Dobrý den,
požádala mne o pomoc kolegyně, bohužel otevřela přílohu v mailu od FEDEXu, rád bych poprosil o pomoc s odvirováním.
NTB se choval tak, že naběhl do černé obrazovky s myší a čel spustit jen správce úloh.
- Jako první jsem v nouzovém režimu (kam naběhl NTB bez problému) spustil AdwCleaner a nechal vymazat vše co našel. Bohužel po restartu BSOD a dost možná návrat k předchozí konfiguraci, nevím.
Zde log z AdwCLEANERU:
# AdwCleaner v4.101 - Report created 18/11/2014 at 10:49:57
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Milan - MILAN-HP
# Running from : C:\INSTALL\Antiviry\_na_breberky\adwcleaner_4.101.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : CltMngSvc
[#] Service Deleted : SPPD
[#] Service Deleted : vToolbarUpdater18.1.9
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Milan\AppData\Local\apn
Folder Deleted : C:\Users\Milan\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Milan\AppData\Local\Conduit
Folder Deleted : C:\Users\Milan\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Milan\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Milan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Milan\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Milan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Milan\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Milan\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\Extensions\{77E8143B-6759-416E-B521-82CFED75150B}
Folder Deleted : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\Extensions\engine@conduit.com
Folder Deleted : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\Extensions\toolbar@ask.com
Folder Deleted : C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
File Deleted : C:\END
File Deleted : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
Task Deleted : Scheduled Update for Ask Toolbar
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [APISupport]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3288691
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1269415
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3288691
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1C211599-B2F8-4CC3-9118-F273F8F142F9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F2EE1C94-A89C-40C5-9E2D-4A67F394935D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v21.0 (cs)
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.1000082.isPlayDisplay", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM Dance\",\"description\":\"1.FM Dance\",\"url\":\"mms://dance.1.fm/energydance128k?MSWMExt=.asf\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.1000234.TWC_TMP_city", "PRAGUE");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.1000234.TWC_TMP_country", "CZ");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.1000234.TWC_country", "CZECH REPUBLIC");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.1000234.TWC_locId", "EZXX0012");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.1000234.TWC_location", "Prague, Czech Republic");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.1000234.TWC_region", "OT");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.1000234.TWC_temp_dis", "c");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.1000234.TWC_wind_dis", "kmh");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"28°C\",\"temperatureClear\":\"28°C\",\"highTemperature\":\"28°C\",\"lowTemperature\":\"16°C\",\"feelsLike\":\"27°C\",[...]
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.FF19Solved", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.FirstTime", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.FirstTimeFF3", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.RestartDialogFirstTime", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.RestartDialogShouldDisplay", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=1&q=");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.UserID", "UN40223048244109755");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.addressBarTakeOverEnabledInHidden", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.appButtonDisablenull.enc", "MA==");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.autoDisableScopes", -1);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.browser.search.defaultthis.engineName", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.countryCode", "CZ");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.defaultSearch", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.embeddedsData", "[{\"appId\":\"128520273115419467\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.enableAlerts", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.enableFix404ByUser", "TRUE");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.enableSearchFromAddressBar", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.firstTimeDialogOpened", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.fixPageNotFoundError", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorByUser", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorInHidden", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.fixUrls", true);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.fullUserID", "UN40223048244109755.UP.20130623221008");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.homepageuserchanged", true);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.installDate", "26/5/2013 20:05:23");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.installId", "dm");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.installSessionId", "69a89239-b011-4a36-b41b-0396dae4bc53");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.installSp", "FALSE");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.installType", "conduitnsisintegration");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.installUsage", "2013-05-26T21:05:46.2129166+03:00");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.installUsageEarly", "2013-05-26T21:05:45.7449106+03:00");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.installerVersion", "1.4.2.3");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.isCheckedStartAsHidden", true);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.isFirstTimeToolbarLoading", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.keyword", true);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://www.trovigo.com/?gd=&ctid=CT1750559&oct ... &Lay=1&UM=[...]
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.lastVersion", "10.34.0.503");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.migrateAppsAndComponents", true);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.missingMachineIdSent", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Ftoolslib.net%2Fdownloads%2Fviewdownload%2F1-adwcleaner%2F\",\"EB_MAIN_FRAME_TITLE\":\"%0A%09%09%09Downloads%20-%20A[...]
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.openThankYouPage", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.openUninstallPage", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.originalHomepage", "hxxp://eu.ask.com/?l=dis&o=14672");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.originalSearchAddressUrl", "");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.originalSearchEngine", "Ask.com");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.performedDomainChangesMigration", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.revertSettingsEnabled", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.search.searchAppId", "128520273115419467");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.search.searchCount", "2");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.searchFromAddressBarEnabledByUser", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.searchInNewTabEnabledByUser", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.searchInNewTabEnabledInHidden", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.searchRevert", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.searchSuggestEnabledByUser", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.searchUserMode", "1");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1750559\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BSPlayerControlBar.OurToolbar.com//xpi\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BS Player ControlBar \"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_Configuration_lastUpdate", "1416303682563");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1416303682669");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_appsMetadata_lastUpdate", "1416303685155");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1415437119139");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369591552174");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1369591552710");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_location_lastUpdate", "1371815557703");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.16.2.509_lastUpdate", "1371815557998");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.16.2.9_lastUpdate", "1369606057317");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374501845688");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.16.70.505_lastUpdate", "1376554055978");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.19.1.506_lastUpdate", "1377185385876");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378805718256");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380074195400");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382987762635");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.21.1.507_lastUpdate", "1383478397610");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.21.1.520_lastUpdate", "1383920680366");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.22.2.530_lastUpdate", "1386152590566");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.22.5.510_lastUpdate", "1387109464893");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.23.0.822_lastUpdate", "1397324069813");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399743528554");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.30.1.502_lastUpdate", "1401395676889");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.31.0.526_lastUpdate", "1401599950876");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.31.2.501_lastUpdate", "1404725801171");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.33.0.505_lastUpdate", "1409214670465");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.33.0.517_lastUpdate", "1411927654549");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.34.0.503_lastUpdate", "1416303682223");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1415437118205");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_searchAPI_lastUpdate", "1416303685479");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_serviceMap_lastUpdate", "1416303682119");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarContextMenu_lastUpdate", "1416303685177");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarSettings_lastUpdate", "1416303685140");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.serviceLayer_services_translation_lastUpdate", "1416303685001");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.settingsINI", true);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.shouldFirstTimeDialog", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.showToolbarPermission", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.smartbar.CTID", "CT1750559");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.smartbar.Uninstall", "0");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.smartbar.homepage", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.smartbar.toolbarName", "BS Player ControlBar ");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.startPage", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.toolbarBornServerTime", "26-5-2013");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.toolbarCurrentServerTime", "18-11-2014");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.toolbarLoginClientTime", "Sun May 26 2013 20:07:36 GMT+0200");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.twitter_v1.8.0_twitter_app_open_t_f", "%EC%E7%F2%F9%EB");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559.versionFromInstaller", "10.16.2.9");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1416303678513,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.CONDUIT_UPDATE_lastTimeUpdateChecked.enc", 1514311639);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.FF19Solved", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.FirstTime", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.FirstTimeFF3", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.RestartDialogFirstTime", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.RestartDialogShouldDisplay", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&SearchSource=2&CUI=UN67345050514295316&UM=2&q=");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.UserID", "UN67345050514295316");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.addressBarTakeOverEnabledInHidden", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.appOptions", "{}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.browser.search.defaultthis.engineName", true);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.countryCode", "CZ");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.firstTimeDialogOpened", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.fixPageNotFoundErrorByUser", "FALSE");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.fixPageNotFoundErrorInHidden", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.fullUserID", "UN67345050514295316.IN.20140130024338");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.homepageuserchanged", true);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.installDate", "30/01/2014 02:43:41");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.installSessionId", "{D7EE9B42-A8BB-4B2E-B168-9E16E133FA59}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.installSp", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.installType", "Unknown");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.installUsage", "2014-02-02T19:29:58.5687904+03:00");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.installUsageEarly", "2014-01-31T18:22:49.1498963+03:00");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.installerVersion", "1.8.1.4");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.isCheckedStartAsHidden", true);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.isFirstTimeToolbarLoading", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.keyword", true);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3288691&octid=CT3288691&ISID=ISID_ID&SearchSource=15&CUI=UN67345050514295316&Lay=1&[...]
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.lastVersion", "10.34.0.503");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Ftoolslib.net%2Fdownloads%2Fviewdownload%2F1-adwcleaner%2F\",\"EB_MAIN_FRAME_TITLE\":\"%0A%0[...]
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.originalHomepage", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN40223048244109755&UM=1&SearchSource=13&UP=SP4331B972-8FD9-4FD0-B3C0-7C2E9FE3608A&SSPV=");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=1&q=");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.originalSearchEngine", "Conduit Search");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.originalSearchEngineName", "Conduit Search");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.performedDomainChangesMigration", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.revertSettingsEnabled", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.search.searchAppId", "10000002");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.search.searchCount", "0");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchFromAddressBarEnabledByUser", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchInNewTabEnabledByUser", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchInNewTabEnabledInHidden", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchRevert", "true");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchSuggestEnabledByUser", "TRUE");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchUninstallUserMode", "2");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchUserMode", "2");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3288691\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DBBrowserBar.OurToolbar.com//xpi\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DB Browser Bar \"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_Configuration_lastUpdate", "1416303682565");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1416303682292");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_appsMetadata_lastUpdate", "1416303685334");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1415437119117");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1391181772029");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1391358601734");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.23.0.822_lastUpdate", "1397324069201");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399743528914");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.30.1.502_lastUpdate", "1401338292599");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.31.0.526_lastUpdate", "1401599950874");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.31.2.501_lastUpdate", "1404725800719");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.33.0.505_lastUpdate", "1409214646286");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.33.0.517_lastUpdate", "1411927654568");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.34.0.503_lastUpdate", "1416303682139");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1415437119087");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_searchAPI_lastUpdate", "1416303685688");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_serviceMap_lastUpdate", "1416303682072");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_toolbarContextMenu_lastUpdate", "1416303685431");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_toolbarSettings_lastUpdate", "1416303685127");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_translation_lastUpdate", "1416303685009");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.settingsINI", true);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.showToolbarPermission", "false");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.smartbar.CTID", "CT3288691");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.smartbar.Uninstall", "0");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.smartbar.homepage", true);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.smartbar.toolbarName", "DB Browser Bar ");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.toolbarBornServerTime", "2-2-2014");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.toolbarCurrentServerTime", "18-11-2014");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.toolbarInstallDate", "30-01-2014 02:43:39");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.toolbarLoginClientTime", "Sun Feb 02 2014 17:30:01 GMT+0100");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.versionFromInstaller", "10.23.0.722");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691.xpeMode", "1");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("CT3288691_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1416303677397,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?UM=2&ctid=CT3288691&SearchSource=13&CUI=UN67345050514295316");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "DivX Browser Bar Customized Web Search");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&SearchSource=2&CUI=UN67345050514295316&UM=2&q=");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBHomepagesList", "hxxp://search.conduit.com/?UM=2&ctid=CT3288691&SearchSource=13&CUI=UN67345050514295316");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBSearchEngineList", "DivX Browser Bar Customized Web Search");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&SearchSource=2&CUI=UN67345050514295316&UM=2&q=");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3288691");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "BS Player ControlBar Customized Web Search");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&CUI=UN40223048244109755&UM=1&SearchSource=3&q={searchTerms}");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxps://isearch.avg.com/search?cid={DA4A7C7E-773E-422B-9DE4-2500C4518238}&mid=cf28f78608e647d0a3efa5ac05afc2d2-73ff85ae010fa3da5cb6d4c0eceeaa671d[...]
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&SearchSource=2&CUI=UN67345050514295316&UM=2&q=");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3288691");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN40223048244109755&UM=1&SearchSource=13,hxxp://search.conduit.com/?UM=2&ctid=CT3288691&SearchSource=13&CUI=UN6[...]
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=1&q=,hxxp://search.conduit.com/ResultsExt.aspx?oct[...]
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3288691");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3288691");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN40223048244109755&UM=1&SearchSource=13,hxxp://search.conduit.com/?UM=2&ctid=CT3288691&SearchSource=13&CUI=UN67345050[...]
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "HYNJIP1CRI0OFDPJ8BO7G3+OLVRKM56Y3DAYMNFWF+XQ1/BXP+FFKVPX4BQQPD8NLE8CZ2DPYP2KNTBSAKB7RA");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=1&q=,hxxp://search.conduit.com/ResultsExt.aspx?octid=CT17[...]
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1750559.mam_gk_currentVersion", "312E31332E302E3137");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1750559.mam_gk_currentVersion.storedInFile", false);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1750559.mam_gk_globalKeysMigratedToLocalStorage", "31");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1750559.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls", "31");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls.storedInFile", false);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1750559.mam_gk_userBornDate", "4E2F41");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1750559.mam_gk_userBornDate.storedInFile", false);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3288691.mam_gk_currentVersion", "312E31332E302E3137");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3288691.mam_gk_currentVersion.storedInFile", false);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3288691.mam_gk_migrated_from_ls", "31");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3288691.mam_gk_migrated_from_ls.storedInFile", false);
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3288691.mam_gk_userBornDate", "4E2F41");
[wm4b025w.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3288691.mam_gk_userBornDate.storedInFile", false);
-\\ Google Chrome v38.0.2125.111
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={DA4A7C7E-773E-422B-9DE4-2500C4518238}&mid=cf28f78608e647d0a3efa5ac05afc2d2-73ff85ae010fa3da5cb6d4c0eceeaa671db9382f&lang=cs&ds=st011&pr=sa&d=2012-10-16 16:23:22&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ATU2&o=14670&locale=en_EU&apn_uid=98245e56-0f15-4840-905b-ffa040288e4f&apn_ptnrs=%5ET8&apn_sauid=CE94E4A1-BC8F-4233-BBDA-15DF055E71A1&apn_dtid=%5Ezzz001%5EYY%5ECZ&q={searchTerms}
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ATU2&o=14670&locale=en_EU&apn_uid=98245e56-0f15-4840-905b-ffa040288e4f&apn_ptnrs=%5ET8&apn_sauid=CE94E4A1-BC8F-4233-BBDA-15DF055E71A1&apn_dtid=%5Ezzz001%5EYY%5ECZ&q={searchTerms}
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN36863641673648121&ctid=CT3288691&UM=2&UP=SP4331B972-8FD9-4FD0-B3C0-7C2E9FE3608A&SSPV=
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN36863641673648121&ctid=CT3288691&UM=2&UP=SP4331B972-8FD9-4FD0-B3C0-7C2E9FE3608A&SSPV=
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN36863641673648121&ctid=CT3288691&UM=2&UP=SP4331B972-8FD9-4FD0-B3C0-7C2E9FE3608A&SSPV=
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN36863641673648121&ctid=CT3288691&UM=2&UP=SP4331B972-8FD9-4FD0-B3C0-7C2E9FE3608A&SSPV=
*************************
AdwCleaner[R0].txt - [49988 octets] - [18/11/2014 10:45:47]
AdwCleaner[S0].txt - [51652 octets] - [18/11/2014 10:49:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [51713 octets] ##########
Podle návodu na http://www.malwareexperts.com/step-by-s ... ery-virus/ jsem spustil postupně rkill a stáhnul, nainstaloval a spustil MBAM, který našel chyby, které jsem dal odstranit. Bohužel nešlo žádným způsobem získat LOG co se provedlo.
Naposledy jsem použil aktuální záchranné CD od ESETu, který našel 7 nákaz, vč. dvou týkajících se viru od FEDEXu (nějaký soubor "Delivery....ZIP"), bohužel opět log nešlo získat, bylo nabootováno z toho záchranného CD.
PC nyní naběhne, když jej mám po zapnutí odpojen od sítě tak se mi zdá že lépe než když je připojen.
Byl na něm antivir MS Security Essentials, který jsem aktualizoval a momentálně se mi k němu nabízí další aktualizace. Vím že to není asi správně, ale zatím jsem ponechal i MBAM, který po startu opakovaně blokuje pokusy o připojení programu BitComet.exe na škodlivé stránky.
Také mi Win7 nabídly automatickou opravu spouštění, kterou jsem použil, nenechal jsem použít starší bod obnovení, ty jsem naopak všechny vymazal.
Prosím o kontrolu, myslím, že to co jsem provedl zdaleka nebude vše potřebné pro odstranění veškeré havěti, ale umím jen spustit program a buď něco najde nebo ne.
NTB, jak se zdá, používají hodně na stahování z Torrentů, byly tam 2 zavirované soubory stažených her (našel ESET), viděl jsem tam nějaké Cracky, nevím co vše je tam za SW (NTB není můj).
log z RSIT zkusím přiložit do dalšího příspěvku, zpráva je příliš dlouhá. Předem moc děkuji za pomoc.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
otevřena příloha FEDEX a zavirovaný NTB
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: otevřena příloha FEDEX a zavirovaný NTB
Logfile of random's system information tool 1.10 (written by random/random)
Run by Milan at 2014-11-19 08:41:59
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 340 GB (49%) free of 692 GB
Total RAM: 3980 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:42:18, on 19.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Program Files\trend micro\Milan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Download Energy - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User '?')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-1803207500-265790826-4109953844-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\windows\SysWOW64\flcdlock.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
--
End of file - 17151 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
"C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
"C:\windows\system32\Dwm.exe"
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\windows\system32\WLANExt.exe 39988032
\??\C:\windows\system32\conhost.exe "450738931563830713805533914-881668669198618505916634980719871902152143806350
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
"C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-679aca13-1e77-4ace-81a6-48aa7e3fe954 -SystemEventPortName:HostProcess-d4d02c70-d62f-4d54-8044-27f1ed503779 -IoCancelEventPortName:HostProcess-1be543a6-0127-4b6f-95d3-06b66ba8d94b -NonStateChangingEventPortName:HostProcess-ddc5b41a-9642-4c42-aa67-f65c56bd6e97 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4110bcc9-2f64-48c3-9092-32a83ac4f997 -DeviceGroupId:
C:\windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {D77EA1FC-5C85-4021-B791-1DB17F1CB77C}
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=2704.123ae5e0.1314420907 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 2704 "\\.\pipe\gecko-crash-server-pipe.2704" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe" --proxy-stub-channel=Flash6280.5EC5E9C0.14976 --host-broker-channel=Flash6280.5EC5E9C0.17831 --host-pid=6280 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe" --channel=3496.0042F368.2042729483 --proxy-stub-channel=Flash6280.5EC5E9C0.14976 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
C:\windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe" -Embedding
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe"
C:\windows\system32\igfxext.exe -Embedding
C:\windows\system32\igfxsrvc.exe -Embedding
-Minimized
"C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /taskrestart
WicaInventory.exe /devices /output "C:\windows\TEMP\CompatTelemetryLogs\WICA_Devices_MILAN-HP.xml" /filterdevices "C:\windows\TEMP\CompatTelemetryLogs\WicaDeviceFilters.xml" /log "C:\windows\TEMP\CompatTelemetryLogs" "C:\windows\system32\CompatTel"
\??\C:\windows\system32\conhost.exe "-5709483911884060237-32423209418012568-690007625884833683476469081230422636
"C:\windows\system32\wuauclt.exe"
"c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey EA60ED18-562E-F121-E49F-1C227D2795CA -Reinvoke
"C:\INSTALL\Antiviry\_na_breberky\RSITx64_20141119.exe"
C:\windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\AVG-Secure-Search-Update_0814tb_rel.job - C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe --RELAUNCH=1 --CMPID=0814tb
C:\windows\tasks\AVG-Secure-Search-Update_0814tb_rmv.job - C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe --CMPID=0814tb --uninstall=1
C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job - C:\windows\TEMP\{BFF0BDC5-0F24-4CCB-A828-C08F891995B4}.exe --uninstall=1
C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job - C:\windows\TEMP\{0ADB99C9-C24D-4608-A532-BBB4F79D83E9}.exe --uninstall=1
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\HPCeeScheduleForMilan.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForMilan (null)
=========Mozilla firefox=========
ProfilePath - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://trovi.com/?ctid=CT1750559&Search ... 8244109755"
prefs.js - "keyword.URL" - "http://trovi.com/ResultsExt.aspx?ctid=C ... 55&UM=4&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.223 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.223 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\components\
nsIBitCometAgent.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npBitCometAgent.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\extensions\
{ad708c09-d51b-45b3-9d28-4eba2681febf}
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\searchplugins\
bs-player-controlbar-customized-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11 1154720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-08-07 122488]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11 767280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-01-19 51872]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
Download Energy Toolbar - C:\Program Files (x86)\Download_Energy\prxtbDown.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11 1154720]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{ad708c09-d51b-45b3-9d28-4eba2681febf} - Download Energy Toolbar - C:\Program Files (x86)\Download_Energy\prxtbDown.dll [2011-01-17 175912]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2012-01-19 1016992]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2012-01-19 800416]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-03-26 170264]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-03-26 398616]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-03-26 439064]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe [2012-03-14 15232]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2013-06-02 1664000]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-01 2804976]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-10-21 21720]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"BitComet"=C:\Program Files (x86)\BitComet\BitComet.exe [2013-05-02 12805888]
"GarminExpressTrayApp"=C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [2014-09-18 688984]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-29 6501656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUpdater0814tb]
C:\ProgramData\Avg_Update_0814tb\0814tb_{2B492566-0F72-4FEC-B8E0-C732A3A17564}.exe [2014-08-26 2782744]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-03-01 56088]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-08-05 290688]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-30 636032]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"DTRun"=c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [2010-11-24 517456]
"File Sanitizer"=c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2012-08-07 12313720]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2012-08-17 336992]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-04-23 43848]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2013-06-05 683656]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2013-10-16 337184]
"HPConnectionManager"=C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [2013-10-31 185144]
""= []
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-05-26 152392]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GamePark klient 2.lnk - C:\Program Files\GamePark2\gpcl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-03-26 434688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43376448.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\43376448.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mbamchameleon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-11-19 08:42:01 ----D---- C:\Program Files\trend micro
2014-11-19 08:41:59 ----D---- C:\rsit
2014-11-18 16:50:49 ----D---- C:\CCLEANER_BACKUP
2014-11-18 16:31:02 ----A---- C:\TDSSKiller.3.0.0.41_18.11.2014_16.31.02_log.txt
2014-11-18 16:16:23 ----D---- C:\TDSSKiller_Quarantine
2014-11-18 16:09:16 ----A---- C:\TDSSKiller.3.0.0.41_18.11.2014_16.09.16_log.txt
2014-11-18 16:04:48 ----A---- C:\TDSSKiller.3.0.0.40_18.11.2014_16.04.48_log.txt
2014-11-18 15:51:03 ----D---- C:\windows\system32\MRT
2014-11-18 15:50:55 ----A---- C:\windows\system32\MRT.exe
2014-11-18 12:26:32 ----D---- C:\Avenger
2014-11-18 11:30:40 ----A---- C:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-18 11:30:14 ----D---- C:\ProgramData\Malwarebytes
2014-11-18 11:30:14 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-18 11:30:14 ----A---- C:\windows\system32\drivers\mwac.sys
2014-11-18 11:30:14 ----A---- C:\windows\system32\drivers\mbamchameleon.sys
2014-11-18 11:30:14 ----A---- C:\windows\system32\drivers\mbam.sys
2014-11-18 10:45:44 ----D---- C:\AdwCleaner
2014-11-18 10:39:25 ----D---- C:\INSTALL
2014-11-17 07:57:12 ----A---- C:\windows\system32\generaltel.dll
2014-11-17 07:57:12 ----A---- C:\windows\system32\aepdu.dll
2014-11-17 07:57:11 ----A---- C:\windows\system32\aeinv.dll
2014-11-17 07:57:07 ----A---- C:\windows\SYSWOW64\adtschema.dll
2014-11-17 07:57:07 ----A---- C:\windows\system32\termsrv.dll
2014-11-17 07:57:07 ----A---- C:\windows\system32\lsasrv.dll
2014-11-17 07:57:07 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2014-11-17 07:57:07 ----A---- C:\windows\system32\adtschema.dll
2014-11-17 07:57:06 ----A---- C:\windows\SYSWOW64\sspicli.dll
2014-11-17 07:57:06 ----A---- C:\windows\SYSWOW64\secur32.dll
2014-11-17 07:57:06 ----A---- C:\windows\SYSWOW64\msaudite.dll
2014-11-17 07:57:06 ----A---- C:\windows\system32\msaudite.dll
2014-11-17 07:56:46 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-11-17 07:56:46 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-11-17 07:56:46 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-11-17 07:56:46 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-11-17 07:56:46 ----A---- C:\windows\system32\ieetwcollector.exe
2014-11-17 07:56:45 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-11-17 07:56:45 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-17 07:56:45 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2014-11-17 07:56:45 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-11-17 07:56:45 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-17 07:56:45 ----A---- C:\windows\system32\iernonce.dll
2014-11-17 07:56:45 ----A---- C:\windows\system32\ie4uinit.exe
2014-11-17 07:56:44 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-11-17 07:56:44 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-11-17 07:56:43 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-11-17 07:56:43 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-11-17 07:56:43 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-11-17 07:56:43 ----A---- C:\windows\system32\urlmon.dll
2014-11-17 07:56:43 ----A---- C:\windows\system32\iedkcs32.dll
2014-11-17 07:56:42 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-11-17 07:56:42 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-11-17 07:56:42 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-11-17 07:56:41 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-11-17 07:56:41 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-17 07:56:40 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-11-17 07:56:40 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-11-17 07:56:40 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-11-17 07:56:40 ----A---- C:\windows\system32\msfeeds.dll
2014-11-17 07:56:40 ----A---- C:\windows\system32\dxtrans.dll
2014-11-17 07:56:39 ----A---- C:\windows\system32\iesetup.dll
2014-11-17 07:56:39 ----A---- C:\windows\system32\iertutil.dll
2014-11-17 07:56:39 ----A---- C:\windows\system32\ieapfltr.dll
2014-11-17 07:56:38 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-11-17 07:56:38 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2014-11-17 07:56:38 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-11-17 07:56:37 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-11-17 07:56:37 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-11-17 07:56:37 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2014-11-17 07:56:37 ----A---- C:\windows\system32\jsproxy.dll
2014-11-17 07:56:37 ----A---- C:\windows\system32\ieUnatt.exe
2014-11-17 07:56:36 ----A---- C:\windows\system32\ieui.dll
2014-11-17 07:56:36 ----A---- C:\windows\system32\ieframe.dll
2014-11-17 07:56:36 ----A---- C:\windows\system32\dxtmsft.dll
2014-11-17 07:56:35 ----A---- C:\windows\system32\mshtmlmedia.dll
2014-11-17 07:56:35 ----A---- C:\windows\system32\mshtmled.dll
2014-11-17 07:56:35 ----A---- C:\windows\system32\jscript9diag.dll
2014-11-17 07:56:34 ----A---- C:\windows\system32\wininet.dll
2014-11-17 07:56:34 ----A---- C:\windows\system32\vbscript.dll
2014-11-17 07:56:34 ----A---- C:\windows\system32\jscript9.dll
2014-11-17 07:56:33 ----A---- C:\windows\system32\msrating.dll
2014-11-17 07:56:33 ----A---- C:\windows\system32\MshtmlDac.dll
2014-11-17 07:56:32 ----A---- C:\windows\system32\mshtml.dll
2014-11-17 07:55:52 ----A---- C:\windows\SYSWOW64\msxml3r.dll
2014-11-17 07:55:52 ----A---- C:\windows\SYSWOW64\msxml3.dll
2014-11-17 07:55:52 ----A---- C:\windows\system32\msxml3r.dll
2014-11-17 07:55:52 ----A---- C:\windows\system32\msxml3.dll
2014-11-17 07:55:33 ----A---- C:\windows\SYSWOW64\IMJP10K.DLL
2014-11-17 07:55:33 ----A---- C:\windows\system32\IMJP10K.DLL
2014-11-17 07:55:26 ----A---- C:\windows\SYSWOW64\AudioSes.dll
2014-11-17 07:55:26 ----A---- C:\windows\SYSWOW64\AUDIOKSE.dll
2014-11-17 07:55:26 ----A---- C:\windows\SYSWOW64\AudioEng.dll
2014-11-17 07:55:26 ----A---- C:\windows\system32\EncDump.dll
2014-11-17 07:55:26 ----A---- C:\windows\system32\audiosrv.dll
2014-11-17 07:55:26 ----A---- C:\windows\system32\AudioSes.dll
2014-11-17 07:55:26 ----A---- C:\windows\system32\AUDIOKSE.dll
2014-11-17 07:55:26 ----A---- C:\windows\system32\AudioEng.dll
2014-11-17 07:55:15 ----A---- C:\windows\system32\schannel.dll
2014-11-17 07:55:14 ----A---- C:\windows\SYSWOW64\schannel.dll
2014-11-17 07:55:14 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2014-11-17 07:55:14 ----A---- C:\windows\system32\ncrypt.dll
2014-11-17 07:55:13 ----A---- C:\windows\SYSWOW64\wdigest.dll
2014-11-17 07:55:13 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2014-11-17 07:55:13 ----A---- C:\windows\SYSWOW64\msv1_0.dll
2014-11-17 07:55:13 ----A---- C:\windows\SYSWOW64\kerberos.dll
2014-11-17 07:55:13 ----A---- C:\windows\SYSWOW64\credssp.dll
2014-11-17 07:55:13 ----A---- C:\windows\system32\wdigest.dll
2014-11-17 07:55:13 ----A---- C:\windows\system32\TSpkg.dll
2014-11-17 07:55:13 ----A---- C:\windows\system32\msv1_0.dll
2014-11-17 07:55:13 ----A---- C:\windows\system32\kerberos.dll
2014-11-17 07:55:13 ----A---- C:\windows\system32\credssp.dll
2014-11-17 07:54:16 ----A---- C:\windows\SYSWOW64\packager.dll
2014-11-17 07:54:16 ----A---- C:\windows\system32\packager.dll
2014-11-17 07:54:05 ----A---- C:\windows\system32\win32k.sys
2014-11-17 07:53:57 ----A---- C:\windows\SYSWOW64\msi.dll
2014-11-17 07:53:57 ----A---- C:\windows\system32\msi.dll
2014-11-17 07:53:46 ----A---- C:\windows\SYSWOW64\oleaut32.dll
2014-11-17 07:53:46 ----A---- C:\windows\system32\oleaut32.dll
2014-11-16 19:27:58 ----D---- C:\6507435a64f36b7bbae077a61797
2014-11-16 19:27:38 ----A---- C:\windows\SYSWOW64\FlashPlayerInstaller.exe
2014-11-08 11:21:59 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2014-11-19 08:42:01 ----RD---- C:\Program Files
2014-11-19 08:42:01 ----D---- C:\windows\Temp
2014-11-19 08:40:56 ----D---- C:\windows\system32\catroot2
2014-11-19 08:40:41 ----D---- C:\windows\winsxs
2014-11-19 08:36:12 ----D---- C:\Users\Milan\AppData\Roaming\BitComet
2014-11-19 08:36:01 ----A---- C:\windows\SYSWOW64\log.txt
2014-11-19 08:34:16 ----D---- C:\windows\system32\config
2014-11-19 08:33:52 ----D---- C:\ProgramData\PDFC
2014-11-19 08:33:48 ----D---- C:\windows\inf
2014-11-19 08:32:42 ----D---- C:\Windows
2014-11-18 16:47:02 ----D---- C:\Program Files\CCleaner
2014-11-18 16:39:01 ----D---- C:\windows\debug
2014-11-18 16:39:00 ----D---- C:\windows\Minidump
2014-11-18 16:30:28 ----SHD---- C:\windows\Installer
2014-11-18 16:24:16 ----D---- C:\windows\system32\drivers
2014-11-18 16:24:13 ----D---- C:\windows\SysWOW64
2014-11-18 16:24:13 ----D---- C:\windows\System32
2014-11-18 16:22:59 ----D---- C:\windows\system32\catroot
2014-11-18 16:20:38 ----D---- C:\Program Files\Microsoft Security Client
2014-11-18 16:20:17 ----RD---- C:\Program Files (x86)
2014-11-18 16:20:15 ----D---- C:\Program Files (x86)\Microsoft Security Client
2014-11-18 16:20:06 ----D---- C:\windows\Tasks
2014-11-18 16:19:17 ----SD---- C:\Users\Milan\AppData\Roaming\Microsoft
2014-11-18 16:04:48 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-11-18 16:02:28 ----SHD---- C:\System Volume Information
2014-11-18 15:58:09 ----D---- C:\windows\system32\DriverStore
2014-11-18 15:47:00 ----D---- C:\windows\Prefetch
2014-11-18 15:44:31 ----HD---- C:\ProgramData
2014-11-18 12:20:35 ----D---- C:\windows\system
2014-11-18 09:43:14 ----SHD---- C:\$RECYCLE.BIN
2014-11-18 08:55:46 ----D---- C:\windows\rescache
2014-11-17 21:57:23 ----D---- C:\windows\system32\wbem
2014-11-17 21:57:23 ----D---- C:\windows\system32\Tasks
2014-11-17 21:57:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-11-17 21:57:03 ----D---- C:\windows\registration
2014-11-17 13:52:24 ----D---- C:\windows\Microsoft.NET
2014-11-17 13:51:45 ----RSD---- C:\windows\assembly
2014-11-17 13:42:23 ----SD---- C:\windows\system32\CompatTel
2014-11-17 13:42:19 ----D---- C:\windows\SYSWOW64\cs-CZ
2014-11-17 13:42:18 ----D---- C:\windows\system32\cs-CZ
2014-11-17 13:42:17 ----D---- C:\Program Files\Internet Explorer
2014-11-17 13:42:15 ----D---- C:\windows\SYSWOW64\en-US
2014-11-17 13:42:14 ----D---- C:\windows\system32\en-US
2014-11-17 13:42:11 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-17 13:28:20 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2014-11-17 04:04:17 ----D---- C:\windows\system32\CodeIntegrity
2014-11-17 04:03:48 ----D---- C:\ProgramData\Atheros
2014-11-17 03:58:05 ----D---- C:\windows\system32\LogFiles
2014-11-16 19:47:58 ----A---- C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-14 12:44:39 ----D---- C:\windows\AppPatch
2014-10-30 12:25:26 ----N---- C:\windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\windows\system32\DRIVERS\amdkmpfd.sys [2012-03-20 32896]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2012-09-07 31040]
R0 iaStor;Intel RAID Controller; C:\windows\system32\drivers\iaStor.sys [2012-02-02 568600]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3hcs.sys [2013-08-05 20024]
R0 MfeEpeOpal;MfeEpeOpal; C:\windows\system32\drivers\MfeEpeOpal.sys [2013-03-27 91432]
R0 MfeEpePc;MfeEpePc; C:\windows\system32\drivers\MfeEpePc.sys [2013-03-27 158760]
R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avgtp;avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [2014-08-11 50976]
R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2012-08-17 126944]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 mbamchameleon;mbamchameleon; \??\C:\windows\system32\drivers\mbamchameleon.sys [2014-10-01 93400]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2012-09-07 43328]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2014-03-26 12534784]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2014-03-26 620032]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2012-02-03 42816]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2013-10-21 4022272]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\windows\system32\DRIVERS\btath_bus.sys [2012-01-19 30368]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2011-07-18 25912]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 intelkmd;intelkmd; C:\windows\system32\DRIVERS\igdpmd64.sys [2012-03-26 14748416]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3hub.sys [2013-08-05 358456]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3xhc.sys [2013-08-05 791608]
R3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2013-11-10 176880]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2014-10-01 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-19 129752]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2013-11-10 62784]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2013-06-02 708200]
R3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\SPUVCbv_x64.sys [2013-06-02 1064184]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\windows\system32\DRIVERS\stwrt64.sys [2013-06-02 543744]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2014-03-01 549104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2012-01-19 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2012-01-19 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\windows\system32\drivers\btath_avdt.sys [2012-01-19 110752]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\windows\system32\DRIVERS\btath_hcrp.sys [2012-01-19 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2012-01-19 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\windows\system32\DRIVERS\btath_rcp.sys [2012-01-19 280992]
S3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2012-01-19 550560]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2012-04-17 80384]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2012-01-31 64312]
S3 grmnusb;grmnusb; C:\windows\system32\drivers\grmnusb.sys [2012-04-18 19304]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-03-26 14748416]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\windows\system32\drivers\mwac.sys [2014-10-01 63704]
S3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2014-03-26 239616]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-02-12 43336]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2012-01-19 106144]
R2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-11 193696]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 DpHost;@C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-04-28 493904]
R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-09-18 450904]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 HPFSService;File Sanitizer for HP ProtectTools; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-08-07 378488]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2013-10-16 681760]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2012-09-07 33600]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-03-01 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-11-10 131032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-11-10 165336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-11-10 279000]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-01 968504]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-01 1871160]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2013-03-27 1327104]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-06-05 1143432]
R2 PnkBstrA;PnkBstrA; C:\windows\syswow64\PnkBstrA.exe [2012-10-17 75064]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2013-06-02 327680]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-08-07 4308320]
R2 uArcCapture;ArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2012-02-03 498352]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-11-10 366040]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2012-03-20 2694224]
R3 hpCMSrv;HP Connection Manager 4 Service; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2013-10-31 1421112]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-05-26 641352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-17 267440]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-11 247968]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-26 276248]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\windows\SysWOW64\flcdlock.exe [2012-01-31 477056]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-11-06 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-25 117144]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-10-14 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]
-----------------EOF-----------------
Run by Milan at 2014-11-19 08:41:59
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 340 GB (49%) free of 692 GB
Total RAM: 3980 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:42:18, on 19.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Program Files\trend micro\Milan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Download Energy - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User '?')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-1803207500-265790826-4109953844-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\windows\SysWOW64\flcdlock.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
--
End of file - 17151 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
"C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
"C:\windows\system32\Dwm.exe"
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\windows\system32\WLANExt.exe 39988032
\??\C:\windows\system32\conhost.exe "450738931563830713805533914-881668669198618505916634980719871902152143806350
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
"C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-679aca13-1e77-4ace-81a6-48aa7e3fe954 -SystemEventPortName:HostProcess-d4d02c70-d62f-4d54-8044-27f1ed503779 -IoCancelEventPortName:HostProcess-1be543a6-0127-4b6f-95d3-06b66ba8d94b -NonStateChangingEventPortName:HostProcess-ddc5b41a-9642-4c42-aa67-f65c56bd6e97 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4110bcc9-2f64-48c3-9092-32a83ac4f997 -DeviceGroupId:
C:\windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {D77EA1FC-5C85-4021-B791-1DB17F1CB77C}
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=2704.123ae5e0.1314420907 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 2704 "\\.\pipe\gecko-crash-server-pipe.2704" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe" --proxy-stub-channel=Flash6280.5EC5E9C0.14976 --host-broker-channel=Flash6280.5EC5E9C0.17831 --host-pid=6280 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe" --channel=3496.0042F368.2042729483 --proxy-stub-channel=Flash6280.5EC5E9C0.14976 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
C:\windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe" -Embedding
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe"
C:\windows\system32\igfxext.exe -Embedding
C:\windows\system32\igfxsrvc.exe -Embedding
-Minimized
"C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /taskrestart
WicaInventory.exe /devices /output "C:\windows\TEMP\CompatTelemetryLogs\WICA_Devices_MILAN-HP.xml" /filterdevices "C:\windows\TEMP\CompatTelemetryLogs\WicaDeviceFilters.xml" /log "C:\windows\TEMP\CompatTelemetryLogs" "C:\windows\system32\CompatTel"
\??\C:\windows\system32\conhost.exe "-5709483911884060237-32423209418012568-690007625884833683476469081230422636
"C:\windows\system32\wuauclt.exe"
"c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey EA60ED18-562E-F121-E49F-1C227D2795CA -Reinvoke
"C:\INSTALL\Antiviry\_na_breberky\RSITx64_20141119.exe"
C:\windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\AVG-Secure-Search-Update_0814tb_rel.job - C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe --RELAUNCH=1 --CMPID=0814tb
C:\windows\tasks\AVG-Secure-Search-Update_0814tb_rmv.job - C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe --CMPID=0814tb --uninstall=1
C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job - C:\windows\TEMP\{BFF0BDC5-0F24-4CCB-A828-C08F891995B4}.exe --uninstall=1
C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job - C:\windows\TEMP\{0ADB99C9-C24D-4608-A532-BBB4F79D83E9}.exe --uninstall=1
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\HPCeeScheduleForMilan.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForMilan (null)
=========Mozilla firefox=========
ProfilePath - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://trovi.com/?ctid=CT1750559&Search ... 8244109755"
prefs.js - "keyword.URL" - "http://trovi.com/ResultsExt.aspx?ctid=C ... 55&UM=4&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.223 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.223 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\components\
nsIBitCometAgent.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npBitCometAgent.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\extensions\
{ad708c09-d51b-45b3-9d28-4eba2681febf}
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\searchplugins\
bs-player-controlbar-customized-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11 1154720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-08-07 122488]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11 767280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-01-19 51872]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
Download Energy Toolbar - C:\Program Files (x86)\Download_Energy\prxtbDown.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11 1154720]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{ad708c09-d51b-45b3-9d28-4eba2681febf} - Download Energy Toolbar - C:\Program Files (x86)\Download_Energy\prxtbDown.dll [2011-01-17 175912]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2012-01-19 1016992]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2012-01-19 800416]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-03-26 170264]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-03-26 398616]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-03-26 439064]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe [2012-03-14 15232]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2013-06-02 1664000]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-01 2804976]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-10-21 21720]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"BitComet"=C:\Program Files (x86)\BitComet\BitComet.exe [2013-05-02 12805888]
"GarminExpressTrayApp"=C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [2014-09-18 688984]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-29 6501656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUpdater0814tb]
C:\ProgramData\Avg_Update_0814tb\0814tb_{2B492566-0F72-4FEC-B8E0-C732A3A17564}.exe [2014-08-26 2782744]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-03-01 56088]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-08-05 290688]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-30 636032]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"DTRun"=c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [2010-11-24 517456]
"File Sanitizer"=c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2012-08-07 12313720]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2012-08-17 336992]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-04-23 43848]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2013-06-05 683656]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2013-10-16 337184]
"HPConnectionManager"=C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [2013-10-31 185144]
""= []
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-05-26 152392]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GamePark klient 2.lnk - C:\Program Files\GamePark2\gpcl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-03-26 434688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43376448.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\43376448.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mbamchameleon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-11-19 08:42:01 ----D---- C:\Program Files\trend micro
2014-11-19 08:41:59 ----D---- C:\rsit
2014-11-18 16:50:49 ----D---- C:\CCLEANER_BACKUP
2014-11-18 16:31:02 ----A---- C:\TDSSKiller.3.0.0.41_18.11.2014_16.31.02_log.txt
2014-11-18 16:16:23 ----D---- C:\TDSSKiller_Quarantine
2014-11-18 16:09:16 ----A---- C:\TDSSKiller.3.0.0.41_18.11.2014_16.09.16_log.txt
2014-11-18 16:04:48 ----A---- C:\TDSSKiller.3.0.0.40_18.11.2014_16.04.48_log.txt
2014-11-18 15:51:03 ----D---- C:\windows\system32\MRT
2014-11-18 15:50:55 ----A---- C:\windows\system32\MRT.exe
2014-11-18 12:26:32 ----D---- C:\Avenger
2014-11-18 11:30:40 ----A---- C:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-18 11:30:14 ----D---- C:\ProgramData\Malwarebytes
2014-11-18 11:30:14 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-18 11:30:14 ----A---- C:\windows\system32\drivers\mwac.sys
2014-11-18 11:30:14 ----A---- C:\windows\system32\drivers\mbamchameleon.sys
2014-11-18 11:30:14 ----A---- C:\windows\system32\drivers\mbam.sys
2014-11-18 10:45:44 ----D---- C:\AdwCleaner
2014-11-18 10:39:25 ----D---- C:\INSTALL
2014-11-17 07:57:12 ----A---- C:\windows\system32\generaltel.dll
2014-11-17 07:57:12 ----A---- C:\windows\system32\aepdu.dll
2014-11-17 07:57:11 ----A---- C:\windows\system32\aeinv.dll
2014-11-17 07:57:07 ----A---- C:\windows\SYSWOW64\adtschema.dll
2014-11-17 07:57:07 ----A---- C:\windows\system32\termsrv.dll
2014-11-17 07:57:07 ----A---- C:\windows\system32\lsasrv.dll
2014-11-17 07:57:07 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2014-11-17 07:57:07 ----A---- C:\windows\system32\adtschema.dll
2014-11-17 07:57:06 ----A---- C:\windows\SYSWOW64\sspicli.dll
2014-11-17 07:57:06 ----A---- C:\windows\SYSWOW64\secur32.dll
2014-11-17 07:57:06 ----A---- C:\windows\SYSWOW64\msaudite.dll
2014-11-17 07:57:06 ----A---- C:\windows\system32\msaudite.dll
2014-11-17 07:56:46 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-11-17 07:56:46 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-11-17 07:56:46 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-11-17 07:56:46 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-11-17 07:56:46 ----A---- C:\windows\system32\ieetwcollector.exe
2014-11-17 07:56:45 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-11-17 07:56:45 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-17 07:56:45 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2014-11-17 07:56:45 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-11-17 07:56:45 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-17 07:56:45 ----A---- C:\windows\system32\iernonce.dll
2014-11-17 07:56:45 ----A---- C:\windows\system32\ie4uinit.exe
2014-11-17 07:56:44 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-11-17 07:56:44 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-11-17 07:56:43 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-11-17 07:56:43 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-11-17 07:56:43 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-11-17 07:56:43 ----A---- C:\windows\system32\urlmon.dll
2014-11-17 07:56:43 ----A---- C:\windows\system32\iedkcs32.dll
