VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Rootkit- aplikace Idle

https://forum.viry.cz:443/viewtopic.php?t=134070

Stránka 2 z 3

Re: Rootkit- aplikace Idle

Napsal: 16 lis 2013 15:01
od Marr-keta
Ten Launcher mi AVG zakázalo, tak tu mám log z toho původního:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Dagmar (administrator) on DAGMAR-PC on 16-11-2013 14:46:11
Running from C:\Users\Dagmar\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\system32\dmwu.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
() C:\Program Files (x86)\Tor\tor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
() C:\Windows\System32\ljkb\stij.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxWow64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(ASUS) C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe
(Malwarebytes Corp.) C:\Users\Dagmar\Desktop\mbar-1.07.0.1007.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) C:\Users\Dagmar\Desktop\mbar\mbar.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-06] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [FortKnoxPersonalFirewall] - C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe [2130752 2013-08-27] (NETGATE Technologies s.r.o.)
HKCU\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKCU\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-04-05] (ICQ, LLC.)
HKCU\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MountPoints2: {262ef01c-e137-11e0-be6f-806e6f6e6963} - E:\Autorun.exe
MountPoints2: {f18b30c5-8e10-11e2-9df8-742f684162b6} - G:\Autorun.exe
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\asus\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\asus\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1398440 2011-12-14] (Ask)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-04-05] ()
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-09-29] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-14] (AVAST Software)
HKU\Katka\...\Run: [Device Detector] - DevDetect.exe -autorun
HKU\Katka\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\Katka\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKU\Katka\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-04-05] (ICQ, LLC.)
HKU\Katka\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\Katka\...\Run: [AdobeBridge] - [x]
HKU\Katka\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\MaRkI\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKU\MaRkI\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\MaRkI\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [968592 2013-03-14] (BitTorrent, Inc.)
HKU\MaRkI\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\MaRkI\...\Run: [T-Mobile Communication Centre] - C:\Program Files (x86)\T-Mobile Communication Centre\Centre.exe [573511 2013-05-29] ()
IMEO\cdromek.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\gimp-2.6.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\icq.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\icqsetup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\sptdinst-x64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\utorrent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\webcammax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\MaRkI\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = http://eu.ask.com/web?l=dis&o=APN10147& ... earchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6OzeBw ... earchTerms}
SearchScopes: HKCU - {FCCBB04F-FE11-428E-A79E-B1E984F36298} URL = http://searchya.com/?chnl=dcom-100&s=1& ... earchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\bh\searchya.dll (Montera Technologeis LTD)
BHO-x32: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default
FF NewTab: hxxp://www.delta-search.com/?affID=119816&tt=1 ... 2F68405224
FF DefaultSearchEngine: Delta Search
FF SelectedSearchEngine: Delta Search
FF Homepage: www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Ask Toolbar - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\toolbar@ask.com
FF Extension: aTube Toolbar - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\{bfc39e47-d643-4dc2-aa1d-61377501c844}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Extension: (Skype Click to Call) - C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (AVG SafeGuard) - C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.0.9_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0
CHR Extension: (Gmail) - C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\MaRkI\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.0.9\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-14] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 fortknox; C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe [676592 2013-03-11] (NETGATE Technologies s.r.o.)
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-04-05] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1762608 2013-09-15] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-26] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-30] (TuneUp Software)
R2 vToolbarUpdater17.0.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [1734680 2013-09-29] (AVG Secure Search)
S2 HPSLPSVC; C:\Users\MaRkI\AppData\Local\Temp\7zS3305\hpslpsvc64.dll [x]

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-14] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-14] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-09-29] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-16] (DT Soft Ltd)
S3 EagleX64; C:\Windows\system32\drivers\EagleX64.sys [140600 2013-11-13] (AhnLab, Inc.)
R3 Fkndisf; C:\Windows\System32\DRIVERS\fortknoxfw_ndisim.sys [28240 2009-09-17] (NETGATE Technologies s.r.o.)
R1 fortknox_drv; C:\Windows\System32\drivers\fortknoxfw.sys [69200 2009-11-15] (NETGATE Technologies s.r.o.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2013-11-15] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [116440 2013-11-16] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
S3 cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-16 14:46 - 2013-11-16 14:48 - 00030389 _____ C:\Users\Dagmar\Desktop\FRST.txt
2013-11-16 14:45 - 2013-11-16 14:45 - 00000000 ____D C:\FRST
2013-11-16 13:49 - 2013-11-16 13:49 - 01957794 _____ (Farbar) C:\Users\Dagmar\Desktop\FRST64.exe
2013-11-16 13:45 - 2013-11-16 13:45 - 00005306 _____ C:\Windows\system32\PerfStringBackup.TMP
2013-11-16 13:41 - 2013-11-16 13:41 - 00000000 ___RD C:\Users\Dagmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-16 13:06 - 2013-11-16 13:09 - 00000000 ____D C:\Users\MaRkI\Desktop\x))
2013-11-15 20:49 - 2013-11-15 20:49 - 00002116 _____ C:\Users\Dagmar\Desktop\aswMBR.txt
2013-11-15 20:49 - 2013-11-15 20:49 - 00000512 _____ C:\Users\Dagmar\Desktop\MBR.dat
2013-11-15 20:19 - 2013-11-15 20:20 - 04745728 _____ (AVAST Software) C:\Users\Dagmar\Desktop\aswMBR.exe
2013-11-15 19:22 - 2013-11-15 19:22 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2013-11-15 18:12 - 2013-11-16 14:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-15 18:12 - 2013-11-16 14:22 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-15 18:12 - 2013-11-15 18:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-15 17:47 - 2013-11-16 14:22 - 00000000 ____D C:\Users\Dagmar\Desktop\mbar
2013-11-15 17:47 - 2013-11-15 17:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-15 17:38 - 2013-11-15 17:39 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Dagmar\Desktop\mbar-1.07.0.1007.exe
2013-11-15 17:17 - 2013-11-15 17:17 - 00000000 ____D C:\Users\Dagmar\AppData\Roaming\AVAST Software
2013-11-14 16:50 - 2013-11-14 16:50 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\AVAST Software
2013-11-14 16:49 - 2013-11-14 16:49 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-14 16:49 - 2013-11-14 16:49 - 00001966 _____ C:\ProgramData\Desktop\avast! Free Antivirus.lnk
2013-11-14 16:48 - 2013-11-16 13:42 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-14 16:47 - 2013-11-14 16:47 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-14 16:47 - 2013-11-14 16:47 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-14 16:38 - 2013-11-14 16:43 - 87227720 _____ (AVAST Software) C:\Users\MaRkI\Desktop\avast_free_antivirus_setup.exe
2013-11-14 16:15 - 2013-11-14 16:15 - 00000000 ____D C:\Program Files\CCleaner
2013-11-14 16:14 - 2013-11-14 16:14 - 04379048 _____ (Piriform Ltd) C:\Users\MaRkI\Desktop\ccsetup407.exe
2013-11-14 14:36 - 2013-11-14 14:36 - 00000000 ___RD C:\Users\MaRkI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-14 14:32 - 2013-10-30 10:45 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-11-14 14:32 - 2013-10-30 10:45 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2013-11-14 14:31 - 2013-10-30 10:45 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2013-11-14 14:31 - 2013-10-30 10:45 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2013-11-14 13:33 - 2013-11-14 13:33 - 00002213 _____ C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2013-11-14 13:33 - 2013-11-14 13:33 - 00002213 _____ C:\ProgramData\Desktop\TuneUp 1-Click Maintenance.lnk
2013-11-14 13:33 - 2013-11-14 13:33 - 00002187 _____ C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2013-11-14 13:33 - 2013-11-14 13:33 - 00002187 _____ C:\ProgramData\Desktop\TuneUp Utilities 2014.lnk
2013-11-14 13:33 - 2013-10-30 10:45 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2013-11-14 13:30 - 2013-11-14 14:30 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2013-11-14 13:25 - 2013-11-14 14:41 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-11-14 13:23 - 2013-11-14 15:25 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-14 13:17 - 2013-11-14 13:20 - 55413160 _____ (TuneUp Software) C:\Users\MaRkI\Desktop\TuneUpUtilities2014.exe
2013-11-14 11:49 - 2013-11-14 11:49 - 00003162 _____ C:\Windows\System32\Tasks\{BF40AB87-333E-4723-A87C-DD07A48C0C10}
2013-11-14 11:49 - 2013-11-14 11:49 - 00003162 _____ C:\Windows\System32\Tasks\{6F178997-F4AE-49ED-A7A2-D2762D55943C}
2013-11-13 20:42 - 2013-11-13 20:42 - 00132010 _____ C:\Users\Dagmar\Downloads\prilohy_5531.zip
2013-11-13 19:31 - 2013-11-13 19:31 - 00000000 ___RD C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-13 16:20 - 2013-11-13 18:18 - 00085842 _____ C:\Users\Katka\Desktop\avgrep.txt
2013-11-13 13:34 - 2013-11-14 11:46 - 00000000 ____D C:\Users\Katka\Documents\Anti-Malware
2013-11-13 13:23 - 2013-11-13 13:33 - 190490568 _____ (Emsisoft GmbH ) C:\Users\Katka\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-13 13:15 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 13:15 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 13:15 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 13:15 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 13:15 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 13:15 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 13:15 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 13:15 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 13:15 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 13:15 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 13:15 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 13:15 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 13:15 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 13:15 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 13:14 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 13:14 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 13:14 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 13:14 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 13:14 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 13:14 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 13:14 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 12:59 - 2013-11-13 12:59 - 00140600 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\EagleX64.sys
2013-11-10 15:42 - 2013-11-10 15:42 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-10 15:42 - 2013-11-10 15:42 - 00002731 _____ C:\ProgramData\Desktop\Skype.lnk
2013-11-10 15:41 - 2013-11-10 15:44 - 35056288 _____ (Skype Technologies S.A.) C:\Users\Katka\Downloads\SkypeSetupFull.exe
2013-11-10 15:39 - 2013-11-16 13:47 - 00003164 _____ C:\Windows\System32\Tasks\{F732A14D-3EEF-421F-9A95-27D8CCED00C8}
2013-11-10 15:34 - 2013-11-10 15:34 - 01550496 _____ (Skype Technologies S.A.) C:\Users\MaRkI\Desktop\SkypeSetup.exe
2013-11-06 17:32 - 2013-11-06 17:37 - 00000000 ____D C:\Users\Dagmar\Desktop\Doručené – Seznam Email_soubory
2013-11-06 17:32 - 2013-11-06 17:32 - 00023708 _____ C:\Users\Dagmar\Desktop\Doručené – Seznam Email.htm
2013-11-05 13:13 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-11-05 13:13 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-05 13:13 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-11-05 13:13 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-11-05 13:13 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-05 13:13 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-11-05 13:13 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-05 13:13 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-05 13:12 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-11-05 13:12 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-11-05 13:12 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-11-05 13:12 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-11-05 13:11 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-11-05 13:11 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-11-05 13:11 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-11-05 13:11 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-11-05 13:11 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-11-05 13:11 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-11-05 13:11 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-11-05 13:10 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-11-05 13:10 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-11-05 13:10 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-11-05 13:10 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-11-05 13:10 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-11-05 13:10 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-11-05 13:10 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-11-05 13:10 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-11-05 13:10 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-11-05 13:10 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-11-05 13:10 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-11-05 13:10 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-11-05 13:10 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-11-05 13:10 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-11-05 13:10 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-11-05 13:10 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-11-05 13:10 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-11-05 13:10 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-11-05 13:10 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-11-05 13:10 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-11-05 13:10 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-11-05 13:10 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-11-05 13:10 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-11-05 13:10 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-11-05 13:10 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-11-05 13:10 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-11-05 13:10 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-11-05 13:10 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-11-05 13:10 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-11-05 13:10 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-11-05 13:10 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-11-05 13:10 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-11-05 13:10 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-11-05 13:10 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-11-05 13:10 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-11-05 13:09 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-11-05 13:09 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-11-05 13:09 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-11-05 13:09 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-11-05 13:09 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-11-05 13:09 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-11-05 13:09 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-11-05 13:09 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-11-05 13:09 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-11-05 13:09 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-11-05 13:09 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-11-05 13:09 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-11-05 13:09 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-11-05 13:09 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-11-05 13:09 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-11-05 13:09 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-11-05 13:09 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-11-05 13:09 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-11-05 13:09 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-11-05 13:09 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-11-05 13:09 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-11-05 13:09 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-11-05 13:09 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-11-05 13:09 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-11-05 13:09 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-11-05 13:09 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-11-05 13:09 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-11-05 13:09 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-11-05 13:09 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-11-05 13:09 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-11-05 13:09 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-11-05 13:09 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-11-05 13:09 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-11-05 13:08 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-11-05 13:08 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-11-05 13:08 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-11-05 13:08 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-11-05 13:08 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-11-05 13:08 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-11-05 13:08 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-11-05 13:08 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-11-05 13:08 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-11-05 13:08 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-11-05 13:08 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-11-05 13:08 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-11-05 13:08 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-11-05 13:08 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-11-05 13:08 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-11-05 13:08 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-11-05 13:08 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-11-05 13:08 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-11-05 13:08 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-11-05 13:08 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-11-05 13:08 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-11-05 13:08 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-11-05 13:08 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-11-05 13:08 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-11-05 13:08 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-11-05 13:08 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-11-05 13:07 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-11-05 13:07 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-11-05 13:07 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-11-05 13:07 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-11-05 13:07 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-11-05 13:07 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-11-05 13:07 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-11-05 13:07 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-11-05 13:07 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-11-05 13:07 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-11-05 13:07 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-11-05 13:07 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-11-05 13:06 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-11-05 13:06 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-11-05 13:06 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-11-05 13:06 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-11-05 13:06 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-11-05 13:06 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-11-05 13:05 - 2013-11-05 13:10 - 00012299 _____ C:\Windows\DirectX.log
2013-11-05 13:05 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-11-05 13:05 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-11-05 13:05 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-11-05 13:05 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-11-05 13:05 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-11-05 13:05 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-11-05 13:02 - 2013-11-05 13:02 - 00000661 _____ C:\Users\Public\Desktop\AION Free-to-Play.lnk
2013-11-05 13:02 - 2013-11-05 13:02 - 00000661 _____ C:\ProgramData\Desktop\AION Free-to-Play.lnk
2013-11-05 13:00 - 2013-11-05 13:00 - 00002936 _____ C:\Windows\System32\Tasks\{B18B78EA-F362-424D-A33D-EABD9913D6D1}
2013-11-04 20:19 - 2013-11-04 20:19 - 00002936 _____ C:\Windows\System32\Tasks\{25769BA0-5762-4BAB-AEAB-9CFECE453BB6}
2013-11-04 16:57 - 2013-11-04 17:46 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6.1
2013-11-04 14:16 - 2013-11-04 14:16 - 00002936 _____ C:\Windows\System32\Tasks\{9D279DAE-B4DC-4021-9B41-ADA1F95200AA}
2013-11-03 09:31 - 2013-11-03 09:31 - 00002936 _____ C:\Windows\System32\Tasks\{276E309A-0388-41F8-85C7-6C8332B03104}
2013-11-02 19:30 - 2013-11-02 19:30 - 00002936 _____ C:\Windows\System32\Tasks\{AB96D336-DEF6-402B-A180-B2075EA024A7}
2013-11-02 18:10 - 2013-11-02 18:10 - 00002936 _____ C:\Windows\System32\Tasks\{55C7A00D-8A62-4B0F-8489-9A45EE51BF3D}
2013-11-02 18:02 - 2013-11-02 18:02 - 00002936 _____ C:\Windows\System32\Tasks\{D9CABA56-5E94-4B16-868E-15C8AC5FC8BC}
2013-11-01 13:36 - 2013-11-01 13:36 - 00002936 _____ C:\Windows\System32\Tasks\{C5D41BF5-8805-489D-AD96-2C5BEE8B7AC7}
2013-11-01 13:25 - 2013-11-01 13:25 - 00002936 _____ C:\Windows\System32\Tasks\{4D24DD9B-92CC-4E20-B81D-62561AE13C69}
2013-11-01 13:18 - 2013-11-01 13:18 - 00002936 _____ C:\Windows\System32\Tasks\{EA0F4AA0-E552-4C9C-AF37-392FC05C6D65}
2013-11-01 12:53 - 2013-11-01 12:53 - 00002936 _____ C:\Windows\System32\Tasks\{F614F0A7-D642-470B-B2EA-64C74E3CF429}
2013-10-31 20:49 - 2013-10-31 20:49 - 00002936 _____ C:\Windows\System32\Tasks\{E52531FA-C49A-4AF2-B3FA-092EDE0C49F0}
2013-10-31 14:25 - 2013-11-16 14:41 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-31 14:25 - 2013-10-31 14:42 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-31 12:57 - 2013-10-31 12:57 - 00002936 _____ C:\Windows\System32\Tasks\{90A82AF2-FAAA-40F1-9326-95BAD58E6B5D}
2013-10-31 12:54 - 2013-10-31 12:54 - 00002936 _____ C:\Windows\System32\Tasks\{17F94438-FDCE-4E23-963F-4479E41FC30E}
2013-10-31 12:50 - 2013-10-31 12:50 - 00002936 _____ C:\Windows\System32\Tasks\{4AF82933-E66E-48AD-8D86-ABACAC1C0090}
2013-10-30 21:54 - 2013-10-30 21:54 - 00002936 _____ C:\Windows\System32\Tasks\{355BFD72-986F-46CA-AB68-322ECB09606C}
2013-10-30 20:02 - 2013-10-30 20:02 - 00002936 _____ C:\Windows\System32\Tasks\{309CA862-B5AF-4B0C-9857-7799BD434F43}
2013-10-30 13:41 - 2013-10-30 13:41 - 00002936 _____ C:\Windows\System32\Tasks\{18D5AC8D-4757-4354-9563-291994150B21}
2013-10-30 13:05 - 2013-10-30 13:05 - 00002936 _____ C:\Windows\System32\Tasks\{6239E242-7108-4D71-A424-C9EB5DBEE9E4}
2013-10-30 13:01 - 2013-10-30 13:01 - 00002936 _____ C:\Windows\System32\Tasks\{07D351A3-29F8-4962-848C-2815128B055B}
2013-10-30 09:53 - 2013-10-30 09:53 - 00002936 _____ C:\Windows\System32\Tasks\{6F20CB80-E327-4ED5-BAC3-5F4545B370BB}
2013-10-30 09:50 - 2013-10-30 09:50 - 00002936 _____ C:\Windows\System32\Tasks\{8F646835-07E7-49F5-BA78-B2E1C7E58DAB}
2013-10-30 09:37 - 2013-10-30 09:38 - 00000000 ____D C:\Users\Dagmar\Downloads\Gameforge Live
2013-10-30 09:37 - 2013-10-30 09:37 - 00000000 ____D C:\Users\Dagmar\AppData\Local\Gameforge4d
2013-10-29 21:42 - 2013-10-29 21:42 - 00002936 _____ C:\Windows\System32\Tasks\{CE38E484-8AA4-4843-9F7E-9F8887402C54}
2013-10-29 14:12 - 2013-10-29 14:12 - 00000000 ____D C:\Users\MaRkI\Downloads\Gameforge Live
2013-10-29 14:12 - 2013-10-29 14:12 - 00000000 ____D C:\Users\MaRkI\AppData\Local\Gameforge4d
2013-10-28 12:46 - 2013-10-28 12:47 - 10702992 _____ ( ) C:\Users\Katka\Downloads\fwinstall.exe
2013-10-28 12:32 - 2013-10-28 12:32 - 00000643 _____ C:\Users\Public\Desktop\Metin2.lnk
2013-10-28 12:32 - 2013-10-28 12:32 - 00000643 _____ C:\ProgramData\Desktop\Metin2.lnk
2013-10-28 12:05 - 2013-10-28 12:07 - 34249488 _____ (Riot Games) C:\Users\Katka\Downloads\LeagueofLegends_EUNE_Installer_06_17_13.exe
2013-10-28 11:46 - 2013-10-30 21:55 - 00000000 ____D C:\Users\Katka\Downloads\Gameforge Live
2013-10-28 11:46 - 2013-10-28 11:46 - 00000000 ____D C:\Users\Katka\AppData\Local\Gameforge4d
2013-10-28 11:45 - 2013-10-28 11:45 - 00000588 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-10-28 11:45 - 2013-10-28 11:45 - 00000588 _____ C:\ProgramData\Desktop\Gameforge Live.lnk
2013-10-28 11:43 - 2013-10-28 11:44 - 19394136 _____ (Gameforge ) C:\Users\Katka\Downloads\Metin2_GameforgeLiveSetup.exe
2013-10-27 13:27 - 2013-10-27 13:27 - 00228864 _____ C:\Users\Dagmar\Downloads\Publicistický styl DRU.ppt
2013-10-26 19:10 - 2013-10-26 19:10 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2013-10-26 19:10 - 2013-10-26 19:10 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2013-10-25 18:24 - 2013-10-25 18:24 - 00000000 ____D C:\Users\MaRkI\Documents\Moje palety
2013-10-25 18:24 - 2013-10-25 18:24 - 00000000 ____D C:\Users\MaRkI\Desktop\The Sims
2013-10-25 18:23 - 2013-11-13 18:44 - 00000000 ____D C:\ProgramData\Protexis
2013-10-25 18:23 - 2013-10-25 18:23 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\Corel
2013-10-25 18:22 - 2013-10-25 18:22 - 00000000 ____D C:\Users\MaRkI\Desktop\Corel
2013-10-25 18:16 - 2013-10-27 15:43 - 00000000 ____D C:\Users\MaRkI\Documents\Corel
2013-10-25 18:15 - 2013-10-25 18:15 - 00000000 ____D C:\Users\MaRkI\Documents\Visual Studio 2008
2013-10-25 18:11 - 2013-10-25 18:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-10-25 18:11 - 2013-10-25 18:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\Users\Public\Documents\Corel
2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\ProgramData\Documents\Corel
2013-10-25 17:54 - 2013-10-25 18:21 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6
2013-10-23 19:50 - 2013-10-23 20:31 - 00014186 _____ C:\Users\Dagmar\Downloads\Kniha+evidence+DPH.xlsx
2013-10-23 19:20 - 2013-10-23 19:44 - 00011559 _____ C:\Users\Dagmar\Downloads\DPH+Daň+povinnost (1).xlsx
2013-10-22 15:15 - 2013-10-22 15:15 - 00003046 _____ C:\Windows\System32\Tasks\{F0B0D277-435D-438E-BC46-E87E96FC90DC}
2013-10-22 13:52 - 2013-10-22 13:52 - 00003046 _____ C:\Windows\System32\Tasks\{685A02F2-D024-4CA3-B3CB-700B0464EDC7}
2013-10-21 12:29 - 2013-10-21 12:29 - 00003046 _____ C:\Windows\System32\Tasks\{8DC4513B-07DE-4CC9-AB03-57FAE6C985DD}
2013-10-21 12:20 - 2013-10-21 12:20 - 00003046 _____ C:\Windows\System32\Tasks\{3854C041-6301-4613-88B7-8D65DA0947A0}
2013-10-20 19:42 - 2013-10-20 19:46 - 00010652 _____ C:\Users\Dagmar\Downloads\DPH+Daň+povinnost.xlsx
2013-10-20 18:43 - 2013-10-20 18:43 - 04993924 _____ C:\Users\Dagmar\Downloads\Majetková práva 1.zip
2013-10-20 12:09 - 2013-10-20 12:09 - 00003046 _____ C:\Windows\System32\Tasks\{672F322A-6657-4FB1-A8DC-3EE7C3E14F9C}
2013-10-20 12:08 - 2013-10-20 12:08 - 00003046 _____ C:\Windows\System32\Tasks\{CB94EB32-BB6D-4351-A372-C9B7A406CB5A}
2013-10-20 10:24 - 2013-10-20 10:24 - 00002974 _____ C:\Windows\System32\Tasks\{AA7631EF-FE61-48F1-9BEA-C50024817221}
2013-10-19 14:57 - 2013-10-19 14:57 - 00003046 _____ C:\Windows\System32\Tasks\{B8B5E478-3D92-4A2A-BE2C-E96DC6B68DC6}
2013-10-19 14:56 - 2013-10-19 14:56 - 00003046 _____ C:\Windows\System32\Tasks\{BDDC03A2-9D58-405F-9989-0A187FFD90CD}
2013-10-18 18:43 - 2013-10-18 18:43 - 00010625 _____ C:\Users\Dagmar\Downloads\Kopie+-+DPH+Daň+povinnost.xlsx
2013-10-18 17:01 - 2013-10-18 17:01 - 00002974 _____ C:\Windows\System32\Tasks\{42478DCE-4497-4CBC-94CD-48837203C4EC}
2013-10-18 14:26 - 2013-10-18 14:26 - 00002974 _____ C:\Windows\System32\Tasks\{39CAFA71-A1F0-4A16-8936-AB2CE4C2B8FA}
2013-10-18 13:10 - 2013-10-18 13:10 - 00002974 _____ C:\Windows\System32\Tasks\{B69F2535-2249-42F7-8ACF-FBF549FE4579}
2013-10-18 12:07 - 2013-10-18 12:07 - 00002948 _____ C:\Windows\System32\Tasks\{38AF87B7-7132-4466-82A0-0268085A4848}

==================== One Month Modified Files and Folders =======

2013-11-16 14:48 - 2013-11-16 14:46 - 00030389 _____ C:\Users\Dagmar\Desktop\FRST.txt
2013-11-16 14:45 - 2013-11-16 14:45 - 00000000 ____D C:\FRST
2013-11-16 14:41 - 2013-10-31 14:25 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-16 14:25 - 2013-11-15 18:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-16 14:22 - 2013-11-15 18:12 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-16 14:22 - 2013-11-15 17:47 - 00000000 ____D C:\Users\Dagmar\Desktop\mbar
2013-11-16 14:06 - 2011-09-23 22:16 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-16 13:51 - 2011-10-18 18:12 - 02014397 _____ C:\Windows\WindowsUpdate.log
2013-11-16 13:49 - 2013-11-16 13:49 - 01957794 _____ (Farbar) C:\Users\Dagmar\Desktop\FRST64.exe
2013-11-16 13:47 - 2013-11-10 15:39 - 00003164 _____ C:\Windows\System32\Tasks\{F732A14D-3EEF-421F-9A95-27D8CCED00C8}
2013-11-16 13:47 - 2011-09-23 22:16 - 00003956 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-16 13:47 - 2011-09-23 22:16 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-16 13:47 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-16 13:47 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-16 13:46 - 2011-09-23 22:16 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-16 13:45 - 2013-11-16 13:45 - 00005306 _____ C:\Windows\system32\PerfStringBackup.TMP
2013-11-16 13:45 - 2009-07-14 16:18 - 00647390 _____ C:\Windows\system32\perfh005.dat
2013-11-16 13:45 - 2009-07-14 16:18 - 00127734 _____ C:\Windows\system32\perfc005.dat
2013-11-16 13:42 - 2013-11-14 16:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-16 13:41 - 2013-11-16 13:41 - 00000000 ___RD C:\Users\Dagmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-16 13:40 - 2011-09-17 11:11 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-11-16 13:40 - 2011-09-17 11:11 - 00000035 _____ C:\ProgramData\Documents\AtherosServiceConfig.ini
2013-11-16 13:37 - 2013-09-29 18:10 - 00006056 _____ C:\Windows\setupact.log
2013-11-16 13:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-16 13:20 - 2009-07-14 06:13 - 01478822 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-16 13:19 - 2013-08-30 11:28 - 00000000 ____D C:\ProgramData\MFAData
2013-11-16 13:09 - 2013-11-16 13:06 - 00000000 ____D C:\Users\MaRkI\Desktop\x))
2013-11-15 20:49 - 2013-11-15 20:49 - 00002116 _____ C:\Users\Dagmar\Desktop\aswMBR.txt
2013-11-15 20:49 - 2013-11-15 20:49 - 00000512 _____ C:\Users\Dagmar\Desktop\MBR.dat
2013-11-15 20:20 - 2013-11-15 20:19 - 04745728 _____ (AVAST Software) C:\Users\Dagmar\Desktop\aswMBR.exe
2013-11-15 19:22 - 2013-11-15 19:22 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2013-11-15 19:00 - 2011-11-12 03:06 - 00000266 _____ C:\Windows\Tasks\RMSchedule.job
2013-11-15 18:12 - 2013-11-15 18:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-15 17:47 - 2013-11-15 17:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-15 17:43 - 2011-09-17 13:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 17:39 - 2013-11-15 17:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Dagmar\Desktop\mbar-1.07.0.1007.exe
2013-11-15 17:23 - 2013-09-29 13:42 - 00000000 ____D C:\Users\Dagmar\AppData\Roaming\TuneUp Software
2013-11-15 17:17 - 2013-11-15 17:17 - 00000000 ____D C:\Users\Dagmar\AppData\Roaming\AVAST Software
2013-11-14 17:31 - 2013-10-06 09:32 - 00044986 _____ C:\Windows\PFRO.log
2013-11-14 17:31 - 2011-10-29 16:13 - 00000982 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005UA.job
2013-11-14 17:31 - 2011-10-29 16:13 - 00000960 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005Core.job
2013-11-14 16:50 - 2013-11-14 16:50 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\AVAST Software
2013-11-14 16:49 - 2013-11-14 16:49 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-14 16:49 - 2013-11-14 16:49 - 00001966 _____ C:\ProgramData\Desktop\avast! Free Antivirus.lnk
2013-11-14 16:47 - 2013-11-14 16:47 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-14 16:47 - 2013-11-14 16:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-14 16:47 - 2013-11-14 16:47 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-14 16:47 - 2011-09-17 15:07 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-14 16:43 - 2013-11-14 16:38 - 87227720 _____ (AVAST Software) C:\Users\MaRkI\Desktop\avast_free_antivirus_setup.exe
2013-11-14 16:43 - 2011-09-17 15:06 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-14 16:15 - 2013-11-14 16:15 - 00000000 ____D C:\Program Files\CCleaner
2013-11-14 16:14 - 2013-11-14 16:14 - 04379048 _____ (Piriform Ltd) C:\Users\MaRkI\Desktop\ccsetup407.exe
2013-11-14 15:25 - 2013-11-14 13:23 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-14 14:57 - 2013-06-15 08:27 - 00002956 _____ C:\Windows\System32\Tasks\{7ACC731A-E804-4F4B-B064-C08882F3B4D8}
2013-11-14 14:57 - 2013-06-15 08:27 - 00002956 _____ C:\Windows\System32\Tasks\{492C00E7-ACA2-46D8-B73B-7EAF5ADE7419}
2013-11-14 14:56 - 2011-10-14 19:44 - 00002976 _____ C:\Windows\System32\Tasks\{D7043364-BFF3-4B7D-A8B7-0D850D186EA7}
2013-11-14 14:56 - 2011-09-17 13:25 - 00003824 _____ C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2013-11-14 14:54 - 2013-09-29 18:30 - 00003678 _____ C:\Windows\System32\Tasks\Online aktualizační program HP
2013-11-14 14:54 - 2011-10-21 15:59 - 00002966 _____ C:\Windows\System32\Tasks\{8DAA1DF5-B564-4D25-A452-8A4F14D6CE2B}
2013-11-14 14:54 - 2011-10-21 15:54 - 00002966 _____ C:\Windows\System32\Tasks\{9E1041A9-C1AD-4D94-B849-8BD2D89FBF62}
2013-11-14 14:54 - 2011-10-20 14:38 - 00002966 _____ C:\Windows\System32\Tasks\{87CAD921-26F1-4AD8-8793-0A77D751A3D3}
2013-11-14 14:53 - 2011-10-29 16:13 - 00003970 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005UA
2013-11-14 14:53 - 2011-10-29 16:13 - 00003602 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005Core
2013-11-14 14:53 - 2011-10-21 15:55 - 00002966 _____ C:\Windows\System32\Tasks\{6379F684-5585-42E3-9434-F57736ADB069}
2013-11-14 14:53 - 2011-10-21 15:49 - 00002966 _____ C:\Windows\System32\Tasks\{7760B9A0-BA5F-473D-A74F-CA7DF8F2E00D}
2013-11-14 14:41 - 2013-11-14 13:25 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-11-14 14:37 - 2012-11-14 12:25 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\uTorrent
2013-11-14 14:36 - 2013-11-14 14:36 - 00000000 ___RD C:\Users\MaRkI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-14 14:30 - 2013-11-14 13:30 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2013-11-14 13:33 - 2013-11-14 13:33 - 00002213 _____ C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2013-11-14 13:33 - 2013-11-14 13:33 - 00002213 _____ C:\ProgramData\Desktop\TuneUp 1-Click Maintenance.lnk
2013-11-14 13:33 - 2013-11-14 13:33 - 00002187 _____ C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2013-11-14 13:33 - 2013-11-14 13:33 - 00002187 _____ C:\ProgramData\Desktop\TuneUp Utilities 2014.lnk
2013-11-14 13:32 - 2013-08-30 14:44 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\TuneUp Software
2013-11-14 13:23 - 2013-08-30 14:38 - 00000000 ____D C:\Program Files (x86)\AVG
2013-11-14 13:20 - 2013-11-14 13:17 - 55413160 _____ (TuneUp Software) C:\Users\MaRkI\Desktop\TuneUpUtilities2014.exe
2013-11-14 12:10 - 2013-07-12 22:45 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 11:55 - 2011-09-30 05:38 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 11:49 - 2013-11-14 11:49 - 00003162 _____ C:\Windows\System32\Tasks\{BF40AB87-333E-4723-A87C-DD07A48C0C10}
2013-11-14 11:49 - 2013-11-14 11:49 - 00003162 _____ C:\Windows\System32\Tasks\{6F178997-F4AE-49ED-A7A2-D2762D55943C}
2013-11-14 11:49 - 2012-02-03 13:23 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2013-11-14 11:46 - 2013-11-13 13:34 - 00000000 ____D C:\Users\Katka\Documents\Anti-Malware
2013-11-13 20:42 - 2013-11-13 20:42 - 00132010 _____ C:\Users\Dagmar\Downloads\prilohy_5531.zip
2013-11-13 19:31 - 2013-11-13 19:31 - 00000000 ___RD C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-13 18:44 - 2013-10-25 18:23 - 00000000 ____D C:\ProgramData\Protexis
2013-11-13 18:44 - 2012-10-13 20:13 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-13 18:44 - 2011-09-20 11:45 - 00000000 ____D C:\Users\Katka
2013-11-13 18:44 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-11-13 18:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-13 18:34 - 2011-10-14 20:15 - 00000000 ____D C:\Users\Katka\AppData\Local\CrashDumps
2013-11-13 18:18 - 2013-11-13 16:20 - 00085842 _____ C:\Users\Katka\Desktop\avgrep.txt
2013-11-13 16:09 - 2009-07-14 06:08 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-13 13:33 - 2013-11-13 13:23 - 190490568 _____ (Emsisoft GmbH ) C:\Users\Katka\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-13 12:59 - 2013-11-13 12:59 - 00140600 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\EagleX64.sys
2013-11-12 20:48 - 2011-09-20 11:46 - 00000000 ____D C:\Users\Katka\Documents\Bluetooth Folder
2013-11-12 19:04 - 2011-09-24 07:51 - 00000000 ____D C:\Users\Katka\AppData\Local\Google
2013-11-12 14:21 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-11 12:46 - 2011-09-24 15:03 - 00000000 ____D C:\Users\Katka\AppData\Roaming\Skype
2013-11-11 08:27 - 2013-01-13 20:42 - 00000000 ____D C:\Users\Dagmar\AppData\Roaming\Skype
2013-11-10 18:43 - 2011-09-23 22:16 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\Skype
2013-11-10 15:44 - 2013-11-10 15:41 - 35056288 _____ (Skype Technologies S.A.) C:\Users\Katka\Downloads\SkypeSetupFull.exe
2013-11-10 15:43 - 2011-09-23 22:16 - 00000000 ____D C:\ProgramData\Skype
2013-11-10 15:42 - 2013-11-10 15:42 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-10 15:42 - 2013-11-10 15:42 - 00002731 _____ C:\ProgramData\Desktop\Skype.lnk
2013-11-10 15:42 - 2013-01-24 18:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-10 15:34 - 2013-11-10 15:34 - 01550496 _____ (Skype Technologies S.A.) C:\Users\MaRkI\Desktop\SkypeSetup.exe
2013-11-08 00:49 - 2011-09-17 10:57 - 00000000 ____D C:\Users\Dagmar\Documents\Bluetooth Folder
2013-11-06 18:49 - 2011-09-19 15:30 - 00000000 ____D C:\Users\MaRkI\Documents\Bluetooth Folder
2013-11-06 17:37 - 2013-11-06 17:32 - 00000000 ____D C:\Users\Dagmar\Desktop\Doručené – Seznam Email_soubory
2013-11-06 17:32 - 2013-11-06 17:32 - 00023708 _____ C:\Users\Dagmar\Desktop\Doručené – Seznam Email.htm
2013-11-05 13:10 - 2013-11-05 13:05 - 00012299 _____ C:\Windows\DirectX.log
2013-11-05 13:02 - 2013-11-05 13:02 - 00000661 _____ C:\Users\Public\Desktop\AION Free-to-Play.lnk
2013-11-05 13:02 - 2013-11-05 13:02 - 00000661 _____ C:\ProgramData\Desktop\AION Free-to-Play.lnk
2013-11-05 13:00 - 2013-11-05 13:00 - 00002936 _____ C:\Windows\System32\Tasks\{B18B78EA-F362-424D-A33D-EABD9913D6D1}
2013-11-04 20:19 - 2013-11-04 20:19 - 00002936 _____ C:\Windows\System32\Tasks\{25769BA0-5762-4BAB-AEAB-9CFECE453BB6}
2013-11-04 17:46 - 2013-11-04 16:57 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6.1
2013-11-04 16:24 - 2011-09-24 15:18 - 00000000 ____D C:\ProgramData\Corel
2013-11-04 14:16 - 2013-11-04 14:16 - 00002936 _____ C:\Windows\System32\Tasks\{9D279DAE-B4DC-4021-9B41-ADA1F95200AA}
2013-11-04 14:05 - 2013-10-15 14:31 - 00000452 ____H C:\Windows\Tasks\Norton Security Scan for MaRkI.job
2013-11-03 09:31 - 2013-11-03 09:31 - 00002936 _____ C:\Windows\System32\Tasks\{276E309A-0388-41F8-85C7-6C8332B03104}
2013-11-02 19:30 - 2013-11-02 19:30 - 00002936 _____ C:\Windows\System32\Tasks\{AB96D336-DEF6-402B-A180-B2075EA024A7}
2013-11-02 18:10 - 2013-11-02 18:10 - 00002936 _____ C:\Windows\System32\Tasks\{55C7A00D-8A62-4B0F-8489-9A45EE51BF3D}
2013-11-02 18:02 - 2013-11-02 18:02 - 00002936 _____ C:\Windows\System32\Tasks\{D9CABA56-5E94-4B16-868E-15C8AC5FC8BC}
2013-11-01 13:36 - 2013-11-01 13:36 - 00002936 _____ C:\Windows\System32\Tasks\{C5D41BF5-8805-489D-AD96-2C5BEE8B7AC7}
2013-11-01 13:25 - 2013-11-01 13:25 - 00002936 _____ C:\Windows\System32\Tasks\{4D24DD9B-92CC-4E20-B81D-62561AE13C69}
2013-11-01 13:18 - 2013-11-01 13:18 - 00002936 _____ C:\Windows\System32\Tasks\{EA0F4AA0-E552-4C9C-AF37-392FC05C6D65}
2013-11-01 12:53 - 2013-11-01 12:53 - 00002936 _____ C:\Windows\System32\Tasks\{F614F0A7-D642-470B-B2EA-64C74E3CF429}
2013-10-31 20:49 - 2013-10-31 20:49 - 00002936 _____ C:\Windows\System32\Tasks\{E52531FA-C49A-4AF2-B3FA-092EDE0C49F0}
2013-10-31 14:42 - 2013-10-31 14:25 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-31 14:42 - 2012-10-13 20:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-31 14:42 - 2011-09-17 13:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-31 12:57 - 2013-10-31 12:57 - 00002936 _____ C:\Windows\System32\Tasks\{90A82AF2-FAAA-40F1-9326-95BAD58E6B5D}
2013-10-31 12:54 - 2013-10-31 12:54 - 00002936 _____ C:\Windows\System32\Tasks\{17F94438-FDCE-4E23-963F-4479E41FC30E}
2013-10-31 12:50 - 2013-10-31 12:50 - 00002936 _____ C:\Windows\System32\Tasks\{4AF82933-E66E-48AD-8D86-ABACAC1C0090}
2013-10-30 21:55 - 2013-10-28 11:46 - 00000000 ____D C:\Users\Katka\Downloads\Gameforge Live
2013-10-30 21:54 - 2013-10-30 21:54 - 00002936 _____ C:\Windows\System32\Tasks\{355BFD72-986F-46CA-AB68-322ECB09606C}
2013-10-30 20:22 - 2011-12-17 20:19 - 00000000 ____D C:\Users\Dagmar\Desktop\Dagmar
2013-10-30 20:02 - 2013-10-30 20:02 - 00002936 _____ C:\Windows\System32\Tasks\{309CA862-B5AF-4B0C-9857-7799BD434F43}
2013-10-30 13:41 - 2013-10-30 13:41 - 00002936 _____ C:\Windows\System32\Tasks\{18D5AC8D-4757-4354-9563-291994150B21}
2013-10-30 13:05 - 2013-10-30 13:05 - 00002936 _____ C:\Windows\System32\Tasks\{6239E242-7108-4D71-A424-C9EB5DBEE9E4}
2013-10-30 13:01 - 2013-10-30 13:01 - 00002936 _____ C:\Windows\System32\Tasks\{07D351A3-29F8-4962-848C-2815128B055B}
2013-10-30 10:45 - 2013-11-14 14:32 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-10-30 10:45 - 2013-11-14 14:32 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2013-10-30 10:45 - 2013-11-14 14:31 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2013-10-30 10:45 - 2013-11-14 14:31 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2013-10-30 10:45 - 2013-11-14 13:33 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2013-10-30 09:53 - 2013-10-30 09:53 - 00002936 _____ C:\Windows\System32\Tasks\{6F20CB80-E327-4ED5-BAC3-5F4545B370BB}
2013-10-30 09:50 - 2013-10-30 09:50 - 00002936 _____ C:\Windows\System32\Tasks\{8F646835-07E7-49F5-BA78-B2E1C7E58DAB}
2013-10-30 09:38 - 2013-10-30 09:37 - 00000000 ____D C:\Users\Dagmar\Downloads\Gameforge Live
2013-10-30 09:37 - 2013-10-30 09:37 - 00000000 ____D C:\Users\Dagmar\AppData\Local\Gameforge4d
2013-10-29 21:42 - 2013-10-29 21:42 - 00002936 _____ C:\Windows\System32\Tasks\{CE38E484-8AA4-4843-9F7E-9F8887402C54}
2013-10-29 14:12 - 2013-10-29 14:12 - 00000000 ____D C:\Users\MaRkI\Downloads\Gameforge Live
2013-10-29 14:12 - 2013-10-29 14:12 - 00000000 ____D C:\Users\MaRkI\AppData\Local\Gameforge4d
2013-10-28 12:47 - 2013-10-28 12:46 - 10702992 _____ ( ) C:\Users\Katka\Downloads\fwinstall.exe
2013-10-28 12:32 - 2013-10-28 12:32 - 00000643 _____ C:\Users\Public\Desktop\Metin2.lnk
2013-10-28 12:32 - 2013-10-28 12:32 - 00000643 _____ C:\ProgramData\Desktop\Metin2.lnk
2013-10-28 12:07 - 2013-10-28 12:05 - 34249488 _____ (Riot Games) C:\Users\Katka\Downloads\LeagueofLegends_EUNE_Installer_06_17_13.exe
2013-10-28 11:46 - 2013-10-28 11:46 - 00000000 ____D C:\Users\Katka\AppData\Local\Gameforge4d
2013-10-28 11:45 - 2013-10-28 11:45 - 00000588 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-10-28 11:45 - 2013-10-28 11:45 - 00000588 _____ C:\ProgramData\Desktop\Gameforge Live.lnk
2013-10-28 11:44 - 2013-10-28 11:43 - 19394136 _____ (Gameforge ) C:\Users\Katka\Downloads\Metin2_GameforgeLiveSetup.exe
2013-10-28 11:40 - 2011-11-05 18:04 - 00000000 ____D C:\Program Files (x86)\Metin2
2013-10-27 21:01 - 2011-09-22 07:48 - 00000000 ____D C:\Users\MaRkI\AppData\Local\CrashDumps
2013-10-27 15:51 - 2009-07-14 03:34 - 00000546 _____ C:\Windows\win.ini
2013-10-27 15:43 - 2013-10-25 18:16 - 00000000 ____D C:\Users\MaRkI\Documents\Corel
2013-10-27 13:27 - 2013-10-27 13:27 - 00228864 _____ C:\Users\Dagmar\Downloads\Publicistický styl DRU.ppt
2013-10-27 12:33 - 2011-09-17 10:31 - 00136280 _____ C:\Users\Dagmar\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-26 19:10 - 2013-10-26 19:10 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2013-10-26 19:10 - 2013-10-26 19:10 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2013-10-26 11:09 - 2011-09-20 11:47 - 00136280 _____ C:\Users\Katka\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-26 11:07 - 2009-07-14 05:45 - 05049432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-25 18:24 - 2013-10-25 18:24 - 00000000 ____D C:\Users\MaRkI\Documents\Moje palety
2013-10-25 18:24 - 2013-10-25 18:24 - 00000000 ____D C:\Users\MaRkI\Desktop\The Sims
2013-10-25 18:23 - 2013-10-25 18:23 - 00000000 ____D C:\Users\MaRkI\AppData\Roaming\Corel
2013-10-25 18:23 - 2011-09-19 15:30 - 00136280 _____ C:\Users\MaRkI\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-25 18:22 - 2013-10-25 18:22 - 00000000 ____D C:\Users\MaRkI\Desktop\Corel
2013-10-25 18:22 - 2011-09-19 15:37 - 00000000 ___RD C:\Users\MaRkI\Desktop\Markét x33
2013-10-25 18:21 - 2013-10-25 17:54 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6
2013-10-25 18:15 - 2013-10-25 18:15 - 00000000 ____D C:\Users\MaRkI\Documents\Visual Studio 2008
2013-10-25 18:12 - 2013-10-25 18:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-10-25 18:11 - 2013-10-25 18:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\Users\Public\Documents\Corel
2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\ProgramData\Documents\Corel
2013-10-25 17:56 - 2011-09-24 15:05 - 00000000 ____D C:\Program Files (x86)\Corel
2013-10-23 20:31 - 2013-10-23 19:50 - 00014186 _____ C:\Users\Dagmar\Downloads\Kniha+evidence+DPH.xlsx
2013-10-23 19:44 - 2013-10-23 19:20 - 00011559 _____ C:\Users\Dagmar\Downloads\DPH+Daň+povinnost (1).xlsx
2013-10-23 15:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-23 14:39 - 2013-10-16 08:30 - 00000000 ____D C:\Users\Dagmar\Documents\Věcná práva, vlastnictví a spoluvlastnictví Univerzita Online_files
2013-10-23 14:39 - 2013-10-01 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-23 14:39 - 2013-03-13 21:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-23 14:39 - 2013-03-13 21:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-23 14:39 - 2011-11-05 20:28 - 00000000 ____D C:\ProgramData\Norton
2013-10-23 14:39 - 2011-09-19 15:29 - 00000000 ____D C:\Users\MaRkI
2013-10-23 14:39 - 2011-09-16 18:22 - 00000000 ____D C:\Users\Dagmar
2013-10-23 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-23 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-23 13:51 - 2011-09-17 10:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-22 15:15 - 2013-10-22 15:15 - 00003046 _____ C:\Windows\System32\Tasks\{F0B0D277-435D-438E-BC46-E87E96FC90DC}
2013-10-22 13:52 - 2013-10-22 13:52 - 00003046 _____ C:\Windows\System32\Tasks\{685A02F2-D024-4CA3-B3CB-700B0464EDC7}
2013-10-21 12:29 - 2013-10-21 12:29 - 00003046 _____ C:\Windows\System32\Tasks\{8DC4513B-07DE-4CC9-AB03-57FAE6C985DD}
2013-10-21 12:20 - 2013-10-21 12:20 - 00003046 _____ C:\Windows\System32\Tasks\{3854C041-6301-4613-88B7-8D65DA0947A0}
2013-10-20 19:46 - 2013-10-20 19:42 - 00010652 _____ C:\Users\Dagmar\Downloads\DPH+Daň+povinnost.xlsx
2013-10-20 18:43 - 2013-10-20 18:43 - 04993924 _____ C:\Users\Dagmar\Downloads\Majetková práva 1.zip
2013-10-20 12:09 - 2013-10-20 12:09 - 00003046 _____ C:\Windows\System32\Tasks\{672F322A-6657-4FB1-A8DC-3EE7C3E14F9C}
2013-10-20 12:08 - 2013-10-20 12:08 - 00003046 _____ C:\Windows\System32\Tasks\{CB94EB32-BB6D-4351-A372-C9B7A406CB5A}
2013-10-20 10:24 - 2013-10-20 10:24 - 00002974 _____ C:\Windows\System32\Tasks\{AA7631EF-FE61-48F1-9BEA-C50024817221}
2013-10-19 14:57 - 2013-10-19 14:57 - 00003046 _____ C:\Windows\System32\Tasks\{B8B5E478-3D92-4A2A-BE2C-E96DC6B68DC6}
2013-10-19 14:56 - 2013-10-19 14:56 - 00003046 _____ C:\Windows\System32\Tasks\{BDDC03A2-9D58-405F-9989-0A187FFD90CD}
2013-10-18 18:43 - 2013-10-18 18:43 - 00010625 _____ C:\Users\Dagmar\Downloads\Kopie+-+DPH+Daň+povinnost.xlsx
2013-10-18 17:01 - 2013-10-18 17:01 - 00002974 _____ C:\Windows\System32\Tasks\{42478DCE-4497-4CBC-94CD-48837203C4EC}
2013-10-18 14:26 - 2013-10-18 14:26 - 00002974 _____ C:\Windows\System32\Tasks\{39CAFA71-A1F0-4A16-8936-AB2CE4C2B8FA}
2013-10-18 13:10 - 2013-10-18 13:10 - 00002974 _____ C:\Windows\System32\Tasks\{B69F2535-2249-42F7-8ACF-FBF549FE4579}
2013-10-18 12:07 - 2013-10-18 12:07 - 00002948 _____ C:\Windows\System32\Tasks\{38AF87B7-7132-4466-82A0-0268085A4848}
2013-10-18 12:05 - 2013-09-30 19:17 - 00000000 ____D C:\Users\Katka\AppData\Local\VirtualStore

Some content of TEMP:
====================
C:\Users\Dagmar\AppData\Local\Temp\oi_{3F307B51-C5E5-4CC8-918B-30C5806506B1}.exe
C:\Users\Dagmar\AppData\Local\Temp\setup.exe
C:\Users\Katka\AppData\Local\Temp\EAD76D4.exe
C:\Users\Katka\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Katka\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Katka\AppData\Local\Temp\SCC.dll
C:\Users\Katka\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Katka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Katka\AppData\Local\Temp\SQLite.dll
C:\Users\Katka\AppData\Local\Temp\Uninstall.exe
C:\Users\Katka\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Katka\AppData\Local\Temp\_is79C9.exe
C:\Users\Katka\AppData\Local\Temp\_isF204.exe
C:\Users\MaRkI\AppData\Local\Temp\eauninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-13 19:20

==================== End Of Log ============================

Re: Rootkit- aplikace Idle

Napsal: 17 lis 2013 00:57
od vyosek
:arrow: To AVG dame do pryc a nechame jen Avast, jinak bude dochazet ke kolizi.

:arrow: Odinstalujte AVG a pak pouzijte jeste tohle http://download.avg.com/filedir/util/su ... 4_4116.exe

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKCU\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKCU\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-04-05] (ICQ, LLC.)
HKCU\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MountPoints2: {262ef01c-e137-11e0-be6f-806e6f6e6963} - E:\Autorun.exe
MountPoints2: {f18b30c5-8e10-11e2-9df8-742f684162b6} - G:\Autorun.exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1398440 2011-12-14] (Ask)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-04-05] ()
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-09-29] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-14] (AVAST Software)
HKU\Katka\...\Run: [Device Detector] - DevDetect.exe -autorun
HKU\Katka\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\Katka\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKU\Katka\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-04-05] (ICQ, LLC.)
HKU\Katka\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\Katka\...\Run: [AdobeBridge] - [x]
HKU\Katka\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\MaRkI\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKU\MaRkI\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\MaRkI\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [968592 2013-03-14] (BitTorrent, Inc.)
HKU\MaRkI\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\MaRkI\...\Run: [T-Mobile Communication Centre] - C:\Program Files (x86)\T-Mobile Communication Centre\Centre.exe [573511 2013-05-29] ()
IMEO\cdromek.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\gimp-2.6.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\icq.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\icqsetup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\sptdinst-x64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\utorrent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\webcammax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = http://eu.ask.com/web?l=dis&o=APN10147& ... &apn_dtid=^YYYYYY^YY^CZ&apn_ptnrs=^A6E&apn_uid=4545155131604642&p2=^A6E^YYYYYY^YY^CZ&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6OzeBw ... kw&search={searchTerms}
SearchScopes: HKCU - {FCCBB04F-FE11-428E-A79E-B1E984F36298} URL = http://searchya.com/?chnl=dcom-100&s=1& ... DyEtCtC&q={searchTerms}
BHO-x32: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\bh\searchya.dll (Montera Technologeis LTD)
BHO-x32: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
BHO-x32: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
BHO-x32: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File

FF NewTab: hxxp://www.delta-search.com/?affID=1198 ... 2F68405224
FF DefaultSearchEngine: Delta Search
FF SelectedSearchEngine: Delta Search
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: Ask Toolbar - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\toolbar@ask.com
FF Extension: aTube Toolbar - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\{bfc39e47-d643-4dc2-aa1d-61377501c844}

CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\MaRkI\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.0.9\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx

R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-04-05] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1762608 2013-09-15] ()
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-26] ()
R2 vToolbarUpdater17.0.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [1734680 2013-09-29] (AVG Secure Search)

S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
S3 cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]

C:\Users\Dagmar\AppData\Local\Temp\oi_{3F307B51-C5E5-4CC8-918B-30C5806506B1}.exe
C:\Users\Dagmar\AppData\Local\Temp\setup.exe
C:\Users\Katka\AppData\Local\Temp\EAD76D4.exe
C:\Users\Katka\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Katka\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Katka\AppData\Local\Temp\SCC.dll
C:\Users\Katka\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Katka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Katka\AppData\Local\Temp\SQLite.dll
C:\Users\Katka\AppData\Local\Temp\Uninstall.exe
C:\Users\Katka\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Katka\AppData\Local\Temp\_is79C9.exe
C:\Users\Katka\AppData\Local\Temp\_isF204.exe
C:\Users\MaRkI\AppData\Local\Temp\eauninstall.exe
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Program Files (x86)\Guard-ICQ
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\ICQ6Toolbar
C:\Program Files (x86)\Ironsource\searchya

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005Core.job => C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005UA.job => C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Katka.job => C:\PROGRA~2\NORTON~2\Engine\360~1.31\Nss.exe
Task: C:\Windows\Tasks\Norton Security Scan for MaRkI.job => C:\PROGRA~2\NORTON~2\Engine\360~1.31\Nss.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\Registry Mechanic\RegMech.exe

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

Hosts:

End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: Rootkit- aplikace Idle

Napsal: 18 lis 2013 15:58
od Marr-keta
Tady je ten log :)

:arrow: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2013 02
Ran by Dagmar at 2013-11-18 15:51:35 Run:1
Running from C:\Users\Dagmar\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKCU\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKCU\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-04-05] (ICQ, LLC.)
HKCU\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MountPoints2: {262ef01c-e137-11e0-be6f-806e6f6e6963} - E:\Autorun.exe
MountPoints2: {f18b30c5-8e10-11e2-9df8-742f684162b6} - G:\Autorun.exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1398440 2011-12-14] (Ask)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-04-05] ()
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-09-29] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-14] (AVAST Software)
HKU\Katka\...\Run: [Device Detector] - DevDetect.exe -autorun
HKU\Katka\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\Katka\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKU\Katka\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-04-05] (ICQ, LLC.)
HKU\Katka\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\Katka\...\Run: [AdobeBridge] - [x]
HKU\Katka\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\MaRkI\...\Run: [Facebook Update] - C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-11] (Facebook Inc.)
HKU\MaRkI\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\MaRkI\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [968592 2013-03-14] (BitTorrent, Inc.)
HKU\MaRkI\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\MaRkI\...\Run: [T-Mobile Communication Centre] - C:\Program Files (x86)\T-Mobile Communication Centre\Centre.exe [573511 2013-05-29] ()
IMEO\cdromek.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\gimp-2.6.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\icq.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\icqsetup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\sptdinst-x64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\utorrent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\webcammax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = http://eu.ask.com/web?l=dis&o=APN10147& ... &apn_dtid=^YYYYYY^YY^CZ&apn_ptnrs=^A6E&apn_uid=4545155131604642&p2=^A6E^YYYYYY^YY^CZ&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6OzeBw ... kw&search={searchTerms}
SearchScopes: HKCU - {FCCBB04F-FE11-428E-A79E-B1E984F36298} URL = http://searchya.com/?chnl=dcom-100&s=1& ... DyEtCtC&q={searchTerms}
BHO-x32: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\bh\searchya.dll (Montera Technologeis LTD)
BHO-x32: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
BHO-x32: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
BHO-x32: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll ()
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File

FF NewTab: hxxp://www.delta-search.com/?affID=1198 ... 2F68405224
FF DefaultSearchEngine: Delta Search
FF SelectedSearchEngine: Delta Search
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: Ask Toolbar - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\toolbar@ask.com
FF Extension: aTube Toolbar - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\{bfc39e47-d643-4dc2-aa1d-61377501c844}

CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\MaRkI\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.0.9\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx

R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-04-05] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1762608 2013-09-15] ()
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-26] ()
R2 vToolbarUpdater17.0.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [1734680 2013-09-29] (AVG Secure Search)

S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
S3 cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]

C:\Users\Dagmar\AppData\Local\Temp\oi_{3F307B51-C5E5-4CC8-918B-30C5806506B1}.exe
C:\Users\Dagmar\AppData\Local\Temp\setup.exe
C:\Users\Katka\AppData\Local\Temp\EAD76D4.exe
C:\Users\Katka\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Katka\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Katka\AppData\Local\Temp\SCC.dll
C:\Users\Katka\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Katka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Katka\AppData\Local\Temp\SQLite.dll
C:\Users\Katka\AppData\Local\Temp\Uninstall.exe
C:\Users\Katka\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Katka\AppData\Local\Temp\_is79C9.exe
C:\Users\Katka\AppData\Local\Temp\_isF204.exe
C:\Users\MaRkI\AppData\Local\Temp\eauninstall.exe
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Program Files (x86)\Guard-ICQ
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\ICQ6Toolbar
C:\Program Files (x86)\Ironsource\searchya

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005Core.job => C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005UA.job => C:\Users\MaRkI\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Katka.job => C:\PROGRA~2\NORTON~2\Engine\360~1.31\Nss.exe
Task: C:\Windows\Tasks\Norton Security Scan for MaRkI.job => C:\PROGRA~2\NORTON~2\Engine\360~1.31\Nss.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\Registry Mechanic\RegMech.exe

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WebcamMaxAutoRun => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{262ef01c-e137-11e0-be6f-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{262ef01c-e137-11e0-be6f-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18b30c5-8e10-11e2-9df8-742f684162b6} => Key deleted successfully.
HKCR\CLSID\{f18b30c5-8e10-11e2-9df8-742f684162b6} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SSDMonitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Guard.Mail.ru.gui => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => Unable to delete value
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\Device Detector => Value not found.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core => Value not found.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value not found.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ => Value not found.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\WebcamMaxAutoRun => Value not found.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value not found.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value not found.
HKU\MaRkI\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value not found.
HKU\MaRkI\Software\Microsoft\Windows\CurrentVersion\Run\\WebcamMaxAutoRun => Value not found.
HKU\MaRkI\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value not found.
HKU\MaRkI\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value not found.
HKU\MaRkI\Software\Microsoft\Windows\CurrentVersion\Run\\T-Mobile Communication Centre => Value not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cdromek.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dtlite.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\gimp-2.6.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hpwucli.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\icq.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\icqsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sptdinst-x64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unins000.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uninst.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uninstall.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utorrent.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\webcammax.exe => Key deleted successfully.
C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\ICQ Search => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046} => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key deleted successfully.
HKCR\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} => Key deleted successfully.
HKCR\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key deleted successfully.
HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCCBB04F-FE11-428E-A79E-B1E984F36298} => Key deleted successfully.
HKCR\CLSID\{FCCBB04F-FE11-428E-A79E-B1E984F36298} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfc39e47-d643-4dc2-aa1d-61377501c844} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{bfc39e47-d643-4dc2-aa1d-61377501c844} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{33AA308B-B565-4376-AC66-59EE9B6AD13E} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{bfc39e47-d643-4dc2-aa1d-61377501c844} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{bfc39e47-d643-4dc2-aa1d-61377501c844} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90B49673-5506-483E-B92B-CA0265BD9CA8} => Value deleted successfully.
HKCR\CLSID\{90B49673-5506-483E-B92B-CA0265BD9CA8} => Key not found.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\babylon.xml => Moved successfully.
C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart Search.xml => Moved successfully.
C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\searchplugins\MyStart.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml => Moved successfully.
C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\toolbar@ask.com => Moved successfully.
C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\Extensions\{bfc39e47-d643-4dc2-aa1d-61377501c844} => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda => Key deleted successfully.
C:\Users\MaRkI\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Key not found.
"C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.0.9\avg.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj => Key deleted successfully.
C:\Windows\SysWOW64\jmdp\SweetNT.crx => Moved successfully.
Guard.Mail.ru => Service deleted successfully.
IBUpdaterService => Service deleted successfully.
tor => Service deleted successfully.
vToolbarUpdater17.0.1 => Service not found.
cleanhlp => Service deleted successfully.
cpuz134 => Service deleted successfully.
C:\Users\Dagmar\AppData\Local\Temp\oi_{3F307B51-C5E5-4CC8-918B-30C5806506B1}.exe => Moved successfully.
C:\Users\Dagmar\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\EAD76D4.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\SCC.dll => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\Shockwave_Installer_FF.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\SQLite.dll => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\Uninstall.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\UninstallEADM.dll => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\_is79C9.exe => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\_isF204.exe => Moved successfully.
C:\Users\MaRkI\AppData\Local\Temp\eauninstall.exe => Moved successfully.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Directory not found.
"C:\Program Files (x86)\AVG SafeGuard toolbar" => File/Directory not found.
C:\Program Files (x86)\Guard-ICQ => Moved successfully.
C:\Program Files (x86)\Ask.com => Moved successfully.
C:\Program Files (x86)\ICQ6Toolbar => Moved successfully.
C:\Program Files (x86)\Ironsource\searchya => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3055772981-3229068143-2885740664-1005UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\Norton Security Scan for Katka.job => Moved successfully.
C:\Windows\Tasks\Norton Security Scan for MaRkI.job => Moved successfully.
C:\Windows\Tasks\RMSchedule.job => Moved successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.


The system needs a manual reboot.

==== End of Fixlog ====

Re: Rootkit- aplikace Idle

Napsal: 18 lis 2013 18:09
od vyosek
:arrow: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
  • Ulozte nejlepe na plochu
  • Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
  • Probehne vytvoreni zalohy a nasledne prohledavani
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: Rootkit- aplikace Idle

Napsal: 18 lis 2013 19:07
od Marr-keta
Tady je log z JRT a ten druhý vložím o pár minut později :)

:arrow:



~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dagmar\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\icq service.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3055772981-3229068143-2885740664-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\funwebproducts
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\b
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.searchyaesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.searchyaesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\i
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ironsource.searchyaappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ironsource.searchyaappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ironsource.searchyadskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ironsource.searchyadskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ironsource.searchyahlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ironsource.searchyahlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\icqtoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchya
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2612669
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnToolbarInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnToolbarInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"



~~~ Files

Successfully deleted: [File] "C:\Users\Dagmar\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Dagmar\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Dagmar\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Dagmar\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Dagmar\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Dagmar\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Dagmar\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Dagmar\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Dagmar\AppData\Roaming\dll-files.com"
Successfully deleted: [Folder] "C:\Users\Dagmar\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\locallow\imvu_inc"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\locallow\ironsource"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\funwebproducts"
Successfully deleted: [Folder] "C:\Program Files (x86)\imvu_inc"
Successfully deleted: [Folder] "C:\Program Files (x86)\ironsource"
Successfully deleted: [Folder] "C:\Program Files (x86)\registry mechanic"
Successfully deleted: [Folder] "C:\Program Files (x86)\utorrentcontrol_v2"
Successfully deleted: [Folder] "C:\Windows\syswow64\arfc"
Successfully deleted: [Folder] "C:\Windows\syswow64\jmdp"
Successfully deleted: [Folder] "C:\Windows\syswow64\wnlt"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Dagmar\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Dagmar\AppData\Roaming\mozilla\firefox\profiles\bvted9fw.default\prefs.js

user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
user_pref("extensions.asktb.abar-war-timeout", "4000");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "RY");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.crumb", "2011.09.19+08.09.29-toolbar014iad-CZ-UHJhZ3VlLEN6ZWNoIFJlcHVibGlj");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "YYYYYYYYCZ");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "EZXX0012");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "4B994735-EC91-435D-81AE-8AB31E5CFD4E");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "su");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1384784843308");
user_pref("extensions.asktb.last-search-timestamp", "1360782225625");
user_pref("extensions.asktb.last-v", "3.13.1.100008");
user_pref("extensions.asktb.locale", "en_US");
user_pref("extensions.asktb.location", "Prague,Czech Republic");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.new-tab-enabled", true);
user_pref("extensions.asktb.o", "15184");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "12");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-history-queries", "Poslední záznam od soudu: 19.01.2013 - 17:07||GRAFY");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "5000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.13.1.100013");
user_pref("extensions.asktb.volume", "");
Emptied folder: C:\Users\Dagmar\AppData\Roaming\mozilla\firefox\profiles\bvted9fw.default\minidumps [56 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Dagmar\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 18.11.2013 at 19:06:37,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: Rootkit- aplikace Idle

Napsal: 18 lis 2013 19:21
od Marr-keta
Zde je log z AdwCleaner :)
# AdwCleaner v3.012 - Report created 18/11/2013 at 19:14:54
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dagmar - DAGMAR-PC
# Running from : C:\Users\Dagmar\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
Folder Deleted : C:\Program Files (x86)\~BabylonToolbar
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\MaRkI\AppData\Local\Conduit
Folder Deleted : C:\Users\MaRkI\AppData\Local\PackageAware
Folder Deleted : C:\Users\MaRkI\AppData\Local\Temp\Conduit
Folder Deleted : C:\Users\MaRkI\AppData\Local\Temp\OpenCandy
Folder Deleted : C:\Users\MaRkI\AppData\Local\Temp\CT3220468
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\Ironsource
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\IMVU_Inc
Folder Deleted : C:\Users\MaRkI\AppData\LocalLow\uTorrentControl_v2
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Babylon
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\file scout
Folder Deleted : C:\Users\Katka\AppData\Local\Babylon
Folder Deleted : C:\Users\Katka\AppData\Local\TempDir
Folder Deleted : C:\Users\Katka\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Katka\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Katka\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Katka\AppData\LocalLow\Ironsource
Folder Deleted : C:\Users\Katka\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Katka\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Katka\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Katka\AppData\LocalLow\IMVU_Inc
Folder Deleted : C:\Users\Katka\AppData\LocalLow\uTorrentControl_v2
Folder Deleted : C:\Users\Katka\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Katka\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Katka\AppData\Roaming\file scout
Folder Deleted : C:\Users\Katka\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\ConduitCommon
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\ICQToolbarData
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\Smartbar
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\CT3220468
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Folder Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\Extensions\ffxtlbr@searchya.com
Folder Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
[!] Folder Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Dagmar\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\bprotector_extensions.sqlite
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\bprotector_prefs.js
File Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\bprotector_prefs.js
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\searchplugins\Babylon.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\Conduit.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin.gif
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin.src
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-10.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-11.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-12.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-13.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-14.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-15.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-5.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-6.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-7.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-8.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\icqplugin-9.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\MyStart.xml
File Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\searchplugins\MyStart.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\searchplugins\searchya.xml
File Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\searchplugins\Sweetpacks Search.xml
File Deleted : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\user.js
File Deleted : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\user.js
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
File Deleted : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKCU\Software\5e55db8de735ec47
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5A06970-6BC9-45FA-BA46-CCCC4855D1C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BFB2FA7-7579-4045-8F41-4C17644DA8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4905F228-69DD-477C-B2D7-CB1A8E171848}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03E248E8-9299-48CF-AE9D-21C7C6CFFE72}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\Ironsource
Key Deleted : HKCU\Software\AppDataLow\Software\IMVU_Inc
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\Ironsource
Key Deleted : HKLM\Software\IMVU_Inc
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMVU_Inc Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (cs)

[ File : C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default\prefs.js ]

Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Line Deleted : user_pref("extensions.asktb.crumb", "2011.09.19+08.09.29-toolbar014iad-CZ-UHJhZ3VlLEN6ZWNoIFJlcHVibGlj");
Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

[ File : C:\Users\MaRkI\AppData\Roaming\Mozilla\Firefox\Profiles\qa2lw4gf.default\prefs.js ]

Line Deleted : user_pref("CT2612669..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2612669..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2612669..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2612669.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2612669.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2612669.BrowserCompStateIsOpen_129482420034282070", true);
Line Deleted : user_pref("CT2612669.BrowserCompStateIsOpen_129564502120544861", true);
Line Deleted : user_pref("CT2612669.BrowserCompStateIsOpen_129564560723477699", true);
Line Deleted : user_pref("CT2612669.BrowserCompStateIsOpen_129683190780749804", true);
Line Deleted : user_pref("CT2612669.CT2612669", "CT2612669");
Line Deleted : user_pref("CT2612669.CurrentServerDate", "4-1-2012");
Line Deleted : user_pref("CT2612669.DSInstall", true);
Line Deleted : user_pref("CT2612669.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2612669.DialogsGetterLastCheckTime", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CT2612669.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"1/4/2012 12:44:29 PM\",\"SourceId\":0,\"OriginSource\":0,\"Refer[...]
Line Deleted : user_pref("CT2612669.EMailNotifierPollDate", "Wed Jan 04 2012 10:44:37 GMT+0100");
Line Deleted : user_pref("CT2612669.FeedLastCount129206864782289142", 24);
Line Deleted : user_pref("CT2612669.FeedPollDate129206864782914144", "Wed Jan 04 2012 10:44:39 GMT+0100");
Line Deleted : user_pref("CT2612669.FeedTTL129206864782914144", 40);
Line Deleted : user_pref("CT2612669.FirstServerDate", "19-10-2011");
Line Deleted : user_pref("CT2612669.FirstTime", true);
Line Deleted : user_pref("CT2612669.FirstTimeFF3", true);
Line Deleted : user_pref("CT2612669.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2612669.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2612669.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2612669.HPInstall", true);
Line Deleted : user_pref("CT2612669.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2612669.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2612669.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2612669&SearchSource=13");
Line Deleted : user_pref("CT2612669.Initialize", true);
Line Deleted : user_pref("CT2612669.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2612669.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2612669.InstallationType", "Unknown");
Line Deleted : user_pref("CT2612669.InstalledDate", "Wed Oct 19 2011 16:20:26 GMT+0200");
Line Deleted : user_pref("CT2612669.InvalidateCache", false);
Line Deleted : user_pref("CT2612669.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2612669.IsGrouping", false);
Line Deleted : user_pref("CT2612669.IsInitSetupIni", true);
Line Deleted : user_pref("CT2612669.IsMulticommunity", false);
Line Deleted : user_pref("CT2612669.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2612669.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2612669.IsProtectorsInit", true);
Line Deleted : user_pref("CT2612669.LanguagePackLastCheckTime", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CT2612669.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2612669.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2612669.LastLogin_3.7.0.6", "Wed Oct 19 2011 16:21:30 GMT+0200");
Line Deleted : user_pref("CT2612669.LastLogin_3.8.1.0", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CT2612669.LatestVersion", "3.8.1.0");
Line Deleted : user_pref("CT2612669.Locale", "en");
Line Deleted : user_pref("CT2612669.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2612669.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2612669.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2612669.MyStuffEnabledAtInstallation", false);
Line Deleted : user_pref("CT2612669.OriginalFirstVersion", "3.7.0.6");
Line Deleted : user_pref("CT2612669.RadioIsPodcast", false);
Line Deleted : user_pref("CT2612669.RadioLastCheckTime", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CT2612669.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2612669.RadioLastUpdateServer", "0");
Line Deleted : user_pref("CT2612669.RadioMediaID", "9962");
Line Deleted : user_pref("CT2612669.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2612669.RadioMenuSelectedID", "EBRadioMenu_CT26126699962");
Line Deleted : user_pref("CT2612669.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT2612669.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT2612669.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT2612669.SavedHomepage", "hxxp://start.icq.com/");
Line Deleted : user_pref("CT2612669.SearchCaption", "IMVU Inc Customized Web Search");
Line Deleted : user_pref("CT2612669.SearchEngineBeforeUnload", "IMVU Inc Customized Web Search");
Line Deleted : user_pref("CT2612669.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2612669.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&q=");
Line Deleted : user_pref("CT2612669.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2612669.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2612669.SearchInNewTabLastCheckTime", "Wed Jan 04 2012 10:44:39 GMT+0100");
Line Deleted : user_pref("CT2612669.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2612669.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2612669.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2612669.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2612669.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT2612669.ServiceMapLastCheckTime", "Wed Jan 04 2012 10:44:37 GMT+0100");
Line Deleted : user_pref("CT2612669.SettingsLastCheckTime", "Wed Jan 04 2012 10:44:36 GMT+0100");
Line Deleted : user_pref("CT2612669.SettingsLastUpdate", "1325062543");
Line Deleted : user_pref("CT2612669.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2612669&SearchSource=13");
Line Deleted : user_pref("CT2612669.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2612669.ThirdPartyComponentsLastCheck", "Wed Jan 04 2012 10:44:36 GMT+0100");
Line Deleted : user_pref("CT2612669.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT2612669.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2612669.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2612669");
Line Deleted : user_pref("CT2612669.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2612669.UserID", "UN45596672312929037");
Line Deleted : user_pref("CT2612669.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2612669.WeatherNetwork", "");
Line Deleted : user_pref("CT2612669.WeatherPollDate", "Wed Jan 04 2012 10:44:42 GMT+0100");
Line Deleted : user_pref("CT2612669.WeatherUnit", "C");
Line Deleted : user_pref("CT2612669.alertChannelId", "1005466");
Line Deleted : user_pref("CT2612669.autoDisableScopes", 10);
Line Deleted : user_pref("CT2612669.backendstorage.2612669a129684723478947121000000paramsgk0", "7B2275706461746552657154696D65223A313332353637303238363338362C227570646174655265737054696D65223A31333235363730323837343[...]
Line Deleted : user_pref("CT2612669.backendstorage.cbfirsttime", "576564204F637420313920323031312031363A32303A323920474D542B30323030");
Line Deleted : user_pref("CT2612669.backendstorage.shoppingapp.gk.exipres", "4D6F6E204A616E20303920323031322031303A34343A343720474D542B30313030");
Line Deleted : user_pref("CT2612669.backendstorage.shoppingapp.gk.geolocation", "637A6563682072657075626C6963");
Line Deleted : user_pref("CT2612669.components.1000034", true);
Line Deleted : user_pref("CT2612669.components.1000082", true);
Line Deleted : user_pref("CT2612669.components.1000234", true);
Line Deleted : user_pref("CT2612669.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2612669.globalFirstTimeInfoLastCheckTime", "Wed Jan 04 2012 10:44:41 GMT+0100");
Line Deleted : user_pref("CT2612669.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2612669.initDone", true);
Line Deleted : user_pref("CT2612669.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2612669.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT2612669.myStuffEnabled", true);
Line Deleted : user_pref("CT2612669.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2612669.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2612669.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2612669.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2612669.oldAppsList", "129170380618247103,129170380618247104,111,129174085518698803,129185927686343262,129684723478947121,129206864782289142,129296598392950474,129482420034282070,12968319[...]
Line Deleted : user_pref("CT2612669.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2612669.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2612669.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2612669.testingCtid", "");
Line Deleted : user_pref("CT2612669.toolbarAppMetaDataLastCheckTime", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CT2612669.toolbarContextMenuLastCheckTime", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CT2612669.usagesFlag", 2);
Line Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1353159621,\"uuid\":171435224624011,\"seq_id\":1,\"ssb\":1353159621}");
Line Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.FirstTime", "true");
Line Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.UserID", "UN39682371277941864");
Line Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.autoDisableScopes", 10);
Line Deleted : user_pref("CT3220468.cbfirsttime", "Sat Nov 17 2012 14:40:13 GMT+0100");
Line Deleted : user_pref("CT3220468.countryCode", "CZ");
Line Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Line Deleted : user_pref("CT3220468.enableAlerts", "always");
Line Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Line Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3220468.fixUrls", true);
Line Deleted : user_pref("CT3220468.fullUserID", "UN39682371277941864.UP.20130719103806");
Line Deleted : user_pref("CT3220468.installId", "fft7E73.tmp.exe");
Line Deleted : user_pref("CT3220468.installType", "XPE");
Line Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Line Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN39682371277941864&SSPV=&Lay=1&UM=\"}");
Line Deleted : user_pref("CT3220468.lastVersion", "10.20.0.513");
Line Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"V%C3%ADtejte%20na%20Facebooku%20%E2%80%93%20zaregistrujte%20se%2C%2[...]
Line Deleted : user_pref("CT3220468.openThankYouPage", "true");
Line Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Deleted : user_pref("CT3220468.search.searchCount", "0");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.searchSuggestEnabledByUser", "FALSE");
Line Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2 \"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1380633917449");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353159590284");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1353159595098");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1353159590267");
Line Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353159592036");
Line Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1374044241442");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353338550148");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358356767320");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1360432227835");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360584555291");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363269274197");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1367740550415");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1374044244483");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate", "1378922414321");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380633915453");
Line Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353159593669");
Line Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1380633916843");
Line Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1380633915118");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353159593510");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1380633916644");
Line Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1380633916755");
Line Deleted : user_pref("CT3220468.settingsINI", true);
Line Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3220468.showToolbarPermission", "false");
Line Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3220468.smartbar.isHidden", true);
Line Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Line Deleted : user_pref("CT3220468.toolbarBornServerTime", "17-11-2012");
Line Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "1-10-2013");
Line Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Sat Mar 16 2013 11:28:41 GMT+0100");
Line Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1383247956859,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2612669&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "IMVU Inc Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1005466/1001181/CZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2612669", "\"1323845486\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"0ee90707f77cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2612669", "\"7043fff7ebd57e7e1acd25907e78e9ea\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2612669&octid=CT2612669", "\"1325062544\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dbff24cb6381b84c110a44581d65040e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20566976.xml", "\"7a22aa9b583224da90a272c5b70f61f5\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\MaRkI\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qa2lw4gf.default\\conduitCommon\\modules\\3.8.1.0");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=em&tb_ver=1.3.3&q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2612669");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2612669");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2612669");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "651a8d83-1968-41f5-afd3-f183d5e32856");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2612669");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jan 04 2012 10:44:40 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Jan 04 2012 10:44:46 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jan 04 2012 10:44:39 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "35e90414-acf7-496a-ab6b-596594e31727");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://start.icq.com/");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "ICQ Search");
Line Deleted : user_pref("CommunityToolbar.twitter.user_20566976.LastCheckTime", "Wed Jan 04 2012 10:44:41 GMT+0100");
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119816&tt=1 ... 2F68405224");
Line Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
Line Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/?a=6R95i7DWrr&loc=skw");
Line Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "IMVU Inc Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "MyStart Search");
Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40searchya.com:1.5.0,%7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3,%7Bbfc39e47-d643-4dc2-aa1d-61377501c844%7D:1.0.0.12,%7B7473b6bd-4691-4744-a82b-7854[...]
Line Deleted : user_pref("extensions.searchya.admin", false);
Line Deleted : user_pref("extensions.searchya.aflt", "dcom");
Line Deleted : user_pref("extensions.searchya.cntry", "CZ");
Line Deleted : user_pref("extensions.searchya.dfltLng", "EN");
Line Deleted : user_pref("extensions.searchya.dfltSrch", true);
Line Deleted : user_pref("extensions.searchya.excTlbr", false);
Line Deleted : user_pref("extensions.searchya.hdrMd5", "2D69376B87ACEC38168F54FC5AAE44B1");
Line Deleted : user_pref("extensions.searchya.hmpg", true);
Line Deleted : user_pref("extensions.searchya.id", "5c5dc906000000000000722f68405224");
Line Deleted : user_pref("extensions.searchya.instlDay", "15441");
Line Deleted : user_pref("extensions.searchya.instlRef", "dcom-100");
Line Deleted : user_pref("extensions.searchya.isDcmntCmplt", false);
Line Deleted : user_pref("extensions.searchya.lastVrsnTs", "1.5.13.021:22:52");
Line Deleted : user_pref("extensions.searchya.mntrvrsn", "1.2.0");
Line Deleted : user_pref("extensions.searchya.newTab", true);
Line Deleted : user_pref("extensions.searchya.newTabUrl", "hxxp://searchya.com/?chnl=dcom-100&s=2&cr=740236285&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyEtCtC");
Line Deleted : user_pref("extensions.searchya.noFFXTlbr", false);
Line Deleted : user_pref("extensions.searchya.prdct", "searchya");
Line Deleted : user_pref("extensions.searchya.propectorlck", 73602393);
Line Deleted : user_pref("extensions.searchya.prtkHmpg", 1);
Line Deleted : user_pref("extensions.searchya.prtnrId", "ironsrc");
Line Deleted : user_pref("extensions.searchya.sg", "none");
Line Deleted : user_pref("extensions.searchya.smplGrp", "none");
Line Deleted : user_pref("extensions.searchya.srchPrvdr", "SearchYa!");
Line Deleted : user_pref("extensions.searchya.tlbrId", "base");
Line Deleted : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://searchya.com/?chnl=dcom-100&s=3&cr=740236285&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyEtCtC&q=");
Line Deleted : user_pref("extensions.searchya.vrsn", "1.5.13.0");
Line Deleted : user_pref("extensions.searchya.vrsnTs", "1.5.13.021:22:52");
Line Deleted : user_pref("extensions.searchya.vrsni", "1.5.13.0");
Line Deleted : user_pref("extensions.searchya_i.aflt", "dcom");
Line Deleted : user_pref("extensions.searchya_i.dfltLng", "");
Line Deleted : user_pref("extensions.searchya_i.dfltSrch", true);
Line Deleted : user_pref("extensions.searchya_i.dnsErr", true);
Line Deleted : user_pref("extensions.searchya_i.excTlbr", false);
Line Deleted : user_pref("extensions.searchya_i.hmpg", true);
Line Deleted : user_pref("extensions.searchya_i.hmpgUrl", "hxxp://searchya.com/?chnl=dcom-100&s=0&cr=740236285&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyEtCtC");
Line Deleted : user_pref("extensions.searchya_i.id", "5c5dc906000000000000722f68405224");
Line Deleted : user_pref("extensions.searchya_i.instlDay", "15441");
Line Deleted : user_pref("extensions.searchya_i.instlRef", "dcom-100");
Line Deleted : user_pref("extensions.searchya_i.newTab", true);
Line Deleted : user_pref("extensions.searchya_i.newTabUrl", "hxxp://searchya.com/?chnl=dcom-100&s=2&cr=740236285&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyEtCtC");
Line Deleted : user_pref("extensions.searchya_i.prdct", "searchya");
Line Deleted : user_pref("extensions.searchya_i.prtnrId", "ironsrc");
Line Deleted : user_pref("extensions.searchya_i.smplGrp", "none");
Line Deleted : user_pref("extensions.searchya_i.srchPrvdr", "SearchYa!");
Line Deleted : user_pref("extensions.searchya_i.tlbrId", "base");
Line Deleted : user_pref("extensions.searchya_i.tlbrSrchUrl", "hxxp://searchya.com/?chnl=dcom-100&s=3&cr=740236285&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyEtCtC&q=");
Line Deleted : user_pref("extensions.searchya_i.vrsn", "1.5.13.0");
Line Deleted : user_pref("extensions.searchya_i.vrsnTs", "1.5.13.021:22:52");
Line Deleted : user_pref("extensions.searchya_i.vrsni", "1.5.13.0");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.defSearchChange", true);
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.facebookSmilesAddonShowedPopup", true);
Line Deleted : user_pref("icqtoolbar.firstTbRun", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1382708902);
Line Deleted : user_pref("icqtoolbar.history", "esemes||iskola||dashboard||skateboardy||longboard||google||asterix%20hav%C3%AD%C5%99ov||auto||converse%20all%20star%20leopard||determined%20meme||meme%20face||article%[...]
Line Deleted : user_pref("icqtoolbar.hpChange", true);
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1351353378");
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "24.0");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "193416585517771302911316444471882");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1383248043);
Line Deleted : user_pref("icqtoolbar.userEngineApproved", true);
Line Deleted : user_pref("icqtoolbar.userHpApproved", true);
Line Deleted : user_pref("icqtoolbar.version", "1.5.3");
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/?a=6R95i7DWrr&loc=skw&search=");
Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3220468");
Line Deleted : user_pref("smartbar.machineId", "RZDKMT6TIUZGRNPOWMGYT7GE7R0NAF/LAQTAFDIEOMOBBGNIIHTGQRGVXXDU50+9I2PGRVEL6R9GMHRSRSF79G");

[ File : C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\kv2lq0j0.default\prefs.js ]

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Delta Search");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "somoto");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100789");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "5c5dc906000000000000722f68405224");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15372");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1716:14:48");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "23.0");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 119190307);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb5");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1716:14:48");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "somoto");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100789");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "5c5dc906000000000000722f68405224");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "5c5dc906000000000000722f68405224");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15372");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100789&babsrc=NT_ss&mntrId=5c5dc906000000000000722f68405224");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb5");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:14:48");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40babylon.com:1.1.9,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&tt=1 ... 2F68405224");
Line Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?AF=100789&babsrc=adbartrp&mntrId=5c5dc906000000000000722f68405224&q=");

-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Dagmar\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\MaRkI\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [57760 octets] - [18/11/2013 19:11:52]
AdwCleaner[S0].txt - [58382 octets] - [18/11/2013 19:14:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [58443 octets] ##########

Re: Rootkit- aplikace Idle

Napsal: 19 lis 2013 08:18
od vyosek
:arrow: Uz to vypada docela OK, ale jeste doladime

:arrow: Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=24&t=130784

Re: Rootkit- aplikace Idle

Napsal: 20 lis 2013 14:41
od Marr-keta
Ok:) tady je log.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dagmar at 2013-11-20 14:31:21
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 13 GB (6%) free of 205 GB
Total RAM: 3692 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:31:35, on 20.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxWow64.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Dagmar.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Users\MaRkI\AppData\Roaming\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Users\MaRkI\AppData\Roaming\ICQ7.6\ICQ.exe
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\MaRkI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Users\Dagmar\AppData\Roaming\ICQ\Application\ICQ7.6\ICQ.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Users\Dagmar\AppData\Roaming\ICQ\Application\ICQ7.6\ICQ.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FortKnox Personal Firewall (fortknox) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13456 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
taskeng.exe {B22DFC65-48EA-485D-BAA6-0952453EBB44}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PSIService.exe
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2128
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-2ba73531-483b-424a-923b-2eafd24fc2b3 -SystemEventPortName:HostProcess-a8ca4781-a980-45c6-a732-8ec07d240428 -IoCancelEventPortName:HostProcess-d9f34109-f733-4ce2-b85f-afe6d3f15775 -NonStateChangingEventPortName:HostProcess-b65d0daa-1d42-4a64-a95a-33409106ad3d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0b496908-ad6b-4be5-9328-765b10510e93 -DeviceGroupId:WpdFsGroup
"taskhost.exe"
"C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe" /TUStart /pid:2076
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
taskeng.exe {A144AEB2-572E-4618-B37E-21D944FE8F6C}
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3
"C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe"
"C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\asus\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControlUser.exe"
ATKOSD.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxWow64.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
WDC.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Dagmar\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\bvted9fw.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35]
"Description"=
"Path"=C:\Windows\SysWOW64\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
flashplayer.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-11-14 1567016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-09 4171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-16 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-06 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-14 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01 1144072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-16 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-11-14 1567016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-14 606544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-01-06 615584]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-01-06 379040]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-07-19 12632168]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-07-13 2264168]
"FortKnoxPersonalFirewall"=C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe [2013-08-27 2130752]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 5732992]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"SonicMasterTray"=C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [2010-07-09 984400]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-28 336384]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-11-14 3568312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-09 4171464]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 month======

2013-11-20 14:31:22 ----D---- C:\Program Files\trend micro
2013-11-20 14:31:21 ----D---- C:\rsit
2013-11-18 19:11:49 ----D---- C:\AdwCleaner
2013-11-18 18:43:19 ----D---- C:\Windows\ERUNT
2013-11-16 14:45:41 ----D---- C:\FRST
2013-11-15 18:12:39 ----D---- C:\ProgramData\Malwarebytes
2013-11-15 18:12:20 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-15 18:12:17 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2013-11-15 17:47:57 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2013-11-15 17:17:06 ----D---- C:\Users\Dagmar\AppData\Roaming\AVAST Software
2013-11-14 16:47:51 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-11-14 16:47:50 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-11-14 16:47:48 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-11-14 16:47:46 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-11-14 16:47:42 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-11-14 16:47:39 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-11-14 16:47:38 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-11-14 16:47:36 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-11-14 16:47:16 ----A---- C:\Windows\avastSS.scr
2013-11-14 16:15:55 ----D---- C:\Program Files\CCleaner
2013-11-14 14:32:16 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2013-11-14 14:32:16 ----A---- C:\Windows\system32\authuitu.dll
2013-11-14 14:31:58 ----A---- C:\Windows\SYSWOW64\uxtuneup.dll
2013-11-14 14:31:58 ----A---- C:\Windows\system32\uxtuneup.dll
2013-11-14 13:33:34 ----A---- C:\Windows\system32\TURegOpt.exe
2013-11-14 13:30:48 ----D---- C:\Program Files (x86)\TuneUp Utilities 2014
2013-11-14 13:25:44 ----D---- C:\ProgramData\TuneUp Software
2013-11-14 13:23:25 ----SHD---- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-13 16:18:00 ----A---- C:\Windows\ntbtlog.txt
2013-11-13 13:15:04 ----A---- C:\Windows\SYSWOW64\schannel.dll
2013-11-13 13:15:04 ----A---- C:\Windows\system32\schannel.dll
2013-11-13 13:15:04 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-11-13 13:15:04 ----A---- C:\Windows\system32\drivers\cng.sys
2013-11-13 13:15:03 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2013-11-13 13:15:03 ----A---- C:\Windows\system32\sspicli.dll
2013-11-13 13:15:03 ----A---- C:\Windows\system32\lsasrv.dll
2013-11-13 13:15:03 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2013-11-13 13:15:02 ----A---- C:\Windows\SYSWOW64\secur32.dll
2013-11-13 13:15:02 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-11-13 13:15:02 ----A---- C:\Windows\system32\sspisrv.dll
2013-11-13 13:15:02 ----A---- C:\Windows\system32\secur32.dll
2013-11-13 13:15:02 ----A---- C:\Windows\system32\ncrypt.dll
2013-11-13 13:15:02 ----A---- C:\Windows\system32\lsass.exe
2013-11-13 13:14:53 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2013-11-13 13:14:53 ----A---- C:\Windows\system32\gdi32.dll
2013-11-13 13:14:49 ----A---- C:\Windows\system32\IKEEXT.DLL
2013-11-13 13:14:49 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 13:14:48 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2013-11-13 13:14:48 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2013-11-13 13:14:48 ----A---- C:\Windows\system32\nshwfp.dll
2013-11-13 12:59:37 ----A---- C:\Windows\system32\drivers\EagleX64.sys
2013-11-05 13:13:29 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2013-11-05 13:13:29 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2013-11-05 13:13:29 ----A---- C:\Windows\system32\XAudio2_7.dll
2013-11-05 13:13:29 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2013-11-05 13:13:18 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2013-11-05 13:13:18 ----A---- C:\Windows\system32\xactengine3_7.dll
2013-11-05 13:13:05 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2013-11-05 13:13:05 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2013-11-05 13:12:53 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2013-11-05 13:12:53 ----A---- C:\Windows\system32\d3dcsx_43.dll
2013-11-05 13:12:50 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2013-11-05 13:12:50 ----A---- C:\Windows\system32\d3dx11_43.dll
2013-11-05 13:12:46 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2013-11-05 13:12:46 ----A---- C:\Windows\system32\d3dx10_43.dll
2013-11-05 13:12:42 ----A---- C:\Windows\system32\D3DX9_43.dll
2013-11-05 13:12:34 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2013-11-05 13:12:34 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2013-11-05 13:12:34 ----A---- C:\Windows\system32\XAudio2_6.dll
2013-11-05 13:12:34 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2013-11-05 13:12:24 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2013-11-05 13:12:24 ----A---- C:\Windows\system32\xactengine3_6.dll
2013-11-05 13:12:19 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2013-11-05 13:12:19 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2013-11-05 13:12:10 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2013-11-05 13:12:10 ----A---- C:\Windows\system32\XAudio2_5.dll
2013-11-05 13:11:56 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2013-11-05 13:11:56 ----A---- C:\Windows\system32\xactengine3_5.dll
2013-11-05 13:11:44 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2013-11-05 13:11:44 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2013-11-05 13:11:37 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2013-11-05 13:11:37 ----A---- C:\Windows\system32\d3dcsx_42.dll
2013-11-05 13:11:33 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2013-11-05 13:11:33 ----A---- C:\Windows\system32\d3dx11_42.dll
2013-11-05 13:11:28 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2013-11-05 13:11:28 ----A---- C:\Windows\system32\d3dx10_42.dll
2013-11-05 13:11:24 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2013-11-05 13:11:24 ----A---- C:\Windows\system32\D3DX9_42.dll
2013-11-05 13:11:05 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2013-11-05 13:11:05 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2013-11-05 13:11:01 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2013-11-05 13:11:01 ----A---- C:\Windows\system32\xactengine3_4.dll
2013-11-05 13:10:55 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2013-11-05 13:10:55 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2013-11-05 13:10:55 ----A---- C:\Windows\system32\d3dx10_40.dll
2013-11-05 13:10:55 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2013-11-05 13:10:50 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2013-11-05 13:10:50 ----A---- C:\Windows\system32\D3DX9_40.dll
2013-11-05 13:10:46 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2013-11-05 13:10:46 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2013-11-05 13:10:46 ----A---- C:\Windows\system32\XAudio2_3.dll
2013-11-05 13:10:46 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2013-11-05 13:10:41 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2013-11-05 13:10:41 ----A---- C:\Windows\system32\xactengine3_3.dll
2013-11-05 13:10:40 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2013-11-05 13:10:40 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2013-11-05 13:10:36 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2013-11-05 13:10:36 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2013-11-05 13:10:36 ----A---- C:\Windows\system32\XAudio2_2.dll
2013-11-05 13:10:36 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2013-11-05 13:10:31 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2013-11-05 13:10:31 ----A---- C:\Windows\system32\xactengine3_2.dll
2013-11-05 13:10:27 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2013-11-05 13:10:27 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2013-11-05 13:10:27 ----A---- C:\Windows\system32\d3dx10_39.dll
2013-11-05 13:10:27 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2013-11-05 13:10:24 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2013-11-05 13:10:24 ----A---- C:\Windows\system32\D3DX9_39.dll
2013-11-05 13:10:19 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2013-11-05 13:10:19 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2013-11-05 13:10:19 ----A---- C:\Windows\system32\XAudio2_1.dll
2013-11-05 13:10:19 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2013-11-05 13:10:15 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2013-11-05 13:10:15 ----A---- C:\Windows\system32\xactengine3_1.dll
2013-11-05 13:10:14 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2013-11-05 13:10:14 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2013-11-05 13:10:11 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2013-11-05 13:10:11 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2013-11-05 13:10:10 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2013-11-05 13:10:10 ----A---- C:\Windows\system32\d3dx10_38.dll
2013-11-05 13:10:07 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2013-11-05 13:10:07 ----A---- C:\Windows\system32\D3DX9_38.dll
2013-11-05 13:10:02 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2013-11-05 13:10:02 ----A---- C:\Windows\system32\XAudio2_0.dll
2013-11-05 13:09:58 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2013-11-05 13:09:58 ----A---- C:\Windows\system32\xactengine3_0.dll
2013-11-05 13:09:56 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2013-11-05 13:09:56 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2013-11-05 13:09:52 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2013-11-05 13:09:52 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2013-11-05 13:09:52 ----A---- C:\Windows\system32\d3dx10_37.dll
2013-11-05 13:09:52 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2013-11-05 13:09:40 ----A---- C:\Windows\system32\D3DX9_37.dll
2013-11-05 13:09:35 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2013-11-05 13:09:35 ----A---- C:\Windows\system32\xactengine2_10.dll
2013-11-05 13:09:28 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2013-11-05 13:09:28 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2013-11-05 13:09:28 ----A---- C:\Windows\system32\d3dx10_36.dll
2013-11-05 13:09:28 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2013-11-05 13:09:25 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2013-11-05 13:09:25 ----A---- C:\Windows\system32\d3dx9_36.dll
2013-11-05 13:09:18 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2013-11-05 13:09:18 ----A---- C:\Windows\system32\xactengine2_9.dll
2013-11-05 13:09:14 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2013-11-05 13:09:14 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2013-11-05 13:09:14 ----A---- C:\Windows\system32\d3dx10_35.dll
2013-11-05 13:09:14 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2013-11-05 13:09:10 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2013-11-05 13:09:10 ----A---- C:\Windows\system32\d3dx9_35.dll
2013-11-05 13:09:05 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2013-11-05 13:09:05 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2013-11-05 13:09:05 ----A---- C:\Windows\system32\xactengine2_8.dll
2013-11-05 13:09:05 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2013-11-05 13:09:03 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2013-11-05 13:09:03 ----A---- C:\Windows\system32\d3dx10_34.dll
2013-11-05 13:09:02 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2013-11-05 13:09:02 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2013-11-05 13:08:59 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2013-11-05 13:08:59 ----A---- C:\Windows\system32\d3dx9_34.dll
2013-11-05 13:08:51 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2013-11-05 13:08:51 ----A---- C:\Windows\system32\xactengine2_7.dll
2013-11-05 13:08:46 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2013-11-05 13:08:46 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2013-11-05 13:08:46 ----A---- C:\Windows\system32\d3dx10_33.dll
2013-11-05 13:08:46 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2013-11-05 13:08:41 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2013-11-05 13:08:41 ----A---- C:\Windows\system32\d3dx9_33.dll
2013-11-05 13:08:36 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2013-11-05 13:08:36 ----A---- C:\Windows\system32\xactengine2_6.dll
2013-11-05 13:08:33 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2013-11-05 13:08:33 ----A---- C:\Windows\system32\xactengine2_5.dll
2013-11-05 13:08:30 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2013-11-05 13:08:30 ----A---- C:\Windows\system32\d3dx10.dll
2013-11-05 13:08:18 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2013-11-05 13:08:18 ----A---- C:\Windows\system32\d3dx9_32.dll
2013-11-05 13:08:13 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2013-11-05 13:08:13 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2013-11-05 13:08:13 ----A---- C:\Windows\system32\xactengine2_4.dll
2013-11-05 13:08:13 ----A---- C:\Windows\system32\x3daudio1_1.dll
2013-11-05 13:08:05 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2013-11-05 13:08:05 ----A---- C:\Windows\system32\xactengine2_3.dll
2013-11-05 13:08:03 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2013-11-05 13:08:03 ----A---- C:\Windows\system32\xinput1_2.dll
2013-11-05 13:07:57 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2013-11-05 13:07:57 ----A---- C:\Windows\system32\xactengine2_2.dll
2013-11-05 13:07:56 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2013-11-05 13:07:56 ----A---- C:\Windows\system32\xinput1_1.dll
2013-11-05 13:07:52 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2013-11-05 13:07:52 ----A---- C:\Windows\system32\xactengine2_1.dll
2013-11-05 13:07:14 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2013-11-05 13:07:14 ----A---- C:\Windows\system32\d3dx9_30.dll
2013-11-05 13:07:10 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2013-11-05 13:07:10 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2013-11-05 13:07:10 ----A---- C:\Windows\system32\xactengine2_0.dll
2013-11-05 13:07:10 ----A---- C:\Windows\system32\x3daudio1_0.dll
2013-11-05 13:06:53 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2013-11-05 13:06:53 ----A---- C:\Windows\system32\d3dx9_29.dll
2013-11-05 13:06:34 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2013-11-05 13:06:34 ----A---- C:\Windows\system32\d3dx9_28.dll
2013-11-05 13:06:19 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2013-11-05 13:06:19 ----A---- C:\Windows\system32\d3dx9_27.dll
2013-11-05 13:05:40 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2013-11-05 13:05:40 ----A---- C:\Windows\system32\d3dx9_26.dll
2013-11-05 13:05:38 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2013-11-05 13:05:38 ----A---- C:\Windows\system32\d3dx9_25.dll
2013-11-05 13:05:28 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2013-11-05 13:05:28 ----A---- C:\Windows\system32\d3dx9_24.dll
2013-11-04 16:57:05 ----D---- C:\ProgramData\CorelDRAW Graphics Suite X6.1
2013-10-25 18:23:22 ----D---- C:\ProgramData\Protexis
2013-10-25 18:11:12 ----D---- C:\Program Files (x86)\Microsoft SDKs
2013-10-25 18:11:04 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-10-25 17:54:28 ----D---- C:\ProgramData\CorelDRAW Graphics Suite X6

======List of files/folders modified in the last 1 month======

2013-11-20 14:31:31 ----D---- C:\Windows\Temp
2013-11-20 14:31:22 ----RD---- C:\Program Files
2013-11-20 14:30:17 ----D---- C:\Windows\system32\config
2013-11-19 21:58:30 ----D---- C:\Windows\Logs
2013-11-19 21:57:06 ----D---- C:\Windows
2013-11-19 21:56:28 ----SHD---- C:\System Volume Information
2013-11-18 19:15:46 ----D---- C:\Windows\system32\Tasks
2013-11-18 19:15:45 ----D---- C:\Windows\System32
2013-11-18 19:14:56 ----RD---- C:\Program Files (x86)
2013-11-18 19:14:56 ----D---- C:\ProgramData\ICQ
2013-11-18 19:04:04 ----SHD---- C:\Windows\Installer
2013-11-18 19:04:04 ----HD---- C:\ProgramData
2013-11-18 18:51:27 ----D---- C:\Windows\SysWOW64
2013-11-18 15:58:03 ----D---- C:\Windows\Prefetch
2013-11-18 15:54:43 ----HD---- C:\Config.Msi
2013-11-18 15:54:42 ----D---- C:\ProgramData\MFAData
2013-11-18 15:54:42 ----D---- C:\ProgramData\AVG2014
2013-11-18 15:51:51 ----D---- C:\Windows\Tasks
2013-11-18 15:51:51 ----D---- C:\Windows\system32\drivers\etc
2013-11-18 15:43:40 ----D---- C:\Program Files (x86)\Common Files
2013-11-18 15:43:37 ----D---- C:\Windows\system32\drivers
2013-11-18 15:40:59 ----HD---- C:\$AVG
2013-11-17 11:28:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-17 11:28:16 ----D---- C:\Windows\inf
2013-11-16 23:05:12 ----AD---- C:\ProgramData\TEMP
2013-11-16 19:42:21 ----D---- C:\Users\Dagmar\AppData\Roaming\Skype
2013-11-16 16:24:57 ----D---- C:\Windows\rescache
2013-11-16 14:01:40 ----D---- C:\Windows\winsxs
2013-11-16 12:18:53 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-11-16 12:18:53 ----D---- C:\Windows\system32\cs-CZ
2013-11-16 12:18:53 ----D---- C:\Program Files (x86)\Internet Explorer
2013-11-16 12:18:52 ----D---- C:\Program Files\Internet Explorer
2013-11-15 21:04:01 ----D---- C:\Windows\system32\catroot
2013-11-15 21:04:00 ----D---- C:\Windows\system32\catroot2
2013-11-15 17:43:43 ----D---- C:\ProgramData\Microsoft Help
2013-11-15 17:23:33 ----D---- C:\Users\Dagmar\AppData\Roaming\TuneUp Software
2013-11-14 16:47:17 ----A---- C:\Windows\system32\aswBoot.exe
2013-11-14 16:43:33 ----D---- C:\ProgramData\AVAST Software
2013-11-14 12:10:26 ----D---- C:\Windows\system32\MRT
2013-11-14 11:55:38 ----A---- C:\Windows\system32\MRT.exe
2013-11-14 11:49:45 ----D---- C:\Program Files (x86)\EA GAMES
2013-11-13 18:47:13 ----D---- C:\Windows\system32\wbem
2013-11-13 18:44:28 ----D---- C:\ProgramData\McAfee Security Scan
2013-11-13 18:44:28 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2013-11-13 18:44:20 ----D---- C:\Windows\system32\DriverStore
2013-11-13 18:44:18 ----D---- C:\Windows\SYSWOW64\wbem
2013-11-13 18:44:08 ----D---- C:\Windows\registration
2013-11-12 14:21:32 ----D---- C:\Windows\system32\FxsTmp
2013-11-10 15:43:25 ----D---- C:\ProgramData\Skype
2013-11-10 15:42:32 ----RD---- C:\Program Files (x86)\Skype
2013-11-05 13:07:51 ----RSD---- C:\Windows\assembly
2013-11-04 16:24:14 ----D---- C:\ProgramData\Corel
2013-10-31 14:42:26 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-10-28 11:40:56 ----D---- C:\Program Files (x86)\Metin2
2013-10-27 20:35:36 ----D---- C:\Windows\Microsoft.NET
2013-10-27 15:51:49 ----A---- C:\Windows\win.ini
2013-10-25 18:16:04 ----SD---- C:\ProgramData\Microsoft
2013-10-25 18:00:16 ----RSD---- C:\Windows\Fonts
2013-10-25 17:56:59 ----D---- C:\Program Files (x86)\Corel
2013-10-23 15:20:44 ----D---- C:\Windows\system32\NDF
2013-10-23 14:39:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-10-23 14:39:54 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-10-23 14:39:52 ----D---- C:\Program Files\Microsoft Silverlight
2013-10-23 14:39:51 ----D---- C:\ProgramData\Norton
2013-10-23 14:39:39 ----D---- C:\Windows\AppPatch
2013-10-23 14:39:39 ----D---- C:\Windows\AppCompat
2013-10-23 14:39:28 ----D---- C:\Windows\system32\CodeIntegrity
2013-10-23 13:51:34 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-11-14 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-11-14 205320]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-11-14 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-11-14 1032416]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-11-14 409832]
R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-11-14 65264]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-16 283200]
R1 fortknox_drv;fortknox_drv; C:\Windows\system32\drivers\fortknoxfw.sys [2009-11-15 69200]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-11-14 38984]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-11-14 84328]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-28 9980416]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-28 309248]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-01-06 36000]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-01-06 298144]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-01-06 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-01-06 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-01-06 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-01-06 154272]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-01-06 279200]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 Fkndisf;FortKnox Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\fortknoxfw_ndisim.sys [2009-09-17 28240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-07-19 3021672]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-03-04 436840]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [2013-08-21 14112]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AODDriver4.0;AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [2013-11-13 140600]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-13 48488]
S3 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [2013-11-15 91352]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2013-11-16 116440]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-28 204288]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-06 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-01-06 53920]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-14 50344]
R2 fortknox;FortKnox Personal Firewall; C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe [2013-03-11 676592]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [2007-06-05 177704]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-09-16 3273088]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2013-10-30 2099512]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-23 136176]
S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-31 257416]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-13 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-23 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-03-09 30798512]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-01 118680]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-22 1255736]
S4 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
S4 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-03-28 249648]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Re: Rootkit- aplikace Idle

Napsal: 23 lis 2013 04:20
od vyosek
Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|

Re: Rootkit- aplikace Idle

Napsal: 26 lis 2013 12:23
od Marr-keta
Moc děkuji :)
Chci se ještě zeptat, jestli je normální, když jsem dneska chtěla zase použít CCleaner a někdy kolem poloviny se mi obrazovka zmodrala a byl tam anglický text, že nastal problém apod. Je to normální? :O
Tohle mi dělalo, když jsem byla nakažena tím rootkitem a nikdy předtím.

Re: Rootkit- aplikace Idle

Napsal: 27 lis 2013 20:32
od vyosek
Pokud to spadlo jen jednou, tak bych to nejak nehrotil a zustal klidny...

Pokud se to bude opakovat, tak napiste :)

Re: Rootkit- aplikace Idle

Napsal: 03 pro 2013 13:42
od Marr-keta
Momentálně to spadlo 7x a teď mám nouzový režim. Stává se to dost často....

Re: Rootkit- aplikace Idle

Napsal: 03 pro 2013 17:48
od vyosek
:arrow: Zabalte mi obsah slozky c:\windows\minidump a nekam uploadnete

:arrow: Pouzijte WhoCrash dle kolegy
Roli píše:použij WhoCrashed

po spuštění klikni na Analyze,

aplikace po chvilce vytvoří zprávu o příčině pádu, kterou mi sem nakopíruj.
:arrow: Udelejte CDI dle kolegy
MiliNess píše:Stáhni CrystalDiskInfo, v nabídce Úpravy zvol Kopírovat a obsah schránky sem vlož pomocí Ctrl+V.

Re: Rootkit- aplikace Idle

Napsal: 08 pro 2013 11:42
od Marr-keta
U toho WhoCrashed mi to vždycky napíše: Please scroll down the information window to read the report... O.o
Vím, co to znamená, ale moc nevím, co dělat, jelikož se mi žádná zpráva nevytvořila...

Re: Rootkit- aplikace Idle

Napsal: 08 pro 2013 16:49
od vyosek
Udelejte tedy CDI
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz