - 2013-10-21 12:20 - 00003046 _____ C:\Windows\System32\Tasks\{3854C041-6301-4613-88B7-8D65DA0947A0}
2013-10-20 19:46 - 2013-10-20 19:42 - 00010652 _____ C:\Users\Dagmar\Downloads\DPH+Daň+povinnost.xlsx
2013-10-20 18:43 - 2013-10-20 18:43 - 04993924 _____ C:\Users\Dagmar\Downloads\Majetková práva 1.zip
2013-10-20 12:09 - 2013-10-20 12:09 - 00003046 _____ C:\Windows\System32\Tasks\{672F322A-6657-4FB1-A8DC-3EE7C3E14F9C}
2013-10-20 12:08 - 2013-10-20 12:08 - 00003046 _____ C:\Windows\System32\Tasks\{CB94EB32-BB6D-4351-A372-C9B7A406CB5A}
2013-10-20 10:24 - 2013-10-20 10:24 - 00002974 _____ C:\Windows\System32\Tasks\{AA7631EF-FE61-48F1-9BEA-C50024817221}
2013-10-19 14:57 - 2013-10-19 14:57 - 00003046 _____ C:\Windows\System32\Tasks\{B8B5E478-3D92-4A2A-BE2C-E96DC6B68DC6}
2013-10-19 14:56 - 2013-10-19 14:56 - 00003046 _____ C:\Windows\System32\Tasks\{BDDC03A2-9D58-405F-9989-0A187FFD90CD}
2013-10-18 18:43 - 2013-10-18 18:43 - 00010625 _____ C:\Users\Dagmar\Downloads\Kopie+-+DPH+Daň+povinnost.xlsx
2013-10-18 17:01 - 2013-10-18 17:01 - 00002974 _____ C:\Windows\System32\Tasks\{42478DCE-4497-4CBC-94CD-48837203C4EC}
2013-10-18 14:26 - 2013-10-18 14:26 - 00002974 _____ C:\Windows\System32\Tasks\{39CAFA71-A1F0-4A16-8936-AB2CE4C2B8FA}
2013-10-18 13:10 - 2013-10-18 13:10 - 00002974 _____ C:\Windows\System32\Tasks\{B69F2535-2249-42F7-8ACF-FBF549FE4579}
2013-10-18 12:07 - 2013-10-18 12:07 - 00002948 _____ C:\Windows\System32\Tasks\{38AF87B7-7132-4466-82A0-0268085A4848}
2013-10-18 12:05 - 2013-09-30 19:17 - 00000000 ____D C:\Users\Katka\AppData\Local\VirtualStore

Some content of TEMP:
====================
C:\Users\Dagmar\AppData\Local\Temp\oi_{3F307B51-C5E5-4CC8-918B-30C5806506B1}.exe
C:\Users\Dagmar\AppData\Local\Temp\setup.exe
C:\Users\Katka\AppData\Local\Temp\EAD76D4.exe
C:\Users\Katka\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Katka\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Katka\AppData\Local\Temp\SCC.dll
C:\Users\Katka\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Katka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Katka\AppData\Local\Temp\SQLite.dll
C:\Users\Katka\AppData\Local\Temp\Uninstall.exe
C:\Users\Katka\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Katka\AppData\Local\Temp\_is79C9.exe
C:\Users\Katka\AppData\Local\Temp\_isF204.exe
C:\Users\MaRkI\AppData\Local\Temp\eauninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-13 19:20

==================== End Of Log ============================
Přílohy
Addition.zip
(20.38 KiB) Staženo 130 x
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Rootkit- aplikace Idle

#17 Příspěvek od vyosek »

:arrow: To AVG dame do pryc a nechame jen Avast, jinak bude dochazet ke kolizi.

:arrow: Odinstalujte AVG a pak pouzijte jeste tohle http://download.avg.com/filedir/util/su ... 4_4116.exe

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKCU\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKCU\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-04-05] (ICQ, LLC.)
HKCU\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MountPoints2: {262ef01c-e137-11e0-be6f-806e6f6e6963} - E:\Autorun.exe
MountPoints2: {f18b30c5-8e10-11e2-9df8-742f684162b6} - G:\Autorun.exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1398440 2011-12-14] (Ask)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-04-05] ()
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-09-29] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-14] (AVAST Software)
HKU\Katka\...\Run: [Device Detector] - DevDetect.exe -autorun
HKU\Katka\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\Katka\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKU\Katka\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-04-05] (ICQ, LLC.)
HKU\Katka\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\Katka\...\Run: [AdobeBridge] - [x]
HKU\Katka\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\MaRkI\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKU\MaRkI\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\MaRkI\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [968592 2013-03-14] (BitTorrent, Inc.)
HKU\MaRkI\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\MaRkI\...\Run: [T-Mobile Communication Centre] - C:\Program Files (x86)\T-Mobile Communication Centre\Centre.exe [573511 2013-05-29] ()
IMEO\cdromek.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\gimp-2.6.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\icq.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\icqsetup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\sptdinst-x64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\utorrent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\webcammax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = http://eu.ask.com/web?l=dis&o=APN10147& ... &apn_dtid=^YYYYYY^YY^CZ&apn_ptnrs=^A6E&apn_uid=4545155131604642&p2=^A6E^YYYYYY^YY^CZ&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6OzeBw ... kw&search={searchTerms}
SearchScopes: HKCU - {FCCBB04F-FE11-428E-A79E-B1E984F36298} URL = http://searchya.com/?chnl=dcom-100&s=1& ... DyEtCtC&q={searchTerms}
BHO-x32: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\bh\searchya.dll (Montera Technologeis LTD)
BHO-x32: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
BHO-x32: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
BHO-x32: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File

FF NewTab: hxxp://www.delta-search.com/?affID=1198 ... 2F68405224
FF DefaultSearchEngine: Delta Search
FF SelectedSearchEngine: Delta Search
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: Ask Toolbar - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\toolbar@ask.com
FF Extension: aTube Toolbar - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\{bfc39e47-d643-4dc2-aa1d-61377501c844}

CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\MaRkI\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.0.9\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx

R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-04-05] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1762608 2013-09-15] ()
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-26] ()
R2 vToolbarUpdater17.0.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [1734680 2013-09-29] (AVG Secure Search)

S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
S3 cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]

C:\Users\Dagmar\AppData\Local\Temp\oi_{3F307B51-C5E5-4CC8-918B-30C5806506B1}.exe
C:\Users\Dagmar\AppData\Local\Temp\setup.exe
C:\Users\Katka\AppData\Local\Temp\EAD76D4.exe
C:\Users\Katka\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Katka\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Katka\AppData\Local\Temp\SCC.dll
C:\Users\Katka\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Katka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Katka\AppData\Local\Temp\SQLite.dll
C:\Users\Katka\AppData\Local\Temp\Uninstall.exe
C:\Users\Katka\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Katka\AppData\Local\Temp\_is79C9.exe
C:\Users\Katka\AppData\Local\Temp\_isF204.exe
C:\Users\MaRkI\AppData\Local\Temp\eauninstall.exe
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Program Files (x86)\Guard-ICQ
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\ICQ6Toolbar
C:\Program Files (x86)\Ironsource\searchya

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005Core.job => C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005UA.job => C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Katka.job => C:\PROGRA~2\NORTON~2\Engine\360~1.31\Nss.exe
Task: C:\Windows\Tasks\Norton Security Scan for MaRkI.job => C:\PROGRA~2\NORTON~2\Engine\360~1.31\Nss.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\Registry Mechanic\RegMech.exe

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

Hosts:

End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Marr-keta
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 15 lis 2013 10:43

Re: Rootkit- aplikace Idle

#18 Příspěvek od Marr-keta »

Tady je ten log :)

