Prosím kontrolu logu

Zpráva

jenanek · #1 Příspěvek od **jenanek** » 29 srp 2013 14:58

Dobrý den.Nějak se mi zpomaluje pc.Můžete mi prosím poradit?Díky

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jenda at 2013-08-29 15:56:56
Microsoft Windows 7 Professional Service Pack 1
System drive D: has 19 GB (7%) free of 277 GB
Total RAM: 4095 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:57:11, on 29.8.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
D:\Users\Jenda\Desktop\Nepoužívané odkazy\SRDownloader.exe
D:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
D:\Program Files\trend micro\Jenda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=co ... 097682&ir=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=co ... 097682&ir=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SRDownloader] D:\Users\Jenda\Desktop\Nepoužívané odkazy\SRDownloader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://D:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://D:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://D:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://D:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Stáhnout webovou stránku Free Download Managerem - file://D:\Program Files (x86)\Free Download Manager\dlpage.htm
O9 - Extra button: @D:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @D:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - D:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - D:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - D:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - D:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - D:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - D:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @D:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - D:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - D:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - D:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - D:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - D:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - D:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - D:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - D:\Windows\SysWOW64\ssins.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - D:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - D:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - D:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - D:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - D:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - D:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - D:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8844 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
D:\Windows\system32\services.exe
D:\Windows\system32\lsass.exe
D:\Windows\system32\lsm.exe
winlogon.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\system32\atiesrxx.exe
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k GPSvcGroup
D:\Windows\system32\svchost.exe -k NetworkService
"D:\Program Files\AVAST Software\Avast\AvastSvc.exe"
atieclxx
"D:\Windows\system32\Dwm.exe"
D:\Windows\Explorer.EXE
D:\Windows\System32\spoolsv.exe
"taskhost.exe"
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"D:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE"
"D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE"
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"D:\Program Files\OO Software\Defrag\oodag.exe"
D:\Windows\SysWOW64\IoctlSvc.exe
D:\Windows\SysWOW64\ssins.exe
"D:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\System32\svchost.exe -k secsvcs
"D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"D:\Users\Jenda\Desktop\Nepoužívané odkazy\SRDownloader.exe"
"D:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"taskhost.exe"
D:\Windows\system32\SearchIndexer.exe /Embedding
"D:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-7d36af17-01b4-46df-bb8e-90f781c781c0 -SystemEventPortName:HostProcess-bbc135a0-273c-4baa-8f9e-93561e2dd687 -IoCancelEventPortName:HostProcess-3dae0cb4-63b3-4991-a853-c89d3d2165ac -NonStateChangingEventPortName:HostProcess-906d7ec0-9987-4c3a-8a7a-bf7d9b161fc2 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7e4c2f3e-eb57-47a4-9b61-9b78db63af3d -DeviceGroupId:WpdFsGroup
"D:\Program Files (x86)\Nero\Update\NASvc.exe"
D:\Windows\system32\svchost.exe -k WindowsMobile
"D:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3840.e43f100.629536684 "D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll" -greomni "D:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "D:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "D:\Program Files (x86)\Mozilla Firefox\browser" 260915DCF3A62DA7 3840 "\\.\pipe\gecko-crash-server-pipe.3840" plugin
"D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe" --proxy-stub-channel=Flash3620.6E11A550.19318 --host-broker-channel=Flash3620.6E11A550.4971 --host-pid=3620 --host-npapi-version=27 --plugin-path="D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll"
"D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe" --channel=2628.0051F7C0.1169570777 --proxy-stub-channel=Flash3620.6E11A550.19318 --plugin-path="D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll" --host-npapi-version=27 --type=renderer
D:\Windows\system32\wbem\wmiprvse.exe
D:\Windows\system32\sppsvc.exe
"D:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "D:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"D:\Windows\system32\SearchFilterHost.exe" 0 544 548 556 65536 552
"D:\Users\Jenda\Desktop\Stahování NET\RSITx64.exe"

======Scheduled tasks folder======

D:\Windows\tasks\Adobe Flash Player Updater.job
D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
D:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - D:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\q9n9rito.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@delorme.com/SendToGPS]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=D:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=D:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

D:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

D:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\q9n9rito.default\extensions\
foxmarks@kei.com
{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
{ea614400-e918-4741-9a97-7a972ff7c30b}

D:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\q9n9rito.default\searchplugins\
my-web-search.xml
Mysearchdial.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - D:\Program Files\AVAST Sof [2013-03-19 6533200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-08 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - D:\Program Files\AVAST Sof [2013-03-19 6533200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-08 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetPacks Browser Helper - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - D:\Program Files\AVAST Sof [2013-03-19 6533200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - D:\Program Files\AVAST Sof [2013-03-19 6533200]
{EEE6C35B-6118-11DC-9C72-001320C79847}

