Pomalé PC+pady programů

Zpráva

pepinojablo · #1 Příspěvek od **pepinojablo** » 23 lis 2012 11:20

Dobrý den přeji poprosil bych o kontrolu. Problém: co chvíli mi u jakého koliv programu napíše (neodpovídá) a pak to trvá i třeba 20s než zas najede. Zde přikládám výpis. Děkuji za ochotu

Logfile of random's system information tool 1.09 (written by random/random)
Run by pepa at 2012-11-23 10:26:06
Microsoft Windows 7 Ultimate N
System drive C: has 3 GB (4%) free of 82 GB
Total RAM: 768 MB (3% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:27:44, on 23.11.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\pepa\Desktop\HellShare.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Program Files\trend micro\pepa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={41B507A ... 0ABB299148}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={41B507A ... 0ABB299148}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\5.8\dealioToolbarIE.dll
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\5.8\dealioToolbarIE.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\pepa\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: SearchCore for Browsers - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\5.8\dealioToolbarIE.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1003\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1003\..\Run: [HellShare klient] C:\Users\UpdatusUser\Desktop\HellShare.exe /minimize (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1902284B-32DE-48D2-B015-C6172693EA55}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{1902284B-32DE-48D2-B015-C6172693EA55}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{1902284B-32DE-48D2-B015-C6172693EA55}: NameServer = 10.0.0.138
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\search~1\search~1\datamngr.dll c:\progra~2\search~1\search~1\iebho.dll c:\progra~2\wia6eb~1\datamngr\datamngr.dll c:\progra~2\wia6eb~1\datamngr\iebho.dll system32\aakah.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\AstSrv.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VeNCrypt - OCCAM Financial Technology - C:\Program Files (x86)\VeNCrypt-0.2.6\vencserver.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: WebOptimizer - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 14769 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
C:\Windows\SysWOW64\AstSrv.exe
"C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe"
taskeng.exe {61086EE7-9476-4C26-849B-EF6D28AA2E25}
"C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe" /STARTUP
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NetLimiter 3\nlsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files (x86)\VeNCrypt-0.2.6\vencserver.exe" -service
"C:\Program Files\Web Assistant\ExtensionUpdaterService.exe"
C:\Windows\system32\dmwu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\NetLimiter 3\NLClientApp.exe" /tray
"C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\pepa\Documents\hijackthis.log
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"taskhost.exe"
"C:\Users\pepa\Desktop\HellShare.exe"
"C:\Windows\system32\taskmgr.exe"
"C:\Program Files (x86)\Opera\Opera.exe" "http://get.adobe.com/flashplayer/comple ... pe=install"
"C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe" -newprocess "3420 2 0 1 3" -logfolder "C:\Users\pepa\AppData\Local\Opera\Opera\logs"
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe"
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\compmgmt.msc" /s
C:\Windows\System32\vds.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe31_ Global\UsGthrCtrlFltPipeMssGthrPipe31 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
C:\Windows\system32\AUDIODG.EXE 0x7f0
"C:\Users\pepa\Desktop\stahovani\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\OptimizerProUpdaterLogonTask.job
C:\Windows\tasks\OptimizerProUpdaterRefreshTask.job
C:\Windows\tasks\ReclaimerUpdateFiles_pepa.job
C:\Windows\tasks\ReclaimerUpdateXML_pepa.job
C:\Windows\tasks\RNUpgradeHelperLogonPrompt_pepa.job
C:\Windows\tasks\SmartDefrag.job

=========Mozilla firefox=========

ProfilePath - C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://home.sweetim.com/?barid={41B507A ... 0ABB299148}"
prefs.js - "extensions.enabledItems" - "{1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, engine@conduit.com:3.3.3.2, fdm_ffext@freedownloadmanager.org:1.3.4, firefox@bandoo.com:5.1, radiobar@toolbar:1.0.0, wtxpcom@mybrowserbar.com:5.8, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.03, {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2, {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}:3.3.3.2, {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.4.0.01, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, videosurf_enhanced@videosurf.com:0.79, quickstores@quickstores.de:1.1.0, dealio@mybrowserbar.com:5.8, AppGraffiti@AppGraffiti.com:1.0.0.22, ffxtlbr@babylon.com:1.2.0, gemgecko@gemius.com:2.1, 4fd4af7688cbf@4fd4af7688cf9.info:1.0, ffxtlbr@incredibar.com:1.5.0, {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.485, adapter@babylontc.com:1.0.0.1, ocr@babylon.com:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=108602 ... 157957b&q="

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=C:\Program Files\Web Assistant\Firefox

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669]
"Description"=12.0.1.669
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.10]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
adapter@babylontc.com
ffxtlbr@babylon.com
ocr@babylon.com
quickstores@quickstores.de
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browser.xpt
browsercomps.dll
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsjsrealplayerplugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
jyxo-cz.xml
mall-cz.xml
SearchResults.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\
4fd4af7688cbf@4fd4af7688cf9.info
AppGraffiti@AppGraffiti.com
engine@conduit.com
ffxtlbr@babylon.com
ffxtlbr@incredibar.com
firefox@bandoo.com
radiobar@toolbar
videosurf_enhanced@videosurf.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}
{28387537-e3f9-4ed7-860c-11e69af4a8a0}
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
{99079a25-328f-4bd4-be04-00955acaa0a7}
{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\
conduit.xml
icqplugin.xml
inbox-hledn.xml
MyStart Search.xml
qip-search.xml
SearchquWebSearch.xml
SearchResults.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
Web Assistant - C:\Program Files\Web Assistant\Extension64.dll [2012-09-03 208728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
UrlHelper Class - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll [2011-03-02 1058712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
SearchCore for Browsers - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\BROWSE~1.DLL [2011-09-15 118152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files (x86)\Dealio Toolbar\IE\5.8\dealioToolbarIE.dll [2012-05-25 1125256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
QuickStores-Toolbar - C:\Windows\system32\mscoree.dll [2009-11-25 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
MediaBar - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll [2011-08-03 89008]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2011-01-28 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-11-08 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-11-23 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
Web Assistant - C:\Program Files\Web Assistant\Extension32.dll [2012-09-03 167256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
Incredibar.com Helper Object - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll [2012-01-21 261632]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
AppGraffiti - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL [2012-02-27 271048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-18 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll [2010-11-13 3913000]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
UrlHelper Class - C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll [2011-03-02 722840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\pepa\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-11-01 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
SearchCore for Browsers - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL [2011-09-15 101256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-18 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2011-01-28 798771]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-11-23 3908192]
{99079a25-328f-4bd4-be04-00955acaa0a7}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll [2010-11-13 3913000]
{28387537-e3f9-4ed7-860c-11e69af4a8a0} - MediaBar - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll [2011-08-03 89008]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - QuickStores-Toolbar - C:\Windows\system32\mscoree.dll [2009-11-25 444752]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files (x86)\Dealio Toolbar\IE\5.8\dealioToolbarIE.dll [2012-05-25 1125256]
{F9639E4A-801B-4843-AEE3-03D9DA199E77} - Incredibar Toolbar - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll [2012-01-21 270336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-12-13 13374568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nektra OEAPI"= []
"OEXPRESS"= []
"NetLimiter"=C:\Program Files\NetLimiter 3\NLClientApp.exe [2011-03-21 2910208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
C:\Program Files (x86)\Hotspot Shield\AnchorFree\ctrl\AFController.exe [2006-06-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2010-03-13 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Pro]
C:\Program Files (x86)\Driver Pro\DPLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
C:\Program Files (x86)\Freecorder\FLVSrvc.exe /run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files (x86)\QIP 2010\qip.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetSoftware]
C:\Program Files\NetSoftware\Starter.exe [2012-05-18 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\pepa\AppData\Roaming\QipGuard\QipGuard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-02 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDP]
C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe [2012-05-31 200784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [2012-05-25 992648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-11-16 5629312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2011-11-08 273528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run VeNCrypt Listening Viewer.lnk]
C:\PROGRA~2\VENCRY~1.6\VENCVI~1.EXE [2006-12-11 730664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^pepa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~2\Xfire\Xfire.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"Cobian Backup 10 Interface"=C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe [2010-09-23 3154432]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWindowsUpdate"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave5"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux4"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-11-22 19:33:43 ----A---- C:\Windows\ntbtlog.txt
2012-11-18 18:31:13 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2012-11-18 18:31:13 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-11-18 18:30:27 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2012-11-18 18:30:27 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-11-18 18:30:27 ----A---- C:\Windows\SYSWOW64\java.exe
2012-11-18 15:49:10 ----D---- C:\Program Files (x86)\Trend Micro
2012-11-17 10:04:40 ----D---- C:\ProgramData\Locktime
2012-11-17 10:04:40 ----D---- C:\Program Files\NetLimiter 3
2012-11-07 17:50:43 ----D---- C:\ProgramData\2B18D

