Logfile of random's system information tool 1.09 (written by random/random)
Run by Alenka at 2014-04-12 21:21:51
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 455 GB (77%) free of 588 GB
Total RAM: 4030 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:22:07, on 12.4.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Alenka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Corsair Add-on - {B4FBA8C3-2083-4ED8-A35B-148478739826} - C:\Program Files (x86)\Corsair Addon\corsair.DLL
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{E35A3~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{E35A3~1\reboot.ini
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Users\Alenka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Alenka\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Alenka\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe
--
End of file - 17213 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
C:\windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 3642352
\??\C:\windows\system32\conhost.exe "-125761870-809847918-8179389461708528554458349093-1827203491-90560482958248883
C:\windows\System32\spoolsv.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe"
"C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe"
C:\windows\SysWOW64\IoctlSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2696
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
atieclxx
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" /start
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe"
"C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe"
C:\windows\system32\igfxext.exe -Embedding
C:\windows\system32\igfxsrvc.exe -Embedding
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\splwow64.exe 8192
"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe"
C:\windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3236.e3f63e0.1970894067 "C:\Users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\2x4y6ssw.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\plugins\np-mswmp.dll" Mozilla.Firefox.7.0.1 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 3236 "\\.\pipe\gecko-crash-server-pipe.3236" plugin
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\sppsvc.exe
"C:\Users\Alenka\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1046643072-33689613-99125470-1002Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1046643072-33689613-99125470-1002UA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1046643072-33689613-99125470-1002Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1046643072-33689613-99125470-1002UA.job
C:\windows\tasks\HPCeeScheduleForALENKA-HP$.job
C:\windows\tasks\HPCeeScheduleForAlenka.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\2x4y6ssw.default
prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT17505 ... hSource=13"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... M=UM_ID&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
corsair@corsair.com
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\2x4y6ssw.default\extensions\
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
C:\Users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\2x4y6ssw.default\searchplugins\
babylon.xml
bingp.xml
BrowserProtect.xml
conduit.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-11-20 6270336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-16 96128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2011-10-11 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07 117248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-07 60576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20 4502400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-01-25 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2011-10-11 798771]
{B4FBA8C3-2083-4ED8-A35B-148478739826} - Corsair Add-on - C:\Program Files (x86)\Corsair Addon\corsair.DLL [2011-09-22 797184]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe [2011-01-27 13880]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-04 2679592]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-01-07 615584]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-01-07 379040]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-01-27 167960]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-01-27 391704]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-01-27 418328]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-01-27 835072]
"MfeEpePcMonitor"=C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [2011-02-09 200704]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Nektra OEAPI"= []
"OEXPRESS"= []
"Google Update"=C:\Users\Alenka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-12 136176]
"Facebook Update"=C:\Users\Alenka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-11 138096]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14 20584608]
"cz.seznam.software.autoupdate"=C:\Users\Alenka\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2011-02-01 656920]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2011-01-29 299576]
"File Sanitizer"=C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2011-02-07 12274688]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-01-26 283160]
"HP HD Webcam [Fixed]_Monitor"=C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [2010-11-26 267128]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-28 336384]
"DTRun"=c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [2010-11-24 517456]
"HPConnectionManager"=c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [2011-04-05 94264]
""= []
"HPQuickWebProxy"=c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [2011-02-11 76344]
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"InstallShieldSetup"=C:\PROGRA~2\INSTAL~1\{E35A3~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{E35A3~1\reboot.ini []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2011-01-27 385024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=EpePcNp64
DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-04-12 21:21:52 ----D---- C:\Program Files\trend micro
2014-04-12 21:21:51 ----D---- C:\rsit
2014-04-12 21:04:01 ----SHD---- C:\Config.Msi
2014-04-11 20:52:04 ----D---- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-04-10 20:17:17 ----A---- C:\windows\system32\drivers\ntfs.sys
2014-04-10 20:12:07 ----A---- C:\windows\system32\mshtml.dll
2014-04-10 20:12:05 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-04-10 20:11:31 ----A---- C:\windows\system32\drivers\storport.sys
2014-04-10 20:11:31 ----A---- C:\windows\system32\drivers\msiscsi.sys
2014-04-10 20:11:31 ----A---- C:\windows\system32\drivers\Diskdump.sys
2014-04-10 20:11:30 ----A---- C:\windows\SYSWOW64\iologmsg.dll
2014-04-10 20:11:30 ----A---- C:\windows\system32\iologmsg.dll
2014-04-10 20:11:13 ----A---- C:\windows\SYSWOW64\kernel32.dll
2014-04-10 20:11:13 ----A---- C:\windows\system32\wow64win.dll
2014-04-10 20:11:13 ----A---- C:\windows\system32\wow64.dll
2014-04-10 20:11:13 ----A---- C:\windows\system32\kernel32.dll
2014-04-10 20:11:12 ----A---- C:\windows\SYSWOW64\setup16.exe
2014-04-10 20:11:12 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2014-04-10 20:11:12 ----A---- C:\windows\system32\wow64cpu.dll
2014-04-10 20:11:12 ----A---- C:\windows\system32\ntvdm64.dll
2014-04-10 20:11:10 ----A---- C:\windows\SYSWOW64\wow32.dll
2014-04-10 20:11:09 ----A---- C:\windows\SYSWOW64\user.exe
2014-04-10 20:11:09 ----A---- C:\windows\SYSWOW64\instnm.exe
2014-03-15 12:31:16 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-03-15 12:31:16 ----A---- C:\windows\system32\iertutil.dll
2014-03-15 12:31:16 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-03-15 12:31:15 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-03-15 12:31:15 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-03-15 12:31:14 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-03-15 12:31:14 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-03-15 12:31:11 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-03-15 12:31:11 ----A---- C:\windows\system32\iernonce.dll
2014-03-15 12:31:09 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-03-15 12:31:09 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-03-15 12:31:09 ----A---- C:\windows\system32\urlmon.dll
2014-03-15 12:31:09 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-03-15 12:31:08 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-03-15 12:31:07 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-03-15 12:31:07 ----A---- C:\windows\system32\msfeeds.dll
2014-03-15 12:31:06 ----A---- C:\windows\system32\iesetup.dll
2014-03-15 12:31:06 ----A---- C:\windows\system32\ie4uinit.exe
2014-03-15 12:31:03 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-03-15 12:31:03 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-03-15 12:31:02 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-03-15 12:31:02 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-03-15 12:31:02 ----A---- C:\windows\system32\jsproxy.dll
2014-03-15 12:31:01 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-03-15 12:31:01 ----A---- C:\windows\system32\ieetwcollector.exe
2014-03-15 12:30:59 ----A---- C:\windows\system32\ieui.dll
2014-03-15 12:30:58 ----A---- C:\windows\system32\ieframe.dll
2014-03-15 12:30:57 ----A---- C:\windows\system32\jscript9diag.dll
2014-03-15 12:30:57 ----A---- C:\windows\system32\ieUnatt.exe
2014-03-15 12:30:56 ----A---- C:\windows\system32\jscript9.dll
2014-03-15 12:30:55 ----A---- C:\windows\system32\ieapfltr.dll
2014-03-15 12:30:54 ----A---- C:\windows\system32\wininet.dll
2014-03-15 12:30:52 ----A---- C:\windows\system32\msrating.dll
2014-03-15 12:30:51 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-15 09:53:26 ----A---- C:\windows\SYSWOW64\WindowsCodecs.dll
2014-03-15 09:53:26 ----A---- C:\windows\system32\WindowsCodecs.dll
2014-03-15 09:53:24 ----A---- C:\windows\system32\wer.dll
2014-03-15 09:53:23 ----A---- C:\windows\SYSWOW64\wer.dll
2014-03-15 09:53:22 ----A---- C:\windows\system32\wwansvc.dll
2014-03-15 09:53:21 ----A---- C:\windows\system32\win32k.sys
2014-03-15 09:53:16 ----A---- C:\windows\SYSWOW64\qedit.dll
2014-03-15 09:53:16 ----A---- C:\windows\system32\qedit.dll
======List of files/folders modified in the last 1 month======
2014-04-12 21:21:52 ----RD---- C:\Program Files
2014-04-12 21:20:56 ----D---- C:\windows\Temp
2014-04-12 21:14:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-04-12 21:14:23 ----D---- C:\windows\Help
2014-04-12 21:14:04 ----D---- C:\windows\winsxs
2014-04-12 21:13:25 ----SHD---- C:\System Volume Information
2014-04-12 21:12:55 ----D---- C:\windows\system32\config
2014-04-12 21:09:14 ----SHD---- C:\windows\Installer
2014-04-12 21:08:57 ----RSD---- C:\windows\assembly
2014-04-12 21:07:34 ----D---- C:\windows\System32
2014-04-12 21:07:34 ----D---- C:\windows\inf
2014-04-12 21:07:34 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-04-12 21:04:47 ----D---- C:\Program Files (x86)\Hewlett-Packard
2014-04-12 21:03:52 ----D---- C:\Users\Alenka\AppData\Roaming\Skype
2014-04-11 20:53:06 ----D---- C:\windows\system32\catroot2
2014-04-11 20:52:04 ----HD---- C:\ProgramData
2014-04-11 20:49:37 ----D---- C:\ProgramData\Hewlett-Packard
2014-04-11 20:48:41 ----D---- C:\Users\Alenka\AppData\Roaming\vlc
2014-04-11 20:48:37 ----D---- C:\swsetup
2014-04-11 13:53:23 ----D---- C:\Users\Alenka\AppData\Roaming\Seznam.cz
2014-04-11 13:49:58 ----A---- C:\windows\SYSWOW64\log.txt
2014-04-11 13:47:52 ----D---- C:\ProgramData\PDFC