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"SRDownloader"=D:\Users\Jenda\Desktop\Nepoužívané odkazy\SRDownloader.exe [2012-12-20 905728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
D:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
D:\Program Files (x86)\Free Download Manager\fdm.exe [2010-04-28 3727411]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
D:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
D:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
D:\Program Files\OO Software\Defrag\oodtray.exe [2010-09-30 4042568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files (x86)\QuickTime\QTTask.exe [2012-10-25 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
D:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
D:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
D:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2013-04-03 2777736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
D:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2013-04-03 3684488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRDownloader]
D:\Users\Jenda\Desktop\Nepoužívané odkazy\SRDownloader.exe [2012-12-20 905728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-04 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
D:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [2012-10-04 115032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator]
D:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
D:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=D:\Program Files\AVAST Sof [2013-03-19 6533200]
"APSDaemon"=D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\Windows\system32\webcheck.dll [2013-05-10 247296]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe"="D:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"D:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe"="D:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=D:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - D:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-08-27 16:21:50 ----A---- D:\Windows\SYSWOW64\ntoskrnl.exe
2013-08-27 16:21:48 ----A---- D:\Windows\SYSWOW64\ntkrnlpa.exe
2013-08-27 16:21:47 ----A---- D:\Windows\system32\ntoskrnl.exe
2013-08-27 16:21:46 ----A---- D:\Windows\system32\ntdll.dll
2013-08-27 16:21:45 ----A---- D:\Windows\SYSWOW64\ntdll.dll
2013-08-27 16:21:45 ----A---- D:\Windows\system32\wow64.dll
2013-08-27 16:21:44 ----A---- D:\Windows\SYSWOW64\ntvdm64.dll
2013-08-27 16:21:40 ----A---- D:\Windows\SYSWOW64\wow32.dll
2013-08-27 16:21:38 ----A---- D:\Windows\SYSWOW64\user.exe
2013-08-27 16:21:38 ----A---- D:\Windows\SYSWOW64\setup16.exe
2013-08-27 16:21:38 ----A---- D:\Windows\SYSWOW64\instnm.exe
2013-08-24 17:02:19 ----A---- D:\Users\Jenda\AppData\Roaming\ezpinst.exe
2013-08-24 16:46:34 ----A---- D:\Windows\SYSWOW64\ieui.dll
2013-08-24 16:46:33 ----A---- D:\Windows\system32\ieui.dll
2013-08-24 16:46:32 ----A---- D:\Windows\SYSWOW64\iesetup.dll
2013-08-24 16:46:32 ----A---- D:\Windows\system32\iesetup.dll
2013-08-24 16:46:32 ----A---- D:\Windows\system32\iernonce.dll
2013-08-24 16:46:31 ----A---- D:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-08-24 16:46:31 ----A---- D:\Windows\SYSWOW64\iesysprep.dll
2013-08-24 16:46:31 ----A---- D:\Windows\SYSWOW64\iernonce.dll
2013-08-24 16:46:31 ----A---- D:\Windows\system32\RegisterIEPKEYs.exe
2013-08-24 16:46:31 ----A---- D:\Windows\system32\ie4uinit.exe
2013-08-24 16:46:30 ----A---- D:\Windows\SYSWOW64\iertutil.dll
2013-08-24 16:46:30 ----A---- D:\Windows\system32\iesysprep.dll
2013-08-24 16:46:29 ----A---- D:\Windows\system32\iertutil.dll
2013-08-24 16:46:28 ----A---- D:\Windows\SYSWOW64\msfeeds.dll
2013-08-24 16:46:28 ----A---- D:\Windows\system32\msfeeds.dll
2013-08-24 16:46:27 ----A---- D:\Windows\SYSWOW64\jscript.dll
2013-08-24 16:46:27 ----A---- D:\Windows\system32\jscript.dll
2013-08-24 16:46:26 ----A---- D:\Windows\system32\jscript9.dll
2013-08-24 16:46:25 ----A---- D:\Windows\SYSWOW64\urlmon.dll
2013-08-24 16:46:25 ----A---- D:\Windows\SYSWOW64\jscript9.dll
2013-08-24 16:46:24 ----A---- D:\Windows\system32\urlmon.dll
2013-08-24 16:46:23 ----A---- D:\Windows\SYSWOW64\wininet.dll
2013-08-24 16:46:23 ----A---- D:\Windows\SYSWOW64\jsproxy.dll
2013-08-24 16:46:23 ----A---- D:\Windows\system32\jsproxy.dll
2013-08-24 16:46:22 ----A---- D:\Windows\system32\wininet.dll
2013-08-24 16:46:21 ----A---- D:\Windows\SYSWOW64\ieframe.dll
2013-08-24 16:46:19 ----A---- D:\Windows\system32\ieframe.dll
2013-08-24 16:46:18 ----A---- D:\Windows\system32\mshtml.dll
2013-08-24 16:46:16 ----A---- D:\Windows\SYSWOW64\mshtml.dll
2013-08-24 16:40:26 ----D---- D:\Windows\system32\MRT
2013-08-23 19:26:36 ----A---- D:\Windows\system32\WMVDECOD.DLL
2013-08-23 19:26:35 ----A---- D:\Windows\SYSWOW64\WMVDECOD.DLL
2013-08-23 19:26:32 ----A---- D:\Windows\SYSWOW64\crypt32.dll
2013-08-23 19:26:32 ----A---- D:\Windows\system32\crypt32.dll
2013-08-23 19:26:31 ----A---- D:\Windows\SYSWOW64\wintrust.dll
2013-08-23 19:26:31 ----A---- D:\Windows\SYSWOW64\cryptsvc.dll
2013-08-23 19:26:31 ----A---- D:\Windows\SYSWOW64\cryptnet.dll
2013-08-23 19:26:31 ----A---- D:\Windows\system32\wintrust.dll
2013-08-23 19:26:31 ----A---- D:\Windows\system32\cryptsvc.dll
2013-08-23 19:26:31 ----A---- D:\Windows\system32\cryptnet.dll
2013-08-23 19:26:25 ----A---- D:\Windows\SYSWOW64\tzres.dll
2013-08-23 19:26:25 ----A---- D:\Windows\system32\tzres.dll
2013-08-23 19:26:17 ----A---- D:\Windows\SYSWOW64\rpcrt4.dll
2013-08-23 19:26:17 ----A---- D:\Windows\system32\rpcrt4.dll
2013-08-23 19:25:13 ----A---- D:\Windows\system32\drivers\tssecsrv.sys
2013-08-23 19:25:11 ----A---- D:\Windows\system32\drivers\tcpip.sys
2013-08-20 19:55:29 ----D---- D:\Program Files (x86)\Mozilla Firefox
2013-08-06 20:36:45 ----D---- D:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2013-08-06 20:24:37 ----D---- D:\Program Files (x86)\Mass Effect 2
2013-08-03 12:01:13 ----A---- D:\Windows\system32\win32k.sys
2013-08-03 12:01:11 ----A---- D:\Windows\SYSWOW64\qedit.dll
2013-08-03 12:01:11 ----A---- D:\Windows\system32\qedit.dll
2013-08-03 11:59:49 ----A---- D:\Windows\SYSWOW64\DWrite.dll
2013-08-03 11:59:49 ----A---- D:\Windows\system32\DWrite.dll