2014-11-17 07:56:42 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-11-17 07:56:42 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-11-17 07:56:42 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-11-17 07:56:41 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-11-17 07:56:41 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-17 07:56:40 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-11-17 07:56:40 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-11-17 07:56:40 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-11-17 07:56:40 ----A---- C:\windows\system32\msfeeds.dll
2014-11-17 07:56:40 ----A---- C:\windows\system32\dxtrans.dll
2014-11-17 07:56:39 ----A---- C:\windows\system32\iesetup.dll
2014-11-17 07:56:39 ----A---- C:\windows\system32\iertutil.dll
2014-11-17 07:56:39 ----A---- C:\windows\system32\ieapfltr.dll
2014-11-17 07:56:38 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-11-17 07:56:38 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2014-11-17 07:56:38 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-11-17 07:56:37 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-11-17 07:56:37 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-11-17 07:56:37 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2014-11-17 07:56:37 ----A---- C:\windows\system32\jsproxy.dll
2014-11-17 07:56:37 ----A---- C:\windows\system32\ieUnatt.exe
2014-11-17 07:56:36 ----A---- C:\windows\system32\ieui.dll
2014-11-17 07:56:36 ----A---- C:\windows\system32\ieframe.dll
2014-11-17 07:56:36 ----A---- C:\windows\system32\dxtmsft.dll
2014-11-17 07:56:35 ----A---- C:\windows\system32\mshtmlmedia.dll
2014-11-17 07:56:35 ----A---- C:\windows\system32\mshtmled.dll
2014-11-17 07:56:35 ----A---- C:\windows\system32\jscript9diag.dll
2014-11-17 07:56:34 ----A---- C:\windows\system32\wininet.dll
2014-11-17 07:56:34 ----A---- C:\windows\system32\vbscript.dll
2014-11-17 07:56:34 ----A---- C:\windows\system32\jscript9.dll
2014-11-17 07:56:33 ----A---- C:\windows\system32\msrating.dll
2014-11-17 07:56:33 ----A---- C:\windows\system32\MshtmlDac.dll
2014-11-17 07:56:32 ----A---- C:\windows\system32\mshtml.dll
2014-11-17 07:55:52 ----A---- C:\windows\SYSWOW64\msxml3r.dll
2014-11-17 07:55:52 ----A---- C:\windows\SYSWOW64\msxml3.dll
2014-11-17 07:55:52 ----A---- C:\windows\system32\msxml3r.dll
2014-11-17 07:55:52 ----A---- C:\windows\system32\msxml3.dll
2014-11-17 07:55:33 ----A---- C:\windows\SYSWOW64\IMJP10K.DLL
2014-11-17 07:55:33 ----A---- C:\windows\system32\IMJP10K.DLL
2014-11-17 07:55:26 ----A---- C:\windows\SYSWOW64\AudioSes.dll
2014-11-17 07:55:26 ----A---- C:\windows\SYSWOW64\AUDIOKSE.dll
2014-11-17 07:55:26 ----A---- C:\windows\SYSWOW64\AudioEng.dll
2014-11-17 07:55:26 ----A---- C:\windows\system32\EncDump.dll
2014-11-17 07:55:26 ----A---- C:\windows\system32\audiosrv.dll
2014-11-17 07:55:26 ----A---- C:\windows\system32\AudioSes.dll
2014-11-17 07:55:26 ----A---- C:\windows\system32\AUDIOKSE.dll
2014-11-17 07:55:26 ----A---- C:\windows\system32\AudioEng.dll
2014-11-17 07:55:15 ----A---- C:\windows\system32\schannel.dll
2014-11-17 07:55:14 ----A---- C:\windows\SYSWOW64\schannel.dll
2014-11-17 07:55:14 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2014-11-17 07:55:14 ----A---- C:\windows\system32\ncrypt.dll
2014-11-17 07:55:13 ----A---- C:\windows\SYSWOW64\wdigest.dll
2014-11-17 07:55:13 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2014-11-17 07:55:13 ----A---- C:\windows\SYSWOW64\msv1_0.dll
2014-11-17 07:55:13 ----A---- C:\windows\SYSWOW64\kerberos.dll
2014-11-17 07:55:13 ----A---- C:\windows\SYSWOW64\credssp.dll
2014-11-17 07:55:13 ----A---- C:\windows\system32\wdigest.dll
2014-11-17 07:55:13 ----A---- C:\windows\system32\TSpkg.dll
2014-11-17 07:55:13 ----A---- C:\windows\system32\msv1_0.dll
2014-11-17 07:55:13 ----A---- C:\windows\system32\kerberos.dll
2014-11-17 07:55:13 ----A---- C:\windows\system32\credssp.dll
2014-11-17 07:54:16 ----A---- C:\windows\SYSWOW64\packager.dll
2014-11-17 07:54:16 ----A---- C:\windows\system32\packager.dll
2014-11-17 07:54:05 ----A---- C:\windows\system32\win32k.sys
2014-11-17 07:53:57 ----A---- C:\windows\SYSWOW64\msi.dll
2014-11-17 07:53:57 ----A---- C:\windows\system32\msi.dll
2014-11-17 07:53:46 ----A---- C:\windows\SYSWOW64\oleaut32.dll
2014-11-17 07:53:46 ----A---- C:\windows\system32\oleaut32.dll
2014-11-16 19:27:58 ----D---- C:\6507435a64f36b7bbae077a61797
2014-11-16 19:27:38 ----A---- C:\windows\SYSWOW64\FlashPlayerInstaller.exe
2014-11-08 11:21:59 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2014-11-19 08:42:01 ----RD---- C:\Program Files
2014-11-19 08:42:01 ----D---- C:\windows\Temp
2014-11-19 08:40:56 ----D---- C:\windows\system32\catroot2
2014-11-19 08:40:41 ----D---- C:\windows\winsxs
2014-11-19 08:36:12 ----D---- C:\Users\Milan\AppData\Roaming\BitComet
2014-11-19 08:36:01 ----A---- C:\windows\SYSWOW64\log.txt
2014-11-19 08:34:16 ----D---- C:\windows\system32\config
2014-11-19 08:33:52 ----D---- C:\ProgramData\PDFC
2014-11-19 08:33:48 ----D---- C:\windows\inf
2014-11-19 08:32:42 ----D---- C:\Windows
2014-11-18 16:47:02 ----D---- C:\Program Files\CCleaner
2014-11-18 16:39:01 ----D---- C:\windows\debug
2014-11-18 16:39:00 ----D---- C:\windows\Minidump
2014-11-18 16:30:28 ----SHD---- C:\windows\Installer
2014-11-18 16:24:16 ----D---- C:\windows\system32\drivers
2014-11-18 16:24:13 ----D---- C:\windows\SysWOW64
2014-11-18 16:24:13 ----D---- C:\windows\System32
2014-11-18 16:22:59 ----D---- C:\windows\system32\catroot
2014-11-18 16:20:38 ----D---- C:\Program Files\Microsoft Security Client
2014-11-18 16:20:17 ----RD---- C:\Program Files (x86)
2014-11-18 16:20:15 ----D---- C:\Program Files (x86)\Microsoft Security Client
2014-11-18 16:20:06 ----D---- C:\windows\Tasks
2014-11-18 16:19:17 ----SD---- C:\Users\Milan\AppData\Roaming\Microsoft
2014-11-18 16:04:48 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-11-18 16:02:28 ----SHD---- C:\System Volume Information
2014-11-18 15:58:09 ----D---- C:\windows\system32\DriverStore
2014-11-18 15:47:00 ----D---- C:\windows\Prefetch
2014-11-18 15:44:31 ----HD---- C:\ProgramData
2014-11-18 12:20:35 ----D---- C:\windows\system
2014-11-18 09:43:14 ----SHD---- C:\$RECYCLE.BIN
2014-11-18 08:55:46 ----D---- C:\windows\rescache
2014-11-17 21:57:23 ----D---- C:\windows\system32\wbem
2014-11-17 21:57:23 ----D---- C:\windows\system32\Tasks
2014-11-17 21:57:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-11-17 21:57:03 ----D---- C:\windows\registration
2014-11-17 13:52:24 ----D---- C:\windows\Microsoft.NET
2014-11-17 13:51:45 ----RSD---- C:\windows\assembly
2014-11-17 13:42:23 ----SD---- C:\windows\system32\CompatTel
2014-11-17 13:42:19 ----D---- C:\windows\SYSWOW64\cs-CZ
2014-11-17 13:42:18 ----D---- C:\windows\system32\cs-CZ
2014-11-17 13:42:17 ----D---- C:\Program Files\Internet Explorer
2014-11-17 13:42:15 ----D---- C:\windows\SYSWOW64\en-US
2014-11-17 13:42:14 ----D---- C:\windows\system32\en-US
2014-11-17 13:42:11 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-17 13:28:20 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2014-11-17 04:04:17 ----D---- C:\windows\system32\CodeIntegrity
2014-11-17 04:03:48 ----D---- C:\ProgramData\Atheros
2014-11-17 03:58:05 ----D---- C:\windows\system32\LogFiles
2014-11-16 19:47:58 ----A---- C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-14 12:44:39 ----D---- C:\windows\AppPatch
2014-10-30 12:25:26 ----N---- C:\windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\windows\system32\DRIVERS\amdkmpfd.sys [2012-03-20 32896]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2012-09-07 31040]
R0 iaStor;Intel RAID Controller; C:\windows\system32\drivers\iaStor.sys [2012-02-02 568600]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3hcs.sys [2013-08-05 20024]
R0 MfeEpeOpal;MfeEpeOpal; C:\windows\system32\drivers\MfeEpeOpal.sys [2013-03-27 91432]
R0 MfeEpePc;MfeEpePc; C:\windows\system32\drivers\MfeEpePc.sys [2013-03-27 158760]
R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avgtp;avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [2014-08-11 50976]
R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2012-08-17 126944]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 mbamchameleon;mbamchameleon; \??\C:\windows\system32\drivers\mbamchameleon.sys [2014-10-01 93400]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2012-09-07 43328]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2014-03-26 12534784]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2014-03-26 620032]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2012-02-03 42816]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2013-10-21 4022272]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\windows\system32\DRIVERS\btath_bus.sys [2012-01-19 30368]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2011-07-18 25912]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 intelkmd;intelkmd; C:\windows\system32\DRIVERS\igdpmd64.sys [2012-03-26 14748416]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3hub.sys [2013-08-05 358456]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3xhc.sys [2013-08-05 791608]
R3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2013-11-10 176880]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2014-10-01 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-19 129752]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2013-11-10 62784]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2013-06-02 708200]
R3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\SPUVCbv_x64.sys [2013-06-02 1064184]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\windows\system32\DRIVERS\stwrt64.sys [2013-06-02 543744]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2014-03-01 549104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2012-01-19 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2012-01-19 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\windows\system32\drivers\btath_avdt.sys [2012-01-19 110752]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\windows\system32\DRIVERS\btath_hcrp.sys [2012-01-19 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2012-01-19 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\windows\system32\DRIVERS\btath_rcp.sys [2012-01-19 280992]
S3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2012-01-19 550560]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2012-04-17 80384]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2012-01-31 64312]
S3 grmnusb;grmnusb; C:\windows\system32\drivers\grmnusb.sys [2012-04-18 19304]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-03-26 14748416]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\windows\system32\drivers\mwac.sys [2014-10-01 63704]
S3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2014-03-26 239616]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-02-12 43336]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2012-01-19 106144]
R2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-11 193696]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 DpHost;@C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-04-28 493904]
R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-09-18 450904]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 HPFSService;File Sanitizer for HP ProtectTools; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-08-07 378488]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2013-10-16 681760]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2012-09-07 33600]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-03-01 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-11-10 131032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-11-10 165336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-11-10 279000]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-01 968504]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-01 1871160]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2013-03-27 1327104]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-06-05 1143432]
R2 PnkBstrA;PnkBstrA; C:\windows\syswow64\PnkBstrA.exe [2012-10-17 75064]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2013-06-02 327680]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-08-07 4308320]
R2 uArcCapture;ArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2012-02-03 498352]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-11-10 366040]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2012-03-20 2694224]
R3 hpCMSrv;HP Connection Manager 4 Service; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2013-10-31 1421112]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-05-26 641352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-17 267440]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-11 247968]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-26 276248]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\windows\SysWOW64\flcdlock.exe [2012-01-31 477056]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-11-06 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-25 117144]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-10-14 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]
-----------------EOF-----------------
Re: otevřena příloha FEDEX a zavirovaný NTB
ještě jsem zapomněl napsat, že pomocí TDSSKilleru jsem odstranil rootkit "rootkit.boot.cidox.b".
Nyní proběhl automatický scan MBAM, zatím jsem nic neodstraňoval, zde je log:
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 19.11.2014
Čas skenování: 8:34:15
Protokol: mbam_20141119.txt
Správce: Ano
Verze: 2.00.3.1025
Databáze malwaru: v2014.11.18.05
Databáze rootkitů: v2014.11.12.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Zapnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Milan
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 327023
Uplynulý čas: 40 min, 38 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjištěny položek)
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 1
PUP.Optional.ValueApps.A, HKU\S-1-5-21-1803207500-265790826-4109953844-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, , [f944ed501864e84e4fe7a6ce748f0cf4],
Hodnoty registru: 0
(Žádné zákerné zjištěny položek)
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 2
PUP.Optional.ValueApps.A, C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\valueApps, , [be7f4bf2681484b22b72ee1e748f02fe],
PUP.Optional.ValueApps.A, C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\valueApps\CT1750559, , [be7f4bf2681484b22b72ee1e748f02fe],
Soubory: 3
PUP.Optional.Conduit.A, C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\searchplugins\bs-player-controlbar-customized-web-search.xml, , [320b6ad35d1f1026414c520124dfa25e],
PUP.Optional.Trovi.A, C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.startup.homepage", "http://trovi.com/?ctid=CT1750559&Search ... 8244109755");), ,[d667310c7dffc175c930572b8085e41c]
PUP.Optional.Trovi.A, C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\prefs.js, Dobré: (), Špatné: (user_pref("keyword.URL", "http://trovi.com/ResultsExt.aspx?ctid=C ... 55&UM=4&q=");), ,[90ad39046f0d69cd3cbf750d61a4a65a]
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
Nyní proběhl automatický scan MBAM, zatím jsem nic neodstraňoval, zde je log:
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 19.11.2014
Čas skenování: 8:34:15
Protokol: mbam_20141119.txt
Správce: Ano
Verze: 2.00.3.1025
Databáze malwaru: v2014.11.18.05
Databáze rootkitů: v2014.11.12.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Zapnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Milan
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 327023
Uplynulý čas: 40 min, 38 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjištěny položek)
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 1
PUP.Optional.ValueApps.A, HKU\S-1-5-21-1803207500-265790826-4109953844-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, , [f944ed501864e84e4fe7a6ce748f0cf4],
Hodnoty registru: 0
(Žádné zákerné zjištěny položek)
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 2
PUP.Optional.ValueApps.A, C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\valueApps, , [be7f4bf2681484b22b72ee1e748f02fe],
PUP.Optional.ValueApps.A, C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\valueApps\CT1750559, , [be7f4bf2681484b22b72ee1e748f02fe],
Soubory: 3
PUP.Optional.Conduit.A, C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\searchplugins\bs-player-controlbar-customized-web-search.xml, , [320b6ad35d1f1026414c520124dfa25e],
PUP.Optional.Trovi.A, C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.startup.homepage", "http://trovi.com/?ctid=CT1750559&Search ... 8244109755");), ,[d667310c7dffc175c930572b8085e41c]
PUP.Optional.Trovi.A, C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\wm4b025w.default\prefs.js, Dobré: (), Špatné: (user_pref("keyword.URL", "http://trovi.com/ResultsExt.aspx?ctid=C ... 55&UM=4&q=");), ,[90ad39046f0d69cd3cbf750d61a4a65a]
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
Re: otevřena příloha FEDEX a zavirovaný NTB
ahoj,
1. najdene nechaj odstranit v MBAM
2. doporucujem nahradit MSE nejakym inym AV (okrem AVG) a prescanovat PC
1. najdene nechaj odstranit v MBAM
2. doporucujem nahradit MSE nejakym inym AV (okrem AVG) a prescanovat PC
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: otevřena příloha FEDEX a zavirovaný NTB
nálezy MBAM odstraněny.
Zkusím NTB nechat prohledat ještě i aktualizovaným MSSE a pak bych zřejmě dal Vámi doporučovaný AVAST Free.
Zkusím NTB nechat prohledat ještě i aktualizovaným MSSE a pak bych zřejmě dal Vámi doporučovaný AVAST Free.
Re: otevřena příloha FEDEX a zavirovaný NTB
mezitím jsem ještě spustil AdwCleaner, který toho zas našel spoustu. Až doběhne MS Security Essentials můžu toto odstranit:
# AdwCleaner v4.101 - Report created 19/11/2014 at 09:33:06
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Milan - MILAN-HP
# Running from : C:\INSTALL\Antiviry\_na_breberky\adwcleaner_4.101.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v21.0 (cs)
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000082.isPlayDisplay", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM Dance\",\"description\":\"1.FM Dance\",\"url\":\"mms://dance.1.fm/energydance128k?MSWMExt=.asf\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_TMP_city", "BRNO");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_TMP_country", "CZ");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_country", "CZECH REPUBLIC");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_locId", "EZXX0002");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_location", "Brno, JM, Czech Republic");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_region", "OT");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_temp_dis", "c");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_wind_dis", "kmh");
[wm4b025w.default] - Line Found : user_pref("CT1750559.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.FirstTime", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.FirstTimeFF3", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.RestartDialogFirstTime", "false");
[wm4b025w.default] - Line Found : user_pref("CT1750559.RestartDialogShouldDisplay", "false");
[wm4b025w.default] - Line Found : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=4&q=");
[wm4b025w.default] - Line Found : user_pref("CT1750559.UserID", "UN40223048244109755");
[wm4b025w.default] - Line Found : user_pref("CT1750559.addressBarTakeOverEnabledInHidden", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.appOptions", "{}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.browser.search.defaultthis.engineName", true);
[wm4b025w.default] - Line Found : user_pref("CT1750559.countryCode", "CZ");
[wm4b025w.default] - Line Found : user_pref("CT1750559.dum", "2");
[wm4b025w.default] - Line Found : user_pref("CT1750559.embeddedsData", "[{\"appId\":\"128520273115419467\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[wm4b025w.default] - Line Found : user_pref("CT1750559.firstTimeDialogOpened", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.fixPageNotFoundErrorByUser", "TRUE");
[wm4b025w.default] - Line Found : user_pref("CT1750559.fixPageNotFoundErrorInHidden", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.fullUserID", "UN40223048244109755.UP.20130623221008");
[wm4b025w.default] - Line Found : user_pref("CT1750559.installType", "DirectDownload");
[wm4b025w.default] - Line Found : user_pref("CT1750559.isCheckedStartAsHidden", true);
[wm4b025w.default] - Line Found : user_pref("CT1750559.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.keyword", true);
[wm4b025w.default] - Line Found : user_pref("CT1750559.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://www.trovi.com/?gd=&ctid=CT1750559&octid ... Lay=1&UM=4\[...]
[wm4b025w.default] - Line Found : user_pref("CT1750559.lastVersion", "10.35.0.503");
[wm4b025w.default] - Line Found : user_pref("CT1750559.mam_gk_installer_preapproved.enc", "VFJVRQ==");
[wm4b025w.default] - Line Found : user_pref("CT1750559.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.malwareexperts.com%2Fstep-by-step-fedex-postal-delivery-virus%2F\",\"EB_MAIN_FRAME_TITLE[...]
[wm4b025w.default] - Line Found : user_pref("CT1750559.originalHomepage", "www.google.com");
[wm4b025w.default] - Line Found : user_pref("CT1750559.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&SearchSource=2&CUI=UN67345050514295316&UM=2&q=");
[wm4b025w.default] - Line Found : user_pref("CT1750559.originalSearchEngine", "Google");
[wm4b025w.default] - Line Found : user_pref("CT1750559.originalSearchEngineName", "Google");
[wm4b025w.default] - Line Found : user_pref("CT1750559.performedDomainChangesMigration", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.search.searchAppId", "128520273115419467");
[wm4b025w.default] - Line Found : user_pref("CT1750559.search.searchCount", "0");
[wm4b025w.default] - Line Found : user_pref("CT1750559.searchFromAddressBarEnabledByUser", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.searchInNewTabEnabledByUser", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.searchInNewTabEnabledInHidden", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.searchSuggestEnabledByUser", "True");
[wm4b025w.default] - Line Found : user_pref("CT1750559.searchUninstallUserMode", "4");
[wm4b025w.default] - Line Found : user_pref("CT1750559.searchUserMode", "4");
[wm4b025w.default] - Line Found : user_pref("CT1750559.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1750559\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BSPlayerControlBar.OurToolbar.com//xpi\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BS Player ControlBar \"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_Configuration_lastUpdate", "1416308237635");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1416308238285");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_appsMetadata_lastUpdate", "1416308238143");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1416308238090");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_login_10.35.0.503_lastUpdate", "1416323050921");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1416308238289");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_searchAPI_lastUpdate", "1416308238147");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_serviceMap_lastUpdate", "1416308233424");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_setupAPI_lastUpdate", "1416308237722");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_toolbarContextMenu_lastUpdate", "1416308238056");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_toolbarSettings_lastUpdate", "1416323058614");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_translation_lastUpdate", "1416308238339");
[wm4b025w.default] - Line Found : user_pref("CT1750559.settingsINI", true);
[wm4b025w.default] - Line Found : user_pref("CT1750559.showToolbarPermission", "false");
[wm4b025w.default] - Line Found : user_pref("CT1750559.smartbar.CTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("CT1750559.smartbar.Uninstall", "0");
[wm4b025w.default] - Line Found : user_pref("CT1750559.smartbar.homepage", true);
[wm4b025w.default] - Line Found : user_pref("CT1750559.smartbar.toolbarName", "BS Player ControlBar ");
[wm4b025w.default] - Line Found : user_pref("CT1750559.toolbarBornServerTime", "18-11-2014");
[wm4b025w.default] - Line Found : user_pref("CT1750559.toolbarCurrentServerTime", "18-11-2014");
[wm4b025w.default] - Line Found : user_pref("CT1750559.toolbarDisabled", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.toolbarInstallDate", "18-11-2014 11:57:16");
[wm4b025w.default] - Line Found : user_pref("CT1750559.toolbarLoginClientTime", "Tue Nov 18 2014 11:57:15 GMT+0100");
[wm4b025w.default] - Line Found : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1416325185458,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[wm4b025w.default] - Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&SearchSource=2&CUI=UN67345050514295316&UM=2&q=");
[wm4b025w.default] - Line Found : user_pref("Smartbar.TBHomepagesList", "hxxp://trovi.com/?ctid=CT1750559&SearchSource=13&CUI=UN40223048244109755");
[wm4b025w.default] - Line Found : user_pref("Smartbar.TBSearchEngineList", "");
[wm4b025w.default] - Line Found : user_pref("Smartbar.TBSearchUrlList", "");
[wm4b025w.default] - Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("browser.search.defaultengine", "Ask.com");
[wm4b025w.default] - Line Found : user_pref("browser.search.defaultenginename", "BS Player ControlBar Customized Web Search");
[wm4b025w.default] - Line Found : user_pref("browser.search.selectedEngine", "BS Player ControlBar Customized Web Search");
[wm4b025w.default] - Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxps://isearch.avg.com/search?cid={DA4A7C7E-773E-422B-9DE4-2500C4518238}&mid=cf28f78608e647d0a3efa5ac05afc2d2-73ff85ae010fa3da5cb6d4c0eceeaa671d[...]
[wm4b025w.default] - Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[wm4b025w.default] - Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN40223048244109755&UM=1&SearchSource=13,hxxp://search.conduit.com/?UM=2&ctid=CT3288691&SearchSource=13&CUI=UN6[...]
[wm4b025w.default] - Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=1&q=,hxxp://search.conduit.com/ResultsExt.aspx?oct[...]
[wm4b025w.default] - Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("smartbar.homePageOwnerCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN40223048244109755&UM=1&SearchSource=13,hxxp://search.conduit.com/?UM=2&ctid=CT3288691&SearchSource=13&CUI=UN67345050[...]
[wm4b025w.default] - Line Found : user_pref("smartbar.machineId", "HYNJIP1CRI0OFDPJ8BO7G3+OLVRKM56Y3DAYMNFWF+XQ1/BXP+FFKVPX4BQQPD8NLE8CZ2DPYP2KNTBSAKB7RA");
[wm4b025w.default] - Line Found : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=1&q=,hxxp://search.conduit.com/ResultsExt.aspx?octid=CT17[...]
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_currentVersion", "312E31332E302E3137");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_currentVersion.storedInFile", false);
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_globalKeysMigratedToLocalStorage", "31");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls", "31");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls.storedInFile", false);
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_userBornDate", "4E2F41");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_userBornDate.storedInFile", false);
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [49988 octets] - [18/11/2014 10:45:47]
AdwCleaner[R1].txt - [14014 octets] - [19/11/2014 09:33:06]
AdwCleaner[S0].txt - [51942 octets] - [18/11/2014 10:49:57]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [14136 octets] ##########
# AdwCleaner v4.101 - Report created 19/11/2014 at 09:33:06
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Milan - MILAN-HP
# Running from : C:\INSTALL\Antiviry\_na_breberky\adwcleaner_4.101.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v21.0 (cs)
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000082.isPlayDisplay", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM Dance\",\"description\":\"1.FM Dance\",\"url\":\"mms://dance.1.fm/energydance128k?MSWMExt=.asf\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_TMP_city", "BRNO");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_TMP_country", "CZ");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_country", "CZECH REPUBLIC");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_locId", "EZXX0002");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_location", "Brno, JM, Czech Republic");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_region", "OT");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_temp_dis", "c");
[wm4b025w.default] - Line Found : user_pref("CT1750559.1000234.TWC_wind_dis", "kmh");
[wm4b025w.default] - Line Found : user_pref("CT1750559.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.FirstTime", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.FirstTimeFF3", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.RestartDialogFirstTime", "false");
[wm4b025w.default] - Line Found : user_pref("CT1750559.RestartDialogShouldDisplay", "false");
[wm4b025w.default] - Line Found : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=4&q=");
[wm4b025w.default] - Line Found : user_pref("CT1750559.UserID", "UN40223048244109755");
[wm4b025w.default] - Line Found : user_pref("CT1750559.addressBarTakeOverEnabledInHidden", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.appOptions", "{}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.browser.search.defaultthis.engineName", true);
[wm4b025w.default] - Line Found : user_pref("CT1750559.countryCode", "CZ");
[wm4b025w.default] - Line Found : user_pref("CT1750559.dum", "2");
[wm4b025w.default] - Line Found : user_pref("CT1750559.embeddedsData", "[{\"appId\":\"128520273115419467\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[wm4b025w.default] - Line Found : user_pref("CT1750559.firstTimeDialogOpened", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.fixPageNotFoundErrorByUser", "TRUE");
[wm4b025w.default] - Line Found : user_pref("CT1750559.fixPageNotFoundErrorInHidden", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.fullUserID", "UN40223048244109755.UP.20130623221008");
[wm4b025w.default] - Line Found : user_pref("CT1750559.installType", "DirectDownload");
[wm4b025w.default] - Line Found : user_pref("CT1750559.isCheckedStartAsHidden", true);
[wm4b025w.default] - Line Found : user_pref("CT1750559.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.keyword", true);
[wm4b025w.default] - Line Found : user_pref("CT1750559.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://www.trovi.com/?gd=&ctid=CT1750559&octid ... Lay=1&UM=4\[...]
[wm4b025w.default] - Line Found : user_pref("CT1750559.lastVersion", "10.35.0.503");
[wm4b025w.default] - Line Found : user_pref("CT1750559.mam_gk_installer_preapproved.enc", "VFJVRQ==");
[wm4b025w.default] - Line Found : user_pref("CT1750559.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.malwareexperts.com%2Fstep-by-step-fedex-postal-delivery-virus%2F\",\"EB_MAIN_FRAME_TITLE[...]
[wm4b025w.default] - Line Found : user_pref("CT1750559.originalHomepage", "www.google.com");
[wm4b025w.default] - Line Found : user_pref("CT1750559.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&SearchSource=2&CUI=UN67345050514295316&UM=2&q=");
[wm4b025w.default] - Line Found : user_pref("CT1750559.originalSearchEngine", "Google");
[wm4b025w.default] - Line Found : user_pref("CT1750559.originalSearchEngineName", "Google");
[wm4b025w.default] - Line Found : user_pref("CT1750559.performedDomainChangesMigration", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.search.searchAppId", "128520273115419467");
[wm4b025w.default] - Line Found : user_pref("CT1750559.search.searchCount", "0");
[wm4b025w.default] - Line Found : user_pref("CT1750559.searchFromAddressBarEnabledByUser", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.searchInNewTabEnabledByUser", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.searchInNewTabEnabledInHidden", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.searchSuggestEnabledByUser", "True");
[wm4b025w.default] - Line Found : user_pref("CT1750559.searchUninstallUserMode", "4");
[wm4b025w.default] - Line Found : user_pref("CT1750559.searchUserMode", "4");
[wm4b025w.default] - Line Found : user_pref("CT1750559.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1750559\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BSPlayerControlBar.OurToolbar.com//xpi\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BS Player ControlBar \"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_Configuration_lastUpdate", "1416308237635");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1416308238285");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_appsMetadata_lastUpdate", "1416308238143");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1416308238090");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_login_10.35.0.503_lastUpdate", "1416323050921");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1416308238289");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_searchAPI_lastUpdate", "1416308238147");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_serviceMap_lastUpdate", "1416308233424");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_setupAPI_lastUpdate", "1416308237722");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_toolbarContextMenu_lastUpdate", "1416308238056");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_toolbarSettings_lastUpdate", "1416323058614");
[wm4b025w.default] - Line Found : user_pref("CT1750559.serviceLayer_services_translation_lastUpdate", "1416308238339");
[wm4b025w.default] - Line Found : user_pref("CT1750559.settingsINI", true);
[wm4b025w.default] - Line Found : user_pref("CT1750559.showToolbarPermission", "false");
[wm4b025w.default] - Line Found : user_pref("CT1750559.smartbar.CTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("CT1750559.smartbar.Uninstall", "0");
[wm4b025w.default] - Line Found : user_pref("CT1750559.smartbar.homepage", true);
[wm4b025w.default] - Line Found : user_pref("CT1750559.smartbar.toolbarName", "BS Player ControlBar ");
[wm4b025w.default] - Line Found : user_pref("CT1750559.toolbarBornServerTime", "18-11-2014");
[wm4b025w.default] - Line Found : user_pref("CT1750559.toolbarCurrentServerTime", "18-11-2014");
[wm4b025w.default] - Line Found : user_pref("CT1750559.toolbarDisabled", "true");
[wm4b025w.default] - Line Found : user_pref("CT1750559.toolbarInstallDate", "18-11-2014 11:57:16");
[wm4b025w.default] - Line Found : user_pref("CT1750559.toolbarLoginClientTime", "Tue Nov 18 2014 11:57:15 GMT+0100");
[wm4b025w.default] - Line Found : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1416325185458,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[wm4b025w.default] - Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&SearchSource=2&CUI=UN67345050514295316&UM=2&q=");
[wm4b025w.default] - Line Found : user_pref("Smartbar.TBHomepagesList", "hxxp://trovi.com/?ctid=CT1750559&SearchSource=13&CUI=UN40223048244109755");
[wm4b025w.default] - Line Found : user_pref("Smartbar.TBSearchEngineList", "");
[wm4b025w.default] - Line Found : user_pref("Smartbar.TBSearchUrlList", "");
[wm4b025w.default] - Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("browser.search.defaultengine", "Ask.com");
[wm4b025w.default] - Line Found : user_pref("browser.search.defaultenginename", "BS Player ControlBar Customized Web Search");
[wm4b025w.default] - Line Found : user_pref("browser.search.selectedEngine", "BS Player ControlBar Customized Web Search");
[wm4b025w.default] - Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxps://isearch.avg.com/search?cid={DA4A7C7E-773E-422B-9DE4-2500C4518238}&mid=cf28f78608e647d0a3efa5ac05afc2d2-73ff85ae010fa3da5cb6d4c0eceeaa671d[...]
[wm4b025w.default] - Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[wm4b025w.default] - Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN40223048244109755&UM=1&SearchSource=13,hxxp://search.conduit.com/?UM=2&ctid=CT3288691&SearchSource=13&CUI=UN6[...]
[wm4b025w.default] - Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=1&q=,hxxp://search.conduit.com/ResultsExt.aspx?oct[...]
[wm4b025w.default] - Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("smartbar.homePageOwnerCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN40223048244109755&UM=1&SearchSource=13,hxxp://search.conduit.com/?UM=2&ctid=CT3288691&SearchSource=13&CUI=UN67345050[...]
[wm4b025w.default] - Line Found : user_pref("smartbar.machineId", "HYNJIP1CRI0OFDPJ8BO7G3+OLVRKM56Y3DAYMNFWF+XQ1/BXP+FFKVPX4BQQPD8NLE8CZ2DPYP2KNTBSAKB7RA");
[wm4b025w.default] - Line Found : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=1&q=,hxxp://search.conduit.com/ResultsExt.aspx?octid=CT17[...]
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_currentVersion", "312E31332E302E3137");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_currentVersion.storedInFile", false);
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_globalKeysMigratedToLocalStorage", "31");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls", "31");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls.storedInFile", false);
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_userBornDate", "4E2F41");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_userBornDate.storedInFile", false);
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [49988 octets] - [18/11/2014 10:45:47]
AdwCleaner[R1].txt - [14014 octets] - [19/11/2014 09:33:06]
AdwCleaner[S0].txt - [51942 octets] - [18/11/2014 10:49:57]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [14136 octets] ##########
Re: otevřena příloha FEDEX a zavirovaný NTB
nalezy ADWC nechaj zmazat >> clean
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: otevřena příloha FEDEX a zavirovaný NTB
nechal jsem smazat, celý NTB projel aktualizovaným MSE (když už tam byl než se nainstaluje něco jiného), který nenašel nic, jen v složce TDSSKiller_Quarantine ten odchycený rootkit.
Znovu jsem spustil AdwCleaner a ten pořád opakovaně nachází problémy, zdá se že se to odněkud natahuje. NTB je stále připojený k síti.
toto je poslední log:
# AdwCleaner v4.101 - Report created 19/11/2014 at 14:26:56
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Milan - MILAN-HP
# Running from : C:\INSTALL\Antiviry\_na_breberky\adwcleaner_4.101.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v21.0 (cs)
[wm4b025w.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://trovi.com/?ctid=CT1750559&SearchSource=13&CUI=UN40223048244109755");
[wm4b025w.default] - Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxps://isearch.avg.com/search?cid={DA4A7C7E-773E-422B-9DE4-2500C4518238}&mid=cf28f78608e647d0a3efa5ac05afc2d2-73ff85ae010fa3da5cb6d4c0eceeaa671d[...]
[wm4b025w.default] - Line Found : user_pref("keyword.URL", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=4&q=");
[wm4b025w.default] - Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[wm4b025w.default] - Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN40223048244109755&UM=1&SearchSource=13,hxxp://search.conduit.com/?UM=2&ctid=CT3288691&SearchSource=13&CUI=UN6[...]
[wm4b025w.default] - Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=1&q=,hxxp://search.conduit.com/ResultsExt.aspx?oct[...]
[wm4b025w.default] - Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("smartbar.homePageOwnerCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_currentVersion", "312E31332E302E3137");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_currentVersion.storedInFile", false);
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_globalKeysMigratedToLocalStorage", "31");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls", "31");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls.storedInFile", false);
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [49988 octets] - [18/11/2014 10:45:47]
AdwCleaner[R1].txt - [14225 octets] - [19/11/2014 09:33:06]
AdwCleaner[R2].txt - [3126 octets] - [19/11/2014 14:14:00]
AdwCleaner[R3].txt - [3164 octets] - [19/11/2014 14:26:56]
AdwCleaner[S0].txt - [51942 octets] - [18/11/2014 10:49:57]
AdwCleaner[S1].txt - [15384 octets] - [19/11/2014 14:04:56]
AdwCleaner[S2].txt - [3343 octets] - [19/11/2014 14:18:17]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [3406 octets] ##########
Znovu jsem spustil AdwCleaner a ten pořád opakovaně nachází problémy, zdá se že se to odněkud natahuje. NTB je stále připojený k síti.
toto je poslední log:
# AdwCleaner v4.101 - Report created 19/11/2014 at 14:26:56
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Milan - MILAN-HP
# Running from : C:\INSTALL\Antiviry\_na_breberky\adwcleaner_4.101.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v21.0 (cs)
[wm4b025w.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://trovi.com/?ctid=CT1750559&SearchSource=13&CUI=UN40223048244109755");
[wm4b025w.default] - Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxps://isearch.avg.com/search?cid={DA4A7C7E-773E-422B-9DE4-2500C4518238}&mid=cf28f78608e647d0a3efa5ac05afc2d2-73ff85ae010fa3da5cb6d4c0eceeaa671d[...]
[wm4b025w.default] - Line Found : user_pref("keyword.URL", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=4&q=");
[wm4b025w.default] - Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[wm4b025w.default] - Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN40223048244109755&UM=1&SearchSource=13,hxxp://search.conduit.com/?UM=2&ctid=CT3288691&SearchSource=13&CUI=UN6[...]
[wm4b025w.default] - Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN40223048244109755&UM=1&q=,hxxp://search.conduit.com/ResultsExt.aspx?oct[...]
[wm4b025w.default] - Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("smartbar.homePageOwnerCTID", "CT1750559");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_currentVersion", "312E31332E302E3137");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_currentVersion.storedInFile", false);
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_globalKeysMigratedToLocalStorage", "31");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls", "31");
[wm4b025w.default] - Line Found : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls.storedInFile", false);
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [49988 octets] - [18/11/2014 10:45:47]
AdwCleaner[R1].txt - [14225 octets] - [19/11/2014 09:33:06]
AdwCleaner[R2].txt - [3126 octets] - [19/11/2014 14:14:00]
AdwCleaner[R3].txt - [3164 octets] - [19/11/2014 14:26:56]
AdwCleaner[S0].txt - [51942 octets] - [18/11/2014 10:49:57]
AdwCleaner[S1].txt - [15384 octets] - [19/11/2014 14:04:56]
AdwCleaner[S2].txt - [3343 octets] - [19/11/2014 14:18:17]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [3406 octets] ##########
Re: otevřena příloha FEDEX a zavirovaný NTB
citat:
Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: otevřena příloha FEDEX a zavirovaný NTB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Milan on st 19.11.2014 at 14:55:18,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{ad708c09-d51b-45b3-9d28-4eba2681febf}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{ad708c09-d51b-45b3-9d28-4eba2681febf}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{ad708c09-d51b-45b3-9d28-4eba2681febf}
~~~ Files
Successfully deleted: [File] "C:\windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Milan\appdata\local\cre"
~~~ FireFox
Successfully deleted: [File] C:\Users\Milan\AppData\Roaming\mozilla\firefox\profiles\wm4b025w.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\Milan\AppData\Roaming\mozilla\firefox\profiles\wm4b025w.default\smartbar
Emptied folder: C:\Users\Milan\AppData\Roaming\mozilla\firefox\profiles\wm4b025w.default\minidumps [74 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 19.11.2014 at 15:00:01,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ještě předtím než jste mi odpověděl jsem na zkoušku spustil RogueKiller, třeba ten log k něčemu také může být:
RogueKiller V10.0.6.0 (x64) [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Milan [Práva správce]
Mód : Smazat -- Datum : 11/19/2014 14:50:17
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 147.251.4.33 147.251.6.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 147.251.4.33 147.251.6.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 147.251.4.33 147.251.6.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2D2F520D-A811-402D-8629-AE8D9AE467B7} | DhcpNameServer : 147.251.4.33 147.251.6.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2D2F520D-A811-402D-8629-AE8D9AE467B7} | DhcpNameServer : 147.251.4.33 147.251.6.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2D2F520D-A811-402D-8629-AE8D9AE467B7} | DhcpNameServer : 147.251.4.33 147.251.6.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nevybráno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nevybráno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nevybráno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nevybráno
¤¤¤ Úlohy : 8 ¤¤¤
[Suspicious.Path] AVG-Secure-Search-Update_0814tb_rel.job -- C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe ( --RELAUNCH=1 --CMPID=0814tb ) -> Smazáno
[Suspicious.Path] AVG-Secure-Search-Update_0814tb_rmv.job -- C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe ( --CMPID=0814tb --uninstall=1) -> Smazáno
[Suspicious.Path] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job -- C:\windows\TEMP\{BFF0BDC5-0F24-4CCB-A828-C08F891995B4}.exe (--uninstall=1) -> Smazáno
[Suspicious.Path] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\windows\TEMP\{0ADB99C9-C24D-4608-A532-BBB4F79D83E9}.exe (--uninstall=1) -> Smazáno
[Suspicious.Path] \\AVG-Secure-Search-Update_0814tb_rel -- C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe (--RELAUNCH=1 --CMPID=0814tb) -> Smazáno
[Suspicious.Path] \\AVG-Secure-Search-Update_0814tb_rmv -- C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe (--CMPID=0814tb --uninstall=1) -> Smazáno
[Suspicious.Path] \\AVG-Secure-Search-Update_JUNE2013_HP_rmv -- C:\windows\TEMP\{BFF0BDC5-0F24-4CCB-A828-C08F891995B4}.exe (--uninstall=1) -> ERROR [0]
[Suspicious.Path] \\AVG-Secure-Search-Update_JUNE2013_TB_rmv -- C:\windows\TEMP\{0ADB99C9-C24D-4608-A532-BBB4F79D83E9}.exe (--uninstall=1) -> ERROR [0]
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] wm4b025w.default : user_pref("browser.startup.homepage", "http://trovi.com/?ctid=CT1750559&Search ... 8244109755"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 2d3b87ef126daa15431e122eb9c32e3a
[BSP] 257bb7d8b56d9f38c30f9fc578ad2a2f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 300 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 616448 | Size: 692195 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1418231808 | Size: 20858 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1460948992 | Size: 2043 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_11192014_144752.log
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Milan on st 19.11.2014 at 14:55:18,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{ad708c09-d51b-45b3-9d28-4eba2681febf}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{ad708c09-d51b-45b3-9d28-4eba2681febf}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{ad708c09-d51b-45b3-9d28-4eba2681febf}
~~~ Files
Successfully deleted: [File] "C:\windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Milan\appdata\local\cre"
~~~ FireFox
Successfully deleted: [File] C:\Users\Milan\AppData\Roaming\mozilla\firefox\profiles\wm4b025w.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\Milan\AppData\Roaming\mozilla\firefox\profiles\wm4b025w.default\smartbar
Emptied folder: C:\Users\Milan\AppData\Roaming\mozilla\firefox\profiles\wm4b025w.default\minidumps [74 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 19.11.2014 at 15:00:01,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ještě předtím než jste mi odpověděl jsem na zkoušku spustil RogueKiller, třeba ten log k něčemu také může být:
RogueKiller V10.0.6.0 (x64) [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Milan [Práva správce]
Mód : Smazat -- Datum : 11/19/2014 14:50:17
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 147.251.4.33 147.251.6.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 147.251.4.33 147.251.6.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 147.251.4.33 147.251.6.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2D2F520D-A811-402D-8629-AE8D9AE467B7} | DhcpNameServer : 147.251.4.33 147.251.6.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2D2F520D-A811-402D-8629-AE8D9AE467B7} | DhcpNameServer : 147.251.4.33 147.251.6.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2D2F520D-A811-402D-8629-AE8D9AE467B7} | DhcpNameServer : 147.251.4.33 147.251.6.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nevybráno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nevybráno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nevybráno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nevybráno
¤¤¤ Úlohy : 8 ¤¤¤
[Suspicious.Path] AVG-Secure-Search-Update_0814tb_rel.job -- C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe ( --RELAUNCH=1 --CMPID=0814tb ) -> Smazáno
[Suspicious.Path] AVG-Secure-Search-Update_0814tb_rmv.job -- C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe ( --CMPID=0814tb --uninstall=1) -> Smazáno
[Suspicious.Path] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job -- C:\windows\TEMP\{BFF0BDC5-0F24-4CCB-A828-C08F891995B4}.exe (--uninstall=1) -> Smazáno
[Suspicious.Path] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\windows\TEMP\{0ADB99C9-C24D-4608-A532-BBB4F79D83E9}.exe (--uninstall=1) -> Smazáno
[Suspicious.Path] \\AVG-Secure-Search-Update_0814tb_rel -- C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe (--RELAUNCH=1 --CMPID=0814tb) -> Smazáno
[Suspicious.Path] \\AVG-Secure-Search-Update_0814tb_rmv -- C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe (--CMPID=0814tb --uninstall=1) -> Smazáno
[Suspicious.Path] \\AVG-Secure-Search-Update_JUNE2013_HP_rmv -- C:\windows\TEMP\{BFF0BDC5-0F24-4CCB-A828-C08F891995B4}.exe (--uninstall=1) -> ERROR [0]
[Suspicious.Path] \\AVG-Secure-Search-Update_JUNE2013_TB_rmv -- C:\windows\TEMP\{0ADB99C9-C24D-4608-A532-BBB4F79D83E9}.exe (--uninstall=1) -> ERROR [0]
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] wm4b025w.default : user_pref("browser.startup.homepage", "http://trovi.com/?ctid=CT1750559&Search ... 8244109755"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 2d3b87ef126daa15431e122eb9c32e3a
[BSP] 257bb7d8b56d9f38c30f9fc578ad2a2f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 300 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 616448 | Size: 692195 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1418231808 | Size: 20858 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1460948992 | Size: 2043 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_11192014_144752.log
Re: otevřena příloha FEDEX a zavirovaný NTB
ma pocitac nejake problemy 
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: otevřena příloha FEDEX a zavirovaný NTB
kromě toho že AdwCleaner zase neco našel, tak NTB naběhne, více asi pozná majitel ažv s ním bude pracovat sám.
# AdwCleaner v4.101 - Report created 19/11/2014 at 15:28:00
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Milan - MILAN-HP
# Running from : C:\Users\Milan\Desktop\adwcleaner_4.101.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v21.0 (cs)
-\\ Google Chrome v39.0.2171.65
*************************
AdwCleaner[R0].txt - [1174 octets] - [19/11/2014 15:22:16]
AdwCleaner[R1].txt - [842 octets] - [19/11/2014 15:28:00]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [901 octets] ##########
# AdwCleaner v4.101 - Report created 19/11/2014 at 15:28:00
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Milan - MILAN-HP
# Running from : C:\Users\Milan\Desktop\adwcleaner_4.101.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v21.0 (cs)
-\\ Google Chrome v39.0.2171.65
*************************
AdwCleaner[R0].txt - [1174 octets] - [19/11/2014 15:22:16]
AdwCleaner[R1].txt - [842 octets] - [19/11/2014 15:28:00]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [901 octets] ##########
Re: otevřena příloha FEDEX a zavirovaný NTB
dal jsem opět smazat co AdwCleaner našel a NTB již předal majitelce. Děkuji moc za pomoc, pokud by se jí ještě něco objevilo, tak jsem ji doporučil změnu antiviru a občasné proskenování celého ntb různými antiviry, případně se pro kontrolu zkusit obrátit na Vás.
Pěkný den.
Pěkný den.
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: otevřena příloha FEDEX a zavirovaný NTB
Aktualizuj - současná verze je 33.1.1Mozilla Firefox v21.0 (cs)
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: otevřena příloha FEDEX a zavirovaný NTB
všiml jsem si v nainstalovaných programech (programech pro odinstalaci) že je tam Firefox 2x v různých verzích, ale ten co se spustí je aktuální verze. Takže to bude nejspíš chyba v seznamu programů.
Přispějete na provoz fóra?