:arrow: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2013 02
Ran by Dagmar at 2013-11-18 15:51:35 Run:1
Running from C:\Users\Dagmar\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKCU\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKCU\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-04-05] (ICQ, LLC.)
HKCU\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MountPoints2: {262ef01c-e137-11e0-be6f-806e6f6e6963} - E:\Autorun.exe
MountPoints2: {f18b30c5-8e10-11e2-9df8-742f684162b6} - G:\Autorun.exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1398440 2011-12-14] (Ask)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-04-05] ()
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-09-29] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-14] (AVAST Software)
HKU\Katka\...\Run: [Device Detector] - DevDetect.exe -autorun
HKU\Katka\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\Katka\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKU\Katka\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-04-05] (ICQ, LLC.)
HKU\Katka\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\Katka\...\Run: [AdobeBridge] - [x]
HKU\Katka\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\MaRkI\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKU\MaRkI\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\MaRkI\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [968592 2013-03-14] (BitTorrent, Inc.)
HKU\MaRkI\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\MaRkI\...\Run: [T-Mobile Communication Centre] - C:\Program Files (x86)\T-Mobile Communication Centre\Centre.exe [573511 2013-05-29] ()
IMEO\cdromek.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\gimp-2.6.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\icq.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\icqsetup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\sptdinst-x64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\utorrent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\webcammax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = http://eu.ask.com/web?l=dis&o=APN10147& ... &apn_dtid=^YYYYYY^YY^CZ&apn_ptnrs=^A6E&apn_uid=4545155131604642&p2=^A6E^YYYYYY^YY^CZ&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6OzeBw ... kw&search={searchTerms}
SearchScopes: HKCU - {FCCBB04F-FE11-428E-A79E-B1E984F36298} URL = http://searchya.com/?chnl=dcom-100&s=1& ... DyEtCtC&q={searchTerms}
BHO-x32: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\bh\searchya.dll (Montera Technologeis LTD)
BHO-x32: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
BHO-x32: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
BHO-x32: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File

FF NewTab: hxxp://www.delta-search.com/?affID=1198 ... 2F68405224
FF DefaultSearchEngine: Delta Search
FF SelectedSearchEngine: Delta Search
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: Ask Toolbar - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\toolbar@ask.com
FF Extension: aTube Toolbar - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\{bfc39e47-d643-4dc2-aa1d-61377501c844}

CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\MaRkI\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.0.9\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx

R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-04-05] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1762608 2013-09-15] ()
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-26] ()
R2 vToolbarUpdater17.0.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [1734680 2013-09-29] (AVG Secure Search)

S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
S3 cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]

C:\Users\Dagmar\AppData\Local\Temp\oi_{3F307B51-C5E5-4CC8-918B-30C5806506B1}.exe
C:\Users\Dagmar\AppData\Local\Temp\setup.exe
C:\Users\Katka\AppData\Local\Temp\EAD76D4.exe
C:\Users\Katka\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Katka\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Katka\AppData\Local\Temp\SCC.dll
C:\Users\Katka\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Katka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Katka\AppData\Local\Temp\SQLite.dll
C:\Users\Katka\AppData\Local\Temp\Uninstall.exe
C:\Users\Katka\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Katka\AppData\Local\Temp\_is79C9.exe
C:\Users\Katka\AppData\Local\Temp\_isF204.exe
C:\Users\MaRkI\AppData\Local\Temp\eauninstall.exe
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Program Files (x86)\Guard-ICQ
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\ICQ6Toolbar
C:\Program Files (x86)\Ironsource\searchya

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005Core.job => C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005UA.job => C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Katka.job => C:\PROGRA~2\NORTON~2\Engine\360~1.31\Nss.exe
Task: C:\Windows\Tasks\Norton Security Scan for MaRkI.job => C:\PROGRA~2\NORTON~2\Engine\360~1.31\Nss.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\Registry Mechanic\RegMech.exe

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WebcamMaxAutoRun => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{262ef01c-e137-11e0-be6f-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{262ef01c-e137-11e0-be6f-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18b30c5-8e10-11e2-9df8-742f684162b6} => Key deleted successfully.
HKCR\CLSID\{f18b30c5-8e10-11e2-9df8-742f684162b6} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SSDMonitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Guard.Mail.ru.gui => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => Unable to delete value
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\Device Detector => Value not found.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core => Value not found.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value not found.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ => Value not found.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\WebcamMaxAutoRun => Value not found.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value not found.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value not found.
HKU\MaRkI\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value not found.
HKU\MaRkI\Software\Microsoft\Windows\CurrentVersion\Run\\WebcamMaxAutoRun => Value not found.
HKU\MaRkI\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value not found.
HKU\MaRkI\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value not found.
HKU\MaRkI\Software\Microsoft\Windows\CurrentVersion\Run\\T-Mobile Communication Centre => Value not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cdromek.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dtlite.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\gimp-2.6.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hpwucli.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\icq.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\icqsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sptdinst-x64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unins000.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uninst.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uninstall.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utorrent.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\webcammax.exe => Key deleted successfully.
C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\ICQ Search => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046} => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key deleted successfully.
HKCR\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} => Key deleted successfully.
HKCR\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key deleted successfully.
HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCCBB04F-FE11-428E-A79E-B1E984F36298} => Key deleted successfully.
HKCR\CLSID\{FCCBB04F-FE11-428E-A79E-B1E984F36298} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfc39e47-d643-4dc2-aa1d-61377501c844} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{bfc39e47-d643-4dc2-aa1d-61377501c844} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{33AA308B-B565-4376-AC66-59EE9B6AD13E} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{bfc39e47-d643-4dc2-aa1d-61377501c844} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{bfc39e47-d643-4dc2-aa1d-61377501c844} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90B49673-5506-483E-B92B-CA0265BD9CA8} => Value deleted successfully.
HKCR\CLSID\{90B49673-5506-483E-B92B-CA0265BD9CA8} => Key not found.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\babylon.xml => Moved successfully.
C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart Search.xml => Moved successfully.
C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml => Moved successfully.
C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\toolbar@ask.com => Moved successfully.
C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\{bfc39e47-d643-4dc2-aa1d-61377501c844} => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda => Key deleted successfully.
C:\Users\MaRkI\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Key not found.
"C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.0.9\avg.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj => Key deleted successfully.
C:\Windows\SysWOW64\jmdp\SweetNT.crx => Moved successfully.
Guard.Mail.ru => Service deleted successfully.
IBUpdaterService => Service deleted successfully.
tor => Service deleted successfully.
vToolbarUpdater17.0.1 => Service not found.
cleanhlp => Service deleted successfully.
cpuz134 => Service deleted successfully.
C:\Users\Dagmar\AppData\Local\Temp\oi_{3F307B51-C5E5-4CC8-918B-30C5806506B1}.exe => Moved successfully.
C:\Users\Dagmar\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\EAD76D4.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\SCC.dll => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\Shockwave_Installer_FF.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\SQLite.dll => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\Uninstall.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\UninstallEADM.dll => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\_is79C9.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\_isF204.exe => Moved successfully.
C:\Users\MaRkI\AppData\Local\Temp\eauninstall.exe => Moved successfully.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Directory not found.
"C:\Program Files (x86)\AVG SafeGuard toolbar" => File/Directory not found.
C:\Program Files (x86)\Guard-ICQ => Moved successfully.
C:\Program Files (x86)\Ask.com => Moved successfully.
C:\Program Files (x86)\ICQ6Toolbar => Moved successfully.
C:\Program Files (x86)\Ironsource\searchya => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\Norton Security Scan for Katka.job => Moved successfully.
C:\Windows\Tasks\Norton Security Scan for MaRkI.job => Moved successfully.
C:\Windows\Tasks\RMSchedule.job => Moved successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.


The system needs a manual reboot.