2014-04-11 13:44:38 ----D---- C:\windows\SYSWOW64\cs-CZ
2014-04-11 13:44:38 ----D---- C:\windows\SysWOW64
2014-04-11 13:44:38 ----D---- C:\windows\system32\drivers
2014-04-11 13:44:38 ----D---- C:\windows\system32\cs-CZ
2014-04-11 13:44:37 ----D---- C:\windows\AppPatch
2014-04-11 13:44:36 ----D---- C:\windows\system32\DriverStore
2014-04-11 13:28:12 ----D---- C:\ProgramData\Microsoft Help
2014-04-10 20:14:25 ----A---- C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-10 20:10:56 ----D---- C:\windows\system32\catroot
2014-04-10 20:05:46 ----D---- C:\windows\system32\MRT
2014-04-10 20:05:42 ----A---- C:\windows\system32\MRT.exe
2014-04-06 13:47:07 ----D---- C:\Windows
2014-04-06 13:47:04 ----D---- C:\Program Files\Microsoft Security Client
2014-04-06 13:47:02 ----D---- C:\Program Files (x86)\Microsoft Security Client
2014-03-26 21:09:12 ----D---- C:\windows\Microsoft.NET
2014-03-17 21:18:08 ----D---- C:\Program Files (x86)\Internet Explorer
2014-03-17 21:18:06 ----D---- C:\Program Files\Internet Explorer
2014-03-17 21:17:53 ----D---- C:\Program Files\Microsoft Silverlight
2014-03-17 21:17:50 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-03-16 22:17:52 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-03-16 22:17:51 ----RD---- C:\Program Files (x86)\Skype
2014-03-15 09:47:58 ----D---- C:\windows\rescache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2012-02-28 29976]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-13 439320]
R0 MfeEpePc;MfeEpePc; C:\windows\system32\drivers\MfeEpePc.sys [2011-02-09 168008]
R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswKbd;aswKbd; C:\windows\system32\drivers\aswKbd.sys [2012-03-07 28504]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2012-02-28 43800]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2011-03-28 9319424]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2011-03-28 303616]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2011-01-08 2698240]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]
R3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-12-03 25912]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 intelkmd;intelkmd; C:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-27 12273408]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2014-02-28 708200]
R3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\SPUVCbv_x64.sys [2011-01-12 2611704]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\windows\system32\DRIVERS\stwrt64.sys [2011-01-27 520192]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-02-04 1413680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]
S3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver; \??\C:\windows\system32\drivers\massfilter_hs.sys [2011-07-07 18456]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2011-03-28 203264]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-03-03 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-03-03 1748608]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2011-02-12 481104]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-29 281656]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2012-02-28 31000]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-01-17 326168]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2011-01-27 296448]
R2 uArcCapture;ArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 hpCMSrv;HP Connection Manager 4 Service; c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
R3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-05-13 270624]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2011-02-04 464480]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2010-09-30 246520]
S3 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-03-01 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 289256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-10-16 1255736]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o preventivní prohlídku, děkuji
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosím o preventivní prohlídku, děkuji
Hezké odpoledne 
Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem
Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.
Použijte CCleaner http://forum.viry.cz/viewtopic.php?f=46&t=7478
---------------------------------
Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem
Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.
Použijte CCleaner http://forum.viry.cz/viewtopic.php?f=46&t=7478---------------------------------
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
venca008
- Návštěvník
- Příspěvky: 57
- Registrován: 13 pro 2010 20:59
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: prosím o preventivní prohlídku, děkuji
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Alenka on ne 27.04.2014 at 14:58:25,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1046643072-33689613-99125470-1002\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta chrome toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1750559
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Alenka\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Alenka\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Alenka\AppData\Roaming\file scout"
Successfully deleted: [Folder] "C:\Users\Alenka\appdata\locallow\conduit"
~~~ FireFox
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\searchplugins\browserprotect.xml
Successfully deleted: [File] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\smartbar
Successfully deleted: [Folder] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\extensions\staged
Successfully deleted the following from C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\prefs.js
user_pref("CT1750559..clientLogIsEnabled", false);
user_pref("CT1750559..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT1750559..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT1750559.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
user_pref("CT1750559.BrowserCompStateIsOpen_129502713039250930", true);
user_pref("CT1750559.BrowserCompStateIsOpen_129544988592463877", true);
user_pref("CT1750559.CT1750559", "CT1750559");
user_pref("CT1750559.CurrentServerDate", "12-4-2014");
user_pref("CT1750559.DSInstall", true);
user_pref("CT1750559.DialogsAlignMode", "LTR");
user_pref("CT1750559.DialogsGetterLastCheckTime", "Sat Apr 12 2014 21:17:46 GMT+0200");
user_pref("CT1750559.DownloadReferralCookieData", "");
user_pref("CT1750559.FirstServerDate", "12-4-2014");
user_pref("CT1750559.FirstTime", true);
user_pref("CT1750559.FirstTimeFF3", true);
user_pref("CT1750559.FirstTimeHiddenVer", true);
user_pref("CT1750559.FixPageNotFoundErrors", true);
user_pref("CT1750559.GroupingServerCheckInterval", 1440);
user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT1750559.HPInstall", true);
user_pref("CT1750559.HasUserGlobalKeys", true);
user_pref("CT1750559.Initialize", true);
user_pref("CT1750559.InitializeCommonPrefs", true);
user_pref("CT1750559.InstallationAndCookieDataSentCount", 1);
user_pref("CT1750559.InstallationType", "Unknown");
user_pref("CT1750559.InstalledDate", "Sat Apr 12 2014 21:18:01 GMT+0200");
user_pref("CT1750559.InvalidateCache", false);
user_pref("CT1750559.IsGrouping", false);
user_pref("CT1750559.IsInitSetupIni", true);
user_pref("CT1750559.IsMulticommunity", false);
user_pref("CT1750559.IsOpenThankYouPage", true);
user_pref("CT1750559.IsOpenUninstallPage", true);
user_pref("CT1750559.LanguagePackLastCheckTime", "Sat Apr 12 2014 21:17:46 GMT+0200");
user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT1750559.LastLogin_3.18.0.7", "Sat Apr 12 2014 21:18:10 GMT+0200");
user_pref("CT1750559.LatestVersion", "3.20.0.4");
user_pref("CT1750559.Locale", "en-us");
user_pref("CT1750559.MCDetectTooltipHeight", "83");
user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT1750559.MCDetectTooltipWidth", "295");
user_pref("CT1750559.MyStuffEnabledAtInstallation", true);
user_pref("CT1750559.OriginalFirstVersion", "3.18.0.7");
user_pref("CT1750559.RadioIsPodcast", false);
user_pref("CT1750559.RadioLastCheckTime", "Sat Apr 12 2014 21:17:48 GMT+0200");
user_pref("CT1750559.RadioLastUpdateIPServer", "3");
user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
user_pref("CT1750559.RadioMediaID", "11237206");
user_pref("CT1750559.RadioMediaType", "Media Player");
user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
user_pref("CT1750559.RadioShrinkedFromSetup", false);
user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
user_pref("CT1750559.SavedHomepage", "hxxp://search.babylon.com/?affID=119816&tt=070312_wc&babsrc=HP_ss_bay2g&mntrId=42ac8711000000000000d0df9a6fb4ee");
user_pref("CT1750559.SearchCaption", "BS Player ControlBar Customized Web Search");
user_pref("CT1750559.SearchFromAddressBarIsInit", true);
user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
user_pref("CT1750559.SearchInNewTabEnabled", true);
user_pref("CT1750559.SearchInNewTabIntervalMM", 1440);
user_pref("CT1750559.SearchInNewTabLastCheckTime", "Sat Apr 12 2014 21:18:11 GMT+0200");
user_pref("CT1750559.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT1750559.SendProtectorDataViaLogin", true);
user_pref("CT1750559.ServiceMapLastCheckTime", "Sat Apr 12 2014 21:17:42 GMT+0200");
user_pref("CT1750559.SettingsLastCheckTime", "Sat Apr 12 2014 21:17:42 GMT+0200");
user_pref("CT1750559.SettingsLastUpdate", "1396340740");
user_pref("CT1750559.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
user_pref("CT1750559.ThirdPartyComponentsInterval", 504);
user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Sat Apr 12 2014 21:17:42 GMT+0200");
user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT1750559.ToolbarShrinkedFromSetup", false);
user_pref("CT1750559.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,trovi.com,seccint.com,cpccin
user_pref("CT1750559.UserID", "UN52434163674685331");
user_pref("CT1750559.WeatherNetwork", "");
user_pref("CT1750559.WeatherPollDate", "Sat Apr 12 2014 21:17:48 GMT+0200");
user_pref("CT1750559.WeatherUnit", "C");
user_pref("CT1750559.alertChannelId", "31130");
user_pref("CT1750559.components.129743941110100179", true);
user_pref("CT1750559.enableAlerts", "always");
user_pref("CT1750559.firstTimeDialogOpened", true);
user_pref("CT1750559.fullUserID", "UN52434163674685331.UP.20140427145534");
user_pref("CT1750559.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT1750559.globalFirstTimeInfoLastCheckTime", "Sat Apr 12 2014 21:17:46 GMT+0200");
user_pref("CT1750559.homepageProtectorEnableByLogin", true);
user_pref("CT1750559.initDone", true);
user_pref("CT1750559.installType", "Unknown");
user_pref("CT1750559.isAppTrackingManagerOn", false);
user_pref("CT1750559.isCheckedStartAsHidden", true);
user_pref("CT1750559.isFirstRadioInstallation", false);
user_pref("CT1750559.isPerformedSmartBarTransition", "true");
user_pref("CT1750559.lastVersion", "10.20.101.5");
user_pref("CT1750559.myStuffEnabled", true);
user_pref("CT1750559.myStuffPublihserMinWidth", 400);
user_pref("CT1750559.myStuffSearchUrl", "hxxp://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT1750559.navigateToUrlOnSearch", false);
user_pref("CT1750559.originalHomepage", "hxxp://search.babylon.com/?affID=119816&tt=070312_wc&babsrc=HP_ss_bay2g&mntrId=42ac8711000000000000d0df9a6fb4ee");
user_pref("CT1750559.originalSearchAddressUrl", "hxxp://zinkwink.com/?clid=cf416bd1ffbe4a049b843da945c2fc7b&prt=corsairzwbho&tmp=nemo_results&keywords=");
user_pref("CT1750559.originalSearchEngine", "Bing ");
user_pref("CT1750559.revertSettingsEnabled", true);
