asi viry, prosím o rady

Zpráva

harpie77 · #1 Příspěvek od **harpie77** » 24 kvě 2014 20:28

Zdravím

nejprve se omlouvám, jestli jsem svůj komentář špatně zařadila. Také za to, že se ve svém PC dost dobře neorientuji a mnoho zkratek a názvů, které jsem letmo zahlédla na fóru mi nic neříká. Už teď jsem zoufalá ze všeho, o čem nemám páru a upřímně vás lituji.

Ale vyskytl se problém - mám podezření na virus (možná více virů - nedokážu posoudit), ale můj PC se začal chovat jinak. Procesor maká na plný výkon, aniž bych spustila jediný program. Kamarád mi poradil ukončit nějaké procesy ve správci úloh. Také jsme zkontrolovali redegit (nic abnormálního). Ale to je první pomoc, nikoliv řešení. Jednou už jsem přeinstalaci PC zažila a 2 roky jsem se s mým miláčkem synchronizovala a sžívala.

Prosím tedy o radu, od čeho, kde, jak začít PC studovat - co bych měla vždy znát nebo vědět, kde co najít (důležité informace o PC atp.).
Jak postupovat při honbě za viry, případně jak je zneškodnit, než napáchají škody.
S tím asi souvisí nějaký antivirový program - zda-li stačí free verze nebo je nutné investovat do licencí?

Děkuji za radu a případný přesun příspěvku pro lepší pořádek pochopím. Uvítám jakékoliv rady a tipy.

Harpi♥

#2 Příspěvek od **vyosek** » 24 kvě 2014 21:04

Zdravim, pekny vecer preji a vitam Vas na foru

Jelikoz nevime o Vasem PC nic a z kristalove koule se spatne vesti, navic je uz v Brne tma a tak nic nevidim

Ale dosti legracek, kouknem na to

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784 - navod Vas povede...

