Dobrý den,
objevila se mi v PC nějaká hrozba, prosím o kontrolu a pomoc, zde je log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Lenka Bürgerová at 2014-08-29 23:26:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (7%) free of 305 GB
Total RAM: 2039 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:26:40, on 29.8.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Documents and Settings\All Users\Data aplikací\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Lenka Bürgerová\Plocha\RSIT.exe
C:\Program Files\trend micro\Lenka Bürgerová.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superhry.cz/plne-hry
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: eseeky Helper Object - {AB8A4A95-7B94-4E2D-B52A-56059D69B861} - C:\Program Files\eseeky\eseeky\1.8.24.5\bh\eseeky.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Lišta Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [ISUSPM] C:\Documents and Settings\All Users\Data aplikací\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Hobbyist Software VLC Streamer] "C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Odics] C:\Documents and Settings\Lenka Bürgerová\Local Settings\Data aplikací\Odics\tmp4.exe
O4 - HKCU\..\Run: [Obics] regsvr32.exe "C:\Documents and Settings\Lenka Bürgerová\Local Settings\Data aplikací\Obics\jhhlamhwpy.dll"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Landi 11.lnk = C:\Program Files\landi 11\Landi11.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Otevřít programem PDF Viewer Plus - res://C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1789035218
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 5.13.0.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 12774 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
C:\WINDOWS\tasks\ASC6_PerformanceMonitor.job - C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job - c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-343818398-682003330-1004.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck
C:\WINDOWS\tasks\User_Feed_Synchronization-{81C1A018-D518-49F5-9CBE-C0A994422D38}.job - C:\WINDOWS\system32\msfeedssync.exe sync
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "toolbar@ask.com:3.11.3.15590, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5, Cetrumcz@igeared:1.203.023.002, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://trovi.com/ResultsExt.aspx?ctid=C ... 855&UM=&q="
"Cetrumcz@igeared"=C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@parallelgraphics.com/Cortona]
"Description"=Cortona VRML Plugin
"Path"=C:\Program Files\Common Files\ParallelGraphics\Cortona\npcortona.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\extensions\
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
{800b5000-a755-47e1-992b-48a1c1357f07}
{ea614400-e918-4741-9a97-7a972ff7c30b}
{EFEB7D4A-2DCE-E877-2064-67B4E7A43A58}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\
askcom.xml
BabylonMngr.xml
bingp.xml
conduit.xml
eseeky.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
CentrumczToolbar BHO - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}]
PlusIEEventHelper Class - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06 249856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-12 463272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB8A4A95-7B94-4E2D-B52A-56059D69B861}]
eseeky Helper Object - C:\Program Files\eseeky\eseeky\1.8.24.5\bh\eseeky.dll [2013-08-12 306072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-11-22 1001936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-12 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806} - Lišta Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]
{98889811-442D-49dd-99D7-DC866BE87DBC}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-11-09 180224]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
"IndexSearch"=C:\Program Files\Nuance\PaperPort\IndexSearch.exe [2010-03-09 46368]
"PaperPort PTD"=C:\Program Files\Nuance\PaperPort\pptd40nt.exe [2010-03-09 29984]
"PDFHook"=C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [2010-03-05 636192]
"PDF5 Registry Controller"=C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [2010-03-05 62752]
"ControlCenter4"=C:\Program Files\ControlCenter4\BrCcBoot.exe [2011-04-20 139264]
"BrStsMon00"=C:\Program Files\Browny02\Brother\BrStMonW.exe [2010-06-10 2621440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-06-06 20065936]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-12-12 143360]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-12-12 172032]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-12-12 143360]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2012-10-25 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-10-01 152392]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Logitech Vid"=C:\Program Files\Logitech\Logitech Vid\vid.exe [2009-07-16 5458704]
"ISUSPM"=C:\Documents and Settings\All Users\Data aplikací\FLEXnet\Connect\11\ISUSPM.exe [2009-05-05 222496]
"Advanced SystemCare 6"=C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [2012-09-24 490880]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-11-06 3673728]
"Hobbyist Software VLC Streamer"=C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe [2013-10-23 1608008]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-02-10 20922016]
"Odics"=C:\Documents and Settings\Lenka Bürgerová\Local Settings\Data aplikací\Odics\tmp4.exe [2014-08-29 208896]
"Obics"=regsvr32.exe C:\Documents and Settings\Lenka Bürgerová\Local Settings\Data aplikací\Obics\jhhlamhwpy.dll []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Documents and Settings\Lenka Bürgerová\Nabídka Start\Programy\Po spuštění
Landi 11.lnk - C:\Program Files\landi 11\Landi11.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-12-12 217088]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"Run"="C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Microsoft\Windows\IEUpdate\igfxcfg.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe"="C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe:*:Enabled:VLC Streamer"
"C:\Program Files\Hobbyist Software\VLC Streamer\mdnsresponder.exe"="C:\Program Files\Hobbyist Software\VLC Streamer\mdnsresponder.exe:*:Enabled:VLC Streamer Bonjour Service"
"C:\Program Files\Farming Simulator 2013\FarmingSimulator2013.exe"="C:\Program Files\Farming Simulator 2013\FarmingSimulator2013.exe:*:Enabled:Farming Simulator 2013"
"C:\Program Files\Farming Simulator 2013\FarmingSimulator2013Game.exe"="C:\Program Files\Farming Simulator 2013\FarmingSimulator2013Game.exe:*:Enabled:Farming Simulator 2013"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Logitech\Logitech Vid\Vid.exe"="C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Expolrer"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Windows host process (Rundll32)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=lvcodec2.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.YV12"=xvidvfw.dll
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"vidc.tscc"=tsccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=LameACM.acm
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.x264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=DivXa32.acm
======List of files/folders created in the last 1 month======
2014-08-29 23:26:31 ----D---- C:\rsit
2014-08-29 23:26:31 ----D---- C:\Program Files\trend micro
2014-08-29 23:18:46 ----D---- C:\d28036e2e7cc3407464e86
======List of files/folders modified in the last 1 month======
2014-08-29 23:26:31 ----RD---- C:\Program Files
2014-08-29 23:18:47 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2014-08-29 23:14:22 ----SD---- C:\WINDOWS\Tasks
2014-08-29 23:08:09 ----D---- C:\WINDOWS\Temp
2014-08-29 23:06:53 ----D---- C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Skype
2014-08-29 23:05:10 ----D---- C:\WINDOWS\system32\CatRoot2
2014-08-29 23:05:05 ----AD---- C:\WINDOWS
2014-08-29 23:04:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-08-29 23:04:11 ----D---- C:\WINDOWS\Debug
2014-08-29 23:03:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Landi11-original
2014-08-29 22:40:38 ----A---- C:\WINDOWS\NeroDigital.ini
2014-08-29 22:40:35 ----D---- C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Media Player Classic
2014-08-29 22:40:16 ----D---- C:\WINDOWS\Prefetch
2014-08-25 19:53:33 ----SHD---- C:\WINDOWS\Installer
2014-08-24 21:09:50 ----D---- C:\unzipped
2014-08-20 08:57:24 ----D---- C:\WINDOWS\system32\config
2014-08-19 23:07:09 ----D---- C:\WINDOWS\system32\MRT
2014-08-19 23:07:09 ----D---- C:\WINDOWS\system32
2014-08-19 23:03:23 ----A---- C:\WINDOWS\system32\MRT.exe
2014-08-19 17:09:09 ----HD---- C:\Config.Msi
2014-07-31 09:09:40 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-07-30 14:39:36 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-02-16 44928]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2013-12-07 466008]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-10-23 99904]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-01-08 242240]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-12-12 6048768]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-06-19 6141584]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-02-10 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S3 ajbm4suw;ajbm4suw; C:\WINDOWS\system32\drivers\ajbm4suw.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-12 41888]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-02-10 10707360]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2009-05-01 495768]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-07-12 182184]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-02-08 75064]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 BrYNSvc;BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-10-01 553288]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-11-22 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-07-30 119408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Předem děkuji.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Počítač hlásí hrozbu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Počítač hlásí hrozbu
Zdravim 
Odinstalujte Advanced SystemCare a pripadne vse od IObit. Dokaze to nadelat vic skody nez uzitku.