user_pref("CT1750559.searchFromAddressBarEnabledByUser", "true");
user_pref("CT1750559.searchProtectorDialogDelayInSec", 10);
user_pref("CT1750559.searchProtectorEnableByLogin", true);
user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":1}");
user_pref("CT1750559.settingsINI", true);
user_pref("CT1750559.smartbar.CTID", "CT1750559");
user_pref("CT1750559.smartbar.Uninstall", "0");
user_pref("CT1750559.smartbar.toolbarName", "BS Player ControlBar ");
user_pref("CT1750559.testingCtid", "");
user_pref("CT1750559.toolbarAppMetaDataLastCheckTime", "Sat Apr 12 2014 21:17:47 GMT+0200");
user_pref("CT1750559.toolbarBornServerTime", "12-4-2014");
user_pref("CT1750559.toolbarContextMenuLastCheckTime", "Sat Apr 12 2014 21:17:47 GMT+0200");
user_pref("CT1750559.usagesFlag", 1);
user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1398603334419,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13,hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13,hxxp://
user_pref("CommunityToolbar.ConduitSearchList", "BS Player Customized Web Search,BS Player ControlBar Customized Web Search,BS Player ControlBar Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1750559/CT1750559", "\"88cd91f6f4456b1bf1fcea43a94980c63\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/31130/30609/CZ", "\"e4530456cb67fb5ac5c066b743a20943\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1750559", "\"1357730213\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=CT1750559", "b5I8zzzMgsg0XG/fawLlFw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us&ctid=CT1750559", "eSzELtoCN6VQCYiv1tPI+g==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=CT1750559", "9uXRY86McHhmOreOHsv6MA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us&ctid=CT1750559", "HYogGBUvv90IWu2NxeLYvA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=CT1750559", "I1tfz7EBg4DmNytL9x55lQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us&ctid=CT1750559", "aXc5Vsxqu/hbyzW/5Q4N6w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=CT1750559", "ZI41WLbm1fFgx4gn0bs99Q==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT1750559", "9tP0a9tLQ7LYpUSrjHx9xA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT1750559&UM=UM_UNINSTALL_ID", "9tP0a9tLQ7LYpUSrjHx9xA==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"c70353cabc2ce1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"dfe74040abc2ce1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1750559", "\"7097fd37277b6a1b754b125bd11d0197\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"f4006385da8a3ea2c255df21ee98e396\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Alenka\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\2x4y6ssw.default\\conduitCommon\\modules\\3.18.0.7");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://zinkwink.com/?clid=cf416bd1ffbe4a049b843da945c2fc7b&prt=corsairzwbho&tmp=nemo_results&keywords=");
user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
user_pref("CommunityToolbar.ToolbarsList4", "CT1750559");
user_pref("CommunityToolbar.globalUserId", "89f351f3-35ed-46c8-a4c1-3ab07c44db99");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1750559");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Apr 12 2014 21:17:48 GMT+0200");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Apr 12 2014 22:17:55 GMT+0200");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Apr 12 2014 21:17:47 GMT+0200");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "64dd32d9-1fe3-49da-867a-52f8cba1e4f5");
user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/?affID=119816&tt=070312_wc&babsrc=HP_ss_bay2g&mntrId=42ac8711000000000000d0df9a6fb4ee");
user_pref("CommunityToolbar.originalSearchEngine", "Bing ");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
user_pref("Smartbar.ConduitSearchEngineList", "BS Player ControlBar Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?CUI=UN52434163674685331&ctid=CT1750559&SearchSource=3&q={searchTerms}");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://zinkwink.com/?clid=cf416bd1ffbe4a049b843da945c2fc7b&prt=corsairzwbho&tmp=nemo_results&keywords=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&tt=0 ... df9a6fb4ee");
user_pref("browser.search.defaultthis.engineName", "BS Player ControlBar Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Delta Search");
user_pref("browser.search.selectedEngine", "BS Player ControlBar Customized Web Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13,hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13,hxxp://search.co
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 27.04.2014 at 15:14:00,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Alenka on ne 27.04.2014 at 14:58:25,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1046643072-33689613-99125470-1002\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta chrome toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1750559
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Alenka\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Alenka\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Alenka\AppData\Roaming\file scout"
Successfully deleted: [Folder] "C:\Users\Alenka\appdata\locallow\conduit"
~~~ FireFox
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\searchplugins\browserprotect.xml
Successfully deleted: [File] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\smartbar
Successfully deleted: [Folder] C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\extensions\staged
Successfully deleted the following from C:\Users\Alenka\AppData\Roaming\mozilla\firefox\profiles\2x4y6ssw.default\prefs.js
user_pref("CT1750559..clientLogIsEnabled", false);
user_pref("CT1750559..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT1750559..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT1750559.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