harpie77 · #3 Příspěvek od **harpie77** » 24 kvě 2014 22:10

Logfile of random's system information tool 1.08 (written by random/random)
Run by sarah at 2014-05-24 22:55:23
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 306 GB (64%) free of 477 GB
Total RAM: 6143 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:55:29, on 24.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Seznam.cz\bin\postak.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
C:\Program Files (x86)\Gaming Keyboard\OSD.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\sarah.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=77 ... NTL_CZE_47
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)
R3 - URLSearchHook: (no name) - {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Search Assistant BHO - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Toolbar BHO - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\PROGRA~2\UTILIT~2\bar\1.bin\49bar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [VICTORY Gaming Keyboard] "C:\Program Files (x86)\Gaming Keyboard\Monitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSStp] C:\Windows\inf\msstp.vbe
O4 - HKLM\..\Run: [mncwyhcSrv] C:\Windows\system32\mncwyhc.vbe
O4 - HKLM\..\Run: [NtVdmSrv] C:\Windows\inf\ntvdm.vbe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files (x86)\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Google Update] "C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RSEBoardServer - Unknown owner - C:\Program Files (x86)\Q Draw Software\rseboardser.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Utility ChestService (UtilityChest_49Service) - COMPANYVERS_NAME - C:\PROGRA~2\UTILIT~2\bar\1.bin\49barsvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11734 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
"C:\Program Files (x86)\Q Draw Software\rseboardser.exe"
"C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
C:\PROGRA~2\UTILIT~2\bar\1.bin\49barsvc.exe
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\PixArt\PAC7302\Monitor.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Seznam.cz\bin\postak.exe" -s
"C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d20f8b4a-2ba9-4e73-8ba1-c62ab240206d -SystemEventPortName:HostProcess-57ef30a1-be06-44d6-99cf-bc3c34c0af7c -IoCancelEventPortName:HostProcess-777eeca1-0134-4f09-bc62-c9a108f3ac14 -NonStateChangingEventPortName:HostProcess-09866d53-3eb6-4f0b-bffa-2ca85e927212 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d16eab0d-6527-4633-b94e-9f979d455731 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files (x86)\Gaming Keyboard\OSD.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "http://email.seznam.cz/gate?sessionId=1 ... bs%2fKj%3d"
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
"C:\Users\sarah\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\COMODO Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2867925269-1044987150-134793513-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2867925269-1044987150-134793513-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06 6311296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e05b40-77fa-40b6-9077-ed1a7577b1ef}]
Search Assistant BHO - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll [2013-10-14 62864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-16 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58f7b5ca-1162-42e8-8bbc-d543b4edd780}]
Toolbar BHO - C:\PROGRA~2\UTILIT~2\bar\1.bin\49bar.dll [2013-10-14 716360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06 4533120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{cf67755f-9265-449c-87cf-b945519e073b} - Utility Chest - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll [2013-10-14 716360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2007-12-10 323584]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=C:\Program Files\CCleaner\CCleaner64.exe [2011-01-24 3457336]
"Seznam Postak"=C:\Program Files (x86)\Seznam.cz\bin\postak.exe [2012-01-10 491040]
"OfficeSyncProcess"=C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [2013-04-22 720064]
""= []
"Google Update"=C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3200 Scan2PC]
C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [2010-05-18 1989120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
C:\Program Files\Activ Software\Activdriver\ActivControl2x64.exe [2009-04-03 1237504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-09-21 2583040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2013-04-19 1090912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReSent]
c:\program files (x86)\q draw software resource\resent\rs_resent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [2011-06-02 79112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-01-26 336384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Utility Chest Home Page Guard 64 bit]
C:\PROGRA~2\UTILIT~2\bar\1.bin\AppIntegrator64.exe [2013-10-14 548936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Utility Chest Search Scope Monitor]
C:\PROGRA~2\UTILIT~2\bar\1.bin\49srchmn.exe [2013-10-14 44784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UtilityChest_49 Browser Plugin Loader]
C:\PROGRA~2\UTILIT~2\bar\1.bin\49brmon.exe [2013-10-14 30096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-09-25 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\386EB9~1.130\SSSCHE~1.EXE []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"Memeo AutoSync"=C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [2011-05-13 144608]
"VICTORY Gaming Keyboard"=C:\Program Files (x86)\Gaming Keyboard\Monitor.exe [2013-04-09 270336]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"MSStp"=C:\Windows\inf\msstp.vbe [2014-03-05 1584]
"mncwyhcSrv"=C:\Windows\system32\mncwyhc.vbe []
"NtVdmSrv"=C:\Windows\inf\ntvdm.vbe [2013-06-20 1219]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2014-05-24 22:55:24 ----D---- C:\Program Files\trend micro
2014-05-24 22:55:23 ----D---- C:\rsit
2014-05-24 15:53:29 ----D---- C:\Users\sarah\AppData\Roaming\DriverCure
2014-05-24 15:53:25 ----D---- C:\Users\sarah\AppData\Roaming\ParetoLogic
2014-05-24 15:51:29 ----D---- C:\ProgramData\ParetoLogic
2014-05-23 18:56:09 ----AS---- C:\Windows\SYSWOW64\lcpmncwyhc.exe
2014-05-23 18:56:09 ----AS---- C:\Windows\SYSWOW64\dcgmncwyhc.exe
2014-05-23 18:56:07 ----AS---- C:\Windows\SYSWOW64\acumncwyhc.exe
2014-05-23 18:56:06 ----D---- C:\Windows\SYSWOW64\bitstreams
2014-05-23 18:56:06 ----AS---- C:\Windows\SYSWOW64\zlib1.dll
2014-05-23 18:56:06 ----AS---- C:\Windows\SYSWOW64\ssleay32.dll
2014-05-23 18:56:06 ----AS---- C:\Windows\SYSWOW64\pthreadVC2.dll
2014-05-23 18:56:05 ----AS---- C:\Windows\SYSWOW64\pthreadGC2.dll
2014-05-23 18:56:05 ----AS---- C:\Windows\SYSWOW64\libssh2.dll
2014-05-23 18:56:05 ----AS---- C:\Windows\SYSWOW64\librtmp.dll
2014-05-23 18:56:05 ----AS---- C:\Windows\SYSWOW64\libidn-11.dll
2014-05-23 18:56:04 ----AS---- C:\Windows\SYSWOW64\libeay32.dll
2014-05-23 18:56:04 ----AS---- C:\Windows\SYSWOW64\libcurl-4.dll
2014-05-23 18:56:04 ----AS---- C:\Windows\SYSWOW64\cudart32_50_35.dll
2014-05-15 16:00:29 ----A---- C:\Windows\system32\mshtmled.dll
2014-05-15 16:00:29 ----A---- C:\Windows\system32\mshtml.dll
2014-05-15 16:00:28 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-05-15 16:00:23 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-05-14 12:59:54 ----A---- C:\Windows\system32\shell32.dll
2014-05-14 12:59:53 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-05-14 12:59:52 ----A---- C:\Windows\system32\aepdu.dll
2014-05-14 12:59:51 ----A---- C:\Windows\system32\aeinv.dll
2014-05-14 12:59:20 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-14 12:59:19 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-05-14 12:59:19 ----A---- C:\Windows\system32\kerberos.dll
2014-05-14 12:59:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-05-14 12:59:18 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-14 12:59:18 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-05-14 12:59:18 ----A---- C:\Windows\system32\winlogon.exe
2014-05-14 12:59:18 ----A---- C:\Windows\system32\objsel.dll
2014-05-14 12:59:18 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-14 12:59:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-14 12:59:16 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-05-14 12:59:16 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-14 12:59:15 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-05-14 12:59:15 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-14 12:59:15 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-14 12:59:15 ----A---- C:\Windows\system32\wdigest.dll
2014-05-14 12:59:15 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-14 12:59:14 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-14 12:59:14 ----A---- C:\Windows\system32\schannel.dll
2014-05-14 12:59:14 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-14 12:59:14 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-14 12:59:14 ----A---- C:\Windows\system32\adprovider.dll
2014-05-14 12:59:13 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-05-14 12:59:13 ----A---- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-05-14 12:59:13 ----A---- C:\Windows\SYSWOW64\cngprovider.dll
2014-05-14 12:59:13 ----A---- C:\Windows\SYSWOW64\capiprovider.dll
2014-05-14 12:59:13 ----A---- C:\Windows\SYSWOW64\adprovider.dll
2014-05-14 12:59:13 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-14 12:59:13 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-05-14 12:59:13 ----A---- C:\Windows\system32\cngprovider.dll
2014-05-14 12:59:13 ----A---- C:\Windows\system32\capiprovider.dll
2014-05-14 12:59:12 ----A---- C:\Windows\SYSWOW64\wincredprovider.dll
2014-05-14 12:59:12 ----A---- C:\Windows\system32\wincredprovider.dll
2014-05-14 12:59:12 ----A---- C:\Windows\system32\sspicli.dll
2014-05-14 12:59:12 ----A---- C:\Windows\system32\lsass.exe
2014-05-14 12:59:12 ----A---- C:\Windows\system32\credssp.dll
2014-05-14 12:59:11 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-05-14 12:59:11 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-05-14 12:59:11 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-14 12:59:11 ----A---- C:\Windows\system32\secur32.dll
2014-05-14 12:59:10 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-05-10 19:20:36 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-05-06 18:40:18 ----A---- C:\Windows\system32\ieui.dll
2014-05-06 18:40:17 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-05-06 18:40:15 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-05-06 18:40:15 ----A---- C:\Windows\system32\vbscript.dll
2014-05-06 18:40:07 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 18:40:07 ----A---- C:\Windows\system32\iernonce.dll
2014-05-06 18:40:07 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 18:40:07 ----A---- C:\Windows\system32\ie4uinit.exe
2014-05-06 18:40:05 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-05-06 18:40:05 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-05-06 18:40:05 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-05-06 18:40:05 ----A---- C:\Windows\system32\msrating.dll
2014-05-06 18:40:05 ----A---- C:\Windows\system32\jscript9diag.dll
2014-05-06 18:40:05 ----A---- C:\Windows\system32\dxtrans.dll
2014-05-06 18:40:05 ----A---- C:\Windows\system32\dxtmsft.dll
2014-05-06 18:40:04 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-05-06 18:40:04 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-05-06 18:40:04 ----A---- C:\Windows\system32\msfeeds.dll
2014-05-06 18:40:04 ----A---- C:\Windows\system32\jsproxy.dll
2014-05-06 18:40:03 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-05-06 18:40:03 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-05-06 18:40:03 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-05-06 18:40:03 ----A---- C:\Windows\system32\ieUnatt.exe
2014-05-06 18:40:03 ----A---- C:\Windows\system32\iesetup.dll
2014-05-06 18:40:02 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-05-06 18:40:00 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-05-06 18:40:00 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-05-06 18:40:00 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-05-06 18:39:59 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 18:39:59 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-05-06 18:39:59 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-05-06 18:39:59 ----A---- C:\Windows\system32\ieapfltr.dll
2014-05-06 18:39:57 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-05-06 18:39:57 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-05-06 18:39:57 ----A---- C:\Windows\system32\wininet.dll
2014-05-06 18:39:57 ----A---- C:\Windows\system32\iertutil.dll
2014-05-06 18:39:56 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-05-06 18:39:56 ----A---- C:\Windows\system32\urlmon.dll
2014-05-06 18:39:55 ----A---- C:\Windows\system32\ieframe.dll
2014-05-06 18:39:54 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-05-06 18:39:53 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-05-06 18:39:53 ----A---- C:\Windows\system32\jscript9.dll
2014-05-06 18:39:23 ----SD---- C:\Windows\system32\CompatTel