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Odinstalujte Advanced SystemCare a pripadne vse od IObit. Dokaze to nadelat vic skody nez uzitku. Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Počítač hlásí hrozbu
Udělala jsem, zde je log:
# AdwCleaner v3.308 - Report created 30/08/2014 at 00:00:23
# Updated 20/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Lenka Bürgerová - BURGEROVI
# Running from : C:\Documents and Settings\Lenka Bürgerová\Plocha\adwcleaner_3.308.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Alawar Stargaze
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
Folder Deleted : C:\Program Files\AskTBar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Dokumenty\AlawarWrapper
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Local Settings\Data aplikací\apn
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Local Settings\Data aplikací\AlawarWrapper
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\OpenCandy
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Systweak
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\YourFileDownloader
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\ICQToolbarData
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\Smartbar
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\ValueApps
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\CT1750559
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\BrowserMngr_extensions.sqlite
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\browsermngr_prefs.js
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskHPRFF.js
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\BabylonMngr.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\bingp.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-10.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-11.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-5.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-6.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-7.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-8.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-9.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\user.js
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\AskTBar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\TENCENT
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
-\\ Mozilla Firefox v31.0 (x86 cs)
[ File : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\prefs.js ]
Line Deleted : user_pref("CT1750559..clientLogIsEnabled", false);
Line Deleted : user_pref("CT1750559..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT1750559..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT1750559.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT1750559.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM Dance\",\"description\":\"1.FM Dance\",\"url\":\"mms://dance.1.fm/energydance128k?MSWMExt=.asf\"}");
Line Deleted : user_pref("CT1750559.1000234.TWC_locId", "POXX0003");
Line Deleted : user_pref("CT1750559.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT1750559.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_129495727276863004", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_129502713039250930", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_129544988592463877", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_129634080503807015", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_130040878929610729", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_130052166684768527", true);
Line Deleted : user_pref("CT1750559.CT1750559.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT1750559&octid=CT1750559&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_I[...]
Line Deleted : user_pref("CT1750559.CTID", "CT1750559");
Line Deleted : user_pref("CT1750559.ConfigurationLastCheckTime", "Tue Nov 05 2013 22:45:58 GMT+0100");
Line Deleted : user_pref("CT1750559.CurrentServerDate", "6-11-2013");
Line Deleted : user_pref("CT1750559.DSChangedManually", false);
Line Deleted : user_pref("CT1750559.DSInstall", true);
Line Deleted : user_pref("CT1750559.DSProtectChoice", true);
Line Deleted : user_pref("CT1750559.DSProtectCount", 3);
Line Deleted : user_pref("CT1750559.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1750559.DialogsGetterLastCheckTime", "Sun Nov 03 2013 20:41:58 GMT+0100");
Line Deleted : user_pref("CT1750559.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT1750559.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.FirstServerDate", "24-4-2012");
Line Deleted : user_pref("CT1750559.FirstTime", "true");
Line Deleted : user_pref("CT1750559.FirstTimeFF3", "true");
Line Deleted : user_pref("CT1750559.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT1750559.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT1750559.HPChangedManually", true);
Line Deleted : user_pref("CT1750559.HPInstall", true);
Line Deleted : user_pref("CT1750559.HPProtectChoice", true);
Line Deleted : user_pref("CT1750559.HPProtectCount", 3);
Line Deleted : user_pref("CT1750559.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT1750559.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT1750559.HomepageBeforeUnload", "hxxp://www.seznam.cz/");
Line Deleted : user_pref("CT1750559.Initialize", true);
Line Deleted : user_pref("CT1750559.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT1750559.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT1750559.InstallationId", "CT1750559_bs_player.exe");
Line Deleted : user_pref("CT1750559.InstallationType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT1750559.InstalledDate", "Tue Apr 24 2012 21:37:42 GMT+0200");
Line Deleted : user_pref("CT1750559.InvalidateCache", false);
Line Deleted : user_pref("CT1750559.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT1750559.IsGrouping", false);
Line Deleted : user_pref("CT1750559.IsInitSetupIni", true);
Line Deleted : user_pref("CT1750559.IsMulticommunity", false);
Line Deleted : user_pref("CT1750559.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT1750559.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT1750559.IsProtectorsInit", true);
Line Deleted : user_pref("CT1750559.LanguagePackLastCheckTime", "Tue Nov 05 2013 22:45:58 GMT+0100");
Line Deleted : user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT1750559.LastLogin_3.12.2.3", "Wed May 30 2012 19:29:29 GMT+0200");
Line Deleted : user_pref("CT1750559.LastLogin_3.13.0.6", "Sun Jul 15 2012 15:28:04 GMT+0200");
Line Deleted : user_pref("CT1750559.LastLogin_3.14.1.0", "Tue Aug 21 2012 12:55:54 GMT+0200");
Line Deleted : user_pref("CT1750559.LastLogin_3.15.1.0", "Wed Nov 07 2012 16:29:32 GMT+0100");
Line Deleted : user_pref("CT1750559.LastLogin_3.16.0.100", "Sun Feb 10 2013 14:14:40 GMT+0100");
Line Deleted : user_pref("CT1750559.LastLogin_3.16.0.3", "Mon Dec 31 2012 11:09:00 GMT+0100");
Line Deleted : user_pref("CT1750559.LastLogin_3.18.0.7", "Mon Jul 15 2013 19:35:53 GMT+0200");
Line Deleted : user_pref("CT1750559.LastLogin_3.19.0.3", "Sun Sep 08 2013 10:55:55 GMT+0200");
Line Deleted : user_pref("CT1750559.LastLogin_3.20.0.4", "Tue Nov 05 2013 22:45:58 GMT+0100");
Line Deleted : user_pref("CT1750559.LastLogin_3.8.1.0", "Tue Apr 24 2012 21:37:46 GMT+0200");
Line Deleted : user_pref("CT1750559.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT1750559.Locale", "en-us");
Line Deleted : user_pref("CT1750559.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT1750559.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT1750559.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT1750559.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT1750559.OriginalFirstVersion", "3.8.1.0");
Line Deleted : user_pref("CT1750559.RadioIsPodcast", false);
Line Deleted : user_pref("CT1750559.RadioLastCheckTime", "Thu Jul 18 2013 13:18:26 GMT+0200");
Line Deleted : user_pref("CT1750559.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT1750559.RadioMediaID", "11237206");
Line Deleted : user_pref("CT1750559.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
Line Deleted : user_pref("CT1750559.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
Line Deleted : user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
Line Deleted : user_pref("CT1750559.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT1750559.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT1750559.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT1750559.SavedHomepage", "www.seznam.cz");
Line Deleted : user_pref("CT1750559.SearchAPILastCheckTime", "Tue Nov 05 2013 22:45:59 GMT+0100");
Line Deleted : user_pref("CT1750559.SearchCaption", "BS Player Customized Web Search");
Line Deleted : user_pref("CT1750559.SearchEngineBeforeUnload", "BS Player Customized Web Search");
Line Deleted : user_pref("CT1750559.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=");
Line Deleted : user_pref("CT1750559.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT1750559.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.SearchInNewTabLastCheckTime", "Sat Sep 07 2013 13:17:02 GMT+0200");
Line Deleted : user_pref("CT1750559.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT1750559.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT1750559&octid=CT1750559&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
Line Deleted : user_pref("CT1750559.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1750559.SearchProtectorEnabled", true);
Line Deleted : user_pref("CT1750559.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT1750559.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT1750559.ServiceMapLastCheckTime", "Tue Nov 05 2013 22:46:00 GMT+0100");
Line Deleted : user_pref("CT1750559.SettingsLastCheckTime", "Tue Nov 05 2013 22:45:57 GMT+0100");
Line Deleted : user_pref("CT1750559.SettingsLastUpdate", "1383669784");
Line Deleted : user_pref("CT1750559.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Wed Oct 30 2013 16:25:08 GMT+0100");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT1750559.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT1750559.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT1750559.UserID", "UN75253933569178855");
Line Deleted : user_pref("CT1750559.ValidationData_Search", 1);
Line Deleted : user_pref("CT1750559.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT1750559.WeatherNetwork", "");
Line Deleted : user_pref("CT1750559.WeatherPollDate", "Thu Jul 18 2013 14:48:27 GMT+0200");
Line Deleted : user_pref("CT1750559.WeatherUnit", "C");
Line Deleted : user_pref("CT1750559.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT1750559.alertChannelId", "31130");
Line Deleted : user_pref("CT1750559.amazonnew_all.from_oldbar.enc", "MjUxMTkxMSwyNTAyODQxLDI1MDc3OTEsMjUwNzMxMSwyNDk4NDcxLDI0ODc3NDEsMjUwNTY0MSwyNTA1NTkxLDE5OTMzMSwxOTkzMjEsMjQ5NjcwMSwxOTg1MzEsMjUwMzAxMSwyNDk4NTkxLD[...]