user_pref("CT1750559.BrowserCompStateIsOpen_129502713039250930", true);
user_pref("CT1750559.BrowserCompStateIsOpen_129544988592463877", true);
user_pref("CT1750559.CT1750559", "CT1750559");
user_pref("CT1750559.CurrentServerDate", "12-4-2014");
user_pref("CT1750559.DSInstall", true);
user_pref("CT1750559.DialogsAlignMode", "LTR");
user_pref("CT1750559.DialogsGetterLastCheckTime", "Sat Apr 12 2014 21:17:46 GMT+0200");
user_pref("CT1750559.DownloadReferralCookieData", "");
user_pref("CT1750559.FirstServerDate", "12-4-2014");
user_pref("CT1750559.FirstTime", true);
user_pref("CT1750559.FirstTimeFF3", true);
user_pref("CT1750559.FirstTimeHiddenVer", true);
user_pref("CT1750559.FixPageNotFoundErrors", true);
user_pref("CT1750559.GroupingServerCheckInterval", 1440);
user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT1750559.HPInstall", true);
user_pref("CT1750559.HasUserGlobalKeys", true);
user_pref("CT1750559.Initialize", true);
user_pref("CT1750559.InitializeCommonPrefs", true);
user_pref("CT1750559.InstallationAndCookieDataSentCount", 1);
user_pref("CT1750559.InstallationType", "Unknown");
user_pref("CT1750559.InstalledDate", "Sat Apr 12 2014 21:18:01 GMT+0200");
user_pref("CT1750559.InvalidateCache", false);
user_pref("CT1750559.IsGrouping", false);
user_pref("CT1750559.IsInitSetupIni", true);
user_pref("CT1750559.IsMulticommunity", false);
user_pref("CT1750559.IsOpenThankYouPage", true);
user_pref("CT1750559.IsOpenUninstallPage", true);
user_pref("CT1750559.LanguagePackLastCheckTime", "Sat Apr 12 2014 21:17:46 GMT+0200");
user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT1750559.LastLogin_3.18.0.7", "Sat Apr 12 2014 21:18:10 GMT+0200");
user_pref("CT1750559.LatestVersion", "3.20.0.4");
user_pref("CT1750559.Locale", "en-us");
user_pref("CT1750559.MCDetectTooltipHeight", "83");
user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT1750559.MCDetectTooltipWidth", "295");
user_pref("CT1750559.MyStuffEnabledAtInstallation", true);
user_pref("CT1750559.OriginalFirstVersion", "3.18.0.7");
user_pref("CT1750559.RadioIsPodcast", false);
user_pref("CT1750559.RadioLastCheckTime", "Sat Apr 12 2014 21:17:48 GMT+0200");
user_pref("CT1750559.RadioLastUpdateIPServer", "3");
user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
user_pref("CT1750559.RadioMediaID", "11237206");
user_pref("CT1750559.RadioMediaType", "Media Player");
user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
user_pref("CT1750559.RadioShrinkedFromSetup", false);
user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
user_pref("CT1750559.SavedHomepage", "hxxp://search.babylon.com/?affID=119816&tt=070312_wc&babsrc=HP_ss_bay2g&mntrId=42ac8711000000000000d0df9a6fb4ee");
user_pref("CT1750559.SearchCaption", "BS Player ControlBar Customized Web Search");
user_pref("CT1750559.SearchFromAddressBarIsInit", true);
user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
user_pref("CT1750559.SearchInNewTabEnabled", true);
user_pref("CT1750559.SearchInNewTabIntervalMM", 1440);
user_pref("CT1750559.SearchInNewTabLastCheckTime", "Sat Apr 12 2014 21:18:11 GMT+0200");
user_pref("CT1750559.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT1750559.SendProtectorDataViaLogin", true);
user_pref("CT1750559.ServiceMapLastCheckTime", "Sat Apr 12 2014 21:17:42 GMT+0200");
user_pref("CT1750559.SettingsLastCheckTime", "Sat Apr 12 2014 21:17:42 GMT+0200");
user_pref("CT1750559.SettingsLastUpdate", "1396340740");
user_pref("CT1750559.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
user_pref("CT1750559.ThirdPartyComponentsInterval", 504);
user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Sat Apr 12 2014 21:17:42 GMT+0200");
user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT1750559.ToolbarShrinkedFromSetup", false);
user_pref("CT1750559.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,trovi.com,seccint.com,cpccin
user_pref("CT1750559.UserID", "UN52434163674685331");
user_pref("CT1750559.WeatherNetwork", "");
user_pref("CT1750559.WeatherPollDate", "Sat Apr 12 2014 21:17:48 GMT+0200");
user_pref("CT1750559.WeatherUnit", "C");
user_pref("CT1750559.alertChannelId", "31130");
user_pref("CT1750559.components.129743941110100179", true);
user_pref("CT1750559.enableAlerts", "always");
user_pref("CT1750559.firstTimeDialogOpened", true);
user_pref("CT1750559.fullUserID", "UN52434163674685331.UP.20140427145534");
user_pref("CT1750559.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT1750559.globalFirstTimeInfoLastCheckTime", "Sat Apr 12 2014 21:17:46 GMT+0200");
user_pref("CT1750559.homepageProtectorEnableByLogin", true);
user_pref("CT1750559.initDone", true);
user_pref("CT1750559.installType", "Unknown");
user_pref("CT1750559.isAppTrackingManagerOn", false);
user_pref("CT1750559.isCheckedStartAsHidden", true);
user_pref("CT1750559.isFirstRadioInstallation", false);
user_pref("CT1750559.isPerformedSmartBarTransition", "true");
user_pref("CT1750559.lastVersion", "10.20.101.5");
user_pref("CT1750559.myStuffEnabled", true);
user_pref("CT1750559.myStuffPublihserMinWidth", 400);
user_pref("CT1750559.myStuffSearchUrl", "hxxp://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT1750559.navigateToUrlOnSearch", false);
user_pref("CT1750559.originalHomepage", "hxxp://search.babylon.com/?affID=119816&tt=070312_wc&babsrc=HP_ss_bay2g&mntrId=42ac8711000000000000d0df9a6fb4ee");
user_pref("CT1750559.originalSearchAddressUrl", "hxxp://zinkwink.com/?clid=cf416bd1ffbe4a049b843da945c2fc7b&prt=corsairzwbho&tmp=nemo_results&keywords=");
user_pref("CT1750559.originalSearchEngine", "Bing ");
user_pref("CT1750559.revertSettingsEnabled", true);
user_pref("CT1750559.searchFromAddressBarEnabledByUser", "true");