======List of files/folders modified in the last 1 months======

2014-05-24 22:55:24 ----RD---- C:\Program Files
2014-05-24 20:47:28 ----D---- C:\Windows\Temp
2014-05-24 20:40:38 ----D---- C:\Windows\System32
2014-05-24 20:40:38 ----D---- C:\Windows\inf
2014-05-24 20:40:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-24 20:32:14 ----D---- C:\Windows\system32\config
2014-05-24 16:17:35 ----D---- C:\Windows\system32\Tasks
2014-05-24 16:17:34 ----D---- C:\Windows\Tasks
2014-05-24 16:17:16 ----D---- C:\Program Files (x86)\Common Files
2014-05-24 16:09:01 ----D---- C:\Windows\Prefetch
2014-05-24 15:51:29 ----HD---- C:\ProgramData
2014-05-23 18:56:10 ----D---- C:\Windows\SysWOW64
2014-05-22 19:20:45 ----SHD---- C:\System Volume Information
2014-05-17 11:30:32 ----D---- C:\Windows\rescache
2014-05-15 19:41:33 ----SHD---- C:\Windows\Installer
2014-05-15 19:11:53 ----D---- C:\Windows\Microsoft.NET
2014-05-15 19:11:17 ----RSD---- C:\Windows\assembly
2014-05-15 16:25:39 ----D---- C:\Windows\winsxs
2014-05-15 16:23:19 ----D---- C:\Windows\system32\drivers
2014-05-15 16:23:19 ----D---- C:\Windows\system32\cs-CZ
2014-05-15 16:23:19 ----D---- C:\Windows\PolicyDefinitions
2014-05-15 16:08:13 ----D---- C:\ProgramData\Microsoft Help
2014-05-15 16:00:50 ----D---- C:\Windows\system32\catroot
2014-05-15 16:00:48 ----D---- C:\Windows\system32\catroot2
2014-05-15 15:37:20 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 21:24:27 ----D---- C:\Windows\system32\MRT
2014-05-14 21:24:24 ----A---- C:\Windows\system32\MRT.exe
2014-05-14 12:37:59 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-05-12 23:29:42 ----D---- C:\Windows\system32\FxsTmp
2014-05-11 00:51:31 ----D---- C:\Program Files (x86)
2014-05-09 20:32:26 ----D---- C:\Users\sarah\AppData\Roaming\Spore
2014-05-06 19:18:51 ----D---- C:\Program Files\Internet Explorer
2014-05-06 19:18:50 ----D---- C:\Windows\SYSWOW64\en-US
2014-05-06 19:18:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-05-06 19:18:49 ----D---- C:\Windows\system32\en-US
2014-05-06 19:18:49 ----D---- C:\Program Files (x86)\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2011-12-18 276576]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2013-11-02 2913904]
R1 CFRMD;CFRMD; C:\Windows\system32\DRIVERS\CFRMD.sys [2010-10-28 78528]
R1 CFRPD;CFRPD; C:\Windows\system32\DRIVERS\CFRPD.sys [2010-10-28 36840]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
R2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-10-29 53816]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-10-29 11576]
R3 ActivHidSerMini;Promethean Serial Board Driver; C:\Windows\system32\DRIVERS\activhidsermini.sys [2008-12-17 64256]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-01-27 9085952]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-01-27 299520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-08-12 350952]
R3 prmvmouse;Promethean HID Mouse Service; C:\Windows\system32\DRIVERS\activmouse.sys [2008-12-17 7168]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-01-27 9085952]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys []
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2013-01-23 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2013-01-23 171008]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 PAC7302;Eye 312; C:\Windows\system32\DRIVERS\PAC7302.SYS [2009-04-28 532480]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-01-27 203776]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
R2 AMD Reservation Manager;AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808]
R2 OS Selector;Acronis OS Selector activator; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2139400]
R2 RSEBoardServer;RSEBoardServer; C:\Program Files (x86)\Q Draw Software\rseboardser.exe [2011-09-01 433152]
R2 SeagateDashboardService;Seagate Dashboard Service; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-02 14088]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-08-06 3291008]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 UtilityChest_49Service;Utility ChestService; C:\PROGRA~2\UTILIT~2\bar\1.bin\49barsvc.exe [2013-10-14 44752]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2013-11-02 551824]
S2 Cleaner_Validator;COMODO System - Cleaner Service; C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-10-28 362432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 289256]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-10 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-10 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-10 116648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Je to tak správně? Jestli jsem to udělala špatně, udělám to znovu. Děkuji za trpělivost.