==== End of Fixlog ====
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Rootkit- aplikace Idle

#19 Příspěvek od vyosek »

:arrow: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
  • Ulozte nejlepe na plochu
  • Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
  • Probehne vytvoreni zalohy a nasledne prohledavani
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Marr-keta
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 15 lis 2013 10:43

Re: Rootkit- aplikace Idle

#20 Příspěvek od Marr-keta »

Tady je log z JRT a ten druhý vložím o pár minut později :)

:arrow:



~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dagmar\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\icq service.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3055772981-3229068143-2885740664-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\funwebproducts
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\b
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.searchyaesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.searchyaesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\i
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ironsource.searchyaappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ironsource.searchyaappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ironsource.searchyadskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ironsource.searchyadskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ironsource.searchyahlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ironsource.searchyahlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\icqtoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchya
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2612669
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnToolbarInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnToolbarInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"



~~~ Files

Successfully deleted: [File] "C:\Users\Dagmar\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Dagmar\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Dagmar\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Dagmar\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Dagmar\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Dagmar\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Dagmar\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Dagmar\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Dagmar\AppData\Roaming\dll-files.com"
Successfully deleted: [Folder] "C:\Users\Dagmar\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\locallow\imvu_inc"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\locallow\ironsource"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\funwebproducts"
Successfully deleted: [Folder] "C:\Program Files (x86)\imvu_inc"
Successfully deleted: [Folder] "C:\Program Files (x86)\ironsource"
Successfully deleted: [Folder] "C:\Program Files (x86)\registry mechanic"
Successfully deleted: [Folder] "C:\Program Files (x86)\utorrentcontrol_v2"
Successfully deleted: [Folder] "C:\Windows\syswow64\arfc"
Successfully deleted: [Folder] "C:\Windows\syswow64\jmdp"
Successfully deleted: [Folder] "C:\Windows\syswow64\wnlt"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Dagmar\AppData\Roaming\mozilla\firefox\profiles\bvted9fw.default\prefs.js

user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
user_pref("extensions.asktb.abar-war-timeout", "4000");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "RY");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.crumb", "2011.09.19+08.09.29-toolbar014iad-CZ-UHJhZ3VlLEN6ZWNoIFJlcHVibGlj");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "YYYYYYYYCZ");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "EZXX0012");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "4B994735-EC91-435D-81AE-8AB31E5CFD4E");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "su");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1384784843308");
user_pref("extensions.asktb.last-search-timestamp", "1360782225625");
user_pref("extensions.asktb.last-v", "3.13.1.100008");
user_pref("extensions.asktb.locale", "en_US");
user_pref("extensions.asktb.location", "Prague,Czech Republic");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.new-tab-enabled", true);
user_pref("extensions.asktb.o", "15184");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "12");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-history-queries", "Poslední záznam od soudu: 19.01.2013 - 17:07||GRAFY");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "5000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.13.1.100013");
user_pref("extensions.asktb.volume", "");
Emptied folder: C:\Users\Dagmar\AppData\Roaming\mozilla\firefox\profiles\bvted9fw.default\minidumps [56 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Dagmar\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 18.11.2013 at 19:06:37,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nahoru
Marr-keta
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 15 lis 2013 10:43

Re: Rootkit- aplikace Idle

#21 Příspěvek od Marr-keta »

Zde je log z AdwCleaner :)
# AdwCleaner v3.012 - Report created 18/11/2013 at 19:14:54
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dagmar - DAGMAR-PC
# Running from : C:\Users\Dagmar\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
Folder Deleted : C:\Program Files (x86)\~BabylonToolbar
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\MaRkI\AppData\Local\Conduit
Folder Deleted : C:\Users\MaRkI\AppData\Local\PackageAware
Folder Deleted : C:\Users\MaRkI\AppData\Local\Temp\Conduit
Folder Deleted : C:\Users\MaRkI\AppData\Local\Temp\OpenCandy
Folder Deleted : C:\Users\MaRkI\AppData\Local\Temp\CT3220468
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\Ironsource
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\IMVU_Inc
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\uTorrentControl_v2
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Babylon
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\file scout
Folder Deleted : C:\Users\Katka\AppData\Local\Babylon
Folder Deleted : C:\Users\Katka\AppData\Local\TempDir
Folder Deleted : C:\Users\Katka\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Katka\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Katka\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Katka\AppData\LocalLow\Ironsource
Folder Deleted : C:\Users\Katka\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Katka\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Katka\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Katka\AppData\LocalLow\IMVU_Inc
Folder Deleted : C:\Users\Katka\AppData\LocalLow\uTorrentControl_v2
Folder Deleted : C:\Users\Katka\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Katka\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Katka\AppData\Roaming\file scout
Folder Deleted : C:\Users\Katka\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\ConduitCommon
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\ICQToolbarData
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\Smartbar
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\CT3220468
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Folder Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\Extensions\ffxtlbr@searchya.com
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
[!] Folder Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Dagmar\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\bprotector_extensions.sqlite
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\bprotector_prefs.js
File Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\bprotector_prefs.js
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\searchplugins\Babylon.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\Conduit.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin.gif
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin.src
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-10.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-11.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-12.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-13.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-14.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-15.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-5.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-6.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-7.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-8.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-9.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\MyStart.xml
File Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\searchplugins\MyStart.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\searchya.xml
File Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\searchplugins\Sweetpacks Search.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\user.js
File Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\user.js
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKCU\Software\5e55db8de735ec47
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5A06970-6BC9-45FA-BA46-CCCC4855D1C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BFB2FA7-7579-4045-8F41-4C17644DA8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4905F228-69DD-477C-B2D7-CB1A8E171848}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03E248E8-9299-48CF-AE9D-21C7C6CFFE72}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\Ironsource
Key Deleted : HKCU\Software\AppDataLow\Software\IMVU_Inc
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\Ironsource
Key Deleted : HKLM\Software\IMVU_Inc
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMVU_Inc Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (cs)

[ File : C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\prefs.js ]

Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Line Deleted : user_pref("extensions.asktb.crumb", "2011.09.19+08.09.29-toolbar014iad-CZ-UHJhZ3VlLEN6ZWNoIFJlcHVibGlj");
Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

[ File : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\prefs.js ]

Line Deleted : user_pref("CT2612669..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2612669..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2612669..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2612669.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2612669.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2612669.BrowserCompStateIsOpen_129482420034282070", true);
Line Deleted : user_pref("CT2612669.BrowserCompStateIsOpen_129564502120544861", true);
Line Deleted : user_pref("CT2612669.BrowserCompStateIsOpen_129564560723477699", true);
Line Deleted : user_pref("CT2612669.BrowserCompStateIsOpen_129683190780749804", true);
Line Deleted : user_pref("CT2612669.CT2612669", "CT2612669");
Line Deleted : user_pref("CT2612669.CurrentServerDate", "4-1-2012");
Line Deleted : user_pref("CT2612669.DSInstall", true);
Line Deleted : user_pref("CT2612669.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2612669.DialogsGetterLastCheckTime", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CT2612669.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"1/4/2012 12:44:29 PM\",\"SourceId\":0,\"OriginSource\":0,\"Refer[...]
Line Deleted : user_pref("CT2612669.EMailNotifierPollDate", "Wed Jan 04 2012 10:44:37 GMT+0100");
Line Deleted : user_pref("CT2612669.FeedLastCount129206864782289142", 24);
Line Deleted : user_pref("CT2612669.FeedPollDate129206864782914144", "Wed Jan 04 2012 10:44:39 GMT+0100");
Line Deleted : user_pref("CT2612669.FeedTTL129206864782914144", 40);
Line Deleted : user_pref("CT2612669.FirstServerDate", "19-10-2011");
Line Deleted : user_pref("CT2612669.FirstTime", true);
Line Deleted : user_pref("CT2612669.FirstTimeFF3", true);
Line Deleted : user_pref("CT2612669.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2612669.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2612669.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2612669.HPInstall", true);
Line Deleted : user_pref("CT2612669.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2612669.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2612669.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2612669&SearchSource=13");
Line Deleted : user_pref("CT2612669.Initialize", true);
Line Deleted : user_pref("CT2612669.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2612669.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2612669.InstallationType", "Unknown");
Line Deleted : user_pref("CT2612669.InstalledDate", "Wed Oct 19 2011 16:20:26 GMT+0200");
Line Deleted : user_pref("CT2612669.InvalidateCache", false);
Line Deleted : user_pref("CT2612669.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2612669.IsGrouping", false);
Line Deleted : user_pref("CT2612669.IsInitSetupIni", true);
Line Deleted : user_pref("CT2612669.IsMulticommunity", false);
Line Deleted : user_pref("CT2612669.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2612669.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2612669.IsProtectorsInit", true);
Line Deleted : user_pref("CT2612669.LanguagePackLastCheckTime", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CT2612669.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2612669.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2612669.LastLogin_3.7.0.6", "Wed Oct 19 2011 16:21:30 GMT+0200");
Line Deleted : user_pref("CT2612669.LastLogin_3.8.1.0", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CT2612669.LatestVersion", "3.8.1.0");
Line Deleted : user_pref("CT2612669.Locale", "en");
Line Deleted : user_pref("CT2612669.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2612669.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2612669.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2612669.MyStuffEnabledAtInstallation", false);
Line Deleted : user_pref("CT2612669.OriginalFirstVersion", "3.7.0.6");
Line Deleted : user_pref("CT2612669.RadioIsPodcast", false);
Line Deleted : user_pref("CT2612669.RadioLastCheckTime", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CT2612669.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2612669.RadioLastUpdateServer", "0");
Line Deleted : user_pref("CT2612669.RadioMediaID", "9962");
Line Deleted : user_pref("CT2612669.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2612669.RadioMenuSelectedID", "EBRadioMenu_CT26126699962");
Line Deleted : user_pref("CT2612669.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT2612669.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT2612669.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT2612669.SavedHomepage", "hxxp://start.icq.com/");
Line Deleted : user_pref("CT2612669.SearchCaption", "IMVU Inc Customized Web Search");
Line Deleted : user_pref("CT2612669.SearchEngineBeforeUnload", "IMVU Inc Customized Web Search");
Line Deleted : user_pref("CT2612669.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2612669.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&q=");
Line Deleted : user_pref("CT2612669.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2612669.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2612669.SearchInNewTabLastCheckTime", "Wed Jan 04 2012 10:44:39 GMT+0100");
Line Deleted : user_pref("CT2612669.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2612669.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2612669.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2612669.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2612669.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT2612669.ServiceMapLastCheckTime", "Wed Jan 04 2012 10:44:37 GMT+0100");
Line Deleted : user_pref("CT2612669.SettingsLastCheckTime", "Wed Jan 04 2012 10:44:36 GMT+0100");
Line Deleted : user_pref("CT2612669.SettingsLastUpdate", "1325062543");
Line Deleted : user_pref("CT2612669.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2612669&SearchSource=13");
Line Deleted : user_pref("CT2612669.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2612669.ThirdPartyComponentsLastCheck", "Wed Jan 04 2012 10:44:36 GMT+0100");
Line Deleted : user_pref("CT2612669.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT2612669.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2612669.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2612669");
Line Deleted : user_pref("CT2612669.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2612669.UserID", "UN45596672312929037");
Line Deleted : user_pref("CT2612669.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2612669.WeatherNetwork", "");
Line Deleted : user_pref("CT2612669.WeatherPollDate", "Wed Jan 04 2012 10:44:42 GMT+0100");
Line Deleted : user_pref("CT2612669.WeatherUnit", "C");
Line Deleted : user_pref("CT2612669.alertChannelId", "1005466");
Line Deleted : user_pref("CT2612669.autoDisableScopes", 10);
Line Deleted : user_pref("CT2612669.backendstorage.2612669a129684723478947121000000paramsgk0", "7B2275706461746552657154696D65223A313332353637303238363338362C227570646174655265737054696D65223A31333235363730323837343[...]
Line Deleted : user_pref("CT2612669.backendstorage.cbfirsttime", "576564204F637420313920323031312031363A32303A323920474D542B30323030");
Line Deleted : user_pref("CT2612669.backendstorage.shoppingapp.gk.exipres", "4D6F6E204A616E20303920323031322031303A34343A343720474D542B30313030");
Line Deleted : user_pref("CT2612669.backendstorage.shoppingapp.gk.geolocation", "637A6563682072657075626C6963");
Line Deleted : user_pref("CT2612669.components.1000034", true);
Line Deleted : user_pref("CT2612669.components.1000082", true);
Line Deleted : user_pref("CT2612669.components.1000234", true);
Line Deleted : user_pref("CT2612669.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2612669.globalFirstTimeInfoLastCheckTime", "Wed Jan 04 2012 10:44:41 GMT+0100");
Line Deleted : user_pref("CT2612669.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2612669.initDone", true);
Line Deleted : user_pref("CT2612669.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2612669.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT2612669.myStuffEnabled", true);
Line Deleted : user_pref("CT2612669.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2612669.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2612669.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2612669.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2612669.oldAppsList", "129170380618247103,129170380618247104,111,129174085518698803,129185927686343262,129684723478947121,129206864782289142,129296598392950474,129482420034282070,12968319[...]
Line Deleted : user_pref("CT2612669.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2612669.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2612669.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2612669.testingCtid", "");
Line Deleted : user_pref("CT2612669.toolbarAppMetaDataLastCheckTime", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CT2612669.toolbarContextMenuLastCheckTime", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CT2612669.usagesFlag", 2);
Line Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1353159621,\"uuid\":171435224624011,\"seq_id\":1,\"ssb\":1353159621}");
Line Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.FirstTime", "true");
Line Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.UserID", "UN39682371277941864");
Line Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.autoDisableScopes", 10);
Line Deleted : user_pref("CT3220468.cbfirsttime", "Sat Nov 17 2012 14:40:13 GMT+0100");
Line Deleted : user_pref("CT3220468.countryCode", "CZ");
Line Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Line Deleted : user_pref("CT3220468.enableAlerts", "always");
Line Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Line Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3220468.fixUrls", true);
Line Deleted : user_pref("CT3220468.fullUserID", "UN39682371277941864.UP.20130719103806");
Line Deleted : user_pref("CT3220468.installId", "fft7E73.tmp.exe");
Line Deleted : user_pref("CT3220468.installType", "XPE");
Line Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Line Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN39682371277941864&SSPV=&Lay=1&UM=\"}");