user_pref("CT1750559.searchProtectorDialogDelayInSec", 10);
user_pref("CT1750559.searchProtectorEnableByLogin", true);
user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":1}");
user_pref("CT1750559.settingsINI", true);
user_pref("CT1750559.smartbar.CTID", "CT1750559");
user_pref("CT1750559.smartbar.Uninstall", "0");
user_pref("CT1750559.smartbar.toolbarName", "BS Player ControlBar ");
user_pref("CT1750559.testingCtid", "");
user_pref("CT1750559.toolbarAppMetaDataLastCheckTime", "Sat Apr 12 2014 21:17:47 GMT+0200");
user_pref("CT1750559.toolbarBornServerTime", "12-4-2014");
user_pref("CT1750559.toolbarContextMenuLastCheckTime", "Sat Apr 12 2014 21:17:47 GMT+0200");
user_pref("CT1750559.usagesFlag", 1);
user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1398603334419,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13,hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13,hxxp://
user_pref("CommunityToolbar.ConduitSearchList", "BS Player Customized Web Search,BS Player ControlBar Customized Web Search,BS Player ControlBar Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1750559/CT1750559", "\"88cd91f6f4456b1bf1fcea43a94980c63\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/31130/30609/CZ", "\"e4530456cb67fb5ac5c066b743a20943\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1750559", "\"1357730213\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=CT1750559", "b5I8zzzMgsg0XG/fawLlFw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us&ctid=CT1750559", "eSzELtoCN6VQCYiv1tPI+g==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=CT1750559", "9uXRY86McHhmOreOHsv6MA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us&ctid=CT1750559", "HYogGBUvv90IWu2NxeLYvA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=CT1750559", "I1tfz7EBg4DmNytL9x55lQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us&ctid=CT1750559", "aXc5Vsxqu/hbyzW/5Q4N6w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=CT1750559", "ZI41WLbm1fFgx4gn0bs99Q==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT1750559", "9tP0a9tLQ7LYpUSrjHx9xA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT1750559&UM=UM_UNINSTALL_ID", "9tP0a9tLQ7LYpUSrjHx9xA==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"c70353cabc2ce1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"dfe74040abc2ce1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1750559", "\"7097fd37277b6a1b754b125bd11d0197\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"f4006385da8a3ea2c255df21ee98e396\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Alenka\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\2x4y6ssw.default\\conduitCommon\\modules\\3.18.0.7");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://zinkwink.com/?clid=cf416bd1ffbe4a049b843da945c2fc7b&prt=corsairzwbho&tmp=nemo_results&keywords=");
user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
user_pref("CommunityToolbar.ToolbarsList4", "CT1750559");
user_pref("CommunityToolbar.globalUserId", "89f351f3-35ed-46c8-a4c1-3ab07c44db99");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1750559");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Apr 12 2014 21:17:48 GMT+0200");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Apr 12 2014 22:17:55 GMT+0200");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Apr 12 2014 21:17:47 GMT+0200");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "64dd32d9-1fe3-49da-867a-52f8cba1e4f5");
user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/?affID=119816&tt=070312_wc&babsrc=HP_ss_bay2g&mntrId=42ac8711000000000000d0df9a6fb4ee");
user_pref("CommunityToolbar.originalSearchEngine", "Bing ");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
user_pref("Smartbar.ConduitSearchEngineList", "BS Player ControlBar Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?CUI=UN52434163674685331&ctid=CT1750559&SearchSource=3&q={searchTerms}");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://zinkwink.com/?clid=cf416bd1ffbe4a049b843da945c2fc7b&prt=corsairzwbho&tmp=nemo_results&keywords=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&tt=0 ... df9a6fb4ee");
user_pref("browser.search.defaultthis.engineName", "BS Player ControlBar Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Delta Search");
user_pref("browser.search.selectedEngine", "BS Player ControlBar Customized Web Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13,hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13,hxxp://search.co
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 27.04.2014 at 15:14:00,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
venca008
- Návštěvník
- Příspěvky: 57
- Registrován: 13 pro 2010 20:59
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: prosím o preventivní prohlídku, děkuji
# AdwCleaner v3.204 - Report created 27/04/2014 at 15:19:33
# Updated 26/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alenka - ALENKA-HP
# Running from : C:\Users\Alenka\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Alenka\.android
Folder Deleted : C:\Users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\2x4y6ssw.default\CT1750559
Folder Deleted : C:\Users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\2x4y6ssw.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
File Deleted : C:\Users\Alenka\AppData\Roaming\BabMaint.exe
File Deleted : C:\Users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\2x4y6ssw.default\searchplugins\bingp.xml
File Deleted : C:\Users\Alenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\Alenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\EPUpdater
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKCU\Software\5f48f8abc3bed40
Key Deleted : HKLM\SOFTWARE\5f48f8abc3bed40
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v7.0.1 (cs)