======List of files/folders modified in the last 1 month======

2013-08-29 15:57:01 ----D---- D:\Windows\temp
2013-08-29 15:57:00 ----D---- D:\Program Files\trend micro
2013-08-29 14:11:40 ----D---- D:\Windows\system32\config
2013-08-29 14:11:32 ----D---- D:\Users\Jenda\AppData\Roaming\.minecraft
2013-08-28 15:32:50 ----D---- D:\Windows\system32\catroot2
2013-08-27 21:27:37 ----SHD---- D:\System Volume Information
2013-08-27 21:00:49 ----RSD---- D:\Windows\assembly
2013-08-27 21:00:49 ----D---- D:\Windows\Microsoft.NET
2013-08-27 20:50:26 ----D---- D:\Program Files (x86)\AviSynth 2.5
2013-08-27 20:49:14 ----D---- D:\Windows\SysWOW64
2013-08-27 20:21:27 ----AD---- D:\ProgramData\TEMP
2013-08-27 20:20:45 ----D---- D:\Users\Jenda\AppData\Roaming\vlc
2013-08-27 20:10:42 ----D---- D:\Windows\winsxs
2013-08-27 17:00:29 ----D---- D:\Windows\System32
2013-08-27 17:00:29 ----D---- D:\Windows\AppPatch
2013-08-27 16:19:12 ----D---- D:\Windows\system32\catroot
2013-08-25 11:57:18 ----D---- D:\Windows\Prefetch
2013-08-25 11:55:54 ----D---- D:\Windows
2013-08-24 17:02:54 ----D---- D:\Windows\SYSWOW64\cs-CZ
2013-08-24 17:02:54 ----D---- D:\Windows\system32\cs-CZ
2013-08-24 17:02:54 ----D---- D:\Program Files (x86)\Internet Explorer
2013-08-24 17:02:53 ----D---- D:\Windows\system32\drivers
2013-08-24 17:02:53 ----D---- D:\Program Files\Internet Explorer
2013-08-24 17:02:27 ----RD---- D:\Program Files (x86)
2013-08-24 17:02:27 ----D---- D:\Users\Jenda\AppData\Roaming\Vso
2013-08-24 17:02:27 ----D---- D:\ProgramData
2013-08-24 17:01:11 ----D---- D:\Windows\Minidump
2013-08-24 17:01:11 ----D---- D:\Windows\debug
2013-08-24 16:46:07 ----SHD---- D:\Windows\Installer
2013-08-24 16:44:28 ----A---- D:\Windows\system32\PerfStringBackup.INI
2013-08-24 16:44:27 ----D---- D:\Windows\inf
2013-08-24 16:40:21 ----A---- D:\Windows\system32\MRT.exe
2013-08-23 19:20:25 ----D---- D:\ProgramData\Spyware Terminator
2013-08-22 12:00:40 ----A---- D:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-08-21 12:00:07 ----D---- D:\Program Files (x86)\Mozilla Maintenance Service
2013-08-12 20:04:12 ----D---- D:\Windows\system32\NDF
2013-08-09 20:30:58 ----D---- D:\Users\Jenda\AppData\Roaming\uTorrent
2013-08-09 10:52:05 ----D---- D:\ProgramData\DAEMON Tools Lite
2013-08-06 20:14:09 ----D---- D:\Windows\system32\Tasks
2013-08-06 20:04:39 ----D---- D:\Program Files (x86)\Common Files
2013-08-03 15:21:51 ----D---- D:\Program Files\Windows Defender
2013-08-03 15:21:51 ----D---- D:\Program Files (x86)\Windows Defender
2013-08-03 15:21:50 ----D---- D:\Program Files\Windows Journal
2013-08-01 12:29:18 ----D---- D:\Program Files (x86)\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; D:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 65336]
R0 aswVmm;aswVmm; D:\Windows\system32\drivers\aswVmm.sys [2013-06-27 189936]
R0 pciide;pciide; D:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; D:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; D:\Windows\System32\Drivers\sptd.sys [2011-12-27 503352]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; D:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; D:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 72016]
R1 aswSnx;aswSnx; D:\Windows\system32\drivers\aswSnx.sys [2013-06-27 1030952]
R1 aswSP;aswSP; D:\Windows\system32\drivers\aswSP.sys [2013-06-27 378944]
R1 aswTdi;avast! Network Shield Support; D:\Windows\system32\drivers\aswTdi.sys [2013-05-09 64288]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; D:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; D:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-18 254528]
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 aswFsBlk;aswFsBlk; D:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 33400]
R2 aswMonFlt;aswMonFlt; \??\D:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
R2 lirsgt;lirsgt; D:\Windows\system32\DRIVERS\lirsgt.sys [2011-10-03 43168]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; D:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-20 146432]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; D:\Windows\system32\DRIVERS\stflt.sys [2012-08-30 51496]
R3 amdkmdag;amdkmdag; D:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-05 6789632]
R3 amdkmdap;amdkmdap; D:\Windows\system32\DRIVERS\atikmpag.sys [2010-05-05 221184]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; D:\Windows\system32\drivers\AtiHdmi.sys [2010-03-09 123408]
R3 RTL8167;Realtek 8167 NT Driver; D:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S2 atksgt;atksgt; D:\Windows\system32\DRIVERS\atksgt.sys [2011-10-03 311968]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; D:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 FTDIBUS;USB Serial Converter Driver; D:\Windows\system32\drivers\ftdibus.sys [2011-03-18 74376]
S3 FTSER2K;USB Serial Port Driver; D:\Windows\system32\drivers\ftser2k.sys [2011-03-18 85384]
S3 nmwcd;Nokia USB Phone Parent Driver; D:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; D:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 pcouffin;VSO Software pcouffin; D:\Windows\System32\Drivers\pcouffin.sys [2011-08-16 82816]
S3 RDPDR;Terminal Server Device Redirector Driver; D:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; D:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; D:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; D:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; D:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 upperdev;upperdev; D:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 USBAAPL64;Apple Mobile USB Driver; D:\Windows\System32\Drivers\usbaapl64.sys [2012-07-09 52736]
S3 usbscan;Ovladač skeneru USB; D:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; D:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; D:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VMBusHID;VMBusHID; D:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; D:\Windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S3 WinUsb;Ovladač WinUsb; D:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-15 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service; D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; D:\Windows\system32\atiesrxx.exe [2010-05-05 202752]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\AVAST Sof [2013-03-19 6533200]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; D:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); D:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2007-12-17 163840]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]
R2 NAUpdate;@D:\Program Files (x86)\Nero\Update\NASvc.exe,-200; D:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 OODefragAgent;O&O Defrag; D:\Program Files\OO Software\Defrag\oodag.exe [2010-09-30 3140424]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; D:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; D:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 ssinstall;SInstalátor; D:\Windows\SysWOW64\ssins.exe [2013-07-16 2322560]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; D:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-06-22 1148664]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; D:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-22 257416]
S3 AppMgmt;@appmgmts.dll,-3250; D:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 136176]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-20 117656]
S3 NBService;NBService; D:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; D:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 ose;Office Source Engine; D:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; D:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; D:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-11-06 419624]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; D:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; D:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; D:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-26 1255736]
S4 NetMsmqActivator;@D:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@D:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@D:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 29 srp 2013 16:47

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

jenanek · #3 Příspěvek od **jenanek** » 01 zář 2013 18:16

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Professional x64
Ran by Jenda on ne 01.09.2013 at 19:07:33,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-832085927-3341632857-2168483051-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sim-packages
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetim_urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\toolbar3.sweetie
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\toolbar3.sweetie.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}

~~~ Files

Successfully deleted: [File] "D:\Users\Jenda\appdata\local\mysearchdial_speedial_v9.0.2.crx"