Line Deleted : user_pref("CT3220468.lastVersion", "10.20.0.513");
Line Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"V%C3%ADtejte%20na%20Facebooku%20%E2%80%93%20zaregistrujte%20se%2C%2[...]
Line Deleted : user_pref("CT3220468.openThankYouPage", "true");
Line Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Deleted : user_pref("CT3220468.search.searchCount", "0");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.searchSuggestEnabledByUser", "FALSE");
Line Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2 \"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1380633917449");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353159590284");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1353159595098");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1353159590267");
Line Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353159592036");
Line Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1374044241442");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353338550148");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358356767320");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1360432227835");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360584555291");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363269274197");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1367740550415");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1374044244483");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate", "1378922414321");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380633915453");
Line Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353159593669");
Line Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1380633916843");
Line Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1380633915118");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353159593510");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1380633916644");
Line Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1380633916755");
Line Deleted : user_pref("CT3220468.settingsINI", true);
Line Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3220468.showToolbarPermission", "false");
Line Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3220468.smartbar.isHidden", true);
Line Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Line Deleted : user_pref("CT3220468.toolbarBornServerTime", "17-11-2012");
Line Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "1-10-2013");
Line Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Sat Mar 16 2013 11:28:41 GMT+0100");
Line Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1383247956859,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2612669&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "IMVU Inc Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1005466/1001181/CZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2612669", "\"1323845486\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"0ee90707f77cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2612669", "\"7043fff7ebd57e7e1acd25907e78e9ea\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2612669&octid=CT2612669", "\"1325062544\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dbff24cb6381b84c110a44581d65040e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20566976.xml", "\"7a22aa9b583224da90a272c5b70f61f5\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\MaRkI\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qa2lw4gf.default\\conduitCommon\\modules\\3.8.1.0");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=em&tb_ver=1.3.3&q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2612669");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2612669");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2612669");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "651a8d83-1968-41f5-afd3-f183d5e32856");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2612669");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Jan 04 2012 10:44:46 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jan 04 2012 10:44:39 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "35e90414-acf7-496a-ab6b-596594e31727");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://start.icq.com/");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "ICQ Search");
Line Deleted : user_pref("CommunityToolbar.twitter.user_20566976.LastCheckTime", "Wed Jan 04 2012 10:44:41 GMT+0100");
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119816&tt=1 ... 2F68405224");
Line Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
Line Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/?a=6R95i7DWrr&loc=skw");
Line Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "IMVU Inc Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "MyStart Search");
Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40searchya.com:1.5.0,%7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3,%7Bbfc39e47-d643-4dc2-aa1d-61377501c844%7D:1.0.0.12,%7B7473b6bd-4691-4744-a82b-7854[...]
Line Deleted : user_pref("extensions.searchya.admin", false);
Line Deleted : user_pref("extensions.searchya.aflt", "dcom");
Line Deleted : user_pref("extensions.searchya.cntry", "CZ");
Line Deleted : user_pref("extensions.searchya.dfltLng", "EN");
Line Deleted : user_pref("extensions.searchya.dfltSrch", true);
Line Deleted : user_pref("extensions.searchya.excTlbr", false);
Line Deleted : user_pref("extensions.searchya.hdrMd5", "2D69376B87ACEC38168F54FC5AAE44B1");
Line Deleted : user_pref("extensions.searchya.hmpg", true);
Line Deleted : user_pref("extensions.searchya.id", "5c5dc906000000000000722f68405224");
Line Deleted : user_pref("extensions.searchya.instlDay", "15441");
Line Deleted : user_pref("extensions.searchya.instlRef", "dcom-100");
Line Deleted : user_pref("extensions.searchya.isDcmntCmplt", false);
Line Deleted : user_pref("extensions.searchya.lastVrsnTs", "1.5.13.021:22:52");
Line Deleted : user_pref("extensions.searchya.mntrvrsn", "1.2.0");
Line Deleted : user_pref("extensions.searchya.newTab", true);
Line Deleted : user_pref("extensions.searchya.newTabUrl", "hxxp://searchya.com/?chnl=dcom-100&s=2&cr=740236285&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyEtCtC");
Line Deleted : user_pref("extensions.searchya.noFFXTlbr", false);
Line Deleted : user_pref("extensions.searchya.prdct", "searchya");
Line Deleted : user_pref("extensions.searchya.propectorlck", 73602393);
Line Deleted : user_pref("extensions.searchya.prtkHmpg", 1);
Line Deleted : user_pref("extensions.searchya.prtnrId", "ironsrc");
Line Deleted : user_pref("extensions.searchya.sg", "none");
Line Deleted : user_pref("extensions.searchya.smplGrp", "none");
Line Deleted : user_pref("extensions.searchya.srchPrvdr", "SearchYa!");
Line Deleted : user_pref("extensions.searchya.tlbrId", "base");
Line Deleted : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://searchya.com/?chnl=dcom-100&s=3&cr=740236285&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyEtCtC&q=");
Line Deleted : user_pref("extensions.searchya.vrsn", "1.5.13.0");
Line Deleted : user_pref("extensions.searchya.vrsnTs", "1.5.13.021:22:52");
Line Deleted : user_pref("extensions.searchya.vrsni", "1.5.13.0");
Line Deleted : user_pref("extensions.searchya_i.aflt", "dcom");
Line Deleted : user_pref("extensions.searchya_i.dfltLng", "");
Line Deleted : user_pref("extensions.searchya_i.dfltSrch", true);
Line Deleted : user_pref("extensions.searchya_i.dnsErr", true);
Line Deleted : user_pref("extensions.searchya_i.excTlbr", false);
Line Deleted : user_pref("extensions.searchya_i.hmpg", true);
Line Deleted : user_pref("extensions.searchya_i.hmpgUrl", "hxxp://searchya.com/?chnl=dcom-100&s=0&cr=740236285&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyEtCtC");
Line Deleted : user_pref("extensions.searchya_i.id", "5c5dc906000000000000722f68405224");
Line Deleted : user_pref("extensions.searchya_i.instlDay", "15441");
Line Deleted : user_pref("extensions.searchya_i.instlRef", "dcom-100");
Line Deleted : user_pref("extensions.searchya_i.newTab", true);
Line Deleted : user_pref("extensions.searchya_i.newTabUrl", "hxxp://searchya.com/?chnl=dcom-100&s=2&cr=740236285&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyEtCtC");
Line Deleted : user_pref("extensions.searchya_i.prdct", "searchya");
Line Deleted : user_pref("extensions.searchya_i.prtnrId", "ironsrc");
Line Deleted : user_pref("extensions.searchya_i.smplGrp", "none");
Line Deleted : user_pref("extensions.searchya_i.srchPrvdr", "SearchYa!");
Line Deleted : user_pref("extensions.searchya_i.tlbrId", "base");
Line Deleted : user_pref("extensions.searchya_i.tlbrSrchUrl", "hxxp://searchya.com/?chnl=dcom-100&s=3&cr=740236285&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyEtCtC&q=");
Line Deleted : user_pref("extensions.searchya_i.vrsn", "1.5.13.0");
Line Deleted : user_pref("extensions.searchya_i.vrsnTs", "1.5.13.021:22:52");
Line Deleted : user_pref("extensions.searchya_i.vrsni", "1.5.13.0");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.defSearchChange", true);
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.facebookSmilesAddonShowedPopup", true);
Line Deleted : user_pref("icqtoolbar.firstTbRun", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1382708902);
Line Deleted : user_pref("icqtoolbar.history", "esemes||iskola||dashboard||skateboardy||longboard||google||asterix%20hav%C3%AD%C5%99ov||auto||converse%20all%20star%20leopard||determined%20meme||meme%20face||article%[...]
Line Deleted : user_pref("icqtoolbar.hpChange", true);
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1351353378");
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "24.0");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "193416585517771302911316444471882");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1383248043);
Line Deleted : user_pref("icqtoolbar.userEngineApproved", true);
Line Deleted : user_pref("icqtoolbar.userHpApproved", true);
Line Deleted : user_pref("icqtoolbar.version", "1.5.3");
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/?a=6R95i7DWrr&loc=skw&search=");
Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3220468");