[ File : C:\Users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\2x4y6ssw.default\prefs.js ]
Line Deleted : user_pref("CT1750559.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":1}");
Line Deleted : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1398603334419,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1750559/CT1750559", "\"88cd91f6f4456b1bf1fcea43a94980c63\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/31130/30609/CZ", "\"e4530456cb67fb5ac5c066b743a20943\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1750559", "\"1357730213\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=CT1750559", "9uXRY86McHhmOreOHsv6MA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"c70353cabc2ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"dfe74040abc2ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1750559", "\"7097fd37277b6a1b754b125bd11d0197\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"f4006385da8a3ea2c255df21ee98e396\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Alenka\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\2x4y6ssw.default\\conduitCommon\\modules\\3.18.0.7");
-\\ Google Chrome v
[ File : C:\Users\Alenka\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://www.pekarskyraj.cz/inshop/scripts/shop. ... earchTerms}
Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&a ... df9a6fb4ee
Deleted [Search Provider] : hxxp://www.search.delta-search.com/?q={searchT ... df9a6fb4ee
Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=119816&tt=070312_wc&babsrc=SP_ss_bay2g&mntrId=42ac8711000000000000d0df9a6fb4ee
Deleted [Extension] : aidbbndgjnlaclnmhkdimcdjiebjpdel
Deleted [Extension] : bfcpnihmbfoaeoakalclfalkdepgiaje
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : cfcbmgbfdbijmjgjihagbomfbjfjmgon
Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Deleted [Extension] : hgojaaaiddhmiiakpejiklijbalpckih
Deleted [Extension] : mocblcnaofikinigmceddfghppkkjbog
*************************
AdwCleaner[R0].txt - [5014 octets] - [27/04/2014 15:18:04]
AdwCleaner[S0].txt - [5005 octets] - [27/04/2014 15:19:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5065 octets] ##########
# Updated 26/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alenka - ALENKA-HP
# Running from : C:\Users\Alenka\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Alenka\.android
Folder Deleted : C:\Users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\2x4y6ssw.default\CT1750559
Folder Deleted : C:\Users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\2x4y6ssw.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
File Deleted : C:\Users\Alenka\AppData\Roaming\BabMaint.exe
File Deleted : C:\Users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\2x4y6ssw.default\searchplugins\bingp.xml
File Deleted : C:\Users\Alenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\Alenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\EPUpdater
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKCU\Software\5f48f8abc3bed40
Key Deleted : HKLM\SOFTWARE\5f48f8abc3bed40
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v7.0.1 (cs)
[ File : C:\Users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\2x4y6ssw.default\prefs.js ]
Line Deleted : user_pref("CT1750559.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":1}");
Line Deleted : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1398603334419,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1750559/CT1750559", "\"88cd91f6f4456b1bf1fcea43a94980c63\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/31130/30609/CZ", "\"e4530456cb67fb5ac5c066b743a20943\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1750559", "\"1357730213\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=CT1750559", "9uXRY86McHhmOreOHsv6MA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"c70353cabc2ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"dfe74040abc2ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1750559", "\"7097fd37277b6a1b754b125bd11d0197\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"f4006385da8a3ea2c255df21ee98e396\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Alenka\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\2x4y6ssw.default\\conduitCommon\\modules\\3.18.0.7");
-\\ Google Chrome v
[ File : C:\Users\Alenka\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://www.pekarskyraj.cz/inshop/scripts/shop. ... earchTerms}
Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&a ... df9a6fb4ee
Deleted [Search Provider] : hxxp://www.search.delta-search.com/?q={searchT ... df9a6fb4ee
Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=119816&tt=070312_wc&babsrc=SP_ss_bay2g&mntrId=42ac8711000000000000d0df9a6fb4ee
Deleted [Extension] : aidbbndgjnlaclnmhkdimcdjiebjpdel
Deleted [Extension] : bfcpnihmbfoaeoakalclfalkdepgiaje
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : cfcbmgbfdbijmjgjihagbomfbjfjmgon
Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Deleted [Extension] : hgojaaaiddhmiiakpejiklijbalpckih
Deleted [Extension] : mocblcnaofikinigmceddfghppkkjbog
*************************
AdwCleaner[R0].txt - [5014 octets] - [27/04/2014 15:18:04]
AdwCleaner[S0].txt - [5005 octets] - [27/04/2014 15:19:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5065 octets] ##########
Re: prosím o preventivní prohlídku, děkuji
Něco smazáno. S pc jsou nějaké problémy?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
venca008
- Návštěvník
- Příspěvky: 57
- Registrován: 13 pro 2010 20:59
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: prosím o preventivní prohlídku, děkuji
vše v pořádku, děkuji za pomoc
Re: prosím o preventivní prohlídku, děkuji
Není zač
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?