======List of files/folders modified in the last 1 month======

2012-11-23 10:27:18 ----D---- C:\Program Files\trend micro
2012-11-23 10:27:07 ----D---- C:\Windows\Temp
2012-11-23 10:27:02 ----D---- C:\Windows\Prefetch
2012-11-23 10:24:36 ----D---- C:\Users\pepa\AppData\Roaming\Skype
2012-11-23 07:24:30 ----D---- C:\Windows\Tasks
2012-11-23 00:13:59 ----D---- C:\ProgramData\Adobe
2012-11-23 00:13:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-11-22 21:32:19 ----D---- C:\Users\pepa\AppData\Roaming\Media Player Classic
2012-11-22 20:09:29 ----AD---- C:\ProgramData\TEMP
2012-11-22 20:09:24 ----D---- C:\Windows\SysWOW64
2012-11-22 20:09:22 ----RD---- C:\Program Files (x86)
2012-11-22 20:09:20 ----D---- C:\Windows\System32
2012-11-22 20:08:42 ----D---- C:\Program Files (x86)\Driver Pro
2012-11-22 19:33:43 ----AD---- C:\Windows
2012-11-22 19:11:14 ----D---- C:\Windows\system32\Tasks
2012-11-22 19:09:22 ----D---- C:\Program Files (x86)\Common Files
2012-11-22 18:46:59 ----D---- C:\Windows\Minidump
2012-11-22 17:01:31 ----SHD---- C:\Windows\Installer
2012-11-22 14:27:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-22 14:22:01 ----D---- C:\Windows\system32\catroot2
2012-11-22 14:20:11 ----HD---- C:\ProgramData
2012-11-22 00:14:05 ----D---- C:\Windows\system32\drivers
2012-11-20 15:06:44 ----D---- C:\Windows\system32\config
2012-11-18 18:29:48 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-11-18 18:29:21 ----D---- C:\Program Files (x86)\Java
2012-11-18 18:28:38 ----SHD---- C:\System Volume Information
2012-11-18 12:28:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 12:01:41 ----D---- C:\Program Files (x86)\UltraVNC
2012-11-17 16:23:10 ----D---- C:\Users\pepa\AppData\Roaming\FileZilla
2012-11-17 10:07:47 ----RSD---- C:\Windows\assembly
2012-11-17 10:05:56 ----D---- C:\Windows\inf
2012-11-17 10:05:34 ----D---- C:\Windows\system32\catroot
2012-11-17 10:05:33 ----D---- C:\Windows\system32\DriverStore
2012-11-17 10:04:40 ----RD---- C:\Program Files
2012-11-16 08:15:46 ----D---- C:\Program Files\SUPERAntiSpyware
2012-11-15 21:57:40 ----D---- C:\Windows\system32\NDF
2012-11-11 19:05:51 ----D---- C:\Users\pepa\AppData\Roaming\vlc
2012-11-09 16:43:55 ----D---- C:\PerfLogs
2012-11-03 10:54:20 ----D---- C:\Users\pepa\AppData\Roaming\The Bat!
2012-10-31 21:28:00 ----D---- C:\ProgramData\InstallMate
2012-10-28 18:23:59 ----D---- C:\Windows\system32\wfp
2012-10-28 18:23:59 ----D---- C:\Windows\AppCompat
2012-10-28 18:23:58 ----D---- C:\ProgramData\OptimizerPro
2012-10-28 18:23:55 ----D---- C:\Windows\system32\wbem
2012-10-28 18:23:54 ----D---- C:\Windows\registration
2012-10-28 18:23:45 ----D---- C:\ProgramData\Real
2012-10-25 15:47:12 ----D---- C:\Users\pepa\AppData\Roaming\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-08-04 241696]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-09-29 526392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R1 nltdi;nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-07-08 231376]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/17 22:36:17]; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 146928]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 47632]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-13 4718952]
R3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 Ph3xIB64;Philips 713x VU PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
S3 adcyuyoc;adcyuyoc; C:\Windows\system32\drivers\adcyuyoc.sys []
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2009-05-25 25216]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Classic\safedrv.sys []
S3 GPU-Z;GPU-Z; \??\C:\Users\pepa\AppData\Local\Temp\GPU-Z.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-02-11 33344]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-10-29 250984]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys [2009-11-25 38992]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2010-02-25 29696]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-09-22 37888]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 35112]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 144784]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2012-05-29 4608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 astcc;AST Service; C:\Windows\syswow64\AstSrv.exe [2008-05-27 45056]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nlsvc;NetLimiter 3 Service; C:\Program Files\NetLimiter 3\nlsvc.exe [2011-03-21 1845248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-06-29 66872]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
R2 VeNCrypt;VeNCrypt; C:\Program Files (x86)\VeNCrypt-0.2.6\vencserver.exe [2006-12-11 886312]
R2 Web Assistant Updater;Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-09-03 188760]
R2 WebOptimizer;WebOptimizer; C:\Windows\system32\dmwu.exe [2012-09-13 1259888]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]
S2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe []
S2 MySQL;MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files (x86)\MySQL\MySQL Server 5.1\my.ini MySQL []
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-23 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-24 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
S4 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-16 140672]
S4 Application Updater;Application Updater; C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-05-25 785344]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 23 lis 2012 18:21

Zdravím!
Antivir veškerý žádný, hlavně že máte v PC zbytečností více, než dost a disk téměř plný.

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte na Search
Proběhne skenováni a pak se objeví log, který sem vložte.

pepinojablo · #3 Příspěvek od **pepinojablo** » 23 lis 2012 18:45

Dobrý večer děkuji za Váš čas. Antivir sem měl Aviru, ale tu sem dnes odinstaloval. Zde máte log:
# AdwCleaner v2.008 - Logfile created 11/23/2012 at 18:43:53
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Ultimate N (64 bits)
# User : pepa - PEPA-PC
# Boot Mode : Normal
# Running from : C:\Users\pepa\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : ICQ Service
Found : Web Assistant Updater

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
File Found : C:\user.js
File Found : C:\Users\pepa\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
File Found : C:\Users\pepa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Found : C:\Users\pepa\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\Conduit.xml
File Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\icqplugin.xml
File Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\MyStart Search.xml
File Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\qip-search.xml
File Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\SearchquWebSearch.xml
File Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\SearchResults.xml
File Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\SweetIm.xml
File Found : C:\Users\pepa\Desktop\Check for Updates.lnk
File Found : C:\Users\pepa\Desktop\sweetpcfix.url
Folder Found : C:\Program Files (x86)\AppGraffiti
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\Crawler
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\FilesFrog Update Checker
Folder Found : C:\Program Files (x86)\ICQ6Toolbar
Folder Found : C:\Program Files (x86)\incredibar.com
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\adapter@babylontc.com
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\ocr@babylon.com
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Found : C:\Program Files (x86)\Windows Searchqu Toolbar
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Web Assistant
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\ICQ\ICQToolbar
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\pepa\AppData\Local\Conduit
Folder Found : C:\Users\pepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Users\pepa\AppData\Local\TempDir
Folder Found : C:\Users\pepa\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\pepa\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\pepa\AppData\Roaming\Babylon
Folder Found : C:\Users\pepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\Conduit
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\ConduitEngine
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\CT1700389
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\CT2475029
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\AppGraffiti@AppGraffiti.com
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\engine@conduit.com
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\ffxtlbr@incredibar.com
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\firefox@bandoo.com
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\Searchqutoolbar
Folder Found : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\SweetIMToolbarData
Folder Found : C:\Users\pepa\AppData\Roaming\OpenCandy
Folder Found : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Folder Found : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\wia6eb~1\datamngr\datamngr.dll
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\wia6eb~1\datamngr\iebho.dll
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\Dealio
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\CToolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Somoto
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\Software\AppGraffiti
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Found : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\CToolbar
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Dexpot\OpenCandy
Key Found : HKLM\Software\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\Software\SearchquMediabarTb
Key Found : HKLM\Software\Web Assistant
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67022F1B-513C-473B-9905-B3F7BFA847BA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Web Assistant
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[HKCU\Software\Microsoft\Internet Explorer\Main - Prev Search Page] = hxxp://search.qip.ru
[HKCU\Software\Microsoft\Internet Explorer\Main - Prev Search Bar] = hxxp://search.qip.ru/ie
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?barid={41B507A9-9065-40AF-AA8D-130ABB299148}

-\\ Mozilla Firefox v3.6.26 (cs)

Profile name : default
File : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\prefs.js

Found : user_pref("CT1700389..clientLogIsEnabled", true);
Found : user_pref("CT1700389..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1700389..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1700389.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1700389.CTID", "ct1700389");
Found : user_pref("CT1700389.CommunitiesChangesLastCheckTime", "Wed Nov 02 2011 10:38:20 GMT+0100");
Found : user_pref("CT1700389.CommunityChanged", true);
Found : user_pref("CT1700389.CurrentServerDate", "3-1-2012");
Found : user_pref("CT1700389.DialogsAlignMode", "LTR");
Found : user_pref("CT1700389.DialogsGetterLastCheckTime", "Tue Jan 03 2012 06:38:12 GMT+0100");
Found : user_pref("CT1700389.DownloadDomainsCheckInterval", "168");
Found : user_pref("CT1700389.DownloadDomainsListLastCheckTime", "Fri Oct 28 2011 17:45:26 GMT+0200");
Found : user_pref("CT1700389.DownloadDomainsListLastServerUpdateTime", "1201069983");
Found : user_pref("CT1700389.DownloadReferralCookieData", "");
Found : user_pref("CT1700389.EMailNotifierPollDate", "Wed Nov 02 2011 10:37:08 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763355875137803", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763356097638018", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763356222169378", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763356772169656", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763356922168881", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763357141387910", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763358174356670", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763358378888162", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763358813731428", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763359039981926", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763359203575264", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763359372794293", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763359763731872", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763360041543951", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate128763360326700728", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate129091015757496686", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedPollDate129235662726843848", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.FeedTTL128763356097638018", 5);
Found : user_pref("CT1700389.FeedTTL128763356222169378", 10);
Found : user_pref("CT1700389.FeedTTL128763356772169656", 10);
Found : user_pref("CT1700389.FeedTTL128763357141387910", 5);
Found : user_pref("CT1700389.FeedTTL128763359763731872", 5);
Found : user_pref("CT1700389.FeedTTL128763360326700728", 60);
Found : user_pref("CT1700389.FirstServerDate", "15-6-2011");
Found : user_pref("CT1700389.FirstTime", true);
Found : user_pref("CT1700389.FirstTimeFF3", true);
Found : user_pref("CT1700389.FixPageNotFoundErrors", true);
Found : user_pref("CT1700389.GroupingLastCheckTime", "Wed Jun 15 2011 08:54:41 GMT+0200");
Found : user_pref("CT1700389.GroupingLastErrorCode", "");
Found : user_pref("CT1700389.GroupingLastResponse", true);
Found : user_pref("CT1700389.GroupingLastServerUpdateTime", "129477188540000000");
Found : user_pref("CT1700389.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1700389.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1700389.HasUserGlobalKeys", true);
Found : user_pref("CT1700389.Initialize", true);
Found : user_pref("CT1700389.InitializeCommonPrefs", true);
Found : user_pref("CT1700389.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1700389.InstallationId", "StubInstaller");
Found : user_pref("CT1700389.InstallationType", "ConduitIntegration");
Found : user_pref("CT1700389.InstalledDate", "Wed Jun 15 2011 08:54:42 GMT+0200");
Found : user_pref("CT1700389.IsGrouping", false);
Found : user_pref("CT1700389.IsMulticommunity", true);
Found : user_pref("CT1700389.IsOpenThankYouPage", false);
Found : user_pref("CT1700389.IsOpenUninstallPage", false);
Found : user_pref("CT1700389.LanguagePackLastCheckTime", "Wed Jun 15 2011 08:54:45 GMT+0200");
Found : user_pref("CT1700389.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1700389.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1700389.LastLogin_3.3.3.2", "Tue Jan 03 2012 10:38:10 GMT+0100");
Found : user_pref("CT1700389.LatestVersion", "3.8.1.0");
Found : user_pref("CT1700389.Locale", "en-us");
Found : user_pref("CT1700389.MCDetectTooltipHeight", "83");
Found : user_pref("CT1700389.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1700389.MCDetectTooltipWidth", "295");
Found : user_pref("CT1700389.RadioIsPodcast", false);
Found : user_pref("CT1700389.RadioMediaID", "9816740");
Found : user_pref("CT1700389.RadioMediaType", "Media Player");
Found : user_pref("CT1700389.RadioMenuSelectedID", "EBRadioMenu_CT17003899816740");
Found : user_pref("CT1700389.RadioStationName", "KABC%20");
Found : user_pref("CT1700389.RadioStationURL", "hxxp://citadelcc-kabc-am.wm.llnwd.net/citadelcc_KABC_AM");
Found : user_pref("CT1700389.SavedHomepage", "hxxp://www.searchqu.com/");
Found : user_pref("CT1700389.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1700389.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT170[...]
Found : user_pref("CT1700389.SearchInNewTabEnabled", true);
Found : user_pref("CT1700389.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1700389.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1700389.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT1700389.ServiceMapLastCheckTime", "Tue Jan 03 2012 06:38:06 GMT+0100");
Found : user_pref("CT1700389.SettingsLastCheckTime", "Wed Jun 15 2011 08:54:42 GMT+0200");
Found : user_pref("CT1700389.SettingsLastUpdate", "1306530423");
Found : user_pref("CT1700389.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1700389.ThirdPartyComponentsLastCheck", "Wed Jun 15 2011 08:54:42 GMT+0200");
Found : user_pref("CT1700389.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT1700389.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1700389");
Found : user_pref("CT1700389.UserID", "UN58606324272057064");
Found : user_pref("CT1700389.ct1700389.AppTrackingLastCheckTime", "Tue Nov 01 2011 09:38:51 GMT+0100");
Found : user_pref("CT1700389.ct1700389.DialogsAlignMode", "LTR");
Found : user_pref("CT1700389.ct1700389.FeedLastCount128491938150862572", 650);
Found : user_pref("CT1700389.ct1700389.GroupingInvalidateCache", false);
Found : user_pref("CT1700389.ct1700389.GroupingLastCheckTime", "Wed Nov 02 2011 10:37:08 GMT+0100");
Found : user_pref("CT1700389.ct1700389.GroupingLastErrorCode", "");
Found : user_pref("CT1700389.ct1700389.GroupingLastResponse", true);
Found : user_pref("CT1700389.ct1700389.GroupingLastServerUpdateTime", "129594387450000000");
Found : user_pref("CT1700389.ct1700389.InvalidateCache", false);
Found : user_pref("CT1700389.ct1700389.LanguagePackLastCheckTime", "Tue Jan 03 2012 06:38:12 GMT+0100");
Found : user_pref("CT1700389.ct1700389.Locale", "en-us");
Found : user_pref("CT1700389.ct1700389.RadioLastCheckTime", "Tue Nov 01 2011 09:38:53 GMT+0100");
Found : user_pref("CT1700389.ct1700389.RadioLastUpdateIPServer", "3");
Found : user_pref("CT1700389.ct1700389.RadioLastUpdateServer", "128929877726170000");
Found : user_pref("CT1700389.ct1700389.SearchInNewTabLastCheckTime", "Tue Jan 03 2012 06:38:07 GMT+0100");
Found : user_pref("CT1700389.ct1700389.SettingsLastCheckTime", "Tue Jan 03 2012 06:38:06 GMT+0100");
Found : user_pref("CT1700389.ct1700389.SettingsLastUpdate", "1321973081");
Found : user_pref("CT1700389.ct1700389.ThirdPartyComponentsLastCheck", "Tue Jan 03 2012 06:38:06 GMT+0100");
Found : user_pref("CT1700389.ct1700389.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT1700389.ct1700389.globalFirstTimeInfoLastCheckTime", "Tue Jan 03 2012 10:38:10 GMT+0100[...]
Found : user_pref("CT1700389.ct1700389.toolbarAppMetaDataLastCheckTime", "Tue Jan 03 2012 06:38:12 GMT+0100"[...]
Found : user_pref("CT1700389.ct1700389.toolbarContextMenuLastCheckTime", "Wed Jun 15 2011 08:54:46 GMT+0200"[...]
Found : user_pref("CT1700389.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1700389.globalFirstTimeInfoLastCheckTime", "Wed Jun 15 2011 08:54:46 GMT+0200");
Found : user_pref("CT1700389.isAppTrackingManagerOn", true);
Found : user_pref("CT1700389.myStuffEnabled", true);
Found : user_pref("CT1700389.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1700389.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1700389.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1700389.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1700389.oldAppsList", "200,128491907140756606,128491907208256770,128575771120623955,128[...]
Found : user_pref("CT1700389.testingCtid", "");
Found : user_pref("CT1700389.toolbarAppMetaDataLastCheckTime", "Wed Jun 15 2011 08:54:47 GMT+0200");
Found : user_pref("CT1700389.toolbarContextMenuLastCheckTime", "Wed Jun 15 2011 08:54:45 GMT+0200");
Found : user_pref("CT1700389.usagesFlag", 2);
Found : user_pref("CT2475029..clientLogIsEnabled", true);
Found : user_pref("CT2475029..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2475029..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2475029.CTID", "ct2481032");
Found : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Tue Nov 01 2011 09:38:45 GMT+0100");
Found : user_pref("CT2475029.CommunityChanged", true);
Found : user_pref("CT2475029.CurrentServerDate", "2-11-2011");
Found : user_pref("CT2475029.DialogsAlignMode", "LTR");
Found : user_pref("CT2475029.DialogsGetterLastCheckTime", "Tue Nov 01 2011 09:38:51 GMT+0100");
Found : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Found : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Tue Nov 01 2011 09:38:45 GMT+0100");
Found : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201069983");
Found : user_pref("CT2475029.DownloadReferralCookieData", "");
Found : user_pref("CT2475029.FeedPollDate129132307482029379", "Tue Nov 01 2011 09:38:54 GMT+0100");
Found : user_pref("CT2475029.FeedPollDate129132307482029381", "Tue Nov 01 2011 09:38:54 GMT+0100");
Found : user_pref("CT2475029.FeedPollDate129132307482029382", "Tue Nov 01 2011 09:38:54 GMT+0100");
Found : user_pref("CT2475029.FeedPollDate129133095459686870", "Tue Nov 01 2011 09:38:54 GMT+0100");
Found : user_pref("CT2475029.FeedPollDate129133095459686871", "Tue Nov 01 2011 09:38:54 GMT+0100");
Found : user_pref("CT2475029.FeedPollDate129137437659687146", "Tue Nov 01 2011 09:38:54 GMT+0100");
Found : user_pref("CT2475029.FeedPollDate129137437659687147", "Tue Nov 01 2011 09:38:54 GMT+0100");
Found : user_pref("CT2475029.FeedPollDate129137437659687148", "Tue Nov 01 2011 09:38:54 GMT+0100");
Found : user_pref("CT2475029.FeedPollDate5609757378449145277", "Tue Nov 01 2011 09:38:54 GMT+0100");
Found : user_pref("CT2475029.FeedPollDate5609757381582880127", "Tue Nov 01 2011 09:38:54 GMT+0100");
Found : user_pref("CT2475029.FirstServerDate", "1-11-2011");
Found : user_pref("CT2475029.FirstTime", true);
Found : user_pref("CT2475029.FirstTimeFF3", true);
Found : user_pref("CT2475029.FixPageNotFoundErrors", true);
Found : user_pref("CT2475029.GroupingLastCheckTime", "Tue Nov 01 2011 09:38:45 GMT+0100");
Found : user_pref("CT2475029.GroupingLastErrorCode", "");
Found : user_pref("CT2475029.GroupingLastResponse", true);
Found : user_pref("CT2475029.GroupingLastServerUpdateTime", "129621096970000000");
Found : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2475029.HasUserGlobalKeys", true);
Found : user_pref("CT2475029.Initialize", true);
Found : user_pref("CT2475029.InitializeCommonPrefs", true);
Found : user_pref("CT2475029.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2475029.InstallationId", "MyAshampoo.exe");
Found : user_pref("CT2475029.InstallationType", "ConduitIntegration");
Found : user_pref("CT2475029.InstalledDate", "Tue Nov 01 2011 09:38:48 GMT+0100");
Found : user_pref("CT2475029.IsGrouping", true);
Found : user_pref("CT2475029.IsMulticommunity", true);
Found : user_pref("CT2475029.IsOpenThankYouPage", false);
Found : user_pref("CT2475029.IsOpenUninstallPage", true);
Found : user_pref("CT2475029.LanguagePackLastCheckTime", "Tue Nov 01 2011 09:38:48 GMT+0100");
Found : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2475029.LastLogin_3.3.3.2", "Wed Nov 02 2011 10:37:16 GMT+0100");
Found : user_pref("CT2475029.LatestVersion", "3.7.0.6");
Found : user_pref("CT2475029.Locale", "en");
Found : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Found : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Found : user_pref("CT2475029.SavedHomepage", "hxxp://search.imesh.com");
Found : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Found : user_pref("CT2475029.SearchInNewTabEnabled", true);
Found : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Tue Nov 01 2011 09:38:49 GMT+0100");
Found : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2475029.ServiceMapLastCheckTime", "Wed Nov 02 2011 10:37:15 GMT+0100");
Found : user_pref("CT2475029.SettingsLastCheckTime", "Tue Nov 01 2011 09:38:45 GMT+0100");
Found : user_pref("CT2475029.SettingsLastUpdate", "1317625297");
Found : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Tue Nov 01 2011 09:38:45 GMT+0100");
Found : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2475029");
Found : user_pref("CT2475029.UserID", "UN21273682250267285");
Found : user_pref("CT2475029.ct2481032.DialogsAlignMode", "LTR");
Found : user_pref("CT2475029.ct2481032.FeedLastCount129137415284993440", 0);
Found : user_pref("CT2475029.ct2481032.GroupingInvalidateCache", false);
Found : user_pref("CT2475029.ct2481032.GroupingLastCheckTime", "Tue Nov 01 2011 09:38:50 GMT+0100");
Found : user_pref("CT2475029.ct2481032.GroupingLastErrorCode", "");
Found : user_pref("CT2475029.ct2481032.GroupingLastResponse", true);
Found : user_pref("CT2475029.ct2481032.GroupingLastServerUpdateTime", "129621096970000000");
Found : user_pref("CT2475029.ct2481032.LanguagePackLastCheckTime", "Wed Nov 02 2011 10:37:16 GMT+0100");
Found : user_pref("CT2475029.ct2481032.Locale", "en");
Found : user_pref("CT2475029.ct2481032.SearchInNewTabLastCheckTime", "Wed Nov 02 2011 10:37:16 GMT+0100");
Found : user_pref("CT2475029.ct2481032.SettingsLastCheckTime", "Wed Nov 02 2011 10:37:15 GMT+0100");
Found : user_pref("CT2475029.ct2481032.SettingsLastUpdate", "1318848595");
Found : user_pref("CT2475029.ct2481032.ThirdPartyComponentsLastCheck", "Tue Nov 01 2011 09:38:48 GMT+0100");
Found : user_pref("CT2475029.ct2481032.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2475029.ct2481032.globalFirstTimeInfoLastCheckTime", "Wed Nov 02 2011 10:37:16 GMT+0100[...]
Found : user_pref("CT2475029.ct2481032.toolbarAppMetaDataLastCheckTime", "Wed Nov 02 2011 10:37:16 GMT+0100"[...]
Found : user_pref("CT2475029.ct2481032.toolbarContextMenuLastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100"[...]
Found : user_pref("CT2475029.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2475029.globalFirstTimeInfoLastCheckTime", "Tue Nov 01 2011 09:38:48 GMT+0100");
Found : user_pref("CT2475029.isAppTrackingManagerOn", true);
Found : user_pref("CT2475029.myStuffEnabled", true);
Found : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2475029.testingCtid", "");
Found : user_pref("CT2475029.toolbarAppMetaDataLastCheckTime", "Tue Nov 01 2011 09:38:48 GMT+0100");
Found : user_pref("CT2475029.toolbarContextMenuLastCheckTime", "Tue Nov 01 2011 09:38:48 GMT+0100");
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2475029");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct1700389/CT1700389[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/26447/25929/CZ", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874426/870225/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874430/870228/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874431/870229/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874435/870233/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874437/870235/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874438/870236/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874439/870237/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874440/870238/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874441/870239/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874443/870241/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/CZ", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1700389", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct1700389", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481032", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1700389",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63455331608580[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2475029&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2481032&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1700389/CT1700389[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct1700389/CT1700389[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d8[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Found : user_pref("CommunityToolbar.EngineOwner", "CT1700389");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "isobuster");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1700389");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "isobuster");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.searchqu.com/web?src=ffb&syst[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1700389,ConduitEngine,CT2475029");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1700389,CT2475029");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Aug 10 2012 21:31:56 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Nov 23 2012 11:07:28 GMT+0100");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Nov 23 2012 11:07:19 GMT+0100");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "1e1e076b-93e7-4841-bb8b-8fef93f5291f");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Nov 02 2011 10:37:09 GMT+0100");
Found : user_pref("CommunityToolbar.globalUserId", "e0ee85a7-425c-4a9c-8f5f-f9eb615b6d4d");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2475029");
Found : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100"[...]
Found : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_34655603.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100")[...]
Found : user_pref("CommunityToolbar.twitter.user_759251.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100")[...]
Found : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100")[...]
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Nov 23 2012 11:07:34 GMT+0100");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Jan 03 2012 06:38:14 GMT+0100");
Found : user_pref("ConduitEngine.FirstServerDate", "06/15/2011 09");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Wed Jun 15 2011 08:55:03 GMT+0200");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jan 03 2012 06:38:13 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jan 03 2012 09:38:13 GMT+0100");
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jan 03 2012 09:38:13 GMT+0100");
Found : user_pref("ConduitEngine.UserID", "UN25649066771777129");
Found : user_pref("ConduitEngine.engineLocale", "cs");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jan 03 2012 06:38:13 GMT+0100");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jan 03 2012 10:38:13 GMT+0100");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "SweetIM Search");
Found : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "SweetIM Search");
Found : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com/?barid={41B507A9-9065-40AF-AA8D-130AB[...]
Found : user_pref("extensions.4fd4af7688d6d.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=108602");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 26);
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Found : user_pref("extensions.BabylonToolbar.hmpg", true);
Found : user_pref("extensions.BabylonToolbar.id", "305ac5ed00000000000000ff80ce2648");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15402");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=108602&babsrc=adbar[...]
Found : user_pref("extensions.BabylonToolbar.lastDP", 26);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1710:22:02");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 79267680);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1710:22:02");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108602");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "305ac5ed00000000000000ff80ce2648");
Found : user_pref("extensions.BabylonToolbar_i.id", "305ac5ed00000000000000ff80ce2648");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15402");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:22:02");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.cntry", "CZ");
Found : user_pref("extensions.incredibar.dfltLng", "");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.did", "10650");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "5881E122434EF3116ED8ED424D21B77C");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.id", "305ac5ed00000000000000ff80ce2648");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15501");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1416:44:32");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "20%5F5");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQA3H18UX&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6PQA3H18UX");
Found : user_pref("extensions.incredibar.upn2n", "92543036814468403");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1416:44:32");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10650");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "305ac5ed00000000000000ff80ce2648");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15501");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "20%5F5");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQA3H18UX&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6PQA3H18UX");
Found : user_pref("extensions.incredibar_i.upn2n", "92543036814468403");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:44:32");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=108602&babsrc=KW_def&mntrId=305ac5ed00000[...]
Found : user_pref("quickstores.toolbar.affid", "2017");
Found : user_pref("quickstores.toolbar.guid", "{D7767264-59A7-AADB-2F32-BE9A5EE67A59}");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search the web (Babylon)");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.babylon.com/home?affID[...]
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={41B507A9-9065-40AF-AA8D-[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://search.babylon.c[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://home.sweetim[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\pepa\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.9] : homepage = "hxxp://search.babylon.com/home?affID=108602",
Found [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/home?affID=108602", "hxxp://www.google.cz/", "hxxp://home.sweetim.com/?barid={41B507A9-9065-40AF-AA8D-130ABB299148}" ]
Found [l.1685] : homepage = "hxxp://search.babylon.com/home?affID=108602",
Found [l.2210] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/home?affID=108602", "hxxp://www.google.cz/", "hxxp://home.sweetim.com/?barid={41B507A9-9065-40AF-AA8D-130ABB299148}" ]

-\\ Opera v12.1.1532.0

File : C:\Users\pepa\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [68457 octets] - [23/11/2012 18:43:53]

########## EOF - C:\AdwCleaner[R1].txt - [68518 octets] ##########

#4 Příspěvek od **Rudy** » 23 lis 2012 19:33

Spusťte znovu ADWCleaner a klikněte na >Delete<. Vložte nový log.

pepinojablo · #5 Příspěvek od **pepinojablo** » 23 lis 2012 20:45

# AdwCleaner v2.008 - Logfile created 11/23/2012 at 20:38:26
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Ultimate N (64 bits)
# User : pepa - PEPA-PC
# Boot Mode : Normal
# Running from : C:\Users\pepa\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : ICQ Service
Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\AppGraffiti
Deleted on reboot : C:\Program Files (x86)\ConduitEngine
Deleted on reboot : C:\Program Files (x86)\Crawler
Deleted on reboot : C:\Program Files (x86)\DAEMON Tools Toolbar
Deleted on reboot : C:\Program Files (x86)\FilesFrog Update Checker
Deleted on reboot : C:\Program Files (x86)\ICQ6Toolbar
Deleted on reboot : C:\Program Files (x86)\incredibar.com
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\adapter@babylontc.com
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\ocr@babylon.com
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Deleted on reboot : C:\Program Files (x86)\Windows Searchqu Toolbar
Deleted on reboot : C:\Program Files\Babylon
Deleted on reboot : C:\Program Files\Web Assistant
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\boost_interprocess
Deleted on reboot : C:\ProgramData\ICQ\ICQToolbar
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Deleted on reboot : C:\ProgramData\Premium
Deleted on reboot : C:\ProgramData\SweetIM
Deleted on reboot : C:\ProgramData\Trymedia
Deleted on reboot : C:\Users\pepa\AppData\Local\Conduit
Deleted on reboot : C:\Users\pepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Deleted on reboot : C:\Users\pepa\AppData\Local\TempDir
Deleted on reboot : C:\Users\pepa\AppData\LocalLow\ConduitEngine
Deleted on reboot : C:\Users\pepa\AppData\LocalLow\Searchqutoolbar
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Babylon
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\Conduit
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\ConduitEngine
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\CT1700389
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\CT2475029
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\AppGraffiti@AppGraffiti.com
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\engine@conduit.com
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\ffxtlbr@babylon.com
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\ffxtlbr@incredibar.com
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\firefox@bandoo.com
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\Searchqutoolbar
Deleted on reboot : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\SweetIMToolbarData
Deleted on reboot : C:\Users\pepa\AppData\Roaming\OpenCandy
Deleted on reboot : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Deleted on reboot : C:\Windows\SysWOW64\WNLT
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\user.js
File Deleted : C:\Users\pepa\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
File Deleted : C:\Users\pepa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\pepa\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Deleted : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\Conduit.xml
File Deleted : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\qip-search.xml
File Deleted : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\SearchquWebSearch.xml
File Deleted : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\SearchResults.xml
File Deleted : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\pepa\Desktop\Check for Updates.lnk
File Deleted : C:\Users\pepa\Desktop\sweetpcfix.url

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\wia6eb~1\datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\wia6eb~1\datamngr\iebho.dll
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Dealio
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\AppGraffiti
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\CToolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Dexpot\OpenCandy
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67022F1B-513C-473B-9905-B3F7BFA847BA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Web Assistant
Key Deleted : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Deleted : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKU\S-1-5-21-3212254682-2827306355-880076791-1003\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Prev Search Page] = hxxp://search.qip.ru --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Prev Search Bar] = hxxp://search.qip.ru/ie --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?barid={41B507A9-9065-40AF-AA8D-130ABB299148} --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.26 (cs)

Profile name : default
File : C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\prefs.js

C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\user.js ... Deleted !

Deleted : user_pref("CT1700389..clientLogIsEnabled", true);
Deleted : user_pref("CT1700389..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1700389..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1700389.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1700389.CTID", "ct1700389");
Deleted : user_pref("CT1700389.CommunitiesChangesLastCheckTime", "Wed Nov 02 2011 10:38:20 GMT+0100");
Deleted : user_pref("CT1700389.CommunityChanged", true);
Deleted : user_pref("CT1700389.CurrentServerDate", "3-1-2012");
Deleted : user_pref("CT1700389.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1700389.DialogsGetterLastCheckTime", "Tue Jan 03 2012 06:38:12 GMT+0100");
Deleted : user_pref("CT1700389.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT1700389.DownloadDomainsListLastCheckTime", "Fri Oct 28 2011 17:45:26 GMT+0200");
Deleted : user_pref("CT1700389.DownloadDomainsListLastServerUpdateTime", "1201069983");
Deleted : user_pref("CT1700389.DownloadReferralCookieData", "");
Deleted : user_pref("CT1700389.EMailNotifierPollDate", "Wed Nov 02 2011 10:37:08 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763355875137803", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763356097638018", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763356222169378", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763356772169656", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763356922168881", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763357141387910", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763358174356670", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763358378888162", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763358813731428", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763359039981926", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763359203575264", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763359372794293", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763359763731872", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763360041543951", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate128763360326700728", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate129091015757496686", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedPollDate129235662726843848", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.FeedTTL128763356097638018", 5);
Deleted : user_pref("CT1700389.FeedTTL128763356222169378", 10);
Deleted : user_pref("CT1700389.FeedTTL128763356772169656", 10);
Deleted : user_pref("CT1700389.FeedTTL128763357141387910", 5);
Deleted : user_pref("CT1700389.FeedTTL128763359763731872", 5);
Deleted : user_pref("CT1700389.FeedTTL128763360326700728", 60);
Deleted : user_pref("CT1700389.FirstServerDate", "15-6-2011");
Deleted : user_pref("CT1700389.FirstTime", true);
Deleted : user_pref("CT1700389.FirstTimeFF3", true);
Deleted : user_pref("CT1700389.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1700389.GroupingLastCheckTime", "Wed Jun 15 2011 08:54:41 GMT+0200");
Deleted : user_pref("CT1700389.GroupingLastErrorCode", "");
Deleted : user_pref("CT1700389.GroupingLastResponse", true);
Deleted : user_pref("CT1700389.GroupingLastServerUpdateTime", "129477188540000000");
Deleted : user_pref("CT1700389.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1700389.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1700389.HasUserGlobalKeys", true);
Deleted : user_pref("CT1700389.Initialize", true);
Deleted : user_pref("CT1700389.InitializeCommonPrefs", true);
Deleted : user_pref("CT1700389.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1700389.InstallationId", "StubInstaller");
Deleted : user_pref("CT1700389.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT1700389.InstalledDate", "Wed Jun 15 2011 08:54:42 GMT+0200");
Deleted : user_pref("CT1700389.IsGrouping", false);
Deleted : user_pref("CT1700389.IsMulticommunity", true);
Deleted : user_pref("CT1700389.IsOpenThankYouPage", false);
Deleted : user_pref("CT1700389.IsOpenUninstallPage", false);
Deleted : user_pref("CT1700389.LanguagePackLastCheckTime", "Wed Jun 15 2011 08:54:45 GMT+0200");
Deleted : user_pref("CT1700389.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1700389.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1700389.LastLogin_3.3.3.2", "Tue Jan 03 2012 10:38:10 GMT+0100");
Deleted : user_pref("CT1700389.LatestVersion", "3.8.1.0");
Deleted : user_pref("CT1700389.Locale", "en-us");
Deleted : user_pref("CT1700389.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1700389.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1700389.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1700389.RadioIsPodcast", false);
Deleted : user_pref("CT1700389.RadioMediaID", "9816740");
Deleted : user_pref("CT1700389.RadioMediaType", "Media Player");
Deleted : user_pref("CT1700389.RadioMenuSelectedID", "EBRadioMenu_CT17003899816740");
Deleted : user_pref("CT1700389.RadioStationName", "KABC%20");
Deleted : user_pref("CT1700389.RadioStationURL", "hxxp://citadelcc-kabc-am.wm.llnwd.net/citadelcc_KABC_AM");
Deleted : user_pref("CT1700389.SavedHomepage", "hxxp://www.searchqu.com/");
Deleted : user_pref("CT1700389.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1700389.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT170[...]
Deleted : user_pref("CT1700389.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1700389.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1700389.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1700389.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT1700389.ServiceMapLastCheckTime", "Tue Jan 03 2012 06:38:06 GMT+0100");
Deleted : user_pref("CT1700389.SettingsLastCheckTime", "Wed Jun 15 2011 08:54:42 GMT+0200");
Deleted : user_pref("CT1700389.SettingsLastUpdate", "1306530423");
Deleted : user_pref("CT1700389.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1700389.ThirdPartyComponentsLastCheck", "Wed Jun 15 2011 08:54:42 GMT+0200");
Deleted : user_pref("CT1700389.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT1700389.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1700389");
Deleted : user_pref("CT1700389.UserID", "UN58606324272057064");
Deleted : user_pref("CT1700389.ct1700389.AppTrackingLastCheckTime", "Tue Nov 01 2011 09:38:51 GMT+0100");
Deleted : user_pref("CT1700389.ct1700389.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1700389.ct1700389.FeedLastCount128491938150862572", 650);
Deleted : user_pref("CT1700389.ct1700389.GroupingInvalidateCache", false);
Deleted : user_pref("CT1700389.ct1700389.GroupingLastCheckTime", "Wed Nov 02 2011 10:37:08 GMT+0100");
Deleted : user_pref("CT1700389.ct1700389.GroupingLastErrorCode", "");
Deleted : user_pref("CT1700389.ct1700389.GroupingLastResponse", true);
Deleted : user_pref("CT1700389.ct1700389.GroupingLastServerUpdateTime", "129594387450000000");
Deleted : user_pref("CT1700389.ct1700389.InvalidateCache", false);
Deleted : user_pref("CT1700389.ct1700389.LanguagePackLastCheckTime", "Tue Jan 03 2012 06:38:12 GMT+0100");
Deleted : user_pref("CT1700389.ct1700389.Locale", "en-us");
Deleted : user_pref("CT1700389.ct1700389.RadioLastCheckTime", "Tue Nov 01 2011 09:38:53 GMT+0100");
Deleted : user_pref("CT1700389.ct1700389.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT1700389.ct1700389.RadioLastUpdateServer", "128929877726170000");
Deleted : user_pref("CT1700389.ct1700389.SearchInNewTabLastCheckTime", "Tue Jan 03 2012 06:38:07 GMT+0100");
Deleted : user_pref("CT1700389.ct1700389.SettingsLastCheckTime", "Tue Jan 03 2012 06:38:06 GMT+0100");
Deleted : user_pref("CT1700389.ct1700389.SettingsLastUpdate", "1321973081");
Deleted : user_pref("CT1700389.ct1700389.ThirdPartyComponentsLastCheck", "Tue Jan 03 2012 06:38:06 GMT+0100");
Deleted : user_pref("CT1700389.ct1700389.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT1700389.ct1700389.globalFirstTimeInfoLastCheckTime", "Tue Jan 03 2012 10:38:10 GMT+0100[...]
Deleted : user_pref("CT1700389.ct1700389.toolbarAppMetaDataLastCheckTime", "Tue Jan 03 2012 06:38:12 GMT+0100"[...]
Deleted : user_pref("CT1700389.ct1700389.toolbarContextMenuLastCheckTime", "Wed Jun 15 2011 08:54:46 GMT+0200"[...]
Deleted : user_pref("CT1700389.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1700389.globalFirstTimeInfoLastCheckTime", "Wed Jun 15 2011 08:54:46 GMT+0200");
Deleted : user_pref("CT1700389.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1700389.myStuffEnabled", true);
Deleted : user_pref("CT1700389.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1700389.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1700389.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1700389.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1700389.oldAppsList", "200,128491907140756606,128491907208256770,128575771120623955,128[...]
Deleted : user_pref("CT1700389.testingCtid", "");
Deleted : user_pref("CT1700389.toolbarAppMetaDataLastCheckTime", "Wed Jun 15 2011 08:54:47 GMT+0200");
Deleted : user_pref("CT1700389.toolbarContextMenuLastCheckTime", "Wed Jun 15 2011 08:54:45 GMT+0200");
Deleted : user_pref("CT1700389.usagesFlag", 2);
Deleted : user_pref("CT2475029..clientLogIsEnabled", true);
Deleted : user_pref("CT2475029..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2475029..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2475029.CTID", "ct2481032");
Deleted : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Tue Nov 01 2011 09:38:45 GMT+0100");
Deleted : user_pref("CT2475029.CommunityChanged", true);
Deleted : user_pref("CT2475029.CurrentServerDate", "2-11-2011");
Deleted : user_pref("CT2475029.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2475029.DialogsGetterLastCheckTime", "Tue Nov 01 2011 09:38:51 GMT+0100");
Deleted : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Tue Nov 01 2011 09:38:45 GMT+0100");
Deleted : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201069983");
Deleted : user_pref("CT2475029.DownloadReferralCookieData", "");
Deleted : user_pref("CT2475029.FeedPollDate129132307482029379", "Tue Nov 01 2011 09:38:54 GMT+0100");
Deleted : user_pref("CT2475029.FeedPollDate129132307482029381", "Tue Nov 01 2011 09:38:54 GMT+0100");
Deleted : user_pref("CT2475029.FeedPollDate129132307482029382", "Tue Nov 01 2011 09:38:54 GMT+0100");
Deleted : user_pref("CT2475029.FeedPollDate129133095459686870", "Tue Nov 01 2011 09:38:54 GMT+0100");
Deleted : user_pref("CT2475029.FeedPollDate129133095459686871", "Tue Nov 01 2011 09:38:54 GMT+0100");
Deleted : user_pref("CT2475029.FeedPollDate129137437659687146", "Tue Nov 01 2011 09:38:54 GMT+0100");
Deleted : user_pref("CT2475029.FeedPollDate129137437659687147", "Tue Nov 01 2011 09:38:54 GMT+0100");
Deleted : user_pref("CT2475029.FeedPollDate129137437659687148", "Tue Nov 01 2011 09:38:54 GMT+0100");
Deleted : user_pref("CT2475029.FeedPollDate5609757378449145277", "Tue Nov 01 2011 09:38:54 GMT+0100");
Deleted : user_pref("CT2475029.FeedPollDate5609757381582880127", "Tue Nov 01 2011 09:38:54 GMT+0100");
Deleted : user_pref("CT2475029.FirstServerDate", "1-11-2011");
Deleted : user_pref("CT2475029.FirstTime", true);
Deleted : user_pref("CT2475029.FirstTimeFF3", true);
Deleted : user_pref("CT2475029.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2475029.GroupingLastCheckTime", "Tue Nov 01 2011 09:38:45 GMT+0100");
Deleted : user_pref("CT2475029.GroupingLastErrorCode", "");
Deleted : user_pref("CT2475029.GroupingLastResponse", true);
Deleted : user_pref("CT2475029.GroupingLastServerUpdateTime", "129621096970000000");
Deleted : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2475029.HasUserGlobalKeys", true);
Deleted : user_pref("CT2475029.Initialize", true);
Deleted : user_pref("CT2475029.InitializeCommonPrefs", true);
Deleted : user_pref("CT2475029.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2475029.InstallationId", "MyAshampoo.exe");
Deleted : user_pref("CT2475029.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2475029.InstalledDate", "Tue Nov 01 2011 09:38:48 GMT+0100");
Deleted : user_pref("CT2475029.IsGrouping", true);
Deleted : user_pref("CT2475029.IsMulticommunity", true);
Deleted : user_pref("CT2475029.IsOpenThankYouPage", false);
Deleted : user_pref("CT2475029.IsOpenUninstallPage", true);
Deleted : user_pref("CT2475029.LanguagePackLastCheckTime", "Tue Nov 01 2011 09:38:48 GMT+0100");
Deleted : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2475029.LastLogin_3.3.3.2", "Wed Nov 02 2011 10:37:16 GMT+0100");
Deleted : user_pref("CT2475029.LatestVersion", "3.7.0.6");
Deleted : user_pref("CT2475029.Locale", "en");
Deleted : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2475029.SavedHomepage", "hxxp://search.imesh.com");
Deleted : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Deleted : user_pref("CT2475029.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Tue Nov 01 2011 09:38:49 GMT+0100");
Deleted : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2475029.ServiceMapLastCheckTime", "Wed Nov 02 2011 10:37:15 GMT+0100");
Deleted : user_pref("CT2475029.SettingsLastCheckTime", "Tue Nov 01 2011 09:38:45 GMT+0100");
Deleted : user_pref("CT2475029.SettingsLastUpdate", "1317625297");
Deleted : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Tue Nov 01 2011 09:38:45 GMT+0100");
Deleted : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2475029");
Deleted : user_pref("CT2475029.UserID", "UN21273682250267285");
Deleted : user_pref("CT2475029.ct2481032.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2475029.ct2481032.FeedLastCount129137415284993440", 0);
Deleted : user_pref("CT2475029.ct2481032.GroupingInvalidateCache", false);
Deleted : user_pref("CT2475029.ct2481032.GroupingLastCheckTime", "Tue Nov 01 2011 09:38:50 GMT+0100");
Deleted : user_pref("CT2475029.ct2481032.GroupingLastErrorCode", "");
Deleted : user_pref("CT2475029.ct2481032.GroupingLastResponse", true);
Deleted : user_pref("CT2475029.ct2481032.GroupingLastServerUpdateTime", "129621096970000000");
Deleted : user_pref("CT2475029.ct2481032.LanguagePackLastCheckTime", "Wed Nov 02 2011 10:37:16 GMT+0100");
Deleted : user_pref("CT2475029.ct2481032.Locale", "en");
Deleted : user_pref("CT2475029.ct2481032.SearchInNewTabLastCheckTime", "Wed Nov 02 2011 10:37:16 GMT+0100");
Deleted : user_pref("CT2475029.ct2481032.SettingsLastCheckTime", "Wed Nov 02 2011 10:37:15 GMT+0100");
Deleted : user_pref("CT2475029.ct2481032.SettingsLastUpdate", "1318848595");
Deleted : user_pref("CT2475029.ct2481032.ThirdPartyComponentsLastCheck", "Tue Nov 01 2011 09:38:48 GMT+0100");
Deleted : user_pref("CT2475029.ct2481032.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2475029.ct2481032.globalFirstTimeInfoLastCheckTime", "Wed Nov 02 2011 10:37:16 GMT+0100[...]
Deleted : user_pref("CT2475029.ct2481032.toolbarAppMetaDataLastCheckTime", "Wed Nov 02 2011 10:37:16 GMT+0100"[...]
Deleted : user_pref("CT2475029.ct2481032.toolbarContextMenuLastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100"[...]
Deleted : user_pref("CT2475029.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2475029.globalFirstTimeInfoLastCheckTime", "Tue Nov 01 2011 09:38:48 GMT+0100");
Deleted : user_pref("CT2475029.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2475029.myStuffEnabled", true);
Deleted : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2475029.testingCtid", "");
Deleted : user_pref("CT2475029.toolbarAppMetaDataLastCheckTime", "Tue Nov 01 2011 09:38:48 GMT+0100");
Deleted : user_pref("CT2475029.toolbarContextMenuLastCheckTime", "Tue Nov 01 2011 09:38:48 GMT+0100");
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2475029");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct1700389/CT1700389[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/26447/25929/CZ", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874426/870225/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874430/870228/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874431/870229/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874435/870233/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874437/870235/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874438/870236/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874439/870237/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874440/870238/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874441/870239/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874443/870241/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/CZ", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1700389", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct1700389", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481032", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1700389",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63455331608580[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2475029&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2481032&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1700389/CT1700389[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct1700389/CT1700389[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d8[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT1700389");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "isobuster");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1700389");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "isobuster");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.searchqu.com/web?src=ffb&syst[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1700389,ConduitEngine,CT2475029");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1700389,CT2475029");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Aug 10 2012 21:31:56 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Nov 23 2012 11:07:28 GMT+0100");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Nov 23 2012 11:07:19 GMT+0100");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "1e1e076b-93e7-4841-bb8b-8fef93f5291f");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Nov 02 2011 10:37:09 GMT+0100");
Deleted : user_pref("CommunityToolbar.globalUserId", "e0ee85a7-425c-4a9c-8f5f-f9eb615b6d4d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2475029");
Deleted : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100"[...]
Deleted : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_34655603.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100")[...]
Deleted : user_pref("CommunityToolbar.twitter.user_759251.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100")[...]
Deleted : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Tue Nov 01 2011 09:38:52 GMT+0100")[...]
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Nov 23 2012 11:07:34 GMT+0100");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Jan 03 2012 06:38:14 GMT+0100");
Deleted : user_pref("ConduitEngine.FirstServerDate", "06/15/2011 09");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Jun 15 2011 08:55:03 GMT+0200");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jan 03 2012 06:38:13 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jan 03 2012 09:38:13 GMT+0100");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jan 03 2012 09:38:13 GMT+0100");
Deleted : user_pref("ConduitEngine.UserID", "UN25649066771777129");
Deleted : user_pref("ConduitEngine.engineLocale", "cs");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jan 03 2012 06:38:13 GMT+0100");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jan 03 2012 10:38:13 GMT+0100");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "SweetIM Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com/?barid={41B507A9-9065-40AF-AA8D-130AB[...]
Deleted : user_pref("extensions.4fd4af7688d6d.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=108602");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 26);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "305ac5ed00000000000000ff80ce2648");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15402");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=108602&babsrc=adbar[...]
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 26);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1710:22:02");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 79267680);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1710:22:02");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108602");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "305ac5ed00000000000000ff80ce2648");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "305ac5ed00000000000000ff80ce2648");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15402");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:22:02");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "CZ");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10650");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "5881E122434EF3116ED8ED424D21B77C");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "305ac5ed00000000000000ff80ce2648");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15501");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1416:44:32");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "20%5F5");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQA3H18UX&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6PQA3H18UX");
Deleted : user_pref("extensions.incredibar.upn2n", "92543036814468403");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1416:44:32");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10650");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "305ac5ed00000000000000ff80ce2648");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15501");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "20%5F5");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQA3H18UX&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQA3H18UX");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543036814468403");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:44:32");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=108602&babsrc=KW_def&mntrId=305ac5ed00000[...]
Deleted : user_pref("quickstores.toolbar.affid", "2017");
Deleted : user_pref("quickstores.toolbar.guid", "{D7767264-59A7-AADB-2F32-BE9A5EE67A59}");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.babylon.com/home?affID[...]
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={41B507A9-9065-40AF-AA8D-[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://search.babylon.c[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://home.sweetim[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\pepa\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.9] : homepage = "hxxp://search.babylon.com/home?affID=108602",
Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/home?affID=108602", "hxxp://www.[...]
Deleted [l.1685] : homepage = "hxxp://search.babylon.com/home?affID=108602",
Deleted [l.2210] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/home?affID=108602", "hxxp://www.goo[...]

-\\ Opera v12.1.1532.0

File : C:\Users\pepa\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [68486 octets] - [23/11/2012 18:43:53]
AdwCleaner[R2].txt - [68547 octets] - [23/11/2012 20:37:52]
AdwCleaner[S1].txt - [68039 octets] - [23/11/2012 20:38:26]

########## EOF - C:\AdwCleaner[S1].txt - [68100 octets] ##########

#6 Příspěvek od **Rudy** » 23 lis 2012 21:20

Dejte nový log RSIT.

pepinojablo · #7 Příspěvek od **pepinojablo** » 24 lis 2012 13:01

Logfile of random's system information tool 1.09 (written by random/random)
Run by pepa at 2012-11-24 12:56:56
Microsoft Windows 7 Ultimate N
System drive C: has 8 GB (9%) free of 82 GB
Total RAM: 768 MB (5% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:38, on 24.11.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Program Files\trend micro\pepa.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: (no name) - !{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
O3 - Toolbar: (no name) - !{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O3 - Toolbar: (no name) - !{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1003\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1003\..\Run: [HellShare klient] C:\Users\UpdatusUser\Desktop\HellShare.exe /minimize (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1902284B-32DE-48D2-B015-C6172693EA55}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{1902284B-32DE-48D2-B015-C6172693EA55}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{1902284B-32DE-48D2-B015-C6172693EA55}: NameServer = 10.0.0.138
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: system32\aakah.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\AstSrv.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VeNCrypt - OCCAM Financial Technology - C:\Program Files (x86)\VeNCrypt-0.2.6\vencserver.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WebOptimizer - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11130 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
C:\Windows\SysWOW64\AstSrv.exe
"C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe"
taskeng.exe {F653D0D0-22AF-4A9E-A894-BC68AA4A13A9}
"C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe" /STARTUP
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NetLimiter 3\nlsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files (x86)\VeNCrypt-0.2.6\vencserver.exe" -service
C:\Windows\system32\dmwu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\NetLimiter 3\NLClientApp.exe" /tray
"C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe" -newprocess "4020 2 0 1 3" -logfolder "C:\Users\pepa\AppData\Local\Opera\Opera\logs"
"taskhost.exe"
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
taskeng.exe {FF6CBFBC-573F-4962-8FC0-A4DCDBD23F6F}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
C:\Windows\system32\AUDIODG.EXE 0x854
"C:\Users\pepa\Desktop\stahovani\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\OptimizerProUpdaterLogonTask.job
C:\Windows\tasks\OptimizerProUpdaterRefreshTask.job
C:\Windows\tasks\ReclaimerUpdateFiles_pepa.job
C:\Windows\tasks\ReclaimerUpdateXML_pepa.job
C:\Windows\tasks\RNUpgradeHelperLogonPrompt_pepa.job
C:\Windows\tasks\SmartDefrag.job

=========Mozilla firefox=========

ProfilePath - C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "extensions.enabledItems" - "{1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, engine@conduit.com:3.3.3.2, fdm_ffext@freedownloadmanager.org:1.3.4, firefox@bandoo.com:5.1, radiobar@toolbar:1.0.0, wtxpcom@mybrowserbar.com:5.8, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.03, {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2, {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}:3.3.3.2, {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.4.0.01, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, videosurf_enhanced@videosurf.com:0.79, quickstores@quickstores.de:1.1.0, dealio@mybrowserbar.com:5.8, AppGraffiti@AppGraffiti.com:1.0.0.22, ffxtlbr@babylon.com:1.2.0, gemgecko@gemius.com:2.1, 4fd4af7688cbf@4fd4af7688cf9.info:1.0, ffxtlbr@incredibar.com:1.5.0, {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.485, adapter@babylontc.com:1.0.0.1, ocr@babylon.com:1.1, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26"

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=C:\Program Files\Web Assistant\Firefox

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669]
"Description"=12.0.1.669
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.10]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browser.xpt
browsercomps.dll
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsjsrealplayerplugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\
4fd4af7688cbf@4fd4af7688cf9.info
radiobar@toolbar
videosurf_enhanced@videosurf.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\
inbox-hledn.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2011-01-28 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-11-08 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-18 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-18 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
!{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
!{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
!{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2011-01-28 798771]
!{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
!{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
!{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-12-13 13374568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nektra OEAPI"= []
"OEXPRESS"= []
"NetLimiter"=C:\Program Files\NetLimiter 3\NLClientApp.exe [2011-03-21 2910208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
C:\Program Files (x86)\Hotspot Shield\AnchorFree\ctrl\AFController.exe [2006-06-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2010-03-13 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Pro]
C:\Program Files (x86)\Driver Pro\DPLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
C:\Program Files (x86)\Freecorder\FLVSrvc.exe /run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files (x86)\QIP 2010\qip.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetSoftware]
C:\Program Files\NetSoftware\Starter.exe [2012-05-18 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\pepa\AppData\Roaming\QipGuard\QipGuard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-02 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDP]
C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-11-16 5629312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2011-11-08 273528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run VeNCrypt Listening Viewer.lnk]
C:\PROGRA~2\VENCRY~1.6\VENCVI~1.EXE [2006-12-11 730664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^pepa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~2\Xfire\Xfire.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Cobian Backup 10 Interface"=C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe [2010-09-23 3154432]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWindowsUpdate"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave5"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux4"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-11-23 20:38:26 ----A---- C:\AdwCleaner[S1].txt
2012-11-23 20:37:52 ----A---- C:\AdwCleaner[R2].txt
2012-11-23 18:43:53 ----A---- C:\AdwCleaner[R1].txt
2012-11-22 19:33:43 ----A---- C:\Windows\ntbtlog.txt
2012-11-18 18:31:13 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2012-11-18 18:31:13 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-11-18 18:30:27 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2012-11-18 18:30:27 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-11-18 18:30:27 ----A---- C:\Windows\SYSWOW64\java.exe
2012-11-18 15:49:10 ----D---- C:\Program Files (x86)\Trend Micro
2012-11-17 10:04:40 ----D---- C:\ProgramData\Locktime
2012-11-17 10:04:40 ----D---- C:\Program Files\NetLimiter 3
2012-11-07 17:50:43 ----D---- C:\ProgramData\2B18D

======List of files/folders modified in the last 1 month======

2012-11-24 12:57:28 ----D---- C:\Windows\Temp
2012-11-24 12:57:26 ----D---- C:\Program Files\trend micro
2012-11-24 12:53:38 ----D---- C:\Windows\Prefetch
2012-11-24 12:45:55 ----D---- C:\Users\pepa\AppData\Roaming\Skype
2012-11-24 11:44:44 ----D---- C:\Windows\system32\config
2012-11-24 11:07:26 ----D---- C:\Windows\Tasks
2012-11-23 20:41:15 ----AD---- C:\Windows
2012-11-23 20:41:10 ----RD---- C:\Program Files (x86)
2012-11-23 20:41:10 ----RD---- C:\Program Files
2012-11-23 20:41:10 ----D---- C:\Windows\SysWOW64
2012-11-23 20:41:09 ----HD---- C:\ProgramData
2012-11-23 20:38:31 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-11-23 12:08:05 ----RSD---- C:\Windows\assembly
2012-11-23 12:07:00 ----SHD---- C:\Windows\Installer
2012-11-23 12:06:56 ----D---- C:\Program Files (x86)\Common Files
2012-11-23 12:06:28 ----SHD---- C:\System Volume Information
2012-11-23 11:45:39 ----D---- C:\Windows\system32\Tasks
2012-11-23 11:24:47 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-11-23 00:13:59 ----D---- C:\ProgramData\Adobe
2012-11-22 21:32:19 ----D---- C:\Users\pepa\AppData\Roaming\Media Player Classic
2012-11-22 20:09:29 ----AD---- C:\ProgramData\TEMP
2012-11-22 20:09:20 ----D---- C:\Windows\System32
2012-11-22 20:08:42 ----D---- C:\Program Files (x86)\Driver Pro
2012-11-22 18:46:59 ----D---- C:\Windows\Minidump
2012-11-22 14:27:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-22 14:22:01 ----D---- C:\Windows\system32\catroot2
2012-11-22 00:14:05 ----D---- C:\Windows\system32\drivers
2012-11-18 18:29:48 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-11-18 18:29:21 ----D---- C:\Program Files (x86)\Java
2012-11-18 12:28:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 12:01:41 ----D---- C:\Program Files (x86)\UltraVNC
2012-11-17 16:23:10 ----D---- C:\Users\pepa\AppData\Roaming\FileZilla
2012-11-17 10:05:56 ----D---- C:\Windows\inf
2012-11-17 10:05:34 ----D---- C:\Windows\system32\catroot
2012-11-17 10:05:33 ----D---- C:\Windows\system32\DriverStore
2012-11-16 08:15:46 ----D---- C:\Program Files\SUPERAntiSpyware
2012-11-15 21:57:40 ----D---- C:\Windows\system32\NDF
2012-11-11 19:05:51 ----D---- C:\Users\pepa\AppData\Roaming\vlc
2012-11-09 16:43:55 ----D---- C:\PerfLogs
2012-11-03 10:54:20 ----D---- C:\Users\pepa\AppData\Roaming\The Bat!
2012-10-28 18:23:59 ----D---- C:\Windows\system32\wfp
2012-10-28 18:23:59 ----D---- C:\Windows\AppCompat
2012-10-28 18:23:58 ----D---- C:\ProgramData\OptimizerPro
2012-10-28 18:23:55 ----D---- C:\Windows\system32\wbem
2012-10-28 18:23:54 ----D---- C:\Windows\registration
2012-10-28 18:23:45 ----D---- C:\ProgramData\Real
2012-10-25 15:47:12 ----D---- C:\Users\pepa\AppData\Roaming\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-08-04 241696]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-09-29 526392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R1 nltdi;nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-07-08 231376]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/17 22:36:17]; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 146928]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 47632]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-13 4718952]
R3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 Ph3xIB64;Philips 713x VU PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 []
S3 axmxcs90;axmxcs90; C:\Windows\system32\drivers\axmxcs90.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2009-05-25 25216]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Classic\safedrv.sys []
S3 GPU-Z;GPU-Z; \??\C:\Users\pepa\AppData\Local\Temp\GPU-Z.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-02-11 33344]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-10-29 250984]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys [2009-11-25 38992]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2010-02-25 29696]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-09-22 37888]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 35112]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 144784]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2012-05-29 4608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 astcc;AST Service; C:\Windows\syswow64\AstSrv.exe [2008-05-27 45056]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nlsvc;NetLimiter 3 Service; C:\Program Files\NetLimiter 3\nlsvc.exe [2011-03-21 1845248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-06-29 66872]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
R2 VeNCrypt;VeNCrypt; C:\Program Files (x86)\VeNCrypt-0.2.6\vencserver.exe [2006-12-11 886312]
R2 WebOptimizer;WebOptimizer; C:\Windows\system32\dmwu.exe [2012-09-13 1259888]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]
S2 MySQL;MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files (x86)\MySQL\MySQL Server 5.1\my.ini MySQL []
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-23 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-24 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
S4 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-16 140672]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#8 Příspěvek od **Rudy** » 24 lis 2012 13:15

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Program Files (x86)\Common Files\Spigot
C:\ProgramData\2B18D

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

pepinojablo · #9 Příspěvek od **pepinojablo** » 25 lis 2012 02:49

Logfile of random's system information tool 1.09 (written by random/random)
Run by pepa at 2012-11-25 02:45:58
Microsoft Windows 7 Ultimate N
System drive C: has 8 GB (9%) free of 82 GB
Total RAM: 768 MB (6% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:46:07, on 25.11.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\trend micro\pepa.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1003\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1003\..\Run: [HellShare klient] C:\Users\UpdatusUser\Desktop\HellShare.exe /minimize (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1902284B-32DE-48D2-B015-C6172693EA55}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{1902284B-32DE-48D2-B015-C6172693EA55}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{1902284B-32DE-48D2-B015-C6172693EA55}: NameServer = 10.0.0.138
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: system32\aakah.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\AstSrv.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VeNCrypt - OCCAM Financial Technology - C:\Program Files (x86)\VeNCrypt-0.2.6\vencserver.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WebOptimizer - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10437 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2e8
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
C:\Windows\SysWOW64\AstSrv.exe
"C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe"
taskeng.exe {65FFE824-0818-47AA-B370-AE6A0F22E5E6}
taskeng.exe {692A1C62-E19C-4107-A61F-112E4C5B2D3B}
taskeng.exe {9B118448-5202-4AA7-8BC6-229C5AABAFFA}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe" /STARTUP
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NetLimiter 3\nlsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files (x86)\VeNCrypt-0.2.6\vencserver.exe" -service
C:\Windows\system32\dmwu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\11252012_023910.log
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\NetLimiter 3\NLClientApp.exe" /tray
"C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\pepa\Desktop\stahovani\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\OptimizerProUpdaterLogonTask.job
C:\Windows\tasks\OptimizerProUpdaterRefreshTask.job
C:\Windows\tasks\ReclaimerUpdateFiles_pepa.job
C:\Windows\tasks\ReclaimerUpdateXML_pepa.job
C:\Windows\tasks\RNUpgradeHelperLogonPrompt_pepa.job
C:\Windows\tasks\SmartDefrag.job

=========Mozilla firefox=========

ProfilePath - C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "extensions.enabledItems" - "{1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, engine@conduit.com:3.3.3.2, fdm_ffext@freedownloadmanager.org:1.3.4, firefox@bandoo.com:5.1, radiobar@toolbar:1.0.0, wtxpcom@mybrowserbar.com:5.8, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.03, {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2, {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}:3.3.3.2, {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.4.0.01, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, videosurf_enhanced@videosurf.com:0.79, quickstores@quickstores.de:1.1.0, dealio@mybrowserbar.com:5.8, AppGraffiti@AppGraffiti.com:1.0.0.22, ffxtlbr@babylon.com:1.2.0, gemgecko@gemius.com:2.1, 4fd4af7688cbf@4fd4af7688cf9.info:1.0, ffxtlbr@incredibar.com:1.5.0, {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.485, adapter@babylontc.com:1.0.0.1, ocr@babylon.com:1.1, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26"

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=C:\Program Files\Web Assistant\Firefox

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669]
"Description"=12.0.1.669
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.10]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browser.xpt
browsercomps.dll
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsjsrealplayerplugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\
4fd4af7688cbf@4fd4af7688cf9.info
radiobar@toolbar
videosurf_enhanced@videosurf.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\
inbox-hledn.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2011-01-28 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-18 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-18 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
!{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
!{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
!{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-12-13 13374568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nektra OEAPI"= []
"OEXPRESS"= []
"NetLimiter"=C:\Program Files\NetLimiter 3\NLClientApp.exe [2011-03-21 2910208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
C:\Program Files (x86)\Hotspot Shield\AnchorFree\ctrl\AFController.exe [2006-06-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2010-03-13 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Pro]
C:\Program Files (x86)\Driver Pro\DPLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
C:\Program Files (x86)\Freecorder\FLVSrvc.exe /run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files (x86)\QIP 2010\qip.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetSoftware]
C:\Program Files\NetSoftware\Starter.exe [2012-05-18 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\pepa\AppData\Roaming\QipGuard\QipGuard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-02 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDP]
C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-11-16 5629312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2011-11-08 273528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run VeNCrypt Listening Viewer.lnk]
C:\PROGRA~2\VENCRY~1.6\VENCVI~1.EXE [2006-12-11 730664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^pepa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~2\Xfire\Xfire.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Cobian Backup 10 Interface"=C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe [2010-09-23 3154432]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWindowsUpdate"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave5"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux4"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-11-25 02:39:10 ----D---- C:\_OTM
2012-11-23 20:38:26 ----A---- C:\AdwCleaner[S1].txt
2012-11-23 20:37:52 ----A---- C:\AdwCleaner[R2].txt
2012-11-23 18:43:53 ----A---- C:\AdwCleaner[R1].txt
2012-11-22 19:33:43 ----A---- C:\Windows\ntbtlog.txt
2012-11-18 18:31:13 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2012-11-18 18:31:13 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-11-18 18:30:27 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2012-11-18 18:30:27 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-11-18 18:30:27 ----A---- C:\Windows\SYSWOW64\java.exe
2012-11-18 15:49:10 ----D---- C:\Program Files (x86)\Trend Micro
2012-11-17 10:04:40 ----D---- C:\ProgramData\Locktime
2012-11-17 10:04:40 ----D---- C:\Program Files\NetLimiter 3

======List of files/folders modified in the last 1 month======

2012-11-25 02:46:04 ----D---- C:\Program Files\trend micro
2012-11-25 02:44:38 ----D---- C:\Windows\Temp
2012-11-25 02:42:37 ----D---- C:\Windows\Tasks
2012-11-25 02:39:48 ----D---- C:\Windows\system32\Tasks
2012-11-25 02:39:42 ----HD---- C:\ProgramData
2012-11-25 02:38:05 ----D---- C:\Windows\Prefetch
2012-11-25 02:24:39 ----D---- C:\Users\pepa\AppData\Roaming\Skype
2012-11-24 11:44:44 ----D---- C:\Windows\system32\config
2012-11-23 20:41:15 ----AD---- C:\Windows
2012-11-23 20:41:10 ----RD---- C:\Program Files (x86)
2012-11-23 20:41:10 ----RD---- C:\Program Files
2012-11-23 20:41:10 ----D---- C:\Windows\SysWOW64
2012-11-23 20:38:31 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-11-23 12:08:05 ----RSD---- C:\Windows\assembly
2012-11-23 12:07:00 ----SHD---- C:\Windows\Installer
2012-11-23 12:06:56 ----D---- C:\Program Files (x86)\Common Files
2012-11-23 12:06:28 ----SHD---- C:\System Volume Information
2012-11-23 11:24:47 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-11-23 00:13:59 ----D---- C:\ProgramData\Adobe
2012-11-22 21:32:19 ----D---- C:\Users\pepa\AppData\Roaming\Media Player Classic
2012-11-22 20:09:29 ----AD---- C:\ProgramData\TEMP
2012-11-22 20:09:20 ----D---- C:\Windows\System32
2012-11-22 20:08:42 ----D---- C:\Program Files (x86)\Driver Pro
2012-11-22 18:46:59 ----D---- C:\Windows\Minidump
2012-11-22 14:27:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-22 14:22:01 ----D---- C:\Windows\system32\catroot2
2012-11-22 00:14:05 ----D---- C:\Windows\system32\drivers
2012-11-18 18:29:48 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-11-18 18:29:21 ----D---- C:\Program Files (x86)\Java
2012-11-18 12:28:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 12:01:41 ----D---- C:\Program Files (x86)\UltraVNC
2012-11-17 16:23:10 ----D---- C:\Users\pepa\AppData\Roaming\FileZilla
2012-11-17 10:05:56 ----D---- C:\Windows\inf
2012-11-17 10:05:34 ----D---- C:\Windows\system32\catroot
2012-11-17 10:05:33 ----D---- C:\Windows\system32\DriverStore
2012-11-16 08:15:46 ----D---- C:\Program Files\SUPERAntiSpyware
2012-11-15 21:57:40 ----D---- C:\Windows\system32\NDF
2012-11-11 19:05:51 ----D---- C:\Users\pepa\AppData\Roaming\vlc
2012-11-09 16:43:55 ----D---- C:\PerfLogs
2012-11-03 10:54:20 ----D---- C:\Users\pepa\AppData\Roaming\The Bat!
2012-10-28 18:23:59 ----D---- C:\Windows\system32\wfp
2012-10-28 18:23:59 ----D---- C:\Windows\AppCompat
2012-10-28 18:23:58 ----D---- C:\ProgramData\OptimizerPro
2012-10-28 18:23:55 ----D---- C:\Windows\system32\wbem
2012-10-28 18:23:54 ----D---- C:\Windows\registration
2012-10-28 18:23:45 ----D---- C:\ProgramData\Real

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-08-04 241696]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-09-29 526392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R1 nltdi;nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-07-08 231376]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/17 22:36:17]; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 146928]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 47632]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-13 4718952]
R3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 Ph3xIB64;Philips 713x VU PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 []
S3 aqpjryp9;aqpjryp9; C:\Windows\system32\drivers\aqpjryp9.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2009-05-25 25216]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Classic\safedrv.sys []
S3 GPU-Z;GPU-Z; \??\C:\Users\pepa\AppData\Local\Temp\GPU-Z.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-02-11 33344]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-10-29 250984]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys [2009-11-25 38992]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2010-02-25 29696]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-09-22 37888]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 35112]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 144784]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2012-05-29 4608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 astcc;AST Service; C:\Windows\syswow64\AstSrv.exe [2008-05-27 45056]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nlsvc;NetLimiter 3 Service; C:\Program Files\NetLimiter 3\nlsvc.exe [2011-03-21 1845248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-06-29 66872]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
R2 VeNCrypt;VeNCrypt; C:\Program Files (x86)\VeNCrypt-0.2.6\vencserver.exe [2006-12-11 886312]
R2 WebOptimizer;WebOptimizer; C:\Windows\system32\dmwu.exe [2012-09-13 1259888]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]
S2 MySQL;MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files (x86)\MySQL\MySQL Server 5.1\my.ini MySQL []
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-23 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-24 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
S4 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-16 140672]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#10 Příspěvek od **Rudy** » 25 lis 2012 11:15

Dvouklikem na soubor C:\Program Files\trend micro\pepa.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

pepinojablo · #11 Příspěvek od **pepinojablo** » 25 lis 2012 18:27

Děkuji za Váš čas a ochotu.

#12 Příspěvek od **Rudy** » 25 lis 2012 19:08

Nemáte zač!

VIRY.CZ

Pomalé PC+pady programů

Pomalé PC+pady programů

Re: Pomalé PC+pady programů

Re: Pomalé PC+pady programů

Re: Pomalé PC+pady programů

Re: Pomalé PC+pady programů

Re: Pomalé PC+pady programů

Re: Pomalé PC+pady programů

Re: Pomalé PC+pady programů

Re: Pomalé PC+pady programů

Re: Pomalé PC+pady programů

Re: Pomalé PC+pady programů

Re: Pomalé PC+pady programů