Line Deleted : user_pref("CT1750559.appButtonDisablenull.enc", "MA==");
Line Deleted : user_pref("CT1750559.appbuttondisablenull.from_oldbar.enc", "MA==");
Line Deleted : user_pref("CT1750559.approveUntrustedApps", false);
Line Deleted : user_pref("CT1750559.autoDisableScopes", -1);
Line Deleted : user_pref("CT1750559.backendstorage.amazonnew_all", "323531313931312C323530323834312C323530373739312C323530373331312C323439383437312C323438373734312C323530353634312C323530353539312C3139393333312C31393[...]
Line Deleted : user_pref("CT1750559.backendstorage.appbuttondisablenull", "30");
Line Deleted : user_pref("CT1750559.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Line Deleted : user_pref("CT1750559.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365");
Line Deleted : user_pref("CT1750559.components.1000082", false);
Line Deleted : user_pref("CT1750559.components.1000234", false);
Line Deleted : user_pref("CT1750559.components.128798613156656718", false);
Line Deleted : user_pref("CT1750559.components.128798615652125058", false);
Line Deleted : user_pref("CT1750559.components.129242840850880190", false);
Line Deleted : user_pref("CT1750559.components.129502713039250930", false);
Line Deleted : user_pref("CT1750559.components.129544988592463877", false);
Line Deleted : user_pref("CT1750559.components.129646277731078772", false);
Line Deleted : user_pref("CT1750559.components.129743941110100179", false);
Line Deleted : user_pref("CT1750559.components.129775757887299804", false);
Line Deleted : user_pref("CT1750559.components.129845764437835640", false);
Line Deleted : user_pref("CT1750559.components.130022038127130206", false);
Line Deleted : user_pref("CT1750559.countryCode", "CZ");
Line Deleted : user_pref("CT1750559.firstTimeDialogOpened", true);
Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT1750559.fullUserID", "UN75253933569178855.UP.202406082958");
Line Deleted : user_pref("CT1750559.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT1750559.globalFirstTimeInfoLastCheckTime", "Sun Nov 03 2013 15:53:52 GMT+0100");
Line Deleted : user_pref("CT1750559.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT1750559.homepageuserchanged", true);
Line Deleted : user_pref("CT1750559.initDone", true);
Line Deleted : user_pref("CT1750559.installId", "CT1750559_bs_player.exe");
Line Deleted : user_pref("CT1750559.installType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT1750559.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT1750559.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT1750559.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":true}");
Line Deleted : user_pref("CT1750559.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT1750559.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT1750559.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT1750559.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.keyword", true);
Line Deleted : user_pref("CT1750559.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://www.trovigo.com/?gd=&ctid=CT1750559&oct ... &Lay=1&UM=[...]
Line Deleted : user_pref("CT1750559.lastVersion", "10.33.0.517");
Line Deleted : user_pref("CT1750559.myStuffEnabled", "");
Line Deleted : user_pref("CT1750559.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT1750559.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT1750559.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://BSPlayerControlBar.OurToolbar.com/\",\[...]
Line Deleted : user_pref("CT1750559.originalHomepage", "www.seznam.cz");
Line Deleted : user_pref("CT1750559.originalSearchAddressUrl", "hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=");
Line Deleted : user_pref("CT1750559.originalSearchEngine", "Ask.com");
Line Deleted : user_pref("CT1750559.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT1750559.revertSettingsEnabled", true);
Line Deleted : user_pref("CT1750559.search.searchAppId", "128520273115419467");
Line Deleted : user_pref("CT1750559.search.searchCount", 1);
Line Deleted : user_pref("CT1750559.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT1750559.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT1750559.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT1750559.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1750559\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BSPlayerControlBar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BS Player ControlBar \"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_services_Configuration_lastUpdate", "1409315203146");
Line Deleted : user_pref("CT1750559.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1398618187463");
Line Deleted : user_pref("CT1750559.serviceLayer_services_appsMetadata_lastUpdate", "1399152192646");
Line Deleted : user_pref("CT1750559.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1398510693964");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.20.101.5_lastUpdate", "1383767864160");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.22.2.530_lastUpdate", "1384448641875");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.22.3.518_lastUpdate", "1384943521895");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386705259313");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.23.0.822_lastUpdate", "1396505912161");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399226276600");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.30.1.502_lastUpdate", "1400774785510");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.31.0.526_lastUpdate", "1401458902513");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.31.2.501_lastUpdate", "1404384753367");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.33.0.505_lastUpdate", "1408612463780");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.33.0.517_lastUpdate", "1409337635856");
Line Deleted : user_pref("CT1750559.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1398510693895");
Line Deleted : user_pref("CT1750559.serviceLayer_services_searchAPI_lastUpdate", "1409315203066");
Line Deleted : user_pref("CT1750559.serviceLayer_services_serviceMap_lastUpdate", "1409315202963");
Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarContextMenu_lastUpdate", "1399152192226");
Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarSettings_lastUpdate", "1409346655507");
Line Deleted : user_pref("CT1750559.serviceLayer_services_translation_lastUpdate", "1409315202861");
Line Deleted : user_pref("CT1750559.settingsINI", true);
Line Deleted : user_pref("CT1750559.showToolbarPermission", "false");
Line Deleted : user_pref("CT1750559.smartbar.CTID", "CT1750559");
Line Deleted : user_pref("CT1750559.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT1750559.smartbar.toolbarName", "BS Player ControlBar ");
Line Deleted : user_pref("CT1750559.testingCtid", "");
Line Deleted : user_pref("CT1750559.toolbarAppMetaDataLastCheckTime", "Tue Nov 05 2013 22:46:00 GMT+0100");
Line Deleted : user_pref("CT1750559.toolbarBornServerTime", "24-4-2012");
Line Deleted : user_pref("CT1750559.toolbarContextMenuLastCheckTime", "Tue Nov 05 2013 09:06:10 GMT+0100");
Line Deleted : user_pref("CT1750559.toolbarCurrentServerTime", "29-8-2014");
Line Deleted : user_pref("CT1750559.toolbarLoginClientTime", "Wed Nov 06 2013 08:30:05 GMT+0100");
Line Deleted : user_pref("CT1750559.upgradeFromOBVersion", true);
Line Deleted : user_pref("CT1750559.usagesFlag", 2);
Line Deleted : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1409349575746,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "BS Player Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1750559/CT1750559", "\"de53140a90051d4adaa9d44bc31ac01c3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/31130/30609/CZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1750559", "\"1357730213\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "m4Df43NZ+9lr21ZNdyYrjA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us&ctid=CT1750559", "b5I8zzzMgsg0XG/fawLlFw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "B8Px/Te74hi98N2hb9yOAQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us&ctid=CT1750559", "9uXRY86McHhmOreOHsv6MA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "bM8wQLfFAEKgVLVF/G5zig==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us&ctid=CT1750559", "I1tfz7EBg4DmNytL9x55lQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "9zRvKErdMb8hJOq85ft5Vg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT1750559", "ZI41WLbm1fFgx4gn0bs99Q==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"380ff24abc2ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:16c0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"9f8d2729abc2ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1750559", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"4c59694db07968559aa2856f6529e30e\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Lenka Bürgerová\\Data aplikací\\Mozilla\\Firefox\\Profiles\\vk00x3m2.default\\conduitCommon\\modules\\3.20.0.4");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.20.0.4");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "1af82f2c-d2ed-40c8-a9aa-954a733f704b");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Nov 05 2013 22:45:58 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Nov 05 2013 22:46:06 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Nov 05 2013 22:45:58 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "36e39037-006d-4170-8f34-68d1d37848b3");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "www.seznam.cz");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "BS Player Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}&CUI=UN75253933569178855");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=");
Line Deleted : user_pref("Smartbar.TBSearchEngineList", "BS Player Customized Web Search");
Line Deleted : user_pref("Smartbar.TBSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}&CUI=UN75253933569178855");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110189&tt=040912_mnt_3612_8&babsrc=NT_ss&mntrId=f4f034f9000000000000001a4d9535a5");
Line Deleted : user_pref("browser.search.defaultenginename", "BS Player Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "BS Player Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Deleted : user_pref("browser.search.selectedEngine", "BS Player Customized Web Search");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "f4f034f9000000000000001a4d9535a5");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15569");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=bandext_3312_3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_3&babsrc=NT_ss&mntrId=f4f034f9000000000000001a4d9535a5");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.622:45:15");
Line Deleted : user_pref("extensions.enabledItems", "toolbar@ask.com:3.11.3.15590,{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5,Cetrumcz@igeared:1.203.023.002,{972ce4[...]
Line Deleted : user_pref("extensions.eseeky.srchPrvdr", "Search The Web (eseeky)");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.defSearchChange", true);
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1327565745);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Deleted : user_pref("icqtoolbar.history", "recorder||Na%20V%C3%BD%C5%A1i%20601%2C%20Bor%C5%A1ov%20nad%20Vltavou-Po%C5%99%C3%AD%C4%8D%C3%AD||internet%20explorer||prezili%20jsme%20zkazu%20titaniku||erotick%C3%A1%[...]
Line Deleted : user_pref("icqtoolbar.hpChange", true);
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1325690714");
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "9.0.1");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "130661198913066121091306697821849");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1327837809);
Line Deleted : user_pref("icqtoolbar.userEngineApproved", true);
Line Deleted : user_pref("icqtoolbar.userHpApproved", true);
Line Deleted : user_pref("icqtoolbar.version", "1.4.3");
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Deleted : user_pref("keyword.URL", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN75253933569178855&UM=&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CU[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
Line Deleted : user_pref("smartbar.machineId", "FMHYS0VR2RESONXFO/ZPZDCMA95UJRR7MFY3FNCNK9KOZZN+5YJ0CCCF8WIVYHEMG7QVZRUKYON5KYKMTNSYJA");
Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN752[...]
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_userBornDate.storedInFile", false);
-\\ Google Chrome v36.0.1985.143
[ File : C:\Documents and Settings\Lenka Bürgerová\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ff&src=crm&tb=PTV&o=15184&locale=en_US&apn_uid=3098D597-BC5F-4C55-B62E-7B0E4550B7AD&apn_ptnrs=RY&apn_sauid=F466AD85-608E-45C5-A813-C3352AB5EFE9&apn_dtid=&q={searchTerms}&
Deleted [Search Provider] : hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=icq-fx-plug&q={searchTerms}&ch_id=icq-fx-plug
Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_3&babsrc=SP_ss&mntrId=f4f034f9000000000000001a4d9535a5
*************************
AdwCleaner[R0].txt - [45798 octets] - [29/08/2014 23:57:56]
AdwCleaner[S0].txt - [46500 octets] - [30/08/2014 00:00:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [46561 octets] ##########
# AdwCleaner v3.308 - Report created 30/08/2014 at 00:00:23
# Updated 20/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Lenka Bürgerová - BURGEROVI
# Running from : C:\Documents and Settings\Lenka Bürgerová\Plocha\adwcleaner_3.308.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Alawar Stargaze
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
Folder Deleted : C:\Program Files\AskTBar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Dokumenty\AlawarWrapper
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Local Settings\Data aplikací\apn
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Local Settings\Data aplikací\AlawarWrapper
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\OpenCandy
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Systweak
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\YourFileDownloader
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\ICQToolbarData
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\Smartbar
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\ValueApps
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\CT1750559
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Folder Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\BrowserMngr_extensions.sqlite
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\browsermngr_prefs.js
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskHPRFF.js
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\BabylonMngr.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\bingp.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-10.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-11.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-5.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-6.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-7.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-8.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\searchplugins\icqplugin-9.xml
File Deleted : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\user.js
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\AskTBar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\TENCENT
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
-\\ Mozilla Firefox v31.0 (x86 cs)
[ File : C:\Documents and Settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\prefs.js ]
Line Deleted : user_pref("CT1750559..clientLogIsEnabled", false);
Line Deleted : user_pref("CT1750559..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT1750559..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT1750559.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT1750559.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM Dance\",\"description\":\"1.FM Dance\",\"url\":\"mms://dance.1.fm/energydance128k?MSWMExt=.asf\"}");
Line Deleted : user_pref("CT1750559.1000234.TWC_locId", "POXX0003");
Line Deleted : user_pref("CT1750559.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT1750559.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_129495727276863004", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_129502713039250930", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_129544988592463877", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_129634080503807015", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_130040878929610729", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_130052166684768527", true);
Line Deleted : user_pref("CT1750559.CT1750559.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT1750559&octid=CT1750559&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_I[...]
Line Deleted : user_pref("CT1750559.CTID", "CT1750559");
Line Deleted : user_pref("CT1750559.ConfigurationLastCheckTime", "Tue Nov 05 2013 22:45:58 GMT+0100");
Line Deleted : user_pref("CT1750559.CurrentServerDate", "6-11-2013");
Line Deleted : user_pref("CT1750559.DSChangedManually", false);
Line Deleted : user_pref("CT1750559.DSInstall", true);
Line Deleted : user_pref("CT1750559.DSProtectChoice", true);
Line Deleted : user_pref("CT1750559.DSProtectCount", 3);
Line Deleted : user_pref("CT1750559.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1750559.DialogsGetterLastCheckTime", "Sun Nov 03 2013 20:41:58 GMT+0100");
Line Deleted : user_pref("CT1750559.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT1750559.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.FirstServerDate", "24-4-2012");
Line Deleted : user_pref("CT1750559.FirstTime", "true");
Line Deleted : user_pref("CT1750559.FirstTimeFF3", "true");
Line Deleted : user_pref("CT1750559.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT1750559.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT1750559.HPChangedManually", true);
Line Deleted : user_pref("CT1750559.HPInstall", true);
Line Deleted : user_pref("CT1750559.HPProtectChoice", true);
Line Deleted : user_pref("CT1750559.HPProtectCount", 3);
Line Deleted : user_pref("CT1750559.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT1750559.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT1750559.HomepageBeforeUnload", "hxxp://www.seznam.cz/");
Line Deleted : user_pref("CT1750559.Initialize", true);
Line Deleted : user_pref("CT1750559.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT1750559.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT1750559.InstallationId", "CT1750559_bs_player.exe");
Line Deleted : user_pref("CT1750559.InstallationType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT1750559.InstalledDate", "Tue Apr 24 2012 21:37:42 GMT+0200");
Line Deleted : user_pref("CT1750559.InvalidateCache", false);
Line Deleted : user_pref("CT1750559.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT1750559.IsGrouping", false);
Line Deleted : user_pref("CT1750559.IsInitSetupIni", true);
Line Deleted : user_pref("CT1750559.IsMulticommunity", false);
Line Deleted : user_pref("CT1750559.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT1750559.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT1750559.IsProtectorsInit", true);
Line Deleted : user_pref("CT1750559.LanguagePackLastCheckTime", "Tue Nov 05 2013 22:45:58 GMT+0100");
Line Deleted : user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT1750559.LastLogin_3.12.2.3", "Wed May 30 2012 19:29:29 GMT+0200");
Line Deleted : user_pref("CT1750559.LastLogin_3.13.0.6", "Sun Jul 15 2012 15:28:04 GMT+0200");
Line Deleted : user_pref("CT1750559.LastLogin_3.14.1.0", "Tue Aug 21 2012 12:55:54 GMT+0200");
Line Deleted : user_pref("CT1750559.LastLogin_3.15.1.0", "Wed Nov 07 2012 16:29:32 GMT+0100");
Line Deleted : user_pref("CT1750559.LastLogin_3.16.0.100", "Sun Feb 10 2013 14:14:40 GMT+0100");
Line Deleted : user_pref("CT1750559.LastLogin_3.16.0.3", "Mon Dec 31 2012 11:09:00 GMT+0100");
Line Deleted : user_pref("CT1750559.LastLogin_3.18.0.7", "Mon Jul 15 2013 19:35:53 GMT+0200");
Line Deleted : user_pref("CT1750559.LastLogin_3.19.0.3", "Sun Sep 08 2013 10:55:55 GMT+0200");
Line Deleted : user_pref("CT1750559.LastLogin_3.20.0.4", "Tue Nov 05 2013 22:45:58 GMT+0100");
Line Deleted : user_pref("CT1750559.LastLogin_3.8.1.0", "Tue Apr 24 2012 21:37:46 GMT+0200");
Line Deleted : user_pref("CT1750559.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT1750559.Locale", "en-us");
Line Deleted : user_pref("CT1750559.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT1750559.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT1750559.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT1750559.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT1750559.OriginalFirstVersion", "3.8.1.0");
Line Deleted : user_pref("CT1750559.RadioIsPodcast", false);
Line Deleted : user_pref("CT1750559.RadioLastCheckTime", "Thu Jul 18 2013 13:18:26 GMT+0200");
Line Deleted : user_pref("CT1750559.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT1750559.RadioMediaID", "11237206");
Line Deleted : user_pref("CT1750559.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
Line Deleted : user_pref("CT1750559.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
Line Deleted : user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
Line Deleted : user_pref("CT1750559.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT1750559.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT1750559.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT1750559.SavedHomepage", "www.seznam.cz");
Line Deleted : user_pref("CT1750559.SearchAPILastCheckTime", "Tue Nov 05 2013 22:45:59 GMT+0100");
Line Deleted : user_pref("CT1750559.SearchCaption", "BS Player Customized Web Search");
Line Deleted : user_pref("CT1750559.SearchEngineBeforeUnload", "BS Player Customized Web Search");
Line Deleted : user_pref("CT1750559.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=");
Line Deleted : user_pref("CT1750559.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT1750559.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.SearchInNewTabLastCheckTime", "Sat Sep 07 2013 13:17:02 GMT+0200");
Line Deleted : user_pref("CT1750559.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT1750559.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT1750559&octid=CT1750559&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
Line Deleted : user_pref("CT1750559.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1750559.SearchProtectorEnabled", true);
Line Deleted : user_pref("CT1750559.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT1750559.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT1750559.ServiceMapLastCheckTime", "Tue Nov 05 2013 22:46:00 GMT+0100");
Line Deleted : user_pref("CT1750559.SettingsLastCheckTime", "Tue Nov 05 2013 22:45:57 GMT+0100");
Line Deleted : user_pref("CT1750559.SettingsLastUpdate", "1383669784");
Line Deleted : user_pref("CT1750559.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Wed Oct 30 2013 16:25:08 GMT+0100");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT1750559.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT1750559.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT1750559.UserID", "UN75253933569178855");
Line Deleted : user_pref("CT1750559.ValidationData_Search", 1);
Line Deleted : user_pref("CT1750559.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT1750559.WeatherNetwork", "");
Line Deleted : user_pref("CT1750559.WeatherPollDate", "Thu Jul 18 2013 14:48:27 GMT+0200");
Line Deleted : user_pref("CT1750559.WeatherUnit", "C");
Line Deleted : user_pref("CT1750559.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT1750559.alertChannelId", "31130");
Line Deleted : user_pref("CT1750559.amazonnew_all.from_oldbar.enc", "MjUxMTkxMSwyNTAyODQxLDI1MDc3OTEsMjUwNzMxMSwyNDk4NDcxLDI0ODc3NDEsMjUwNTY0MSwyNTA1NTkxLDE5OTMzMSwxOTkzMjEsMjQ5NjcwMSwxOTg1MzEsMjUwMzAxMSwyNDk4NTkxLD[...]
Line Deleted : user_pref("CT1750559.appButtonDisablenull.enc", "MA==");
Line Deleted : user_pref("CT1750559.appbuttondisablenull.from_oldbar.enc", "MA==");
Line Deleted : user_pref("CT1750559.approveUntrustedApps", false);
Line Deleted : user_pref("CT1750559.autoDisableScopes", -1);
Line Deleted : user_pref("CT1750559.backendstorage.amazonnew_all", "323531313931312C323530323834312C323530373739312C323530373331312C323439383437312C323438373734312C323530353634312C323530353539312C3139393333312C31393[...]
Line Deleted : user_pref("CT1750559.backendstorage.appbuttondisablenull", "30");
Line Deleted : user_pref("CT1750559.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Line Deleted : user_pref("CT1750559.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365");
Line Deleted : user_pref("CT1750559.components.1000082", false);
Line Deleted : user_pref("CT1750559.components.1000234", false);
Line Deleted : user_pref("CT1750559.components.128798613156656718", false);
Line Deleted : user_pref("CT1750559.components.128798615652125058", false);
Line Deleted : user_pref("CT1750559.components.129242840850880190", false);
Line Deleted : user_pref("CT1750559.components.129502713039250930", false);
Line Deleted : user_pref("CT1750559.components.129544988592463877", false);
Line Deleted : user_pref("CT1750559.components.129646277731078772", false);
Line Deleted : user_pref("CT1750559.components.129743941110100179", false);
Line Deleted : user_pref("CT1750559.components.129775757887299804", false);
Line Deleted : user_pref("CT1750559.components.129845764437835640", false);
Line Deleted : user_pref("CT1750559.components.130022038127130206", false);
Line Deleted : user_pref("CT1750559.countryCode", "CZ");
Line Deleted : user_pref("CT1750559.firstTimeDialogOpened", true);
Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT1750559.fullUserID", "UN75253933569178855.UP.202406082958");
Line Deleted : user_pref("CT1750559.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT1750559.globalFirstTimeInfoLastCheckTime", "Sun Nov 03 2013 15:53:52 GMT+0100");
Line Deleted : user_pref("CT1750559.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT1750559.homepageuserchanged", true);
Line Deleted : user_pref("CT1750559.initDone", true);
Line Deleted : user_pref("CT1750559.installId", "CT1750559_bs_player.exe");
Line Deleted : user_pref("CT1750559.installType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT1750559.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT1750559.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT1750559.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":true}");
Line Deleted : user_pref("CT1750559.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT1750559.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT1750559.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT1750559.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.keyword", true);
Line Deleted : user_pref("CT1750559.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://www.trovigo.com/?gd=&ctid=CT1750559&oct ... &Lay=1&UM=[...]
Line Deleted : user_pref("CT1750559.lastVersion", "10.33.0.517");
Line Deleted : user_pref("CT1750559.myStuffEnabled", "");
Line Deleted : user_pref("CT1750559.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT1750559.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT1750559.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://BSPlayerControlBar.OurToolbar.com/\",\[...]
Line Deleted : user_pref("CT1750559.originalHomepage", "www.seznam.cz");
Line Deleted : user_pref("CT1750559.originalSearchAddressUrl", "hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=");
Line Deleted : user_pref("CT1750559.originalSearchEngine", "Ask.com");
Line Deleted : user_pref("CT1750559.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT1750559.revertSettingsEnabled", true);
Line Deleted : user_pref("CT1750559.search.searchAppId", "128520273115419467");
Line Deleted : user_pref("CT1750559.search.searchCount", 1);
Line Deleted : user_pref("CT1750559.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT1750559.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT1750559.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT1750559.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1750559\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BSPlayerControlBar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BS Player ControlBar \"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_services_Configuration_lastUpdate", "1409315203146");
Line Deleted : user_pref("CT1750559.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1398618187463");
Line Deleted : user_pref("CT1750559.serviceLayer_services_appsMetadata_lastUpdate", "1399152192646");
Line Deleted : user_pref("CT1750559.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1398510693964");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.20.101.5_lastUpdate", "1383767864160");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.22.2.530_lastUpdate", "1384448641875");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.22.3.518_lastUpdate", "1384943521895");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386705259313");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.23.0.822_lastUpdate", "1396505912161");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399226276600");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.30.1.502_lastUpdate", "1400774785510");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.31.0.526_lastUpdate", "1401458902513");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.31.2.501_lastUpdate", "1404384753367");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.33.0.505_lastUpdate", "1408612463780");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.33.0.517_lastUpdate", "1409337635856");
Line Deleted : user_pref("CT1750559.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1398510693895");
Line Deleted : user_pref("CT1750559.serviceLayer_services_searchAPI_lastUpdate", "1409315203066");
Line Deleted : user_pref("CT1750559.serviceLayer_services_serviceMap_lastUpdate", "1409315202963");
Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarContextMenu_lastUpdate", "1399152192226");
Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarSettings_lastUpdate", "1409346655507");
Line Deleted : user_pref("CT1750559.serviceLayer_services_translation_lastUpdate", "1409315202861");
Line Deleted : user_pref("CT1750559.settingsINI", true);
Line Deleted : user_pref("CT1750559.showToolbarPermission", "false");
Line Deleted : user_pref("CT1750559.smartbar.CTID", "CT1750559");
Line Deleted : user_pref("CT1750559.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT1750559.smartbar.toolbarName", "BS Player ControlBar ");
Line Deleted : user_pref("CT1750559.testingCtid", "");
Line Deleted : user_pref("CT1750559.toolbarAppMetaDataLastCheckTime", "Tue Nov 05 2013 22:46:00 GMT+0100");
Line Deleted : user_pref("CT1750559.toolbarBornServerTime", "24-4-2012");
Line Deleted : user_pref("CT1750559.toolbarContextMenuLastCheckTime", "Tue Nov 05 2013 09:06:10 GMT+0100");
Line Deleted : user_pref("CT1750559.toolbarCurrentServerTime", "29-8-2014");
Line Deleted : user_pref("CT1750559.toolbarLoginClientTime", "Wed Nov 06 2013 08:30:05 GMT+0100");
Line Deleted : user_pref("CT1750559.upgradeFromOBVersion", true);
Line Deleted : user_pref("CT1750559.usagesFlag", 2);
Line Deleted : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1409349575746,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "BS Player Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1750559/CT1750559", "\"de53140a90051d4adaa9d44bc31ac01c3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/31130/30609/CZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1750559", "\"1357730213\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "m4Df43NZ+9lr21ZNdyYrjA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us&ctid=CT1750559", "b5I8zzzMgsg0XG/fawLlFw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "B8Px/Te74hi98N2hb9yOAQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us&ctid=CT1750559", "9uXRY86McHhmOreOHsv6MA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "bM8wQLfFAEKgVLVF/G5zig==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us&ctid=CT1750559", "I1tfz7EBg4DmNytL9x55lQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "9zRvKErdMb8hJOq85ft5Vg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT1750559", "ZI41WLbm1fFgx4gn0bs99Q==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"380ff24abc2ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:16c0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"9f8d2729abc2ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1750559", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"4c59694db07968559aa2856f6529e30e\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Lenka Bürgerová\\Data aplikací\\Mozilla\\Firefox\\Profiles\\vk00x3m2.default\\conduitCommon\\modules\\3.20.0.4");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.20.0.4");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "1af82f2c-d2ed-40c8-a9aa-954a733f704b");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Nov 05 2013 22:45:58 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Nov 05 2013 22:46:06 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Nov 05 2013 22:45:58 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "36e39037-006d-4170-8f34-68d1d37848b3");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "www.seznam.cz");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "BS Player Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}&CUI=UN75253933569178855");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=");
Line Deleted : user_pref("Smartbar.TBSearchEngineList", "BS Player Customized Web Search");
Line Deleted : user_pref("Smartbar.TBSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}&CUI=UN75253933569178855");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110189&tt=040912_mnt_3612_8&babsrc=NT_ss&mntrId=f4f034f9000000000000001a4d9535a5");
Line Deleted : user_pref("browser.search.defaultenginename", "BS Player Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "BS Player Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Deleted : user_pref("browser.search.selectedEngine", "BS Player Customized Web Search");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "f4f034f9000000000000001a4d9535a5");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15569");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=bandext_3312_3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_3&babsrc=NT_ss&mntrId=f4f034f9000000000000001a4d9535a5");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.622:45:15");
Line Deleted : user_pref("extensions.enabledItems", "toolbar@ask.com:3.11.3.15590,{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5,Cetrumcz@igeared:1.203.023.002,{972ce4[...]
Line Deleted : user_pref("extensions.eseeky.srchPrvdr", "Search The Web (eseeky)");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.defSearchChange", true);
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1327565745);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Deleted : user_pref("icqtoolbar.history", "recorder||Na%20V%C3%BD%C5%A1i%20601%2C%20Bor%C5%A1ov%20nad%20Vltavou-Po%C5%99%C3%AD%C4%8D%C3%AD||internet%20explorer||prezili%20jsme%20zkazu%20titaniku||erotick%C3%A1%[...]
Line Deleted : user_pref("icqtoolbar.hpChange", true);
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1325690714");
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "9.0.1");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "130661198913066121091306697821849");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1327837809);
Line Deleted : user_pref("icqtoolbar.userEngineApproved", true);
Line Deleted : user_pref("icqtoolbar.userHpApproved", true);
Line Deleted : user_pref("icqtoolbar.version", "1.4.3");
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Deleted : user_pref("keyword.URL", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN75253933569178855&UM=&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CU[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");
Line Deleted : user_pref("smartbar.machineId", "FMHYS0VR2RESONXFO/ZPZDCMA95UJRR7MFY3FNCNK9KOZZN+5YJ0CCCF8WIVYHEMG7QVZRUKYON5KYKMTNSYJA");
Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN752[...]
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_userBornDate.storedInFile", false);
-\\ Google Chrome v36.0.1985.143
[ File : C:\Documents and Settings\Lenka Bürgerová\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ff&src=crm&tb=PTV&o=15184&locale=en_US&apn_uid=3098D597-BC5F-4C55-B62E-7B0E4550B7AD&apn_ptnrs=RY&apn_sauid=F466AD85-608E-45C5-A813-C3352AB5EFE9&apn_dtid=&q={searchTerms}&
Deleted [Search Provider] : hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=icq-fx-plug&q={searchTerms}&ch_id=icq-fx-plug
Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_3&babsrc=SP_ss&mntrId=f4f034f9000000000000001a4d9535a5
*************************
AdwCleaner[R0].txt - [45798 octets] - [29/08/2014 23:57:56]
AdwCleaner[S0].txt - [46500 octets] - [30/08/2014 00:00:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [46561 octets] ##########
Re: Počítač hlásí hrozbu
Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ (musite stahnout verzi 1.75, odmitnout upgrade a aktualizovat jen virovou databazi) a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Počítač hlásí hrozbu
Program mi jde nainstalovat a otevřít jen pokud neudělám aktualizaci, jinak mě to nepustí. Nevím, co s tím, do návodu jsem mrkla, ale obrázky tam nejsou. Přesto mám pocit, že jinou možnost jsem neměla, než jak jsem to dělala.
Re: Počítač hlásí hrozbu
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Počítač hlásí hrozbu
Já se obávám, že neumím zjistit, co mám za antivir, mívali jsme Avast, ale manžel to dal do servisu a tam ho zrušili a dali prý něco jiného a nevím co. Dole v panelu je akorát Microsoft Security Essentials, jinak mě nenapadá, co vypnout, ale toto mi zase vypnout nejde.
Re: Počítač hlásí hrozbu
Mate Microsoft Security Essentials.
Pokud ho nebudete umet vypnout, nechte ho tak, ten vetsinou problemy nedela. CF asi zahlasi, ze je AV zapnuty, tak hlasku jen odkliknete a pokracujte dale.
Pokud ho nebudete umet vypnout, nechte ho tak, ten vetsinou problemy nedela. CF asi zahlasi, ze je AV zapnuty, tak hlasku jen odkliknete a pokracujte dale.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Počítač hlásí hrozbu
Antivir nevím, kde bych měla vypnout, nešlo mi to, projela jsem CF počítač, na konci se mě zeptal, jestli má brána firewall odblokovat tento program, tak jsem odsouhlasila, nevím, jestli správně, nyní po restartu mi v rohu Microsoft security e. zahlásil 2 deaktivované hrozby. Zde ja log z CF:
ComboFix 14-08-29.03 - Lenka Bürgerová 30.08.2014 13:53:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1079 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lenka BŘrgerovß\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\rsa64.dll
c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\temp\tmp4.exe
c:\windows\iun6002.exe
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\system32\SETAF.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-28 do 2014-08-30 )))))))))))))))))))))))))))))))
.
.
2014-08-30 12:09 . 2014-08-30 12:09 1483776 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\rsa64.dll
2014-08-30 12:09 . 2014-08-30 12:09 62576 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{972D3EFE-7ED8-4702-B795-E30D0AC2F550}\offreg.dll
2014-08-30 12:08 . 2014-08-30 12:08 39464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{972D3EFE-7ED8-4702-B795-E30D0AC2F550}\MpKsl9e72c2a9.sys
2014-08-30 07:17 . 2014-08-30 08:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-08-29 21:58 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-29 21:57 . 2014-08-29 22:13 -------- d-----w- C:\AdwCleaner
2014-08-29 21:26 . 2014-08-29 21:26 -------- d-----w- C:\rsit
2014-08-29 21:26 . 2014-08-29 21:26 -------- d-----w- c:\program files\trend micro
2014-08-29 20:51 . 2014-08-21 02:44 8581864 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{972D3EFE-7ED8-4702-B795-E30D0AC2F550}\mpengine.dll
2014-08-29 20:47 . 2014-08-29 20:47 -------- d-----w- c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Obics
2014-08-29 20:47 . 2014-08-29 20:47 -------- d-----w- c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Odics
2014-08-28 10:15 . 2014-08-21 02:44 8581864 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 10:31 . 2012-04-10 05:40 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 10:31 . 2011-05-13 06:26 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1CryptoProviderIcons]
@="{24808826-C2BF-4269-B3BA-89D1D5F431A4}"
[HKEY_CLASSES_ROOT\CLSID\{24808826-C2BF-4269-B3BA-89D1D5F431A4}]
2014-08-29 20:40 1743872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\CryptoProvider.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"ISUSPM"="c:\documents and settings\All Users\Data aplikací\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Hobbyist Software VLC Streamer"="c:\program files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" [2013-10-23 1608008]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
"Odics"="c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Odics\tmp4.exe" [2014-08-29 208896]
"Obics"="c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Obics\jhhlamhwpy.dll" [2014-08-29 802816]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-12 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-12 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-12 143360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-01 152392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Lenka Bürgerová\Nabídka Start\Programy\Po spuštění\
Landi 11.lnk - c:\program files\landi 11\Landi11.exe -tray [2010-10-27 2691072]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup [2010-2-10 67128]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Run"= "c:\documents and settings\Lenka Bürgerová\Data aplikací\Microsoft\Windows\IEUpdate\igfxcfg.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Data aplikací\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hobbyist Software\\VLC Streamer\\VLC Streamer Configuration.exe"=
"c:\\Program Files\\Hobbyist Software\\VLC Streamer\\mdnsresponder.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013Game.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\explorer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 MpKsl9e72c2a9;MpKsl9e72c2a9;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{972D3EFE-7ED8-4702-B795-E30D0AC2F550}\MpKsl9e72c2a9.sys [30.8.2014 14:08 39464]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [9.3.2010 0:40 144672]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 10:58 3275136]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [4.10.2012 20:37 245760]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8.1.2013 17:27 242240]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [9.2.2010 23:08 47360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 9:15 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22.2.2013 14:58 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2.6.2011 11:08 11336]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL9E72C2A9
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-19 16:24 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 10:31]
.
2014-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 15:35]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 15:35]
.
2014-08-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2014-03-11 08:13]
.
2014-08-19 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-17 23:28]
.
2014-08-30 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-17 23:28]
.
2014-08-30 c:\windows\Tasks\User_Feed_Synchronization-{81C1A018-D518-49F5-9CBE-C0A994422D38}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.superhry.cz/plne-hry
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Otevřít programem PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 10.0.0.138
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 1970-05-29 10:11; {EFEB7D4A-2DCE-E877-2064-67B4E7A43A58}; -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Garfield 2 čeština - c:\documents and settings\Lenka Bürgerová\Plocha\Garfield 2\Uninstal.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-30 14:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-343818398-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(7120)
c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Obics\jhhlamhwpy.dll
c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\CryptoProvider.dll
c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\rsa64.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
c:\windows\system32\regsvr32.exe
c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Celkový čas: 2014-08-30 14:16:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-30 12:16
.
Před spuštěním: Volných bajtů: 22 939 635 712
Po spuštění: Volných bajtů: 23 459 389 440
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E0DC64CF6B86651F666E47BCC42763D1
413FC2A0C716421B3158746D63736515
ComboFix 14-08-29.03 - Lenka Bürgerová 30.08.2014 13:53:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1079 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lenka BŘrgerovß\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\rsa64.dll
c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\temp\tmp4.exe
c:\windows\iun6002.exe
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\system32\SETAF.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-28 do 2014-08-30 )))))))))))))))))))))))))))))))
.
.
2014-08-30 12:09 . 2014-08-30 12:09 1483776 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\rsa64.dll
2014-08-30 12:09 . 2014-08-30 12:09 62576 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{972D3EFE-7ED8-4702-B795-E30D0AC2F550}\offreg.dll
2014-08-30 12:08 . 2014-08-30 12:08 39464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{972D3EFE-7ED8-4702-B795-E30D0AC2F550}\MpKsl9e72c2a9.sys
2014-08-30 07:17 . 2014-08-30 08:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-08-29 21:58 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-29 21:57 . 2014-08-29 22:13 -------- d-----w- C:\AdwCleaner
2014-08-29 21:26 . 2014-08-29 21:26 -------- d-----w- C:\rsit
2014-08-29 21:26 . 2014-08-29 21:26 -------- d-----w- c:\program files\trend micro
2014-08-29 20:51 . 2014-08-21 02:44 8581864 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{972D3EFE-7ED8-4702-B795-E30D0AC2F550}\mpengine.dll
2014-08-29 20:47 . 2014-08-29 20:47 -------- d-----w- c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Obics
2014-08-29 20:47 . 2014-08-29 20:47 -------- d-----w- c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Odics
2014-08-28 10:15 . 2014-08-21 02:44 8581864 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 10:31 . 2012-04-10 05:40 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 10:31 . 2011-05-13 06:26 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1CryptoProviderIcons]
@="{24808826-C2BF-4269-B3BA-89D1D5F431A4}"
[HKEY_CLASSES_ROOT\CLSID\{24808826-C2BF-4269-B3BA-89D1D5F431A4}]
2014-08-29 20:40 1743872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\CryptoProvider.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"ISUSPM"="c:\documents and settings\All Users\Data aplikací\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Hobbyist Software VLC Streamer"="c:\program files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" [2013-10-23 1608008]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
"Odics"="c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Odics\tmp4.exe" [2014-08-29 208896]
"Obics"="c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Obics\jhhlamhwpy.dll" [2014-08-29 802816]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-12 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-12 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-12 143360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-01 152392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Lenka Bürgerová\Nabídka Start\Programy\Po spuštění\
Landi 11.lnk - c:\program files\landi 11\Landi11.exe -tray [2010-10-27 2691072]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup [2010-2-10 67128]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Run"= "c:\documents and settings\Lenka Bürgerová\Data aplikací\Microsoft\Windows\IEUpdate\igfxcfg.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Data aplikací\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hobbyist Software\\VLC Streamer\\VLC Streamer Configuration.exe"=
"c:\\Program Files\\Hobbyist Software\\VLC Streamer\\mdnsresponder.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013Game.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\explorer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 MpKsl9e72c2a9;MpKsl9e72c2a9;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{972D3EFE-7ED8-4702-B795-E30D0AC2F550}\MpKsl9e72c2a9.sys [30.8.2014 14:08 39464]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [9.3.2010 0:40 144672]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 10:58 3275136]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [4.10.2012 20:37 245760]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8.1.2013 17:27 242240]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [9.2.2010 23:08 47360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 9:15 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22.2.2013 14:58 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2.6.2011 11:08 11336]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL9E72C2A9
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-19 16:24 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 10:31]
.
2014-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 15:35]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 15:35]
.
2014-08-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2014-03-11 08:13]
.
2014-08-19 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-17 23:28]
.
2014-08-30 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-17 23:28]
.
2014-08-30 c:\windows\Tasks\User_Feed_Synchronization-{81C1A018-D518-49F5-9CBE-C0A994422D38}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.superhry.cz/plne-hry
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Otevřít programem PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 10.0.0.138
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 1970-05-29 10:11; {EFEB7D4A-2DCE-E877-2064-67B4E7A43A58}; -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Garfield 2 čeština - c:\documents and settings\Lenka Bürgerová\Plocha\Garfield 2\Uninstal.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-30 14:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-343818398-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(7120)
c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Obics\jhhlamhwpy.dll
c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\CryptoProvider.dll
c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\rsa64.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
c:\windows\system32\regsvr32.exe
c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Celkový čas: 2014-08-30 14:16:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-30 12:16
.
Před spuštěním: Volných bajtů: 22 939 635 712
Po spuštění: Volných bajtů: 23 459 389 440
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E0DC64CF6B86651F666E47BCC42763D1
413FC2A0C716421B3158746D63736515
Re: Počítač hlásí hrozbu
Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )! Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
KillAll::
File::
c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\rsa64.dll
c:\documents and settings\All Users\Data aplikací\Microsoft\Crypto\RSA64\CryptoProvider.dll
c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Odics\tmp4.exe
c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Obics\jhhlamhwpy.dll
Folder::
c:\documents and settings\Lenka Bürgerová\Local Settings\Data aplikací\Obics
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1CryptoProviderIcons]
[-HKEY_CLASSES_ROOT\CLSID\{24808826-C2BF-4269-B3BA-89D1D5F431A4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Skype"=-
"Odics"=-
"Obics"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"Adobe ARM"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"=-
Regnull::
[HKEY_USERS\S-1-5-21-1757981266-343818398-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
Firefox::
FF - ProfilePath - c:\documents and settings\Lenka Bürgerová\Data aplikací\Mozilla\Firefox\Profiles\vk00x3m2.default\
FF - ExtSQL: !HIDDEN! 1970-05-29 10:11; {EFEB7D4A-2DCE-E877-2064-67B4E7A43A58}; -
Driver::
Skype C2C Service
SkypeUpdate
Reboot::Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Počítač hlásí hrozbu
Já tomu úplně nerozumím. Tu ikonu z plochy Combofix mám přesunout do C disku počítače a který poznámkový blok otevřít?
Re: Počítač hlásí hrozbu
Anoeileen75 píše:u ikonu z plochy Combofix mám přesunout do C disku počítače
Poznamkovy blok ve vasem pc, proste vytvorte novy textovy dokument
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Počítač hlásí hrozbu
Combofix mám na disku C a na ploše jsem vytvořila nový textový soubor a do něj vložila to, co jste psal.
Re: Počítač hlásí hrozbu
Ten dokument musite dat taky primo na disk C, tam jak mate Combofix. Pak ho chytnete do mysi a presunte nad ikonku Combofixu a pustte. Tm by se mel spustit CF a vykonat prikazy.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Počítač hlásí hrozbu
Udělala jsem to, vše proběhlo, pak se objevilo okno, že nějaký soubor CSX, nepamatuji se přesně je nesprávně hláskovaný, já to odsouhlasila a combofix se zavřel a nic se neděje.
Přispějete na provoz fóra?