Nový podvodný e-mail

[zdeny.m]

Hezký den,

právě jsem otevřel Nový podvodný e-mail který má obsahovat vir.

Jedná se o dluh k bance od
S pozdravem,
Vedoucí odboru vymáhání pohledávek
Barbora Stemper-bauerová
+420 602 255 619

Poradíte mi co mám udělat

[zdeny.m]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by Zdenek (administrator) on ACER on 30-06-2014 16:56:21
Running from C:\Users\Zdenek\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\RtkDashClientInstaller\RtkDashClient.exe
(http://yourfiledownloader.com) C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Shield Plus) C:\Users\Zdenek\AppData\Local\ShieldPlus\spprt\spsvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(Shield Plus) C:\Users\Zdenek\AppData\Local\ShieldPlus\spprt\spprt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\LEsrv.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.7\ScriptHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\REALTEK\Realtek USB 2.0 Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files\Motorola\Bluetooth\btmshell.dll [33909808 2011-07-19] (Motorola Solutions, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [374024 2012-10-23] (IVT Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-02] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1565823262-305046286-3171751142-1000\...\Run: [Google Update] => C:\Users\Zdenek\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-10] (Google Inc.)
HKU\S-1-5-21-1565823262-305046286-3171751142-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Zdenek\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=635edbf6d53c47d0b10d0196dc862880-edc1c2cc54de291b235a00cac0e06fb679a233ad /CMPID=1213b
HKU\S-1-5-21-1565823262-305046286-3171751142-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1565823262-305046286-3171751142-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Zdenek\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=635edbf6d53c47d0b10d0196dc862880-edc1c2cc54de291b235a00cac0e06fb679a233ad /CMPID=0214c

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosearch.com/?babsrc=HP_s ... l&tsp=5281
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={A37 ... 2014-02-08 19:25:15&v=18.1.7.598&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTe ... l&tsp=5281
SearchScopes: HKCU - {289B4B4C-98E1-4F9F-9B8C-EE7508DBBBF3} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKCU - {2BBDDA97-82B6-4294-A357-9F2FA93A771F} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
SearchScopes: HKCU - {598AA6D5-844A-4B56-A62E-AE73E4DCF1BA} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKCU - {60AFEBE2-0A96-42D7-8A4B-B67DFB7D77A8} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={A37 ... 2014-02-08 19:25:15&v=18.1.7.598&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {979FC880-5641-4A81-86DE-BB02F0C8637B} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKCU - {9AB1C92A-A973-4F06-9ACD-7DFAB3CEF82B} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKCU - {A7571F8F-6238-4AFB-BB07-D1F707D3439B} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKCU - {CA0E1381-2251-4D21-A9A3-D7DEE3E922C7} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default
FF NewTab: hxxp://www.buenosearch.com/?babsrc=NT_ss&mntrI ... l&tsp=5281
FF DefaultSearchEngine: Centrum.cz
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com?pid=safeguard&sg=&cid=%7Bd4ce5093-8fef-468e-8193-660808c8d4b3%7D&mid=635edbf6d53c47d0b10d0196dc862880-edc1c2cc54de291b235a00cac0e06fb679a233ad&ds=AVG&coid=avgtbavg&cmpid=&v=18.1.7.598&lang=cs&pr=fr&d=2014-02-08%2019%3A25%3A15&sap=hp
FF Keyword.URL: hxxp://search.centrum.cz/?charset=UTF-8&channel_id=ch-toolbar-ff,ch-toolbar-ff-searchbox&utm_source=ch-toolbar&utm_medium=ff-centrum-cz&utm_content=toolbar-searchbox&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Zdenek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Zdenek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Zdenek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Zdenek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Zdenek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Zdenek\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF user.js: detected! => C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Zdenek\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Zdenek\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\searchplugins\buenosearch.xml
FF SearchPlugin: C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\searchplugins\firmycz.xml
FF SearchPlugin: C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\searchplugins\mapycz.xml
FF SearchPlugin: C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\searchplugins\zbocz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: DoNotTrackMe - C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\Extensions\donottrackplus@abine.com [2013-09-21]
FF Extension: BuenoSearch - C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\Extensions\ffxtlbr@buenosearch.com [2014-06-17]
FF Extension: Lišta Centrum.cz - C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\Extensions\toolbar@centrumholdings.com [2014-04-24]
FF Extension: Seznam lištička - C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-06-19]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-13]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.598
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.598 [2014-06-02]

Chrome:
=======
CHR HomePage: hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 5&tsp=5274
CHR StartupUrls: "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 5&tsp=5274", "hxxp://mysearch.avg.com?cid={A37A771E-D543-46EB-9569-8CDAD2DEEC26}&mid=635edbf6d53c47d0b10d0196dc862880-edc1c2cc54de291b235a00cac0e06fb679a233ad&lang=cs&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-08 19:25:15&v=18.1.5.512&pid=safeguard&sg=&sap=hp"
CHR NewTab: "chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchProvider: AVG Secure Search
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid={A37 ... 2014-02-08 19:25:15&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: https://mysearch.avg.com/chroment?espv= ... 2014-02-08 19:25:15&v=18.1.0.443&pid=safeguard&sg=
CHR Extension: (Dokumenty Google) - C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-13]
CHR Extension: (Disk Google) - C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-13]
CHR Extension: (Seznam Li0161ti010Dka - Email) - C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2013-10-14]
CHR Extension: (Seznam Li0161ti010Dka - Slovn00EDk) - C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2013-10-14]
CHR Extension: (YouTube) - C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-13]
CHR Extension: (Vyhled00E1v00E1n00ED Google) - C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-13]
CHR Extension: (Logitech SetPoint) - C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-10-13]
CHR Extension: (AVG Secure Search) - C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-04-21]
CHR Extension: (Peněženka Google) - C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2013-10-14]
CHR Extension: (Gmail) - C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-13]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-13]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-03-13]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1616136 2012-11-20] (IVT Corporation)
R2 Bluetooth Low Energy Service; C:\Program Files\Motorola\Bluetooth\LEsrv.exe [591920 2011-07-20] (Motorola Solutions, Inc.)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-10-23] (IVT Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2013-03-13] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2013-03-13] (Macrovision Europe Ltd.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\REALTEK\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 Service; C:\Users\Zdenek\AppData\Local\ShieldPlus\spprt\spsvc.exe [134656 2014-06-12] (Shield Plus) [File not signed]
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-02] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-02] (AVG Technologies)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [22536 2011-07-01] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-05] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U4 Synth3dVsc;
U4 tsusbhub;
U4 Update LemurLeap;
U4 Util LemurLeap;
U4 VGPU;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-30 16:56 - 2014-06-30 16:56 - 00027133 _____ () C:\Users\Zdenek\Downloads\FRST.txt
2014-06-30 16:56 - 2014-06-30 16:56 - 00000000 ____D () C:\FRST
2014-06-30 16:55 - 2014-06-30 16:55 - 02083328 _____ (Farbar) C:\Users\Zdenek\Downloads\FRST64.exe
2014-06-30 15:59 - 2014-06-30 15:59 - 00050762 _____ () C:\Users\Zdenek\Downloads\smlouva_38732174992569014.zip
2014-06-17 22:52 - 2014-06-17 22:54 - 00003384 _____ () C:\Windows\System32\Tasks\EPUpdater
2014-06-17 22:52 - 2014-06-17 22:52 - 00000000 ____D () C:\Users\Zdenek\AppData\Local\ShieldPlus
2014-06-17 22:51 - 2014-06-17 22:51 - 00001892 _____ () C:\Users\Zdenek\Desktop\Search.lnk
2014-06-17 22:51 - 2014-06-17 22:51 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-06-15 00:08 - 2014-06-15 00:09 - 09398510 _____ () C:\Users\Zdenek\Downloads\Krizovatka_v_Etiopii.mp4
2014-06-12 15:17 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 15:17 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 15:14 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 15:14 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 15:14 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 15:14 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 15:14 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 15:14 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 15:14 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 15:14 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 15:14 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 15:14 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 15:14 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 15:14 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 15:14 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 15:14 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 15:14 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 15:14 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 15:14 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 15:14 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 15:14 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 15:14 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 15:14 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 15:14 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 15:14 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 15:14 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 15:14 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 15:14 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 15:14 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 15:14 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 15:14 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 15:14 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 15:14 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 15:14 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 15:14 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 15:14 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 15:14 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 15:14 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 15:14 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 15:14 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 15:14 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 15:14 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 15:14 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 15:14 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 15:14 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 15:14 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 15:14 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 15:14 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 15:14 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 15:14 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 15:14 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 15:14 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 15:14 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 15:14 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 15:14 - 2014-05-08 11:32 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 15:14 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 15:14 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 15:14 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 15:14 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 15:14 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 15:14 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 15:14 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 15:14 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 15:14 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 15:14 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 15:13 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 15:13 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 06:49 - 2014-06-18 10:47 - 00003618 _____ () C:\Windows\PFRO.log
2014-06-10 17:14 - 2014-06-10 17:14 - 00000000 ____D () C:\Users\Zdenek\AppData\Roaming\buenosearch LTD
2014-06-10 17:14 - 2014-06-10 17:14 - 00000000 ____D () C:\Users\Zdenek\AppData\Roaming\BabSolution
2014-06-10 17:14 - 2014-06-10 17:14 - 00000000 ____D () C:\Program Files (x86)\buenosearch LTD
2014-06-10 17:13 - 2014-06-17 22:51 - 00003126 _____ () C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-06-10 17:13 - 2014-06-17 22:51 - 00001985 _____ () C:\Users\Public\Desktop\YourFile Downloader.lnk
2014-06-10 17:13 - 2014-06-17 22:51 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloader Updater
2014-06-10 17:13 - 2014-06-17 22:51 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloader
2014-06-10 17:13 - 2014-06-10 17:13 - 06353464 _____ () C:\Users\Zdenek\Downloads\Spyhunter_4_Email_And_Password_Crack_downloader.exe
2014-06-10 17:13 - 2014-06-10 17:13 - 00000000 ____D () C:\Users\Zdenek\AppData\Roaming\YourFileDownloader
2014-06-10 17:13 - 2014-06-10 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader
2014-06-10 15:02 - 2014-06-10 15:02 - 00000000 _____ () C:\autoexec.bat
2014-06-10 15:01 - 2014-06-10 15:01 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-10 15:00 - 2014-06-12 07:17 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-06-10 14:59 - 2014-06-10 14:59 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Zdenek\Downloads\sh-remover.exe
2014-06-07 14:31 - 2014-06-07 14:31 - 00000795 _____ () C:\Users\Zdenek\Desktop\voda holýšov bazen PH.txt
2014-06-07 14:28 - 2014-06-07 14:28 - 00000151 _____ () C:\Users\Zdenek\Documents\voda holýšov.txt
2014-06-02 16:21 - 2014-06-02 16:21 - 00000000 ____D () C:\ProgramData\AVG Secure Search

==================== One Month Modified Files and Folders =======

2014-06-30 16:56 - 2014-06-30 16:56 - 00027133 _____ () C:\Users\Zdenek\Downloads\FRST.txt
2014-06-30 16:56 - 2014-06-30 16:56 - 00000000 ____D () C:\FRST
2014-06-30 16:55 - 2014-06-30 16:55 - 02083328 _____ (Farbar) C:\Users\Zdenek\Downloads\FRST64.exe
2014-06-30 16:54 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-30 16:30 - 2013-12-07 00:01 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-30 16:08 - 2013-12-03 16:40 - 00000966 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1565823262-305046286-3171751142-1000UA.job
2014-06-30 16:03 - 2013-12-11 13:03 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 15:59 - 2014-06-30 15:59 - 00050762 _____ () C:\Users\Zdenek\Downloads\smlouva_38732174992569014.zip
2014-06-30 14:56 - 2012-08-05 19:19 - 01678943 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 12:59 - 2012-08-10 22:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-30 12:58 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 12:58 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 12:53 - 2014-05-02 20:25 - 00005488 _____ () C:\Windows\setupact.log
2014-06-30 12:53 - 2013-12-07 00:01 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 12:53 - 2012-10-23 18:34 - 00000816 _____ () C:\Windows\SysWOW64\bscs.ini
2014-06-30 12:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-29 19:31 - 2009-07-26 20:41 - 00669920 _____ () C:\Windows\system32\perfh005.dat
2014-06-29 19:31 - 2009-07-26 20:41 - 00142078 _____ () C:\Windows\system32\perfc005.dat
2014-06-29 19:31 - 2009-07-14 07:13 - 01588048 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 11:08 - 2013-12-03 16:40 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1565823262-305046286-3171751142-1000Core.job
2014-06-21 11:03 - 2013-11-09 20:35 - 00003938 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1565823262-305046286-3171751142-1000UA
2014-06-21 11:03 - 2013-11-09 20:35 - 00003542 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1565823262-305046286-3171751142-1000Core
2014-06-19 23:25 - 2013-08-16 18:56 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 23:25 - 2013-08-16 18:56 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 11:37 - 2014-03-31 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-19 11:37 - 2013-11-17 14:32 - 00000987 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-18 10:47 - 2014-06-11 06:49 - 00003618 _____ () C:\Windows\PFRO.log
2014-06-17 22:54 - 2014-06-17 22:52 - 00003384 _____ () C:\Windows\System32\Tasks\EPUpdater
2014-06-17 22:52 - 2014-06-17 22:52 - 00000000 ____D () C:\Users\Zdenek\AppData\Local\ShieldPlus
2014-06-17 22:51 - 2014-06-17 22:51 - 00001892 _____ () C:\Users\Zdenek\Desktop\Search.lnk
2014-06-17 22:51 - 2014-06-17 22:51 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-06-17 22:51 - 2014-06-10 17:13 - 00003126 _____ () C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-06-17 22:51 - 2014-06-10 17:13 - 00001985 _____ () C:\Users\Public\Desktop\YourFile Downloader.lnk
2014-06-17 22:51 - 2014-06-10 17:13 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloader Updater
2014-06-17 22:51 - 2014-06-10 17:13 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloader
2014-06-15 00:09 - 2014-06-15 00:08 - 09398510 _____ () C:\Users\Zdenek\Downloads\Krizovatka_v_Etiopii.mp4
2014-06-13 15:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 06:51 - 2009-07-14 07:08 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-12 20:46 - 2014-05-06 23:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 07:17 - 2014-06-10 15:00 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-06-11 15:27 - 2013-10-13 14:10 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-10 17:14 - 2014-06-10 17:14 - 00000000 ____D () C:\Users\Zdenek\AppData\Roaming\buenosearch LTD
2014-06-10 17:14 - 2014-06-10 17:14 - 00000000 ____D () C:\Users\Zdenek\AppData\Roaming\BabSolution
2014-06-10 17:14 - 2014-06-10 17:14 - 00000000 ____D () C:\Program Files (x86)\buenosearch LTD
2014-06-10 17:13 - 2014-06-10 17:13 - 06353464 _____ () C:\Users\Zdenek\Downloads\Spyhunter_4_Email_And_Password_Crack_downloader.exe
2014-06-10 17:13 - 2014-06-10 17:13 - 00000000 ____D () C:\Users\Zdenek\AppData\Roaming\YourFileDownloader
2014-06-10 17:13 - 2014-06-10 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader
2014-06-10 15:02 - 2014-06-10 15:02 - 00000000 _____ () C:\autoexec.bat
2014-06-10 15:01 - 2014-06-10 15:01 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-10 14:59 - 2014-06-10 14:59 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Zdenek\Downloads\sh-remover.exe
2014-06-09 19:02 - 2012-08-07 20:18 - 00000000 ____D () C:\Users\Zdenek\AppData\Roaming\Mozilla
2014-06-09 07:00 - 2012-08-07 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-08 11:13 - 2014-06-12 15:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-12 15:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 14:31 - 2014-06-07 14:31 - 00000795 _____ () C:\Users\Zdenek\Desktop\voda holýšov bazen PH.txt
2014-06-07 14:28 - 2014-06-07 14:28 - 00000151 _____ () C:\Users\Zdenek\Documents\voda holýšov.txt
2014-06-02 16:22 - 2014-01-30 11:14 - 00003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-06-02 16:21 - 2014-06-02 16:21 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-02 16:21 - 2014-01-30 11:14 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-06-02 16:20 - 2014-01-30 11:14 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

Files to move or delete:
====================
C:\Users\Zdenek\Ccleaner Business Edition.exe


Some content of TEMP:
====================
C:\Users\Zdenek\AppData\Local\Temp\htmlayout.dll
C:\Users\Zdenek\AppData\Local\Temp\SHSetup.exe
C:\Users\Zdenek\AppData\Local\Temp\toolbar15086837.exe
C:\Users\Zdenek\AppData\Local\Temp\toolbar197245.exe
C:\Users\Zdenek\AppData\Local\Temp\update182489.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 11:15

==================== End Of Log ============================

[vyosek]

Zdravim

Udelejte MBAM dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928

[zdeny.m]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30.6.2014
Scan Time: 20:20:02
Logfile: scan.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.30.09
Rootkit Database: v2014.06.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Zdenek

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290034
Time Elapsed: 12 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.ShieldPlus.A, C:\Users\Zdenek\AppData\Local\ShieldPlus\spprt\spsvc.exe, 3124, , [5948d8a6740723137c00278a8e7401ff]
PUP.Optional.ShieldPlus.A, C:\Users\Zdenek\AppData\Local\ShieldPlus\spprt\spprt.exe, 3276, , [d7ca88f607742b0b344fc5e6db27e818]

Modules: 0
(No malicious items detected)