Line Deleted : user_pref("smartbar.machineId", "RZDKMT6TIUZGRNPOWMGYT7GE7R0NAF/LAQTAFDIEOMOBBGNIIHTGQRGVXXDU50+9I2PGRVEL6R9GMHRSRSF79G");

[ File : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\prefs.js ]

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Delta Search");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "somoto");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100789");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "5c5dc906000000000000722f68405224");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15372");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1716:14:48");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "23.0");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 119190307);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb5");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1716:14:48");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "somoto");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100789");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "5c5dc906000000000000722f68405224");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "5c5dc906000000000000722f68405224");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15372");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100789&babsrc=NT_ss&mntrId=5c5dc906000000000000722f68405224");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb5");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:14:48");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40babylon.com:1.1.9,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&tt=1 ... 2F68405224");
Line Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?AF=100789&babsrc=adbartrp&mntrId=5c5dc906000000000000722f68405224&q=");

-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [57760 octets] - [18/11/2013 19:11:52]
AdwCleaner[S0].txt - [58382 octets] - [18/11/2013 19:14:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [58443 octets] ##########
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Rootkit- aplikace Idle

#22 Příspěvek od vyosek »

:arrow: Uz to vypada docela OK, ale jeste doladime

:arrow: Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=24&t=130784
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Marr-keta
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 15 lis 2013 10:43

Re: Rootkit- aplikace Idle

#23 Příspěvek od Marr-keta »

Ok:) tady je log.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dagmar at 2013-11-20 14:31:21
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 13 GB (6%) free of 205 GB
Total RAM: 3692 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:31:35, on 20.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxWow64.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Dagmar.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Users\MaRkI\AppData\Roaming\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Users\MaRkI\AppData\Roaming\ICQ7.6\ICQ.exe
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\MaRkI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Users\Dagmar\AppData\Roaming\ICQ\Application\ICQ7.6\ICQ.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Users\Dagmar\AppData\Roaming\ICQ\Application\ICQ7.6\ICQ.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FortKnox Personal Firewall (fortknox) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13456 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
taskeng.exe {B22DFC65-48EA-485D-BAA6-0952453EBB44}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PSIService.exe
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2128
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-2ba73531-483b-424a-923b-2eafd24fc2b3 -SystemEventPortName:HostProcess-a8ca4781-a980-45c6-a732-8ec07d240428 -IoCancelEventPortName:HostProcess-d9f34109-f733-4ce2-b85f-afe6d3f15775 -NonStateChangingEventPortName:HostProcess-b65d0daa-1d42-4a64-a95a-33409106ad3d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0b496908-ad6b-4be5-9328-765b10510e93 -DeviceGroupId:WpdFsGroup
"taskhost.exe"
"C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe" /TUStart /pid:2076
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
taskeng.exe {A144AEB2-572E-4618-B37E-21D944FE8F6C}
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3
"C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe"
"C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe"
ATKOSD.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxWow64.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
WDC.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Dagmar\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35]
"Description"=
"Path"=C:\Windows\SysWOW64\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
flashplayer.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-11-14 1567016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-09 4171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-16 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-06 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-14 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01 1144072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-16 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-11-14 1567016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-14 606544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-01-06 615584]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-01-06 379040]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-07-19 12632168]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-07-13 2264168]
"FortKnoxPersonalFirewall"=C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe [2013-08-27 2130752]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 5732992]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"SonicMasterTray"=C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [2010-07-09 984400]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-28 336384]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-11-14 3568312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-09 4171464]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 month======

2013-11-20 14:31:22 ----D---- C:\Program Files\trend micro
2013-11-20 14:31:21 ----D---- C:\rsit
2013-11-18 19:11:49 ----D---- C:\AdwCleaner
2013-11-18 18:43:19 ----D---- C:\Windows\ERUNT
2013-11-16 14:45:41 ----D---- C:\FRST
2013-11-15 18:12:39 ----D---- C:\ProgramData\Malwarebytes
2013-11-15 18:12:20 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-15 18:12:17 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2013-11-15 17:47:57 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2013-11-15 17:17:06 ----D---- C:\Users\Dagmar\AppData\Roaming\AVAST Software
2013-11-14 16:47:51 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-11-14 16:47:50 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-11-14 16:47:48 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-11-14 16:47:46 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-11-14 16:47:42 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-11-14 16:47:39 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-11-14 16:47:38 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-11-14 16:47:36 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-11-14 16:47:16 ----A---- C:\Windows\avastSS.scr
2013-11-14 16:15:55 ----D---- C:\Program Files\CCleaner
2013-11-14 14:32:16 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2013-11-14 14:32:16 ----A---- C:\Windows\system32\authuitu.dll
2013-11-14 14:31:58 ----A---- C:\Windows\SYSWOW64\uxtuneup.dll
2013-11-14 14:31:58 ----A---- C:\Windows\system32\uxtuneup.dll
2013-11-14 13:33:34 ----A---- C:\Windows\system32\TURegOpt.exe
2013-11-14 13:30:48 ----D---- C:\Program Files (x86)\TuneUp Utilities 2014
2013-11-14 13:25:44 ----D---- C:\ProgramData\TuneUp Software
2013-11-14 13:23:25 ----SHD---- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-13 16:18:00 ----A---- C:\Windows\ntbtlog.txt
2013-11-13 13:15:04 ----A---- C:\Windows\SYSWOW64\schannel.dll
2013-11-13 13:15:04 ----A---- C:\Windows\system32\schannel.dll
2013-11-13 13:15:04 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-11-13 13:15:04 ----A---- C:\Windows\system32\drivers\cng.sys
2013-11-13 13:15:03 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2013-11-13 13:15:03 ----A---- C:\Windows\system32\sspicli.dll
2013-11-13 13:15:03 ----A---- C:\Windows\system32\lsasrv.dll
2013-11-13 13:15:03 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2013-11-13 13:15:02 ----A---- C:\Windows\SYSWOW64\secur32.dll
2013-11-13 13:15:02 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-11-13 13:15:02 ----A---- C:\Windows\system32\sspisrv.dll
2013-11-13 13:15:02 ----A---- C:\Windows\system32\secur32.dll
2013-11-13 13:15:02 ----A---- C:\Windows\system32\ncrypt.dll
2013-11-13 13:15:02 ----A---- C:\Windows\system32\lsass.exe
2013-11-13 13:14:53 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2013-11-13 13:14:53 ----A---- C:\Windows\system32\gdi32.dll
2013-11-13 13:14:49 ----A---- C:\Windows\system32\IKEEXT.DLL
2013-11-13 13:14:49 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 13:14:48 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2013-11-13 13:14:48 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2013-11-13 13:14:48 ----A---- C:\Windows\system32\nshwfp.dll
2013-11-13 12:59:37 ----A---- C:\Windows\system32\drivers\EagleX64.sys
2013-11-05 13:13:29 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2013-11-05 13:13:29 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2013-11-05 13:13:29 ----A---- C:\Windows\system32\XAudio2_7.dll
2013-11-05 13:13:29 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2013-11-05 13:13:18 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2013-11-05 13:13:18 ----A---- C:\Windows\system32\xactengine3_7.dll
2013-11-05 13:13:05 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2013-11-05 13:13:05 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2013-11-05 13:12:53 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2013-11-05 13:12:53 ----A---- C:\Windows\system32\d3dcsx_43.dll
2013-11-05 13:12:50 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2013-11-05 13:12:50 ----A---- C:\Windows\system32\d3dx11_43.dll
2013-11-05 13:12:46 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2013-11-05 13:12:46 ----A---- C:\Windows\system32\d3dx10_43.dll
2013-11-05 13:12:42 ----A---- C:\Windows\system32\D3DX9_43.dll
2013-11-05 13:12:34 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2013-11-05 13:12:34 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2013-11-05 13:12:34 ----A---- C:\Windows\system32\XAudio2_6.dll
2013-11-05 13:12:34 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2013-11-05 13:12:24 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2013-11-05 13:12:24 ----A---- C:\Windows\system32\xactengine3_6.dll
2013-11-05 13:12:19 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2013-11-05 13:12:19 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2013-11-05 13:12:10 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2013-11-05 13:12:10 ----A---- C:\Windows\system32\XAudio2_5.dll
2013-11-05 13:11:56 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2013-11-05 13:11:56 ----A---- C:\Windows\system32\xactengine3_5.dll
2013-11-05 13:11:44 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2013-11-05 13:11:44 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2013-11-05 13:11:37 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2013-11-05 13:11:37 ----A---- C:\Windows\system32\d3dcsx_42.dll
2013-11-05 13:11:33 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2013-11-05 13:11:33 ----A---- C:\Windows\system32\d3dx11_42.dll
2013-11-05 13:11:28 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2013-11-05 13:11:28 ----A---- C:\Windows\system32\d3dx10_42.dll
2013-11-05 13:11:24 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2013-11-05 13:11:24 ----A---- C:\Windows\system32\D3DX9_42.dll
2013-11-05 13:11:05 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2013-11-05 13:11:05 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2013-11-05 13:11:01 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2013-11-05 13:11:01 ----A---- C:\Windows\system32\xactengine3_4.dll
2013-11-05 13:10:55 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2013-11-05 13:10:55 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2013-11-05 13:10:55 ----A---- C:\Windows\system32\d3dx10_40.dll
2013-11-05 13:10:55 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2013-11-05 13:10:50 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2013-11-05 13:10:50 ----A---- C:\Windows\system32\D3DX9_40.dll
2013-11-05 13:10:46 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2013-11-05 13:10:46 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2013-11-05 13:10:46 ----A---- C:\Windows\system32\XAudio2_3.dll
2013-11-05 13:10:46 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2013-11-05 13:10:41 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2013-11-05 13:10:41 ----A---- C:\Windows\system32\xactengine3_3.dll
2013-11-05 13:10:40 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2013-11-05 13:10:40 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2013-11-05 13:10:36 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2013-11-05 13:10:36 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2013-11-05 13:10:36 ----A---- C:\Windows\system32\XAudio2_2.dll
2013-11-05 13:10:36 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2013-11-05 13:10:31 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2013-11-05 13:10:31 ----A---- C:\Windows\system32\xactengine3_2.dll
2013-11-05 13:10:27 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2013-11-05 13:10:27 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2013-11-05 13:10:27 ----A---- C:\Windows\system32\d3dx10_39.dll
2013-11-05 13:10:27 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2013-11-05 13:10:24 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2013-11-05 13:10:24 ----A---- C:\Windows\system32\D3DX9_39.dll
2013-11-05 13:10:19 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2013-11-05 13:10:19 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2013-11-05 13:10:19 ----A---- C:\Windows\system32\XAudio2_1.dll
2013-11-05 13:10:19 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2013-11-05 13:10:15 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2013-11-05 13:10:15 ----A---- C:\Windows\system32\xactengine3_1.dll
2013-11-05 13:10:14 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2013-11-05 13:10:14 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2013-11-05 13:10:11 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2013-11-05 13:10:11 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2013-11-05 13:10:10 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2013-11-05 13:10:10 ----A---- C:\Windows\system32\d3dx10_38.dll
2013-11-05 13:10:07 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2013-11-05 13:10:07 ----A---- C:\Windows\system32\D3DX9_38.dll
2013-11-05 13:10:02 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2013-11-05 13:10:02 ----A---- C:\Windows\system32\XAudio2_0.dll
2013-11-05 13:09:58 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2013-11-05 13:09:58 ----A---- C:\Windows\system32\xactengine3_0.dll
2013-11-05 13:09:56 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2013-11-05 13:09:56 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2013-11-05 13:09:52 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2013-11-05 13:09:52 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2013-11-05 13:09:52 ----A---- C:\Windows\system32\d3dx10_37.dll
2013-11-05 13:09:52 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2013-11-05 13:09:40 ----A---- C:\Windows\system32\D3DX9_37.dll
2013-11-05 13:09:35 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2013-11-05 13:09:35 ----A---- C:\Windows\system32\xactengine2_10.dll
2013-11-05 13:09:28 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2013-11-05 13:09:28 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2013-11-05 13:09:28 ----A---- C:\Windows\system32\d3dx10_36.dll
2013-11-05 13:09:28 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2013-11-05 13:09:25 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2013-11-05 13:09:25 ----A---- C:\Windows\system32\d3dx9_36.dll
2013-11-05 13:09:18 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2013-11-05 13:09:18 ----A---- C:\Windows\system32\xactengine2_9.dll
2013-11-05 13:09:14 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2013-11-05 13:09:14 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2013-11-05 13:09:14 ----A---- C:\Windows\system32\d3dx10_35.dll
2013-11-05 13:09:14 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2013-11-05 13:09:10 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2013-11-05 13:09:10 ----A---- C:\Windows\system32\d3dx9_35.dll
2013-11-05 13:09:05 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2013-11-05 13:09:05 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2013-11-05 13:09:05 ----A---- C:\Windows\system32\xactengine2_8.dll
2013-11-05 13:09:05 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2013-11-05 13:09:03 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2013-11-05 13:09:03 ----A---- C:\Windows\system32\d3dx10_34.dll
2013-11-05 13:09:02 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2013-11-05 13:09:02 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2013-11-05 13:08:59 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2013-11-05 13:08:59 ----A---- C:\Windows\system32\d3dx9_34.dll
2013-11-05 13:08:51 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2013-11-05 13:08:51 ----A---- C:\Windows\system32\xactengine2_7.dll
2013-11-05 13:08:46 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2013-11-05 13:08:46 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2013-11-05 13:08:46 ----A---- C:\Windows\system32\d3dx10_33.dll
2013-11-05 13:08:46 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2013-11-05 13:08:41 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2013-11-05 13:08:41 ----A---- C:\Windows\system32\d3dx9_33.dll
2013-11-05 13:08:36 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2013-11-05 13:08:36 ----A---- C:\Windows\system32\xactengine2_6.dll
2013-11-05 13:08:33 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2013-11-05 13:08:33 ----A---- C:\Windows\system32\xactengine2_5.dll
2013-11-05 13:08:30 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2013-11-05 13:08:30 ----A---- C:\Windows\system32\d3dx10.dll
2013-11-05 13:08:18 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2013-11-05 13:08:18 ----A---- C:\Windows\system32\d3dx9_32.dll
2013-11-05 13:08:13 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2013-11-05 13:08:13 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2013-11-05 13:08:13 ----A---- C:\Windows\system32\xactengine2_4.dll
2013-11-05 13:08:13 ----A---- C:\Windows\system32\x3daudio1_1.dll
2013-11-05 13:08:05 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2013-11-05 13:08:05 ----A---- C:\Windows\system32\xactengine2_3.dll
2013-11-05 13:08:03 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2013-11-05 13:08:03 ----A---- C:\Windows\system32\xinput1_2.dll
2013-11-05 13:07:57 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2013-11-05 13:07:57 ----A---- C:\Windows\system32\xactengine2_2.dll
2013-11-05 13:07:56 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2013-11-05 13:07:56 ----A---- C:\Windows\system32\xinput1_1.dll
2013-11-05 13:07:52 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2013-11-05 13:07:52 ----A---- C:\Windows\system32\xactengine2_1.dll
2013-11-05 13:07:14 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2013-11-05 13:07:14 ----A---- C:\Windows\system32\d3dx9_30.dll
2013-11-05 13:07:10 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2013-11-05 13:07:10 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2013-11-05 13:07:10 ----A---- C:\Windows\system32\xactengine2_0.dll
2013-11-05 13:07:10 ----A---- C:\Windows\system32\x3daudio1_0.dll
2013-11-05 13:06:53 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2013-11-05 13:06:53 ----A---- C:\Windows\system32\d3dx9_29.dll