#4 Příspěvek od **vyosek** » 25 kvě 2014 08:07

Je to v poradku, jen prosim ten log nedavejte do barvicek, ono to dosti tahne oci

Odinstalujte McAfee Security Scan

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

harpie77 · #5 Příspěvek od **harpie77** » 25 kvě 2014 09:32

Budu si to pamatovat - barevné logy ne.
Jdu plnit úkoly.

Jinak jsem našla v PC 3 soubory - včera jsem je mazala a objevily se mi znova. Jsou mi podezřelé... Nemám tušení, k čemu slouží nebo k čemu patří. Z vlastností jsem nic nevyčetla. Udělala jsem screen plochy, můžu dodat? Také se mi objevuje při spuštění nějaké okno a nemůžu se ho zbavit. Také mám "vyfoceno" - náhrada za mé chabé vyjadřovací schopnosti.

Hezký den, Harpi♥

#6 Příspěvek od **vyosek** » 25 kvě 2014 09:49

Screeny mi klidne poslete na mail

Pockam si na logy a pak uvidime co dale

harpie77 · #7 Příspěvek od **harpie77** » 25 kvě 2014 10:34

V upozornění bylo "nepanikařit..." ha ha ha. Program jsem spouštěla asi 7x než jsem si podmínky přeložila, uklidnila se a dočkala se logu. Taky jsem několikrát prohledávala adresář a hledala log, který ještě neexistoval... Toliko ke mě. Polepším se.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by sarah on ne 25.05.2014 at 11:03:09,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B5367C3B-BFF3-4E3C-B5F5-88D76CA27969}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] C:\Users\sarah\AppData\Roaming\mozilla\firefox\profiles\dbcm6k51.default\searchplugins\ask-web-search.xml
Successfully deleted: [File] C:\Users\sarah\AppData\Roaming\mozilla\firefox\profiles\dbcm6k51.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\sarah\AppData\Roaming\mozilla\firefox\profiles\dbcm6k51.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\sarah\AppData\Roaming\mozilla\firefox\profiles\dbcm6k51.default\conduitcommon
Successfully deleted: [Folder] C:\Users\sarah\AppData\Roaming\mozilla\firefox\profiles\dbcm6k51.default\extensions\49ffxtbr@utilitychest_49.com
Successfully deleted the following from C:\Users\sarah\AppData\Roaming\mozilla\firefox\profiles\dbcm6k51.default\prefs.js