Registry Keys: 48
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9}, , [7e23710d1863a195dc05a1e37d85c937],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchdskBnd.1, , [7e23710d1863a195dc05a1e37d85c937],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchdskBnd, , [7e23710d1863a195dc05a1e37d85c937],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchdskBnd, , [7e23710d1863a195dc05a1e37d85c937],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchdskBnd.1, , [7e23710d1863a195dc05a1e37d85c937],
PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-1565823262-305046286-3171751142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{828DC97A-2277-4E10-92A9-4907FA0922A9}, , [7e23710d1863a195dc05a1e37d85c937],
PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-1565823262-305046286-3171751142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{828DC97A-2277-4E10-92A9-4907FA0922A9}, , [7e23710d1863a195dc05a1e37d85c937],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, , [069b8af4700bcd69d60a5a2ad131f010],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchHlpr.1, , [069b8af4700bcd69d60a5a2ad131f010],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchHlpr, , [069b8af4700bcd69d60a5a2ad131f010],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchHlpr, , [069b8af4700bcd69d60a5a2ad131f010],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, , [069b8af4700bcd69d60a5a2ad131f010],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchHlpr.1, , [069b8af4700bcd69d60a5a2ad131f010],
PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-1565823262-305046286-3171751142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, , [069b8af4700bcd69d60a5a2ad131f010],
PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-1565823262-305046286-3171751142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, , [069b8af4700bcd69d60a5a2ad131f010],
PUP.Optional.LemurLeap.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{68731C4D-20A2-4D44-9D11-7944C839BEF9}, , [a9f86717ee8d85b1055f36191fe3f10f],
PUP.Optional.LemurLeap.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{68731C4D-20A2-4D44-9D11-7944C839BEF9}, , [a9f86717ee8d85b1055f36191fe3f10f],
PUP.Optional.Babylon.A, HKU\S-1-5-21-1565823262-305046286-3171751142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [d6cbfe80aecde056cae8d375a45e9868],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{708D0DD7-FBC0-4437-B525-C098F450A62C}, , [b2ef8df1aad15ed8904f0d3bd2301fe1],
PUP.Optional.AppGraffiti.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}, , [61403b43e09ba3932803cdb45da537c9],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchappCore, , [4a57225cccafa2941ade0ec0b250b34d],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchappCore.1, , [a7fa1d6108736ccaf7015d71b84a669a],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\esrv.buenosearchESrvc, , [fea3ea9496e5bb7b07f28747639f17e9],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\esrv.buenosearchESrvc.1, , [3c652f4f413a2a0ca356656953af758b],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\buenosearch LTD, , [c6db037b5e1d290d53a3c30b34ce3ac6],
PUP.Optional.LemurLeap.A, HKLM\SOFTWARE\WOW6432NODE\LemurLeap, , [821f36489ae1dd59ac0343aedf2446ba],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchappCore, , [376ae49a1467b0864fa95a74a35fd22e],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchappCore.1, , [7e23017d9cdfaa8cea0e1eb02ad8fe02],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.buenosearchESrvc, , [78295a24186368ce2dcc804ee51d7e82],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.buenosearchESrvc.1, , [534e7c0294e7b680b94017b7bf43de22],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\acfoobbgoakpihljnfedbcfaipcdlfhk, , [1f823648017ada5cb18b8a68cd36ee12],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Bueno Chrome Toolbar, , [aaf79be3e596033302f403b6e919de22],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, , [6a374539225947ef379422c744bf07f9],
PUP.Optional.LemurLeap.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update LemurLeap, , [6140225c304bc472a240ab3f09fa867a],
PUP.Optional.ShieldPlus.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICE, , [5948d8a6740723137c00278a8e7401ff],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, , [f5ac48364a3188ae51a008e7d3302ad6],
PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-1565823262-305046286-3171751142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\buenosearch LTD, , [f7aa621cb1ca94a22ccbc00ece34748c],
PUP.Optional.LemurLeap.A, HKU\S-1-5-21-1565823262-305046286-3171751142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LemurLeap, , [2180e5999be0ac8a7e65ab3f649f8080],
PUP.Optional.Babylon.A, HKU\S-1-5-21-1565823262-305046286-3171751142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [366b344a2c4ffb3bc8f749a07f846898],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-1565823262-305046286-3171751142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, , [841d85f9fb807db9b3c9baf416eca65a],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8322EB6E-B594-41F6-A30B-CF3F800E1874}, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4CC15FBA-46A4-4CB5-BFAF-F2335365AE76}, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\b, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\buenosearch, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.ShieldPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\spprt, , [d7ca88f607742b0b344fc5e6db27e818],

Registry Values: 5
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{828DC97A-2277-4E10-92A9-4907FA0922A9}, buenosearch Toolbar, , [7e23710d1863a195dc05a1e37d85c937]
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{828DC97A-2277-4E10-92A9-4907FA0922A9}, , [c9d85727ff7cd1655a87760e04fee51b],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {AF85E2B7-2C0F-11E2-9AB3-D0DF9A62C173}, , [6a374539225947ef379422c744bf07f9]
PUP.Optional.ShieldPlus.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICE|ImagePath, C:\Users\Zdenek\AppData\Local\ShieldPlus\spprt\spsvc.exe, , [5948d8a6740723137c00278a8e7401ff]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, , [f5ac48364a3188ae51a008e7d3302ad6]

Registry Data: 3
Hijack.SearchPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, http://search.qvo6.com/web/?utm_source= ... earchTerms}, Good: (http://www.google.com/), Bad: (http://search.qvo6.com/web/?utm_source= ... earchTerms}),,[336e0777a7d42016d4ec2666e222758b]
Hijack.SearchPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://search.qvo6.com/web/?utm_source= ... earchTerms}, Good: (http://www.google.com/), Bad: (http://search.qvo6.com/web/?utm_source= ... earchTerms}),,[c6db7e0048333df9ae132963ec18bb45]
Hijack.StartPage, HKU\S-1-5-21-1565823262-305046286-3171751142-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.buenosearch.com/?babsrc=HP_s ... l&tsp=5281, Good: (http://www.google.com), Bad: (http://www.buenosearch.com/?babsrc=HP_s ... l&tsp=5281),,[60416717cfac94a2dc136824d82cb44c]

