Čistka po 3 letech

[PinHole]

prosím o kontrolu, děkuji moc

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:52:54, on 18. 1. 2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\taskeng.exe
C:\Users\JANKO\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\JANKO\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Users\JANKO\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Users\JANKO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JANKO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JANKO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JANKO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\JANKO\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.p ... gle&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100888&ba ... 22436d75aa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.p ... gle&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/en/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\JANKO\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\JANKO\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

--
End of file - 7373 bytes

[Reklama]

[memphisto]

To tam máš MSE i AVAST?

Odinstaluj:
Babylon Toolbar
Deamon Tools Toolbar
Crawler Toolbar

v logu fixni:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.p ... gle&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100888&ba ... 22436d75aa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.p ... gle&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/en/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\JANKO\AppData\Local\Google\Update\GoogleUpdate.exe" /c

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[PinHole]

Koukal jsem, v sys tray je pouze Avast, tak jestli nemel majitel drive MSE a nezbyl po nem pordel ...


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Verzia databázy: v2013.01.19.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
JANKO :: JANKO-PC [administrátor]

19. 1. 2013 9:59:21
mbam-log-2013-01-19 (09-59-21).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 202382
Uplynutý čas: 33 min, 45 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)






# AdwCleaner v2.106 - Logfile created 01/19/2013 at 10:43:19
# Updated 17/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : JANKO - JANKO-PC
# Boot Mode : Normal
# Running from : C:\Users\JANKO\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
File Found : C:\Users\JANKO\AppData\Roaming\Mozilla\Firefox\Profiles\gn11nquz.default\searchplugins\Conduit.xml
File Found : C:\Users\JANKO\AppData\Roaming\Mozilla\Firefox\Profiles\gn11nquz.default\searchplugins\daemon-search.xml
File Found : C:\Windows\system32\conduitEngine.tmp
Folder Found : C:\Program Files\DAEMON Tools Toolbar
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\JANKO\AppData\Local\Babylon
Folder Found : C:\Users\JANKO\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\JANKO\AppData\LocalLow\Conduit
Folder Found : C:\Users\JANKO\AppData\Roaming\Babylon
Folder Found : C:\Users\JANKO\AppData\Roaming\BabylonToolbar
Folder Found : C:\Users\JANKO\AppData\Roaming\Mozilla\Firefox\Profiles\gn11nquz.default\Conduit
Folder Found : C:\Users\JANKO\AppData\Roaming\Mozilla\Firefox\Profiles\gn11nquz.default\CT1750559
Folder Found : C:\Users\JANKO\AppData\Roaming\Mozilla\Firefox\Profiles\gn11nquz.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
Folder Found : C:\Users\JANKO\AppData\Roaming\Mozilla\Firefox\Profiles\gn11nquz.default\extensions\ffxtlbr@babylon.com

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKU\S-1-5-21-3171187729-1764186731-2461492234-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-3171187729-1764186731-2461492234-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKU\S-1-5-21-3171187729-1764186731-2461492234-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKU\S-1-5-21-3171187729-1764186731-2461492234-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19170

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.13 (sk)

File : C:\Users\JANKO\AppData\Roaming\Mozilla\Firefox\Profiles\gn11nquz.default\prefs.js

Found : user_pref("CT1750559..clientLogIsEnabled", false);
Found : user_pref("CT1750559..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1750559..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1750559.CTID", "CT1750559");
Found : user_pref("CT1750559.CurrentServerDate", "7-1-2012");
Found : user_pref("CT1750559.DialogsAlignMode", "LTR");
Found : user_pref("CT1750559.DownloadReferralCookieData", "");
Found : user_pref("CT1750559.FirstServerDate", "29-12-2010");
Found : user_pref("CT1750559.FirstTime", true);
Found : user_pref("CT1750559.FirstTimeFF3", true);
Found : user_pref("CT1750559.FixPageNotFoundErrors", true);
Found : user_pref("CT1750559.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1750559.HasUserGlobalKeys", true);
Found : user_pref("CT1750559.Initialize", true);
Found : user_pref("CT1750559.InitializeCommonPrefs", true);
Found : user_pref("CT1750559.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1750559.InstallationType", "UnknownIntegration");
Found : user_pref("CT1750559.InstalledDate", "Wed Dec 29 2010 13:59:30 GMT+0100");
Found : user_pref("CT1750559.InvalidateCache", false);
Found : user_pref("CT1750559.IsGrouping", false);
Found : user_pref("CT1750559.IsMulticommunity", false);
Found : user_pref("CT1750559.IsOpenThankYouPage", true);
Found : user_pref("CT1750559.IsOpenUninstallPage", true);
Found : user_pref("CT1750559.LanguagePackLastCheckTime", "Sat Jan 07 2012 08:43:02 GMT+0100");
Found : user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1750559.LastLogin_3.2.5.2", "Sat Jan 07 2012 08:43:02 GMT+0100");
Found : user_pref("CT1750559.LatestVersion", "3.8.1.0");
Found : user_pref("CT1750559.Locale", "en-us");
Found : user_pref("CT1750559.MCDetectTooltipHeight", "83");
Found : user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1750559.MCDetectTooltipWidth", "295");
Found : user_pref("CT1750559.RadioIsPodcast", false);
Found : user_pref("CT1750559.RadioLastCheckTime", "Sat Jan 07 2012 08:43:03 GMT+0100");
Found : user_pref("CT1750559.RadioLastUpdateIPServer", "3");
Found : user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
Found : user_pref("CT1750559.RadioMediaID", "11237206");
Found : user_pref("CT1750559.RadioMediaType", "Media Player");
Found : user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
Found : user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
Found : user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
Found : user_pref("CT1750559.SavedHomepage", "hxxp://www.daemon-search.com/startpage");
Found : user_pref("CT1750559.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT175[...]
Found : user_pref("CT1750559.SearchInNewTabEnabled", true);
Found : user_pref("CT1750559.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1750559.SearchInNewTabLastCheckTime", "Sat Jan 07 2012 08:42:59 GMT+0100");
Found : user_pref("CT1750559.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1750559.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT1750559.ServiceMapLastCheckTime", "Sat Jan 07 2012 08:42:59 GMT+0100");
Found : user_pref("CT1750559.SettingsLastCheckTime", "Sat Jan 07 2012 08:42:58 GMT+0100");
Found : user_pref("CT1750559.SettingsLastUpdate", "1325155777");
Found : user_pref("CT1750559.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Sat Jan 07 2012 08:42:58 GMT+0100");
Found : user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT1750559.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT1750559.UserID", "UN60490590431395537");
Found : user_pref("CT1750559.ValidationData_Search", 0);
Found : user_pref("CT1750559.ValidationData_Toolbar", 0);
Found : user_pref("CT1750559.WeatherNetwork", "");
Found : user_pref("CT1750559.WeatherPollDate", "Sat Jan 07 2012 08:43:06 GMT+0100");
Found : user_pref("CT1750559.WeatherUnit", "C");
Found : user_pref("CT1750559.alertChannelId", "31130");
Found : user_pref("CT1750559.backendstorage. amazon_dailyactivity", "31333035343033323133343836");
Found : user_pref("CT1750559.backendstorage. amazon_lifetimesent", "54525545");
Found : user_pref("CT1750559.backendstorage.amazonnew_all", "313232393730312C313634343130312C313536373333312[...]
Found : user_pref("CT1750559.backendstorage.appbuttondisablenull", "30");
Found : user_pref("CT1750559.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Found : user_pref("CT1750559.myStuffEnabled", true);
Found : user_pref("CT1750559.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1750559.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1750559.testingCtid", "");
Found : user_pref("CT1750559.toolbarAppMetaDataLastCheckTime", "Sat Jan 07 2012 08:43:02 GMT+0100");
Found : user_pref("CT1750559.toolbarContextMenuLastCheckTime", "Wed Dec 29 2010 13:59:34 GMT+0100");
Found : user_pref("CT1750559.usagesFlag", 1);
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/31130/30609/CZ", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT1750559", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... tenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... erApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... redApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... lbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"7043fff7ebd57e[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-service ... 559&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT1750559[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... cale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineOwner", "CT1750559");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bs_player");
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1750559");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bs_player");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jan 07 2012 08:42:58 GMT+0100");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jan 07 2012 08:42:58 GMT+0100");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "6edecda8-481c-47ad-8003-a80c3ac9461d");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Jan 07 2012 08:43:01 GMT+0100");
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1750559");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.defaultthis.engineName", "BS Player Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&Sea[...]
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?AF=100888&babsrc=HP_ss&mntrId=ac31[...]
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100888");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 7);
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Found : user_pref("extensions.BabylonToolbar.hmpg", true);
Found : user_pref("extensions.BabylonToolbar.id", "ac31253f0000000000000022436d75aa");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15302");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=100888&babsrc=adbar[...]
Found : user_pref("extensions.BabylonToolbar.lastDP", 7);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1023:04:04");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 64482590);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1023:04:04");

-\\ Google Chrome v24.0.1312.52

File : C:\Users\JANKO\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.8] : homepage = "hxxp://search.babylon.com/?AF=100888&babsrc=HP_ss&mntrId=ac31253f0000000000000022436d75aa",
Found [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?AF=100888&babsrc=HP_ss&mntrId=ac31253f0000000000000022436d75aa" ]
Found [l.1441] : homepage = "hxxp://search.babylon.com/?AF=100888&babsrc=HP_ss&mntrId=ac31253f0000000000000022436d75aa",
Found [l.1662] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?AF=100888&babsrc=HP_ss&mntrId=ac31253f0000000000000022436d75aa" ]

*************************

AdwCleaner[R1].txt - [17937 octets] - [19/01/2013 10:43:19]

########## EOF - C:\AdwCleaner[R1].txt - [17998 octets] ##########

[Žbeky]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“)
Klikni na „ Delete“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt), jeho obsah sem celý vlož.

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.