~~~ Folders

Successfully deleted: [Folder] "D:\ProgramData\sweetim"
Successfully deleted: [Folder] "D:\ProgramData\tarma installer"
Successfully deleted: [Folder] "D:\Users\Jenda\AppData\Roaming\mysearchdial"
Successfully deleted: [Folder] "D:\Users\Jenda\AppData\Roaming\software informer"
Successfully deleted: [Folder] "D:\Program Files (x86)\mysearchdial"
Successfully deleted: [Folder] "D:\Program Files (x86)\software informer"
Successfully deleted: [Folder] "D:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "D:\Program Files (x86)\torntv.com"
Successfully deleted: [Folder] "D:\Program Files (x86)\video download converter"
Successfully deleted: [Folder] "D:\Users\Jenda\AppData\Roaming\microsoft\windows\start menu\programs\torntv.com"

~~~ FireFox

Successfully deleted: [File] D:\Users\Jenda\AppData\Roaming\mozilla\firefox\profiles\q9n9rito.default\user.js
Successfully deleted: [File] D:\Users\Jenda\AppData\Roaming\mozilla\firefox\profiles\q9n9rito.default\extensions\torntv2@torntv.com.xpi
Successfully deleted: [File] D:\Users\Jenda\AppData\Roaming\mozilla\firefox\profiles\q9n9rito.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] D:\Users\Jenda\AppData\Roaming\mozilla\firefox\profiles\q9n9rito.default\searchplugins\my-web-search.xml
Successfully deleted: [File] D:\Users\Jenda\AppData\Roaming\mozilla\firefox\profiles\q9n9rito.default\searchplugins\mysearchdial.xml
Successfully deleted: [File] D:\Users\Jenda\AppData\Roaming\mozilla\firefox\profiles\q9n9rito.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] D:\Users\Jenda\AppData\Roaming\mozilla\firefox\profiles\q9n9rito.default\sweetpackstoolbardata
Successfully deleted: [Folder] D:\Users\Jenda\AppData\Roaming\mozilla\firefox\profiles\q9n9rito.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Successfully deleted the following from D:\Users\Jenda\AppData\Roaming\mozilla\firefox\profiles\q9n9rito.default\prefs.js

user_pref("browser.search.order.1", "Mysearchdial");
user_pref("extensions.mysearchdial.aflt", "coolmsd");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyC0CyCtByC0DzzyE0BtCyCyCzy0B0A0CtN0D0Tzu0CyDtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q");
user_pref("extensions.mysearchdial.cntry", "CZ");
user_pref("extensions.mysearchdial.cr", "789097682");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,32
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hdrMd5", "9CE3E20C5D034BC4AFF4590D5CE3BE4E");
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzzyE0BtCyCyCzy0B0A0CtN0D0Tzu0CyDtBzytN1L2XzutBtFtBtFy
user_pref("extensions.mysearchdial.id", "6C626D84B1669BAC");
user_pref("extensions.mysearchdial.instlDay", "15868");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzzyE0BtCyCyCzy0B0A0CtN0D0Tzu0CyDtBzytN1L2XzutBtFtBtFyEt
user_pref("extensions.mysearchdial.lastVrsnTs", "20:37:13");
user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=coolmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzzyE0BtCyCyCzy0B0A0CtN0D0Tzu0CyDtBzytN1L2XzutBtFtBt
user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"22\",\"lastVrsn\":\"22\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.sg", "none");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=coolmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzzyE0BtCyCyCzy0B0A0CtN0D0Tzu0CyDtBzytN1L2XzutBtFt
user_pref("extensions.mysearchdial.vrsn", "");
user_pref("extensions.mysearchdial.vrsni", "");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "20:37:13");
user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.sweetim.com/search.asp?barid={EF532955-357E-11E2-8987-6C626D84B166}&src=2&crg=3.1010000.10005&q=");
user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=3A1FB27F-AABF-45DE-A130-717F6F8A42F6&n=77fc1f03&p2=^HJ^xdm007^YY^cz
user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.hp.lastGuardTime", 1238945707);
user_pref("extensions.toolbar.mindspark._4zMembers_.hp.numGuards", 1);
user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013011715");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm007^YY^cz");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "CJ7tuoXN77QCFSHHtAodxz4AIg");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "3A1FB27F-AABF-45DE-A130-717F6F8A42F6");
user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1358432979648");
user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "");
user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.hp.enabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "videodownloadconverter@mindspark.com");
user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
user_pref("sweetim.toolbar.RevertDialog.enable", "false");
user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
user_pref("sweetim.toolbar.Visibility.enable", "true");
user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
user_pref("sweetim.toolbar.cargo", "3.1010000.10005");
user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
user_pref("sweetim.toolbar.cda.returnValue", "none");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote ... crg=$cargo;");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dialogs.2.enable", "true");
user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
user_pref("sweetim.toolbar.dialogs.2.height", "150");
user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
user_pref("sweetim.toolbar.dialogs.2.width", "530");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.newtab.created", "false");
user_pref("sweetim.toolbar.newtab.enable", "true");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolba ... crg=$cargo;");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "false");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.2.callback", "");
user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.2.enable", "false");
user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history", "justin%20bieber,google,mick%20minaj,facebook,jawa%20555");
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
user_pref("sweetim.toolbar.simapp_id", "{EF532955-357E-11E2-8987-6C626D84B166}");
user_pref("sweetim.toolbar.version", "1.9.0.0");
Emptied folder: D:\Users\Jenda\AppData\Roaming\mozilla\firefox\profiles\q9n9rito.default\minidumps [369 files]

~~~ Chrome

Successfully deleted: [Folder] D:\Users\Jenda\appdata\local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 01.09.2013 at 19:15:49,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

jenanek · #4 Příspěvek od **jenanek** » 01 zář 2013 18:24

# AdwCleaner v3.001 - Report created 01/09/2013 at 19:19:39
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jenda - JENDA-PC
# Running from : D:\Users\Jenda\Desktop\Stahování NET\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : D:\Users\Jenda\AppData\Local\PackageAware
Folder Deleted : D:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\q9n9rito.default\jetpack
File Deleted : D:\Users\Public\Desktop\MySearchDial.url
File Deleted : D:\Users\Jenda\Desktop\TornTV.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (cs)

[ File : D:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\q9n9rito.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.aflt", "coolmsd");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyC0CyCtByC0DzzyE0BtCyCyCzy0B0A0CtN0D0Tzu0CyDtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q");
Line Deleted : user_pref("extensions.mysearchdial.cntry", "CZ");
Line Deleted : user_pref("extensions.mysearchdial.cr", "789097682");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "9CE3E20C5D034BC4AFF4590D5CE3BE4E");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzzyE0BtCyCyCzy0B0A0CtN0D0Tzu0CyDtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "6C626D84B1669BAC");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "15868");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzzyE0BtCyCyCzy0B0A0CtN0D0Tzu0CyDtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H[...]
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "20:37:13");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=coolmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzzyE0BtCyCyCzy0B0A0CtN0D0Tzu0CyDtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"22\",\"lastVrsn\":\"22\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=coolmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzzyE0BtCyCyCzy0B0A0CtN0D0Tzu0CyDtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "20:37:13");
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.sweetim.com/search.asp?barid={EF532955-357E-11E2-8987-6C626D84B166}&src=2&crg=3.1010000.10005&q=");
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=3A1FB27F-AABF-45DE-A130-717F6F8A42F6&n=77fc1f03&p2=^HJ^xdm007^YY^cz&si=CJ7tuoXN77QCFSHHtAodx[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.lastGuardTime", 1238945707);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013011715");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm007^YY^cz");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "CJ7tuoXN77QCFSHHtAodxz4AIg");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "3A1FB27F-AABF-45DE-A130-717F6F8A42F6");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1358432979648");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "videodownloadconverter@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
Line Deleted : user_pref("extentions.webcake.installId", "635e0de1-e902-4da6-8951-9d11930e81f5");
Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Deleted : user_pref("sweetim.toolbar.cargo", "3.1010000.10005");
Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.returnValue", "none");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote ... crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.created", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolba ... crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history", "justin%20bieber,google,mick%20minaj,facebook,jawa%20555");
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{EF532955-357E-11E2-8987-6C626D84B166}");
Line Deleted : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v

[ File : D:\Users\Jenda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [15492 octets] - [01/09/2013 19:17:30]
AdwCleaner[S0].txt - [15672 octets] - [01/09/2013 19:19:39]

########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [15733 octets] ##########

#5 Příspěvek od **vyosek** » 01 zář 2013 19:23

Poprosim o spusteni nasledujiciho

Aplikace ke stažení:

Po stažení FRSTLauncher spustte, objevi se mozna varovani od antiviru, ignorujte a nechte FRSTL spustit

Následně dojde ke stažení FRST a inicializaci

Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na Ano.
Dooznačíme položku Addition.txt - viz obrázek.
Klikneme na tlačítko Scan čímž spustíme skenování.
Počkáme na dokončení skenování FRST a vytvoření doplňkových informací naší nástavbou.
Otevře se nám textový soubor FRST.txt, což je požadovaný log a jehož obsah vložíme do svého tématu na fóru.
Po uzavření logu se FRSTLauncher.exe ukončí a na ploše nám zbyde utilta FRST a dva logy FRST.txt a Addition.txt - nic z toho zatím nemažeme.

jenanek · #6 Příspěvek od **jenanek** » 04 zář 2013 18:35

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03
Ran by Jenda (administrator) on JENDA-PC on 04-09-2013 19:31:43
Running from D:\Users\Jenda\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) D:\Windows\system32\atiesrxx.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) D:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(SEIKO EPSON CORPORATION) D:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(O&O Software GmbH) D:\Program Files\OO Software\Defrag\oodag.exe
(Prolific Technology Inc.) D:\Windows\SysWOW64\IoctlSvc.exe
(PS Media s.r.o.) D:\Windows\SysWOW64\ssins.exe
(Crawler.com) D:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Share-rapid.com) D:\Users\Jenda\Desktop\Nepoužívané odkazy\SRDownloader.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nero AG) D:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [DAEMON Tools Lite] - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKCU\...\Run: [SRDownloader] - D:\Users\Jenda\Desktop\Nepoužívané odkazy\SRDownloader.exe [905728 2012-12-20] (Share-rapid.com)
HKLM-x32\...\Run: [avast] - D:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
BootExecute: OODBS

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=co ... 097682&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.p ... 097682&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.p ... 097682&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: D:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\q9n9rito.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - D:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - D:\Users\Jenda\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin HKCU: ubisoft.com/uplaypc - D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: No Name - D:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\q9n9rito.default\Extensions\foxmarks@kei.com
FF Extension: Seznam lištička - D:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\q9n9rito.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Mysearchdial) - http://www.google.com
CHR DefaultSuggestURL: (Mysearchdial) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Chrome PDF Viewer) - D:\Users\Jenda\AppData\Local\Google\Chrome\Application\8.0.552.224\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - D:\Users\Jenda\AppData\Local\Google\Chrome\Application\8.0.552.224\gears.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - D:\Users\Jenda\AppData\Local\Google\Chrome\Application\8.0.552.224\gcswf32.dll ()
CHR Plugin: (Adobe Acrobat) - D:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2003) - D:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL No File
CHR Plugin: (Shockwave Flash) - D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Torntv 2) - D:\Users\Jenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - D:\Program Files (x86)\TornTV.com\torn2_10.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-11-15] (SUPERAntiSpyware.com)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 NMIndexingService; D:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 OODefragAgent; D:\Program Files\OO Software\Defrag\oodag.exe [3140424 2010-09-30] (O&O Software GmbH)
R2 PLFlash DeviceIoControl Service; D:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 ssinstall; D:\Windows\SysWOW64\ssins.exe [2322560 2013-07-16] (PS Media s.r.o.)
R2 ST2012_Svc; D:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1148664 2012-06-22] (Crawler.com)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; D:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; D:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; D:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; D:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; D:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; D:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; D:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; D:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S2 atksgt; D:\Windows\System32\DRIVERS\atksgt.sys [311968 2011-10-03] ()
R1 dtsoftbus01; D:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-18] (DT Soft Ltd)
R2 lirsgt; D:\Windows\System32\DRIVERS\lirsgt.sys [43168 2011-10-03] ()
R1 SASDIFSV; D:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; D:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; D:\Windows\System32\Drivers\sptd.sys [503352 2011-12-27] ()
R2 sp_rsdrv2; D:\Windows\System32\DRIVERS\stflt.sys [51496 2012-08-30] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-04 19:21 - 2013-09-03 18:44 - 01950416 _____ (Farbar) D:\Users\Jenda\Desktop\FRST64.exe
2013-09-04 19:20 - 2013-09-04 19:20 - 00263592 _____ (Oracle Corporation) D:\Windows\SysWOW64\javaws.exe
2013-09-04 19:20 - 2013-09-04 19:20 - 00175016 _____ (Oracle Corporation) D:\Windows\SysWOW64\javaw.exe
2013-09-04 19:20 - 2013-09-04 19:20 - 00175016 _____ (Oracle Corporation) D:\Windows\SysWOW64\java.exe
2013-09-04 19:20 - 2013-09-04 19:20 - 00096168 _____ (Oracle Corporation) D:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-04 19:20 - 2013-09-04 19:20 - 00000000 ____D D:\Users\Jenda\AppData\Local\qb0F18FC.DE
2013-09-02 06:54 - 2013-09-02 06:54 - 00000000 ____D D:\Users\Jenda\Desktop\Bílina Kyselka+policejní zásah
2013-09-01 19:17 - 2013-09-01 19:19 - 00000000 ____D D:\AdwCleaner
2013-09-01 19:15 - 2013-09-01 19:15 - 00019518 _____ D:\Users\Jenda\Desktop\JRT.txt
2013-09-01 19:07 - 2013-09-01 19:07 - 00000000 ____D D:\Windows\ERUNT
2013-08-27 16:21 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) D:\Windows\system32\ntoskrnl.exe
2013-08-27 16:21 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) D:\Windows\system32\ntdll.dll
2013-08-27 16:21 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) D:\Windows\system32\wow64.dll
2013-08-27 16:21 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-27 16:21 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntoskrnl.exe
2013-08-27 16:21 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntdll.dll
2013-08-27 16:21 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wow32.dll
2013-08-27 16:21 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) D:\Windows\SysWOW64\setup16.exe
2013-08-27 16:21 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntvdm64.dll
2013-08-27 16:21 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) D:\Windows\SysWOW64\instnm.exe
2013-08-27 16:21 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) D:\Windows\SysWOW64\user.exe
2013-08-25 11:55 - 2013-09-04 19:04 - 00002636 _____ D:\Windows\setupact.log
2013-08-25 11:55 - 2013-08-25 11:55 - 00000000 _____ D:\Windows\setuperr.log
2013-08-24 17:02 - 2013-08-24 17:02 - 00093696 _____ D:\Users\Jenda\AppData\Roaming\ezpinst.exe
2013-08-24 16:46 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) D:\Windows\system32\wininet.dll
2013-08-24 16:46 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) D:\Windows\system32\urlmon.dll
2013-08-24 16:46 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) D:\Windows\system32\ie4uinit.exe
2013-08-24 16:46 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll
2013-08-24 16:46 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) D:\Windows\system32\ieframe.dll
2013-08-24 16:46 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) D:\Windows\system32\jscript9.dll
2013-08-24 16:46 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) D:\Windows\system32\iertutil.dll
2013-08-24 16:46 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) D:\Windows\system32\jscript.dll
2013-08-24 16:46 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) D:\Windows\system32\msfeeds.dll
2013-08-24 16:46 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) D:\Windows\system32\ieui.dll
2013-08-24 16:46 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) D:\Windows\system32\iesysprep.dll
2013-08-24 16:46 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) D:\Windows\system32\iesetup.dll
2013-08-24 16:46 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) D:\Windows\system32\jsproxy.dll
2013-08-24 16:46 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) D:\Windows\system32\iernonce.dll
2013-08-24 16:46 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb
2013-08-24 16:46 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wininet.dll
2013-08-24 16:46 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) D:\Windows\SysWOW64\urlmon.dll
2013-08-24 16:46 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.dll
2013-08-24 16:46 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9.dll
2013-08-24 16:46 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iertutil.dll
2013-08-24 16:46 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript.dll
2013-08-24 16:46 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msfeeds.dll
2013-08-24 16:46 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieui.dll
2013-08-24 16:46 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesysprep.dll
2013-08-24 16:46 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesetup.dll
2013-08-24 16:46 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jsproxy.dll
2013-08-24 16:46 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieframe.dll
2013-08-24 16:46 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iernonce.dll
2013-08-24 16:46 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.tlb
2013-08-24 16:46 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) D:\Windows\system32\RegisterIEPKEYs.exe
2013-08-24 16:46 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) D:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-24 16:40 - 2013-08-24 16:42 - 00000000 ____D D:\Windows\system32\MRT
2013-08-23 19:26 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) D:\Windows\system32\WMVDECOD.DLL
2013-08-23 19:26 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) D:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-23 19:26 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) D:\Windows\system32\tzres.dll
2013-08-23 19:26 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) D:\Windows\SysWOW64\tzres.dll
2013-08-23 19:26 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) D:\Windows\system32\wintrust.dll
2013-08-23 19:26 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) D:\Windows\system32\rpcrt4.dll
2013-08-23 19:26 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) D:\Windows\system32\crypt32.dll
2013-08-23 19:26 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) D:\Windows\system32\cryptsvc.dll
2013-08-23 19:26 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) D:\Windows\system32\cryptnet.dll
2013-08-23 19:26 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) D:\Windows\SysWOW64\rpcrt4.dll
2013-08-23 19:26 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wintrust.dll
2013-08-23 19:26 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) D:\Windows\SysWOW64\crypt32.dll
2013-08-23 19:26 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) D:\Windows\SysWOW64\cryptsvc.dll
2013-08-23 19:26 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) D:\Windows\SysWOW64\cryptnet.dll
2013-08-23 19:25 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\tcpip.sys
2013-08-23 19:25 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\tssecsrv.sys
2013-08-20 19:55 - 2013-08-20 19:55 - 00000000 ____D D:\Program Files (x86)\Mozilla Firefox
2013-08-07 18:47 - 2013-08-07 18:47 - 00001675 _____ D:\Users\Jenda\Desktop\MassEffect2 – zástupce.lnk
2013-08-07 18:41 - 2013-08-07 18:41 - 00000000 ____D D:\Users\Jenda\Documents\BioWare
2013-08-06 20:36 - 2013-08-06 20:36 - 00000000 ____D D:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2013-08-06 20:24 - 2013-08-07 18:47 - 00000000 ____D D:\Program Files (x86)\Mass Effect 2
2013-08-06 20:14 - 2013-08-06 20:14 - 00003032 _____ D:\Windows\System32\Tasks\{1DC5E5D6-754C-4D54-8D05-E01FBCBCA0B7}
2013-08-06 20:03 - 2013-08-06 22:25 - 00031331 _____ D:\Users\Jenda\Documents\Install Mass Effect 2.log
2013-08-06 19:36 - 2013-08-07 18:55 - 00000000 ____D D:\Users\Jenda\Desktop\Mass

==================== One Month Modified Files and Folders =======

2013-09-04 19:31 - 2013-09-04 19:31 - 00000000 ____D D:\FRST
2013-09-04 19:26 - 2012-07-13 19:53 - 00000952 _____ D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-04 19:20 - 2013-09-04 19:20 - 00263592 _____ (Oracle Corporation) D:\Windows\SysWOW64\javaws.exe
2013-09-04 19:20 - 2013-09-04 19:20 - 00175016 _____ (Oracle Corporation) D:\Windows\SysWOW64\javaw.exe
2013-09-04 19:20 - 2013-09-04 19:20 - 00175016 _____ (Oracle Corporation) D:\Windows\SysWOW64\java.exe
2013-09-04 19:20 - 2013-09-04 19:20 - 00096168 _____ (Oracle Corporation) D:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-04 19:20 - 2013-09-04 19:20 - 00000000 ____D D:\Users\Jenda\AppData\Local\qb0F18FC.DE
2013-09-04 19:20 - 2013-04-08 18:54 - 00867240 _____ (Oracle Corporation) D:\Windows\SysWOW64\npDeployJava1.dll
2013-09-04 19:20 - 2013-04-08 18:54 - 00789416 _____ (Oracle Corporation) D:\Windows\SysWOW64\deployJava1.dll
2013-09-04 19:20 - 2010-09-04 01:04 - 00000000 ____D D:\Users\Jenda\Desktop\Stahování NET
2013-09-04 19:11 - 2009-07-14 06:45 - 00014256 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 19:11 - 2009-07-14 06:45 - 00014256 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 19:07 - 2011-01-20 16:19 - 01436525 _____ D:\Windows\WindowsUpdate.log
2013-09-04 19:05 - 2012-07-10 08:59 - 00004182 _____ D:\Windows\System32\Tasks\avast! Emergency Update
2013-09-04 19:05 - 2011-03-10 13:48 - 00076014 _____ D:\Users\Jenda\AppData\Local\SRDownloader.err
2013-09-04 19:04 - 2013-08-25 11:55 - 00002636 _____ D:\Windows\setupact.log
2013-09-04 19:04 - 2013-02-03 21:18 - 00000000 _____ D:\Windows\SysWOW64\sinstall.log
2013-09-04 19:04 - 2012-07-13 19:52 - 00000948 _____ D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-04 19:04 - 2011-02-23 21:16 - 03347071 _____ D:\Windows\system32\oodbs.lor
2013-09-04 19:04 - 2009-07-14 07:08 - 00000006 ____H D:\Windows\Tasks\SA.DAT
2013-09-04 12:43 - 2011-01-25 13:35 - 00002800 _____ D:\Users\Jenda\AppData\Local\SRDownloader.nast
2013-09-04 12:00 - 2012-07-11 10:43 - 00000914 _____ D:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-04 11:28 - 2013-04-08 19:03 - 00000000 ____D D:\Users\Jenda\AppData\Roaming\.minecraft
2013-09-04 10:37 - 2009-07-14 17:18 - 00674888 _____ D:\Windows\system32\perfh005.dat
2013-09-04 10:37 - 2009-07-14 17:18 - 00144842 _____ D:\Windows\system32\perfc005.dat
2013-09-04 10:37 - 2009-07-14 07:13 - 01603776 _____ D:\Windows\system32\PerfStringBackup.INI
2013-09-03 18:44 - 2013-09-04 19:21 - 01950416 _____ (Farbar) D:\Users\Jenda\Desktop\FRST64.exe
2013-09-03 12:11 - 2009-07-14 05:20 - 00000000 ____D D:\Windows\rescache
2013-09-02 06:54 - 2013-09-02 06:54 - 00000000 ____D D:\Users\Jenda\Desktop\Bílina Kyselka+policejní zásah
2013-09-01 19:19 - 2013-09-01 19:17 - 00000000 ____D D:\AdwCleaner
2013-09-01 19:15 - 2013-09-01 19:15 - 00019518 _____ D:\Users\Jenda\Desktop\JRT.txt
2013-09-01 19:07 - 2013-09-01 19:07 - 00000000 ____D D:\Windows\ERUNT
2013-08-29 15:57 - 2011-10-18 14:46 - 00000000 ____D D:\Program Files\trend micro
2013-08-27 20:50 - 2012-02-07 20:42 - 00000000 ____D D:\Program Files (x86)\AviSynth 2.5
2013-08-27 20:20 - 2013-02-03 21:20 - 00000000 ____D D:\Users\Jenda\AppData\Roaming\vlc
2013-08-25 11:55 - 2013-08-25 11:55 - 00000000 _____ D:\Windows\setuperr.log
2013-08-24 17:02 - 2013-08-24 17:02 - 00093696 _____ D:\Users\Jenda\AppData\Roaming\ezpinst.exe
2013-08-24 17:02 - 2011-08-16 13:11 - 00082048 _____ (VSO Software) D:\Users\Jenda\AppData\Roaming\pcouffin.sys
2013-08-24 17:02 - 2011-08-16 13:11 - 00007176 _____ D:\Users\Jenda\AppData\Roaming\pcouffin.cat
2013-08-24 17:02 - 2011-08-16 13:11 - 00000033 _____ D:\Users\Jenda\AppData\Roaming\pcouffin.log
2013-08-24 17:02 - 2011-08-16 13:11 - 00000000 ____D D:\Users\Jenda\AppData\Roaming\Vso
2013-08-24 17:01 - 2011-09-21 21:38 - 00000000 ____D D:\Windows\Minidump
2013-08-24 16:42 - 2013-08-24 16:40 - 00000000 ____D D:\Windows\system32\MRT
2013-08-24 16:40 - 2011-04-26 12:24 - 78161360 _____ (Microsoft Corporation) D:\Windows\system32\MRT.exe
2013-08-23 20:03 - 2011-03-04 21:29 - 00000529 _____ D:\Users\Jenda\AppData\default.pls
2013-08-23 19:20 - 2012-08-30 18:47 - 00000000 ____D D:\ProgramData\Spyware Terminator
2013-08-23 13:22 - 2011-08-16 13:15 - 00000000 ____D D:\Users\Jenda\Documents\ConvertXtoDVD
2013-08-23 13:20 - 2011-11-10 22:20 - 00000671 _____ D:\Users\Jenda\AppData\Roaming\vso_ts_preview.xml
2013-08-22 12:00 - 2012-07-11 10:43 - 00003852 _____ D:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-22 12:00 - 2012-05-07 19:18 - 00692104 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-22 12:00 - 2011-06-16 07:33 - 00071048 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 12:00 - 2012-08-31 20:03 - 00000000 ____D D:\Program Files (x86)\Mozilla Maintenance Service
2013-08-20 19:55 - 2013-08-20 19:55 - 00000000 ____D D:\Program Files (x86)\Mozilla Firefox
2013-08-12 20:04 - 2009-07-14 05:20 - 00000000 ____D D:\Windows\system32\NDF
2013-08-10 18:36 - 2009-07-14 07:08 - 00032636 _____ D:\Windows\Tasks\SCHEDLGU.TXT
2013-08-09 20:30 - 2011-01-20 17:15 - 00000000 ____D D:\Users\Jenda\AppData\Roaming\uTorrent
2013-08-09 10:52 - 2011-01-22 15:16 - 00000000 ____D D:\ProgramData\DAEMON Tools Lite
2013-08-07 18:55 - 2013-08-06 19:36 - 00000000 ____D D:\Users\Jenda\Desktop\Mass
2013-08-07 18:47 - 2013-08-07 18:47 - 00001675 _____ D:\Users\Jenda\Desktop\MassEffect2 – zástupce.lnk
2013-08-07 18:47 - 2013-08-06 20:24 - 00000000 ____D D:\Program Files (x86)\Mass Effect 2
2013-08-07 18:41 - 2013-08-07 18:41 - 00000000 ____D D:\Users\Jenda\Documents\BioWare
2013-08-06 22:25 - 2013-08-06 20:03 - 00031331 _____ D:\Users\Jenda\Documents\Install Mass Effect 2.log
2013-08-06 20:36 - 2013-08-06 20:36 - 00000000 ____D D:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2013-08-06 20:14 - 2013-08-06 20:14 - 00003032 _____ D:\Windows\System32\Tasks\{1DC5E5D6-754C-4D54-8D05-E01FBCBCA0B7}

Files to move or delete:
====================
D:\Users\Jenda\AppData\Local\Temp\i4jdel0.exe
D:\Users\Jenda\AppData\Local\Temp\i4jdel1.exe
D:\Users\Jenda\AppData\Local\Temp\Quarantine.exe
D:\Users\Jenda\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

D:\Windows\System32\winlogon.exe => MD5 is legit
D:\Windows\System32\wininit.exe => MD5 is legit
D:\Windows\SysWOW64\wininit.exe => MD5 is legit
D:\Windows\explorer.exe => MD5 is legit
D:\Windows\SysWOW64\explorer.exe => MD5 is legit
D:\Windows\System32\svchost.exe => MD5 is legit
D:\Windows\SysWOW64\svchost.exe => MD5 is legit
D:\Windows\System32\services.exe => MD5 is legit
D:\Windows\System32\User32.dll => MD5 is legit
D:\Windows\SysWOW64\User32.dll => MD5 is legit
D:\Windows\System32\userinit.exe => MD5 is legit
D:\Windows\SysWOW64\userinit.exe => MD5 is legit
D:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Scheduled Tasks (whitelisted) ===========

Task: D:\Windows\Tasks\Adobe Flash Player Updater.job => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Supplementary Scan (All) ================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"D:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager
D:\Program Files (x86)\Free Download Manager\fdm.exe -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box
"D:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent
"D:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray
D:\Program Files\OO Software\Defrag\oodtray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
"D:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar
D:\Program Files\Windows Sidebar\sidebar.exe /autoRun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield
D:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater
D:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRDownloader
D:\Users\Jenda\Desktop\Nepou��van� odkazy\SRDownloader.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
"D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM
D:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator
D:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center
%windir%\WindowsMobile\wmdc.exe [x]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"EnableLinkedConnections"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
"FirewallDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"D:\\Program Files (x86)\\Daum\\PotPlayer\\PotPlayerMini.exe"="D:\\Program Files (x86)\\Daum\\PotPlayer\\PotPlayerMini.exe:*:Enabled:PotPlayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Program Files (x86)\\Daum\\PotPlayer\\PotPlayerMini.exe"="D:\\Program Files (x86)\\Daum\\PotPlayer\\PotPlayerMini.exe:*:Enabled:PotPlayer"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvyu"="msyuv.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"vidc.yvu9"="tsbyuv.dll"
"msacm.l3acm"="D:\\Windows\\System32\\l3codeca.acm"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux1"="wdmaud.drv"

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:195.31 GB) (Free:97.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:270.44 GB) (Free:18.01 GB) NTFS
Drive e: (REPEATER CD) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

Available physical RAM: 2621.36 MB
Total physical RAM: 4095.18 MB
Percentage of memory in use: 35%

LastRegBack: 2013-09-03 12:04

==================== End Of Log ==============================

#7 Příspěvek od **vyosek** » 05 zář 2013 21:38

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKCU\...\Run: [DAEMON Tools Lite] - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKCU\...\Run: [SRDownloader] - D:\Users\Jenda\Desktop\Nepoužívané odkazy\SRDownloader.exe [905728 2012-12-20] (Share-rapid.com)
HKLM-x32\...\Run: [APSDaemon] - D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=co ... 097682&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzzyE0BtCyCyCzy0B0A0CtN0D0Tzu0CyDtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=789097682&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzzyE0BtCyCyCzy0B0A0CtN0D0Tzu0CyDtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=789097682&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File

CHR DefaultSearchURL: (Mysearchdial) - http://www.google.com
CHR DefaultSuggestURL: (Mysearchdial) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

D:\Users\Jenda\AppData\Local\Temp\i4jdel0.exe
D:\Users\Jenda\AppData\Local\Temp\i4jdel1.exe
D:\Program Files (x86)\SweetIM

Task: D:\Windows\Tasks\Adobe Flash Player Updater.job => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRDownloader" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center" /f

Hosts:
CMD: shutdown /r /f /t 2
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

jenanek · #8 Příspěvek od **jenanek** » 06 zář 2013 15:31

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-09-2013
Ran by Jenda at 2013-09-06 16:22:59 Run:1
Running from D:\Users\Jenda\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [DAEMON Tools Lite] - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKCU\...\Run: [SRDownloader] - D:\Users\Jenda\Desktop\Nepoužívané odkazy\SRDownloader.exe [905728 2012-12-20] (Share-rapid.com)
HKLM-x32\...\Run: [APSDaemon] - D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=co ... 097682&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.p ... 097682&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.p ... 097682&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File

CHR DefaultSearchURL: (Mysearchdial) - http://www.google.com
CHR DefaultSuggestURL: (Mysearchdial) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

D:\Users\Jenda\AppData\Local\Temp\i4jdel0.exe
D:\Users\Jenda\AppData\Local\Temp\i4jdel1.exe
D:\Program Files (x86)\SweetIM

Task: D:\Windows\Tasks\Adobe Flash Player Updater.job => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRDownloader" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center" /f

Hosts:
CMD: shutdown /r /f /t 2
End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SRDownloader => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\APSDaemon => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
CHR DefaultSearchURL: (Mysearchdial) - http://www.google.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Mysearchdial) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
D:\Users\Jenda\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
D:\Users\Jenda\AppData\Local\Temp\i4jdel1.exe => Moved successfully.
"D:\Program Files (x86)\SweetIM" => File/Directory not found.
D:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRDownloader" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

D:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

==== End of Fixlog ====

#9 Příspěvek od **vyosek** » 07 zář 2013 12:35

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Doporucuji provest defragmentaci disku

Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace

Napiste co PC

jenanek · #10 Příspěvek od **jenanek** » 07 zář 2013 19:18

Dobrý den.Všechno jsem to provedl a musím říct,že počítač skutečně ožil.Víc ho ale prověřím v příštích dnech.Myslím,že je v pořáku.Moc Vám děkuju za pomoc.Přeji hezký zbytek dne

#11 Příspěvek od **vyosek** » 07 zář 2013 21:30

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Prosím kontrolu logu

Prosím kontrolu logu

Re: Prosím kontrolu logu

Re: Prosím kontrolu logu

Re: Prosím kontrolu logu

Re: Prosím kontrolu logu

Re: Prosím kontrolu logu

Re: Prosím kontrolu logu

Re: Prosím kontrolu logu

Re: Prosím kontrolu logu

Re: Prosím kontrolu logu

Re: Prosím kontrolu logu