user_pref("CT2571160..clientLogIsEnabled", false);
user_pref("CT2571160..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2571160..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2571160.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2571160.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2571160.BrowserCompStateIsOpen_1000515", true);
user_pref("CT2571160.CT2571160", "CT2571160");
user_pref("CT2571160.CurrentServerDate", "2-2-2013");
user_pref("CT2571160.DSChangedManually", false);
user_pref("CT2571160.DSInstall", true);
user_pref("CT2571160.DSProtectChoice", true);
user_pref("CT2571160.DSProtectCount", 1);
user_pref("CT2571160.DialogsAlignMode", "LTR");
user_pref("CT2571160.DialogsGetterLastCheckTime", "Thu Jan 31 2013 20:22:48 GMT+0100");
user_pref("CT2571160.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"3/23/2012 8:35:53 PM\",\"SourceId\":0,\
user_pref("CT2571160.EMailNotifierPollDate", "Thu Sep 20 2012 06:52:53 GMT+0200");
user_pref("CT2571160.FirstServerDate", "23-3-2012");
user_pref("CT2571160.FirstTime", true);
user_pref("CT2571160.FirstTimeFF3", true);
user_pref("CT2571160.FixPageNotFoundErrors", false);
user_pref("CT2571160.GroupingServerCheckInterval", 1440);
user_pref("CT2571160.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2571160.HPInstall", true);
user_pref("CT2571160.HPProtectChoice", true);
user_pref("CT2571160.HPProtectCount", 1);
user_pref("CT2571160.HasUserGlobalKeys", true);
user_pref("CT2571160.HomePageProtectorEnabled", false);
user_pref("CT2571160.HomepageBeforeUnload", "hxxp://www.seznam.cz/");
user_pref("CT2571160.Initialize", true);
user_pref("CT2571160.InitializeCommonPrefs", true);
user_pref("CT2571160.InstallationAndCookieDataSentCount", 3);
user_pref("CT2571160.InstallationType", "DirectDownload");
user_pref("CT2571160.InstalledDate", "Fri Mar 23 2012 18:34:17 GMT+0100");
user_pref("CT2571160.InvalidateCache", false);
user_pref("CT2571160.IsAlertDBUpdated", true);
user_pref("CT2571160.IsGrouping", false);
user_pref("CT2571160.IsInitSetupIni", true);
user_pref("CT2571160.IsMulticommunity", false);
user_pref("CT2571160.IsOpenThankYouPage", true);
user_pref("CT2571160.IsOpenUninstallPage", true);
user_pref("CT2571160.IsProtectorsInit", true);
user_pref("CT2571160.LanguagePackLastCheckTime", "Sat Feb 02 2013 10:20:49 GMT+0100");
user_pref("CT2571160.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2571160.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2571160.LastLogin_3.10.0.1", "Fri Mar 23 2012 18:34:30 GMT+0100");
user_pref("CT2571160.LastLogin_3.12.0.7", "Tue Apr 24 2012 22:50:58 GMT+0200");
user_pref("CT2571160.LastLogin_3.12.2.3", "Wed May 30 2012 19:58:53 GMT+0200");
user_pref("CT2571160.LastLogin_3.13.0.6", "Mon Jul 16 2012 09:46:40 GMT+0200");
user_pref("CT2571160.LastLogin_3.14.1.0", "Tue Aug 21 2012 14:03:24 GMT+0200");
user_pref("CT2571160.LastLogin_3.15.1.0", "Wed Nov 07 2012 00:18:34 GMT+0100");
user_pref("CT2571160.LastLogin_3.16.0.3", "Sat Feb 02 2013 10:20:48 GMT+0100");
user_pref("CT2571160.LatestVersion", "3.16.0.3");
user_pref("CT2571160.Locale", "en");
user_pref("CT2571160.MCDetectTooltipHeight", "83");
user_pref("CT2571160.MCDetectTooltipShow", false);
user_pref("CT2571160.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2571160.MCDetectTooltipWidth", "295");
user_pref("CT2571160.MyStuffEnabledAtInstallation", true);
user_pref("CT2571160.OriginalFirstVersion", "3.10.0.1");
user_pref("CT2571160.RadioIsPodcast", false);
user_pref("CT2571160.RadioLastCheckTime", "Thu Sep 20 2012 06:52:53 GMT+0200");
user_pref("CT2571160.RadioLastUpdateIPServer", "3");
user_pref("CT2571160.RadioLastUpdateServer", "0");
user_pref("CT2571160.RadioMediaID", "9962");
user_pref("CT2571160.RadioMediaType", "Media Player");
user_pref("CT2571160.RadioMenuSelectedID", "EBRadioMenu_CT25711609962");
user_pref("CT2571160.RadioShrinkedFromSetup", false);
user_pref("CT2571160.RadioStationName", "California%20Rock");
user_pref("CT2571160.RadioStationURL", "hxxp://feedlive.net/california.asx");
user_pref("CT2571160.SHRINK_TOOLBAR", 1);
user_pref("CT2571160.SavedHomepage", "hxxp://www.seznam.cz/");
user_pref("CT2571160.SearchCaption", "Conduit Apps Customized Web Search");
user_pref("CT2571160.SearchEngineBeforeUnload", "Conduit Apps Customized Web Search");
user_pref("CT2571160.SearchFromAddressBarIsInit", true);
user_pref("CT2571160.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2571160&SearchSource=2&q=");
user_pref("CT2571160.SearchInNewTabEnabled", true);
user_pref("CT2571160.SearchInNewTabIntervalMM", 1440);
user_pref("CT2571160.SearchInNewTabLastCheckTime", "Sat Feb 02 2013 10:20:46 GMT+0100");
user_pref("CT2571160.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2571160.SearchProtectorEnabled", true);
user_pref("CT2571160.SearchProtectorToolbarDisabled", false);
user_pref("CT2571160.SendProtectorDataViaLogin", true);
user_pref("CT2571160.ServiceMapLastCheckTime", "Sat Feb 02 2013 10:20:48 GMT+0100");
user_pref("CT2571160.SettingsLastCheckTime", "Sat Feb 02 2013 10:20:45 GMT+0100");
user_pref("CT2571160.SettingsLastUpdate", "1359790377");
user_pref("CT2571160.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2571160&SearchSource=13");
user_pref("CT2571160.ThirdPartyComponentsInterval", 504);
user_pref("CT2571160.ThirdPartyComponentsLastCheck", "Fri Mar 23 2012 18:34:12 GMT+0100");
user_pref("CT2571160.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2571160.ToolbarShrinkedFromSetup", false);
user_pref("CT2571160.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2571160");
user_pref("CT2571160.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2571160.UserID", "UN29443576664704724");
user_pref("CT2571160.ValidationData_Toolbar", 2);
user_pref("CT2571160.WeatherNetwork", "");
user_pref("CT2571160.WeatherPollDate", "Thu Sep 20 2012 06:52:54 GMT+0200");
user_pref("CT2571160.WeatherUnit", "C");
user_pref("CT2571160.alertChannelId", "964018");
user_pref("CT2571160.approveUntrustedApps", true);
user_pref("CT2571160.backendstorage.facebook_mode", "32");
user_pref("CT2571160.backendstorage.facebook_user_locale", "656E");
user_pref("CT2571160.components.1000034", true);
user_pref("CT2571160.components.1000082", true);
user_pref("CT2571160.components.1000234", true);
user_pref("CT2571160.components.1000515", true);
user_pref("CT2571160.counterAppsAdded", 1);
user_pref("CT2571160.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2571160.globalFirstTimeInfoLastCheckTime", "Fri Mar 23 2012 18:34:16 GMT+0100");
user_pref("CT2571160.homepageProtectorEnableByLogin", true);
user_pref("CT2571160.initDone", true);
user_pref("CT2571160.isAppTrackingManagerOn", true);
user_pref("CT2571160.isFirstRadioInstallation", false);
user_pref("CT2571160.myStuffEnabled", true);
user_pref("CT2571160.myStuffPublihserMinWidth", 400);
user_pref("CT2571160.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2571160.myStuffServiceIntervalMM", 1440);
user_pref("CT2571160.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2571160.navigateToUrlOnSearch", false);
user_pref("CT2571160.revertSettingsEnabled", true);
user_pref("CT2571160.searchProtectorDialogDelayInSec", 10);
user_pref("CT2571160.searchProtectorEnableByLogin", true);
user_pref("CT2571160.testingCtid", "");
user_pref("CT2571160.toolbarAppMetaDataLastCheckTime", "Sat Feb 02 2013 10:20:48 GMT+0100");
user_pref("CT2571160.toolbarContextMenuLastCheckTime", "Fri Mar 23 2012 18:34:17 GMT+0100");
user_pref("CT2571160.usagesFlag", 2);
user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2438727");
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2571160&SearchSource=13");