2013-11-05 13:06:34 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2013-11-05 13:06:34 ----A---- C:\Windows\system32\d3dx9_28.dll
2013-11-05 13:06:19 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2013-11-05 13:06:19 ----A---- C:\Windows\system32\d3dx9_27.dll
2013-11-05 13:05:40 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2013-11-05 13:05:40 ----A---- C:\Windows\system32\d3dx9_26.dll
2013-11-05 13:05:38 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2013-11-05 13:05:38 ----A---- C:\Windows\system32\d3dx9_25.dll
2013-11-05 13:05:28 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2013-11-05 13:05:28 ----A---- C:\Windows\system32\d3dx9_24.dll
2013-11-04 16:57:05 ----D---- C:\ProgramData\CorelDRAW Graphics Suite X6.1
2013-10-25 18:23:22 ----D---- C:\ProgramData\Protexis
2013-10-25 18:11:12 ----D---- C:\Program Files (x86)\Microsoft SDKs
2013-10-25 18:11:04 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-10-25 17:54:28 ----D---- C:\ProgramData\CorelDRAW Graphics Suite X6

======List of files/folders modified in the last 1 month======

2013-11-20 14:31:31 ----D---- C:\Windows\Temp
2013-11-20 14:31:22 ----RD---- C:\Program Files
2013-11-20 14:30:17 ----D---- C:\Windows\system32\config
2013-11-19 21:58:30 ----D---- C:\Windows\Logs
2013-11-19 21:57:06 ----D---- C:\Windows
2013-11-19 21:56:28 ----SHD---- C:\System Volume Information
2013-11-18 19:15:46 ----D---- C:\Windows\system32\Tasks
2013-11-18 19:15:45 ----D---- C:\Windows\System32
2013-11-18 19:14:56 ----RD---- C:\Program Files (x86)
2013-11-18 19:14:56 ----D---- C:\ProgramData\ICQ
2013-11-18 19:04:04 ----SHD---- C:\Windows\Installer
2013-11-18 19:04:04 ----HD---- C:\ProgramData
2013-11-18 18:51:27 ----D---- C:\Windows\SysWOW64
2013-11-18 15:58:03 ----D---- C:\Windows\Prefetch
2013-11-18 15:54:43 ----HD---- C:\Config.Msi
2013-11-18 15:54:42 ----D---- C:\ProgramData\MFAData
2013-11-18 15:54:42 ----D---- C:\ProgramData\AVG2014
2013-11-18 15:51:51 ----D---- C:\Windows\Tasks
2013-11-18 15:51:51 ----D---- C:\Windows\system32\drivers\etc
2013-11-18 15:43:40 ----D---- C:\Program Files (x86)\Common Files
2013-11-18 15:43:37 ----D---- C:\Windows\system32\drivers
2013-11-18 15:40:59 ----HD---- C:\$AVG
2013-11-17 11:28:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-17 11:28:16 ----D---- C:\Windows\inf
2013-11-16 23:05:12 ----AD---- C:\ProgramData\TEMP
2013-11-16 19:42:21 ----D---- C:\Users\Dagmar\AppData\Roaming\Skype
2013-11-16 16:24:57 ----D---- C:\Windows\rescache
2013-11-16 14:01:40 ----D---- C:\Windows\winsxs
2013-11-16 12:18:53 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-11-16 12:18:53 ----D---- C:\Windows\system32\cs-CZ
2013-11-16 12:18:53 ----D---- C:\Program Files (x86)\Internet Explorer
2013-11-16 12:18:52 ----D---- C:\Program Files\Internet Explorer
2013-11-15 21:04:01 ----D---- C:\Windows\system32\catroot
2013-11-15 21:04:00 ----D---- C:\Windows\system32\catroot2
2013-11-15 17:43:43 ----D---- C:\ProgramData\Microsoft Help
2013-11-15 17:23:33 ----D---- C:\Users\Dagmar\AppData\Roaming\TuneUp Software
2013-11-14 16:47:17 ----A---- C:\Windows\system32\aswBoot.exe
2013-11-14 16:43:33 ----D---- C:\ProgramData\AVAST Software
2013-11-14 12:10:26 ----D---- C:\Windows\system32\MRT
2013-11-14 11:55:38 ----A---- C:\Windows\system32\MRT.exe
2013-11-14 11:49:45 ----D---- C:\Program Files (x86)\EA GAMES
2013-11-13 18:47:13 ----D---- C:\Windows\system32\wbem
2013-11-13 18:44:28 ----D---- C:\ProgramData\McAfee Security Scan
2013-11-13 18:44:28 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2013-11-13 18:44:20 ----D---- C:\Windows\system32\DriverStore
2013-11-13 18:44:18 ----D---- C:\Windows\SYSWOW64\wbem
2013-11-13 18:44:08 ----D---- C:\Windows\registration
2013-11-12 14:21:32 ----D---- C:\Windows\system32\FxsTmp
2013-11-10 15:43:25 ----D---- C:\ProgramData\Skype
2013-11-10 15:42:32 ----RD---- C:\Program Files (x86)\Skype
2013-11-05 13:07:51 ----RSD---- C:\Windows\assembly
2013-11-04 16:24:14 ----D---- C:\ProgramData\Corel
2013-10-31 14:42:26 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-10-28 11:40:56 ----D---- C:\Program Files (x86)\Metin2
2013-10-27 20:35:36 ----D---- C:\Windows\Microsoft.NET
2013-10-27 15:51:49 ----A---- C:\Windows\win.ini
2013-10-25 18:16:04 ----SD---- C:\ProgramData\Microsoft
2013-10-25 18:00:16 ----RSD---- C:\Windows\Fonts
2013-10-25 17:56:59 ----D---- C:\Program Files (x86)\Corel
2013-10-23 15:20:44 ----D---- C:\Windows\system32\NDF
2013-10-23 14:39:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-10-23 14:39:54 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-10-23 14:39:52 ----D---- C:\Program Files\Microsoft Silverlight
2013-10-23 14:39:51 ----D---- C:\ProgramData\Norton
2013-10-23 14:39:39 ----D---- C:\Windows\AppPatch
2013-10-23 14:39:39 ----D---- C:\Windows\AppCompat
2013-10-23 14:39:28 ----D---- C:\Windows\system32\CodeIntegrity
2013-10-23 13:51:34 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-11-14 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-11-14 205320]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-11-14 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-11-14 1032416]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-11-14 409832]
R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-11-14 65264]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-16 283200]
R1 fortknox_drv;fortknox_drv; C:\Windows\system32\drivers\fortknoxfw.sys [2009-11-15 69200]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-11-14 38984]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-11-14 84328]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-28 9980416]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-28 309248]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-01-06 36000]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-01-06 298144]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-01-06 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-01-06 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-01-06 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-01-06 154272]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-01-06 279200]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 Fkndisf;FortKnox Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\fortknoxfw_ndisim.sys [2009-09-17 28240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-07-19 3021672]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-03-04 436840]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [2013-08-21 14112]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AODDriver4.0;AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [2013-11-13 140600]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-13 48488]
S3 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [2013-11-15 91352]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2013-11-16 116440]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-28 204288]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-06 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-01-06 53920]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-14 50344]
R2 fortknox;FortKnox Personal Firewall; C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe [2013-03-11 676592]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [2007-06-05 177704]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-09-16 3273088]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2013-10-30 2099512]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-23 136176]
S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-31 257416]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-13 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-23 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-03-09 30798512]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-01 118680]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-22 1255736]
S4 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
S4 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-03-28 249648]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Rootkit- aplikace Idle

#24 Příspěvek od vyosek »

Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Marr-keta
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 15 lis 2013 10:43

Re: Rootkit- aplikace Idle

#25 Příspěvek od Marr-keta »

Moc děkuji :)
Chci se ještě zeptat, jestli je normální, když jsem dneska chtěla zase použít CCleaner a někdy kolem poloviny se mi obrazovka zmodrala a byl tam anglický text, že nastal problém apod. Je to normální? :O
Tohle mi dělalo, když jsem byla nakažena tím rootkitem a nikdy předtím.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Rootkit- aplikace Idle

#26 Příspěvek od vyosek »

Pokud to spadlo jen jednou, tak bych to nejak nehrotil a zustal klidny...

Pokud se to bude opakovat, tak napiste :)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Marr-keta
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 15 lis 2013 10:43

Re: Rootkit- aplikace Idle

#27 Příspěvek od Marr-keta »

Momentálně to spadlo 7x a teď mám nouzový režim. Stává se to dost často....
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Rootkit- aplikace Idle

#28 Příspěvek od vyosek »

:arrow: Zabalte mi obsah slozky c:\windows\minidump a nekam uploadnete

:arrow: Pouzijte WhoCrash dle kolegy
Roli píše:použij WhoCrashed

po spuštění klikni na Analyze,

aplikace po chvilce vytvoří zprávu o příčině pádu, kterou mi sem nakopíruj.
:arrow: Udelejte CDI dle kolegy
MiliNess píše:Stáhni CrystalDiskInfo, v nabídce Úpravy zvol Kopírovat a obsah schránky sem vlož pomocí Ctrl+V.
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Marr-keta
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 15 lis 2013 10:43

Re: Rootkit- aplikace Idle

#29 Příspěvek od Marr-keta »

U toho WhoCrashed mi to vždycky napíše: Please scroll down the information window to read the report... O.o
Vím, co to znamená, ale moc nevím, co dělat, jelikož se mi žádná zpráva nevytvořila...
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Rootkit- aplikace Idle

#30 Příspěvek od vyosek »

Udelejte tedy CDI
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Diskuze, řešení problémů“