Folders: 16
PUP.Optional.YourfileDownloader.A, C:\Program Files (x86)\YourFileDownloader, , [930e295589f2f83e80df09dd4ab91de3],
PUP.Optional.YourfileDownloader.A, C:\Program Files (x86)\YourFileDownloader\language, , [930e295589f2f83e80df09dd4ab91de3],
PUP.Optional.BuenoSearch.A, C:\Users\Zdenek\AppData\Local\Temp\mt_ffx\buenosearch LTD, , [752c1965295276c0c45391074cb6be42],
PUP.Optional.BuenoSearch.A, C:\Users\Zdenek\AppData\Local\Temp\mt_ffx\buenosearch LTD\buenosearch, , [752c1965295276c0c45391074cb6be42],
PUP.Optional.BuenoSearch.A, C:\Users\Zdenek\AppData\Local\Temp\mt_ffx\buenosearch LTD\buenosearch\1.8.28.7, , [752c1965295276c0c45391074cb6be42],
PUP.Optional.BuenoSearch.A, C:\Program Files (x86)\buenosearch LTD, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, C:\Program Files (x86)\buenosearch LTD\buenosearch, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, C:\Users\Zdenek\AppData\Roaming\buenosearch LTD, , [e7ba126cc8b3cd69a4767b1d44be5da3],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\components, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.ShieldPlus.A, C:\Users\Zdenek\AppData\Local\ShieldPlus\spprt, , [d7ca88f607742b0b344fc5e6db27e818],