user_pref("CommunityToolbar.ConduitSearchList", "Conduit Apps Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"0854540956e2431f8647b6c7e1d515693\"");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2571160/CT2571160", "\"1a15a35e47fd937cc4f45189776e9cd33\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1331722/1327393/CZ", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/CZ", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/964018/959786/CZ", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2571160", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727", "\"0697a2066791d3f9dfa6c976583f2c5c\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2571160", "\"0697a2066791d3f9dfa6c976583f2c5c\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2438727&octid=CT2438727", "\"835a34fd1644a2b70148726d24d29beb1\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"1311168869\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"27f9ceb6f365cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"61cc6bb1b8f5201188d780f59ed6a1c1\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\sarah\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\dbcm6k51.default\\conduitCommon\\modules\\3.15.1.0");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/MarketPlace/11/66/110bf74a-99ed-45e2-9aad-177670e1bc66//a04cc065-82e9-444f-bfe9-f74f265e4076.htm
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/11/66/110bf74a-99ed-45e2-9aad-177670e1bc66//a04cc065-82e9-444f-bfe9-f74f265e4076.html",
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62781&p=");
user_pref("CommunityToolbar.ToolbarsList", "CT2571160");
user_pref("CommunityToolbar.ToolbarsList2", "CT2571160");
user_pref("CommunityToolbar.ToolbarsList4", "CT2571160");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Mar 27 2011 09:44:39 GMT+0200");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 09 2011 15:09:56 GMT+0200");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 18:43:23 GMT+0200");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "{e25ede6b-966b-4ee2-93fe-14a26d02ede5}");
user_pref("CommunityToolbar.globalUserId", "f1207147-9aaa-41c3-982e-4e0793f9f1ae");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2438727");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Sep 20 2012 06:52:45 GMT+0200");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Sep 20 2012 06:52:51 GMT+0200");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Sep 20 2012 06:52:44 GMT+0200");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "86471d21-5bb2-4929-a746-4ce93563dfcf");
user_pref("CommunityToolbar.originalHomepage", "hxxp://www.seznam.cz/");
user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
user_pref("blingee.guard.defaultengine_keyword_url", "hxxp://www.searchcanvas.com/web?ot=8&q=");
user_pref("blingee.guard.defaultengine_name", "SearchCanvas");
user_pref("browser.search.defaultenginename", "Ask Web Search");
user_pref("browser.search.defaultthis.engineName", "Conduit Apps Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2571160&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "Ask Web Search");
user_pref("extensions.mywebsearch.prevDefaultEngine", "Conduit Apps Customized Web Search");
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2571160&SearchSource=2&q=");
user_pref("extensions.mywebsearch.prevSelectedEngine", "Conduit Apps Customized Web Search");
user_pref("extensions.toolbar.mindspark._49Members_.BUTTON_STRUCTURE", "[{\"b\":221352991,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221352992,\"c\":\"mindspark.enterse
user_pref("extensions.toolbar.mindspark._49Members_.browser.search.defaultenginename.prev", "Ask Web Search");
user_pref("extensions.toolbar.mindspark._49Members_.browser.search.defaultenginename.savedPrev", "true");
user_pref("extensions.toolbar.mindspark._49Members_.browser.search.defaultenginename.tb", "Ask Web Search");
user_pref("extensions.toolbar.mindspark._49Members_.browser.search.selectedEngine.prev", "Ask Web Search");
user_pref("extensions.toolbar.mindspark._49Members_.browser.search.selectedEngine.savedPrev", "true");
user_pref("extensions.toolbar.mindspark._49Members_.browser.search.selectedEngine.tb", "Ask Web Search");
user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.homepage.prev", "hxxp://www.seznam.cz/");
user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.homepage.savedPrev", "true");
user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=260F3CEA-E0C4-41B0-9D98-DEF9ECCE4E82&n=77fd7d6a&p2=^Z
user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.page.savedPrev", 1);
user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.page.tb", 1);
user_pref("extensions.toolbar.mindspark._49Members_.firstKnownVersion", "5.71.2.59707");
user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=260F3CEA-E0C4-41B0-9D98-DEF9ECCE4E82&n=77fd7d6a&p2=^ZO^xdm017^YYA^cz&si=
user_pref("extensions.toolbar.mindspark._49Members_.hp.enabled", false);
user_pref("extensions.toolbar.mindspark._49Members_.hp.user.defined", true);
user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013101418");
user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm017^YYA^cz");
user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "translateye");
user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "260F3CEA-E0C4-41B0-9D98-DEF9ECCE4E82");
user_pref("extensions.toolbar.mindspark._49Members_.isCompliantUninstallImplementation", true);
user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1401005186644");
user_pref("extensions.toolbar.mindspark._49Members_.lastKnownVersion", "6.33.3.53069");
user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._49Members_.searchHistory", "Burger ||zákona \r. 326/1999 Sb. o pobytu cizinco na území eské republiky||Kristen Stewartová||Robertem P
user_pref("extensions.toolbar.mindspark._49Members_.toolbarCollapsed", true);
user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark._89Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=CC042F2B-BAC1-4569-82BC-D4E7B701392D&n=77fd7987&p2=^AW7^xdm055^YYA^cz&si
user_pref("extensions.toolbar.mindspark._89Members_.hp.enabled", false);
user_pref("extensions.toolbar.mindspark._89Members_.hp.user.defined", true);
user_pref("extensions.toolbar.mindspark._89Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._89Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._89Members_.installation.installDate", "2013100423");
user_pref("extensions.toolbar.mindspark._89Members_.installation.partnerId", "^AW7^xdm055^YYA^cz");
user_pref("extensions.toolbar.mindspark._89Members_.installation.partnerSubId", "YO_SAF_INTL_CZE_47");
user_pref("extensions.toolbar.mindspark._89Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._89Members_.installation.toolbarId", "CC042F2B-BAC1-4569-82BC-D4E7B701392D");
user_pref("extensions.toolbar.mindspark._89Members_.lastActivePing", "1381417371735");
user_pref("extensions.toolbar.mindspark._89Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._89Members_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._89Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._89Members_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._89Members_.searchHistory", "adobe illustrator cs3||superhry||desktop wallpaper||desktop race");
user_pref("extensions.toolbar.mindspark._89Members_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.hp.enabled", false);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com");
user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=260F3CEA-E0C4-41B0-9D98-DEF9ECCE4E82&n=77fd7d6a&ind=2013101418&p2=^ZO^xdm017^YYA^cz&si=transl
Emptied folder: C:\Users\sarah\AppData\Roaming\mozilla\firefox\profiles\dbcm6k51.default\minidumps [579 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 25.05.2014 at 11:15:52,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#8 Příspěvek od **vyosek** » 25 kvě 2014 10:39

Ale povedlo se

Jeste poprosim o AdwCleaner

harpie77 · #9 Příspěvek od **harpie77** » 25 kvě 2014 10:47

Už jsem tu, hotovo. Zas mi najíždí procesor. Přidám scany, až vyhledám email...

# AdwCleaner v3.210 - Report created 25/05/2014 at 11:40:00
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : sarah - SARAH-PC
# Running from : C:\Users\sarah\Desktop\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : UtilityChest_49Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\sarah\AppData\Local\Conduit
Folder Deleted : C:\Users\sarah\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\dbcm6k51.default\Conduit
Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\dbcm6k51.default\UtilityChest_49

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.Radio
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncherSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23699B0B-C14D-4054-A545-FC0927BB0879}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25151605-D156-49DD-A659-20E69C1EE15F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{268CA04C-106C-4636-B707-95E8CD5859E0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BB3E614-F616-42DD-A99A-69C1FC268741}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35274ADF-B8DE-4909-80D1-A26269216903}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F2F1B3C-EDA7-46EC-A1CA-12A67CD00A82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BBF357E-EA8C-48BF-83CA-DE279FB83BBA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AAFD84D-5F7F-42E5-9FB4-157925C3ED2F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83CE5D73-E3DE-4DC5-82C2-3B65DFD0A849}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{929825DF-A1B4-40C9-8F3C-6DA06BADC150}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A72B8EA8-5B63-4C90-9FE8-D9C76C99DE32}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C86BFADB-406F-47C7-A8D8-FAA37B39089F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF67755F-9265-449C-87CF-B945519E073B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D92EDE9A-70A4-469F-AF8F-38C3F278B0A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8E1BDAB-F48F-46F9-8693-4EECB83D1AD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103E3C9A-E8AE-4B19-A339-01FE9439763E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{24486CE9-7BC2-4516-B743-39FFDD4F861B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{326C4F48-FE3B-4E54-9118-9B6C3B6C9B1E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39D884BB-2881-4F3A-B9B9-2D3AF4C2C191}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{59E5BDB9-126F-4575-901E-D32132A19B94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5CF866F0-10A3-4ED4-9BE3-668F2F148E2F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{618B2F0C-A1AF-4D1D-9354-CF0C42AF5BCB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8EFEE482-37BC-4F3D-83E6-CB5BBE077E43}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CE1482C8-E8FD-4277-9A4F-094D712F6B60}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEFDBFA7-0F18-4216-8F90-6B6F71D6AB83}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F12BA68C-976E-4567-BA3B-629DFCEBC5FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F66F6A81-E727-4774-B461-8A5CB7F7DE07}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF67755F-9265-449C-87CF-B945519E073B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25151605-D156-49DD-A659-20E69C1EE15F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{268CA04C-106C-4636-B707-95E8CD5859E0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{992177A5-DF3C-4EC2-B779-6A5F94704CCC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFBAF9B2-2093-4D16-9D1F-348AE68408E4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CF67755F-9265-449C-87CF-B945519E073B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7A55CBB2-2B2E-4A41-9DE1-6AC5D2C2BE0A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\UtilityChest_49
Key Deleted : HKCU\Software\AppDataLow\Software\UtilityChest_49
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\UtilityChest_49
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UtilityChest_49bar Uninstall Internet Explorer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\dbcm6k51.default\prefs.js ]

Line Deleted : user_pref("CT2571160.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"3/23/2012 8:35:53 PM\",\"SourceId\":0,\"OriginSource\":0,\"Refer[...]
Line Deleted : user_pref("CT2571160.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"0854540956e2431f8647b6c7e1d515693\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2571160/CT2571160", "\"1a15a35e47fd937cc4f45189776e9cd33\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1331722/1327393/CZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/CZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/964018/959786/CZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2571160", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727", "\"0697a2066791d3f9dfa6c976583f2c5c\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2571160", "\"0697a2066791d3f9dfa6c976583f2c5c\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2438727&octid=CT2438727", "\"835a34fd1644a2b70148726d24d29beb1\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"1311168869\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"27f9ceb6f365cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"61cc6bb1b8f5201188d780f59ed6a1c1\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\sarah\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\dbcm6k51.default\\conduitCommon\\modules\\3.15.1.0");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.BUTTON_STRUCTURE", "[{\"b\":221352991,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221352992,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.searchHistory", "Burger ||zákona \r. 326/1999 Sb. o pobytu cizinco na území eské republiky||Kristen Stewartová||Robertem Pattinson|| Moodle||vyhláa[...]

-\\ Google Chrome v

[ File : C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [16086 octets] - [25/05/2014 11:38:33]
AdwCleaner[S0].txt - [16054 octets] - [25/05/2014 11:40:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16115 octets] ##########

#10 Příspěvek od **vyosek** » 25 kvě 2014 10:51

Jeste taky nekoncime

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"=-
""=-
"Google Update"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReSent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Utility Chest Home Page Guard 64 bit]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Utility Chest Search Scope Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UtilityChest_49 Browser Plugin Loader]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=-
"Adobe ARM"=-
"MSStp"=-
"mncwyhcSrv"=-
"NtVdmSrv"=-

:files
C:\Windows\SYSWOW64\lcpmncwyhc.exe
C:\Windows\SYSWOW64\dcgmncwyhc.exe
C:\Windows\SYSWOW64\acumncwyhc.exe
C:\Windows\inf\ntvdm.vbe
C:\Windows\system32\mncwyhc.vbe
C:\Windows\inf\msstp.vbe
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\COMODO Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2867925269-1044987150-134793513-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2867925269-1044987150-134793513-1001UA.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

harpie77 · #11 Příspěvek od **harpie77** » 25 kvě 2014 11:39

Myslím, že přeceňujete mé schopnosti. Ale zatím to dávám...
PS: Došel email?

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OfficeSyncProcess deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReSent\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Utility Chest Home Page Guard 64 bit\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Utility Chest Search Scope Monitor\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UtilityChest_49 Browser Plugin Loader\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\BCSSync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\MSStp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\mncwyhcSrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\NtVdmSrv deleted successfully.
========== FILES ==========
C:\Windows\SYSWOW64\lcpmncwyhc.exe moved successfully.
C:\Windows\SYSWOW64\dcgmncwyhc.exe moved successfully.
C:\Windows\SYSWOW64\acumncwyhc.exe moved successfully.
C:\Windows\inf\ntvdm.vbe moved successfully.
C:\Windows\system32\mncwyhc.vbe moved successfully.
C:\Windows\inf\msstp.vbe moved successfully.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\COMODO Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2867925269-1044987150-134793513-1001Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2867925269-1044987150-134793513-1001UA.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: sarah
->Temp folder emptied: 276196477 bytes
->Temporary Internet Files folder emptied: 170420326 bytes
->FireFox cache emptied: 604676745 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 178879 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2428488 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83144987 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42322562 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 125,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: sarah
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: sarah

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05252014_122620

Files\Folders moved on Reboot...
C:\Users\sarah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#12 Příspěvek od **vyosek** » 25 kvě 2014 11:44

Mail dosel a defakto ukazule problemy, ktere OTL ted opravilo

Jak se tedy chova nas pacient nyni??

harpie77 · #13 Příspěvek od **harpie77** » 25 kvě 2014 12:02

Mmmmmm... pěkně tiše přede a už na mě nevyskakují žádná nevyžádaná okénka.
Srdečně děkuji za pomoc a léky pro mého mazlíka.

Když jsem celý proces absolvovala a viděla různé programy, ztrácím sebedůvěru, že bych si dokázala pomoci v budoucnu sama. Z toho, co se tu dělo, téměř ničemu nerozumím. Jako amatér asi nemám šanci? Přesto, kdybych se rozhodla být počítačová terapeutka, čím bych měla začít?

Nebo, pokud slevím ze svých ambicí, co bych měla dobře znát, abych byla v obraze ohledně potřeb a péče o PC?

PS: Ty 3 soubory (rgut, stud, regbcm) jsou na svém místě - souvicejí s tím problémem nějak, můžu je smazat, nebo patří k něčemu jinému a nějaký program tím poškodím?

#14 Příspěvek od **vyosek** » 25 kvě 2014 12:18

V dnesni dobe pokud nemate zkusenosti s odstranovanim haveti, tak velmi tezko uspejete. Havet je vychytrala a snazi se vsemozne maskovat, skryvat a obcas se brani i odstraneni

Ty tri soubory nechte, nemely by byt skodlive

Ohledne udrzby PC, nize se zminim o aplikaci CCleaner, ktera je vyborna na udrzbu PC - neni to antivirova aplikaci (tuto funkci plni antivir), ale maze docasne\nepotrebne soubory, ktere si system vytvari a udrzuje celkove poradek v PC

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

harpie77 · #15 Příspěvek od **harpie77** » 25 kvě 2014 16:11

Ccleaner již mám, ale měla jsem nastavené průběžné kontroly a nepracovala jsem s ním. Podle návodu jsem čistila 2x a registry opravila 4x, pak bylo vše OK. Takže zařadím víkendové dýchánky s Ccleanerem. Ty zálohy reg. můžu vymyzat? Předpokládám, že sloužily přechodně, kdyby se něco pokazilo?

Ohledně programů - nevím, jak poznám, který program potřebuji a který ne - nepoznám třeba zastaralé verze - zda updaty pouze přepisují nebo vytvářejí nová schémata a staré "ikony - programy" můžu vymazat (odinstalovat). Nedokážu dost dobře posoudit, co nechat a co odstranit.

Je po čištění pomocí Cleaneru potřeba doplnit postupy v bodech:
T-Cleaner
OTC
TFC ?

VIRY.CZ

asi viry, prosím o rady

asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady

Re: asi viry, prosím o rady