Files: 133
PUP.Optional.BuenoSearch.A, C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll, , [7e23710d1863a195dc05a1e37d85c937],
PUP.Optional.BuenoSearch.A, C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll, , [069b8af4700bcd69d60a5a2ad131f010],
PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, , [58490a74f8836fc776e2b49943c1cc34],
PUP.Optional.ToolBarInstaller.A, C:\Users\Zdenek\AppData\Local\Temp\toolbar15086837.exe, , [9809aed007741620b0e515447e868f71],
PUP.Optional.ToolBarInstaller.A, C:\Users\Zdenek\AppData\Local\Temp\toolbar197245.exe, , [594865195625fe38c6cfdf7a47bd768a],
PUP.Optional.BuenoSearch.A, C:\Users\Zdenek\AppData\Local\Temp\EDBD4F6A-BAB0-7891-BD93-319B01BB232E\Latest\MyBuenoTB.exe, , [732e0e700a7178be6bd57607c041aa56],
PUP.Optional.Inbox, C:\Users\Zdenek\Downloads\TVSetup.exe, , [f0b1641a85f61e18c8ede925fe03b14f],
PUP.Optional.Handy.A, C:\Users\Zdenek\Downloads\GotClip_Setup(2).exe, , [277af48af388b1852418ae73936ec33d],
PUP.Optional.OpenCandy, C:\Users\Zdenek\Downloads\DTLite-setup.exe, , [8120720c007b91a579fab5fc2ed6c23e],
PUP.Optional.LiveSoftAction.A, C:\Users\Zdenek\Downloads\EPSON EXPRESSION HOME XP-302 user guide provided through czechmanuals.com.exe, , [128f80feb9c2f73f749e6bb61ae7c43c],
PUP.Optional.SweetIM, C:\Windows\Installer\130b008.msi, , [6d34413da1dad165c143dfd274903fc1],
PUP.Optional.SweetIM, C:\Windows\Installer\130b014.msi, , [7b26245a5526ca6c3aca9d14ce36669a],
PUP.Optional.SweetIM, C:\Windows\Installer\130b01a.msi, , [5d44205ed2a9f343aa5a8c25bd4720e0],
PUP.Optional.YourfileDownloader.A, C:\Windows\System32\Tasks\YourFile DownloaderUpdate, , [564b80fe374476c0d68cb5faed1533cd],
PUP.Optional.Babylon.A, C:\Windows\System32\Tasks\EPUpdater, , [e6bb93eb176491a59fc46946768c33cd],
PUP.Optional.BuenoSearch.A, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\searchplugins\buenosearch.xml, , [70310975235852e404e86c5b5fa39070],
PUP.Optional.BuenoSearch.A, C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage, , [6b36b2ccb7c474c263c86c5eaa587c84],
PUP.Optional.BuenoSearch.A, C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage-journal, , [7829bec0fe7d65d1b07c507a788a03fd],
PUP.Optional.BuenoSearch.A, C:\Users\Zdenek\AppData\Roaming\BabSolution\Shared\BuenoSearch.ico, , [940dc8b6512acf67fb3307c6ef13bf41],
PUP.Optional.YourfileDownloader.A, C:\Program Files (x86)\YourFileDownloader\htmlayout.dll, , [930e295589f2f83e80df09dd4ab91de3],
PUP.Optional.YourfileDownloader.A, C:\Program Files (x86)\YourFileDownloader\Downloader.exe, , [930e295589f2f83e80df09dd4ab91de3],
PUP.Optional.YourfileDownloader.A, C:\Program Files (x86)\YourFileDownloader\YourFile.exe, , [930e295589f2f83e80df09dd4ab91de3],
PUP.Optional.Elex.A, C:\User Data\Default\Extensions\newtab.crx, , [5a47611d89f274c283327e6eef14bb45],
PUP.Optional.ShieldPlus.A, C:\Users\Zdenek\AppData\Local\ShieldPlus\spprt\spsvc.exe, , [5948d8a6740723137c00278a8e7401ff],
PUP.Optional.BuenoSearch.A, C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchApp.dll, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchEng.dll, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchsrv.exe, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\GUninstaller.exe, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\sqlite3.dll, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\uninstall.exe, , [1f82ed9190eb3df9a2766434ec1619e7],
PUP.Optional.BuenoSearch.A, C:\Users\Zdenek\AppData\Roaming\buenosearch LTD\sqlite3.dll, , [e7ba126cc8b3cd69a4767b1d44be5da3],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\chrome.manifest, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\install.rdf, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\uninstall.exe, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\components\FFDisp.dll, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\buenosearch.css, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\buenosearch.xul, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\dpk.htm, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\hlprs.js, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\loader.xul, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\mtstart.js, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\serp.js, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\tmplt.js, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\arwDwn.gif, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\closeo.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\help_16.gif, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\home.gif, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\icon_seperator.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\logo.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\privecy_16_hot.gif, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\sign.jpg, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\specialoffer.gif, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\tellafriend.gif, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\uninstall.gif, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\ae.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\bg.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\ch.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\cn.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\cz.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\de.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\eg.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\en.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\es.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\fr.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\gr.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\he.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\il.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\it.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\ja.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\jp.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\nl.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\no.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\pl.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\pt.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\ro.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\ru.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\sa.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\se.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\sv.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\tr.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\ua.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com\content\imgs\flgs\us.png, , [aef31668d3a821152090abef0ff36799],
PUP.Optional.ShieldPlus.A, C:\Users\Zdenek\AppData\Local\ShieldPlus\spprt\Data, , [d7ca88f607742b0b344fc5e6db27e818],
PUP.Optional.ShieldPlus.A, C:\Users\Zdenek\AppData\Local\ShieldPlus\spprt\spprt.exe, , [d7ca88f607742b0b344fc5e6db27e818],
PUP.Optional.Buenosearch.A, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.buenosearch.com/?babsrc=NT_s ... l&tsp=5281");), ,[1f82c2bc2c4fc76f8f2de2d863a1cc34]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), ,[158c6c127407cd69f796dddf28dc758b]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.aflt", "babsst");), ,[f0b1304e92e963d345489725778d6f91]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");), ,[b5ecd0ae413a88ae95f8318b2bd916ea]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.autoRvrt", "false");), ,[91106a145f1cd561632a863658ac48b8]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.bbDpng", "19");), ,[3869bbc3d1aaa6903657d0ec669e11ef]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.cntry", "CZ");), ,[178a0e70b8c3b0868ffe2c90ed174cb4]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.dfltLng", "cs");), ,[d2cf91eda4d7142249440bb134d0f10f]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.excTlbr", false);), ,[faa70c72d9a22313dcb18f2dd232d12f]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.ffxUnstlRst", true);), ,[1f82bdc1f3889d9990fd12aa13f1d22e]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.hdrMd5", "155E05C98D8E6E0CFBE9305FF6E0513C");), ,[247d2d514734bc7a038af0cce71dce32]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.id", "e402c1aa00000000000074de2b8afc07");), ,[2c75dda14b303303d2bbffbd8e76e51b]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlDay", "16238");), ,[564b98e66813bd791677a715d92ba45c]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlRef", "sst");), ,[4e534f2fa6d570c6c2cb912b000411ef]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.lastB", "http://www.buenosearch.com/?babsrc=HP_s ... l&tsp=5281");), ,[069b6d11671471c55c312b918c789868]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.722:55:07");), ,[efb2413d99e292a45d308d2f13f15ea2]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.newTab", false);), ,[3d64344a93e8092dc4c907b58f759868]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.prdct", "buenosearch");), ,[554c19651f5c54e2236a6f4d23e11ce4]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.prtnrId", "buenosearch");), ,[d1d06c1245365adcfd90eece25df31cf]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.rvrt", "false");), ,[48597b03ed8e14221f6e88349b69748c]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.sg", "azb");), ,[cbd60f6ff487f64017766a52e4204eb2]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.smplGrp", "azb");), ,[f0b1afcf413a280eade0b20a37cd12ee]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q={searchTe ... l&tsp=5281");), ,[9c05e5995a218da97f0e56668a7a1ce4]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrId", "base");), ,[a4fd8fefb6c569cd1479d0ec61a3629e]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTe ... l&tsp=5281");), ,[f0b1cab4196292a476178a3226de9c64]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsn", "1.8.28.7");), ,[d9c8a9d55c1f61d5e3aa8c3055af2bd5]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsnTs", "1.8.28.722:55:07");), ,[bbe6fe805e1d1026325bbdff0202c937]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsni", "1.8.28.7");), ,[920fd9a546358fa74e3f794327dd7987]
PUP.Optional.BuenoSearch.A, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTe ... l&tsp=5281");), ,[059c760814676cca9ef0dbe0e61e52ae]
PUP.Optional.BuenoSearch.A, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q={searchTe ... l&tsp=5281");), ,[e3bef6888cefeb4beaa44c6f08fc56aa]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.id", "e402c1aa00000000000074de2b8afc07");), ,[cfd2aed0c9b2ee481a7285374db750b0]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");), ,[237e15698cefc4722468dae2fe066898]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlDay", "16238");), ,[d5cc324c7cffa98d3557fac2aa5ac040]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsn", "1.8.28.7");), ,[5b461a642b50270ffc9014a8768e46ba]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsni", "1.8.28.7");), ,[7e23b5c9f8835bdb7a12784447bd8080]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsnTs", "1.8.28.722:55:07");), ,[d7ca6b13b6c5ab8bc6c612aa22e2ae52]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.prtnrId", "buenosearch");), ,[8d140777d0ab38fe414bf1cb030160a0]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.prdct", "buenosearch");), ,[d9c881fd89f282b47e0e6d4faf5520e0]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.aflt", "babsst");), ,[3a6778062c4f5bdbeca024984aba629e]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.smplGrp", "none");), ,[aaf7f985c8b3cf67b9d3ad0f9a6aa45c]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrId", "base");), ,[3869d1ad215a1125c8c4fac29173e818]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlRef", "sst");), ,[168bf985671423134943c3f9ee166898]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.dfltLng", "cs");), ,[b9e8d2ac413a7abc7f0dbffd956f7d83]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.excTlbr", false);), ,[3170e09eadce43f3d8b4f9c320e4a65a]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.ffxUnstlRst", true);), ,[574a2b536c0f1c1ac3c9f8c420e4e917]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), ,[7b262b5383f860d60c807e3e83812ad6]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.autoRvrt", "false");), ,[2d748cf24536f1456b219527b252db25]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.rvrt", "false");), ,[9908e29c59223cfa6428eece887cd42c]
PUP.Optional.BuenoSearch, C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.newTab", false);), ,[d8c9fa84dba0ea4ce1ab506ce12328d8]

Physical Sectors: 0
(No malicious items detected)


(end)

[vyosek]

Vsechny nalezy MBAMu smazte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[zdeny.m]

Zoek.exe v5.0.0.0 Updated 30-06-2014
Tool run by Zdenek on Łt 01.07.2014 at 15:06:29,40.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Zdenek\AppData\Local\Temp\Rar$EXa0.108\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-07-01-050853.log 1296 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1565823262-305046286-3171751142-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1565823262-305046286-3171751142-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1565823262-305046286-3171751142-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1565823262-305046286-3171751142-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1565823262-305046286-3171751142-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{828DC97A-2277-4E10-92A9-4907FA0922A9} deleted successfully
HKEY_USERS\S-1-5-21-1565823262-305046286-3171751142-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{828DC97A-2277-4E10-92A9-4907FA0922A9} deleted successfully
HKEY_USERS\S-1-5-21-1565823262-305046286-3171751142-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1C81E40-2485-4DB6-8C9D-04BD596B281E} deleted successfully
HKEY_USERS\S-1-5-21-1565823262-305046286-3171751142-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1C81E40-2485-4DB6-8C9D-04BD596B281E} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1C81E40-2485-4DB6-8C9D-04BD596B281E} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{828DC97A-2277-4E10-92A9-4907FA0922A9} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.7 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.7 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update LemurLeap deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js:
user_pref("browser.startup.homepage", "http://mysearch.avg.com?pid=safeguard&s ... A15&sap=hp");
user_pref("browser.newtab.url", "http://www.buenosearch.com/?babsrc=NT_s ... l&tsp=5281");
user_pref("browser.search.defaultEngineName", "Centrum.cz");
user_pref("browser.search.defaultenginename", "AVG Secure Search");
user_pref("browser.search.selectedEngine", "AVG Secure Search");
user_pref("keyword.URL", "http://search.centrum.cz/?charset=UTF-8 ... archbox&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default

---- Lines buenosearch removed from prefs.js ----
user_pref("extensions.buenosearch.admin", false);
user_pref("extensions.buenosearch.aflt", "babsst");
user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
user_pref("extensions.buenosearch.autoRvrt", "false");
user_pref("extensions.buenosearch.bbDpng", "19");
user_pref("extensions.buenosearch.cntry", "CZ");
user_pref("extensions.buenosearch.dfltLng", "cs");
user_pref("extensions.buenosearch.excTlbr", false);
user_pref("extensions.buenosearch.ffxUnstlRst", true);
user_pref("extensions.buenosearch.hdrMd5", "155E05C98D8E6E0CFBE9305FF6E0513C");
user_pref("extensions.buenosearch.id", "e402c1aa00000000000074de2b8afc07");
user_pref("extensions.buenosearch.instlDay", "16238");
user_pref("extensions.buenosearch.instlRef", "sst");
user_pref("extensions.buenosearch.lastB", "http://www.buenosearch.com/?babsrc=HP_s ... l&tsp=5281");
user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.722:55:07");
user_pref("extensions.buenosearch.newTab", false);
user_pref("extensions.buenosearch.prdct", "buenosearch");
user_pref("extensions.buenosearch.prtnrId", "buenosearch");
user_pref("extensions.buenosearch.rvrt", "false");
user_pref("extensions.buenosearch.sg", "azb");
user_pref("extensions.buenosearch.smplGrp", "azb");
user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q={searchTe ... =170614_ct
user_pref("extensions.buenosearch.tlbrId", "base");
user_pref("extensions.buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTe ... 36&tt=1706
user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
user_pref("extensions.buenosearch.vrsnTs", "1.8.28.722:55:07");
---- Lines buenosearch modified from prefs.js ----

user_pref("extensions.enabledAddons", "donottrackplus%40abine.com:2.2.9.918,toolbar%40centrumholdings.com:2.15.3.0,avg%40toolbar:18.1.7.598,%7Bea61440
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{F003DA68-8256-4b37-A6C4-350FA04494DF}\":{\"descriptor\":\"C:\\\\
---- Lines buenosearch removed from user.js ----

user_pref("extensions.buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTe ... l&tsp=5281");
user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q={searchTe ... l&tsp=5281");
user_pref("extensions.buenosearch.id", "e402c1aa00000000000074de2b8afc07");
user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
user_pref("extensions.buenosearch.instlDay", "16238");
user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
user_pref("extensions.buenosearch.vrsnTs", "1.8.28.722:55:07");
user_pref("extensions.buenosearch.prtnrId", "buenosearch");
user_pref("extensions.buenosearch.prdct", "buenosearch");
user_pref("extensions.buenosearch.aflt", "babsst");
user_pref("extensions.buenosearch.smplGrp", "none");
user_pref("extensions.buenosearch.tlbrId", "base");
user_pref("extensions.buenosearch.instlRef", "sst");
user_pref("extensions.buenosearch.dfltLng", "cs");
user_pref("extensions.buenosearch.excTlbr", false);
user_pref("extensions.buenosearch.ffxUnstlRst", true);
user_pref("extensions.buenosearch.admin", false);
user_pref("extensions.buenosearch.autoRvrt", "false");
user_pref("extensions.buenosearch.rvrt", "false");
user_pref("extensions.buenosearch.newTab", false);

---- Lines isearch removed from prefs.js ----
user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.
---- Lines mysearch removed from prefs.js ----
user_pref("avg.install.extHomepage", "http://mysearch.avg.com?pid=safeguard&s ... 53c47d0b10
---- Lines {336D0C35-8A85-403a-B9D2-65C292C39087} removed from prefs.js ----
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.extensionFirstRun", false);
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.lastExtensionVersion", "2.0.0.474");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_installer_name", "sg_6OyKwBFqkr_active_MB179_MB180_UA-25323614-19_2012-08-09-19-06-09");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_product_name", "Web Assistant");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_product_version", "2.0.0.474");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_temp_installer_name", "sg_6OyKwBFqkr_active_MB179_MB180_UA-25323614-19_2012-08-09-19-06-0
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_toolbarID", "b975cbf6e27c41b4a7d43ce3b992bd72");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_dailyPing", "true|||1352649658356");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_debugMode", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_dialogVersion", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_gtQueryParam", "UA-25323614-19");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_inactive_by_user", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_installedPing", "true|||8641344531981398");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_lastUpdate", "1352563258210|||8641352563258210");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_redirectQueryParam1", "MB179");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_redirectQueryParam2", "MB180");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_showDialog", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_showtoaster", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_status", "active");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_toasterID", "3|||8641352626157015");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_toolbar_query", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_upn2", "6OyKwBFqkr");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.setdefaultsearch_2.0.0.474", false);
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.setdnscatch_2.0.0.413", false);
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.setdnscatch_2.0.0.474", false);
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.sethomepage_2.0.0.474", false);
---- FireFox user.js and prefs.js backups ----

user_01.07.2014_1519_.backup
prefs_01.07.2014_1519_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\autoconfig.js deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\pref.js deleted
C:\PROGRA~2\YourFileDownloader deleted
C:\User Data\Default\Extensions deleted
C:\Users\Zdenek\AppData\Roaming\BabSolution deleted
C:\Users\Zdenek\AppData\Roaming\buenosearch LTD deleted
C:\Users\Zdenek\AppData\Roaming\YourFileDownloader deleted
C:\PROGRA~3\AVG Security Toolbar deleted
C:\PROGRA~3\DSearchLink deleted
C:\PROGRA~3\AVG Secure Search deleted
C:\Users\Zdenek\Searches deleted
C:\Users\Zdenek\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\windows\SysNative\tasks\ROC_JAN2013_TB_rmv deleted
C:\windows\SysNative\Tasks\EPUpdater deleted
C:\windows\SysNative\tasks\YourFile DownloaderUpdate deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\searchplugins\buenosearch.xml deleted
C:\Users\Zdenek\Desktop\Search.lnk deleted
C:\Users\Zdenek\Ccleaner Business Edition.exe deleted
C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\extensions\ffxtlbr@buenosearch.com deleted
"C:\Windows\Installer\9b935.msi" deleted
"C:\Windows\Installer\9b935.msi" deleted
"C:\Windows\Installer\130b008.msi" deleted
"C:\PROGRA~2\AVG SafeGuard toolbar\TBAPI.dll" deleted
"C:\PROGRA~2\AVG SafeGuard toolbar\vprot.exe" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.7\SiteSafety.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll" deleted
"C:\PROGRA~2\AVG SafeGuard toolbar" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted
"C:\PROGRA~3\AVG SafeGuard toolbar" deleted
"C:\Users\Zdenek\AppData\Local\AVG SafeGuard toolbar" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.7" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.7" deleted
"C:\Users\Zdenek\AppData\Local\AVG SafeGuard toolbar\Chrome" deleted
"C:\Users\Zdenek\AppData\Local\AVG SafeGuard toolbar\Chrome\Default" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"avg@toolbar"="C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.598" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default
- Undetermined - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.598
- DoNotTrackMe - %ProfilePath%\extensions\donottrackplus@abine.com
- Lita Centrum.cz - %ProfilePath%\extensions\toolbar@centrumholdings.com
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\Zdenek\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\Zdenek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Zdenek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
2BF85B6162528E0635DD8D632EB975C8 - C:\Users\Zdenek\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll - Facebook Desktop


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
acfoobbgoakpihljnfedbcfaipcdlfhk - No path found[]
edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[21.02.2013 03:59]
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]

Seznam Li\u0161ti\u010Dka - Email - Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Li\u0161ti\u010Dka - Slovn\u00EDk - Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
Logitech SetPoint - Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
{scripts [scripts/common.jsscripts/background.js]}content_scripts:[{all_frames:falsejs:[scripts/content.jsscripts/contentInit.js]matches:[<all_urls>]run_at:document_end}]description:Search the web safely using the AVG SafeGuard toolbar.icons:{128:icons/avg_icon_128.png}key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQABmanifest_version:2name:AVG SafeGuardpermissions:[<all_urls>tabsnativeMessaginghistory]update_url:https://clients2.google.com/service/upd ... 18.1.5.512} - Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Seznam Lištička - Rychlá volba - Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak

==== Chrome Fix ======================

C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage-journal deleted successfully
C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mixidj.delta-search.com_0.localstorage-journal deleted successfully
C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage deleted successfully
C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage-journal deleted successfully
C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_acfoobbgoakpihljnfedbcfaipcdlfhk_0.localstorage deleted successfully
C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully
C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.buenosearch.com/?babsrc=HP_s ... l&tsp=5281"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
{289B4B4C-98E1-4F9F-9B8C-EE7508DBBBF3} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... arch_16194"
{2BBDDA97-82B6-4294-A357-9F2FA93A771F} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchT ... arch_16194"
{598AA6D5-844A-4B56-A62E-AE73E4DCF1BA} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&so ... arch_16194"
{60AFEBE2-0A96-42D7-8A4B-B67DFB7D77A8} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q= ... arch_16194"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{979FC880-5641-4A81-86DE-BB02F0C8637B} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_16194"
{9AB1C92A-A973-4F06-9ACD-7DFAB3CEF82B} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194"
{A7571F8F-6238-4AFB-BB07-D1F707D3439B} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_16194"
{CA0E1381-2251-4D21-A9A3-D7DEE3E922C7} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_16194"

==== Reset Google Chrome ======================

C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Zdenek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Zdenek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Zdenek\AppData\Local\Mozilla\Firefox\Profiles\rix60fgr.default\Cache will be emptied at reboot

==== Empty Chrome Cache ======================

C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1094 folders=371 100939539 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Zdenek\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Zdenek\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\AVG SafeGuard toolbar" not found

==== EOF on Łt 01.07.2014 at 15:34:22,59 ======================

[vyosek]

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[zdeny.m]

# AdwCleaner v3.214 - Report created 01/07/2014 at 20:37:00
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Zdenek - ACER
# Running from : C:\Users\Zdenek\Downloads\adwcleaner_3.214.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\buenosearch LTD
Folder Deleted : C:\Program Files (x86)\YourFileDownloader Updater
File Deleted : C:\Users\Public\Desktop\YourFile Downloader.lnk
File Deleted : C:\Users\Zdenek\AppData\LocalLow\SkwConfig.bin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qvo6.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchappCore
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchHlpr
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.buenosearchESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.buenosearchESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4CC15FBA-46A4-4CB5-BFAF-F2335365AE76}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B6E533F-F78F-4525-B316-312BAF1295D1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8322EB6E-B594-41F6-A30B-CF3F800E1874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E6772887-C1E1-405E-94BB-D8760A1CF8DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{708D0DD7-FBC0-4437-B525-C098F450A62C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\buenosearch LTD
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\BetterSurf
Key Deleted : HKLM\Software\buenosearch LTD
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bueno Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\buenosearch

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\rix60fgr.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Zdenek\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [10497 octets] - [01/07/2014 20:35:42]
AdwCleaner[S1].txt - [10267 octets] - [01/07/2014 20:37:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10328 octets] ##########

[vyosek]

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse