Vir sdílení FB (odkaz na stránku tvářící se jako youtube)

Zpráva

JanHenke · #1 Příspěvek od **JanHenke** » 03 črc 2014 14:11

V mailu jsem včera mezi 17:40 a 18:00h rozklikl odkaz, že mě kamarád označil v příspěvku na FB.
Zobrazila se stránka s nefunkčním videem, tvářící se jako youtube a nabídla aktualizaci přehrávače. Po dovnloadu a marném pokusu o instalaci se mi vypnul Chrom a zrušilo přihlášení na FB.
Po novém přihlášení se mi na na profilu ukázalo falešné sdílení téhož odkazu osobám z přátel. Po otevření FB mi teď využití procesoru a RAM vyletí na maximum.
Prosím tedy o pomoc, neboť se obávám dalších komplikací. Pracuji jako počítačový grafik z domova a bez compu by rodina přišla o obživu.
Jsem absolutní lama, takže pokud se tu najde někdo, kdo by si věděl rady, berte to při laskavé odpovědi v potaz.

Předem se omlouvám za svou natvrdlost.
Jan Henke
Následuje vložený obsah z poznámkového bloku, vygenerovaný vaší utilitou FRST:
------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Jan Henke (administrator) on JANHENKE-PC on 03-07-2014 12:38:31
Running from C:\Users\Jan Henke\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(http://www.express-files.com/) C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\Pixart\Pac7302\Monitor.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
() C:\Program Files (x86)\Seznam.cz\bin\postak.exe
(PC Drivers Headquarters) C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Google Inc.) C:\Users\Jan Henke\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jan Henke\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jan Henke\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jan Henke\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jan Henke\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jan Henke\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2010-07-20] (Realtek Semiconductor)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2571288 2014-06-23] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\Run: [Seznam Postak] => C:\Program Files (x86)\Seznam.cz\bin\postak.exe [491040 2012-01-10] ()
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\Run: [Driver Detective] => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [3847064 2013-05-01] (PC Drivers Headquarters)
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\MountPoints2: F - F:\SETUP.EXE
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\MountPoints2: {007428dd-dadc-11e1-b3bb-7071bccca5eb} - L:\SETUP.EXE
AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll => "c:\progra~2\browse~1\sprote~1.dll" File Not Found
AppInit_DLLs-x32: c:\progra~2\simple~1\sprote~1.dll => "c:\progra~2\simple~1\sprote~1.dll" File Not Found
BootExecute: autocheck autochk /r \??\G:autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

Key found and deleted: HKU\S-1-5-21-182835841-275435485-1171101328-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... 8282507624
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=113012
҅

羭佁耀҅
HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.softonic.com/MON00006/tb_ ... rce=10&cc=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f ... 1767227705
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f ... 1767227705
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f ... 1767227705
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f ... 1767227705
SearchScopes: HKLM-x32 - {073F7763-71D9-1CA4-CAC5-5C45E7714888} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {3738B3E1-0F04-4C45-BF2A-FD0EDC535C71}
SearchScopes: HKCU - 8AE443394DF243BB910312C3B4D2C581 URL = http://search.phpnuke.org/?lang=en&cid= ... earchTerms}
SearchScopes: HKCU - {04BD9B3B-0FCA-4F52-AFB5-615465E576A4} URL = http://www.mapy.cz/?query={searchTerms} ... kSearch_12
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {073F7763-71D9-1CA4-CAC5-5C45E7714888} URL = http://search.softonic.com/MON00006/tb_ ... 4&cc=&r=54
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchT ... 71BCCCA5EB
SearchScopes: HKCU - {1C8DB5B0-A64F-43EC-B58C-A0F4EB1A3205} URL = http://search.conduit.com/ResultsExt.as ... =CT3205709
SearchScopes: HKCU - {35B09B3F-67F8-426F-B89A-9B13C5746576} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... kSearch_12
SearchScopes: HKCU - {5376BFEF-0788-4AA4-96BC-69611D068A2D} URL = http://slovnik.seznam.cz/?q={searchTerm ... kSearch_12
SearchScopes: HKCU - {876B1846-74F4-43FC-ABAB-ABB1D1FC652E} URL = http://encyklopedie.seznam.cz/search?q= ... kSearch_12
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={7EC5 ... 2013-01-20 18:34:19&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.chatzum.com/?q={SearchTerms}
SearchScopes: HKCU - {9997E497-394A-4DB7-817E-FF62F25D9057} URL = http://start.funmoods.com/results.php?f ... 1767227705
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms}
SearchScopes: HKCU - {BB7952CF-6A4F-4BD2-92FA-FC39BE23A684} URL = http://www.firmy.cz/phr/{searchTerms}?s ... kSearch_12
SearchScopes: HKCU - {EBE46BFC-8AF7-4CF1-AF0B-C3F80CCF41C9} URL = http://slovnik.seznam.cz/?q={searchTerm ... kSearch_12
SearchScopes: HKCU - {F8D55197-BDA6-47DF-9753-B3A80D35C2BB} URL = http://search.seznam.cz/?q={searchTerms ... kSearch_12
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: phpnuke Helper Object - {890CA547-B66C-48BF-9663-DBE0BFDC7D0C} - C:\Program Files (x86)\phpnuke\phpnuke\1.8.16.4\bh\phpnuke.dll (PHPNuke.org)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com)
BHO-x32: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\bin\core.4.dll ()
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No File
Toolbar: HKLM-x32 - Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files (x86)\Seznam.cz\toolbar\toolbar.dll ()
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - phpnuke Toolbar - {7B206A1E-933F-4A50-9E60-5167598BDB03} - C:\Program Files (x86)\phpnuke\phpnuke\1.8.16.4\phpnukeTlbr.dll (PHPNuke.org)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Len ... etect2.cab
DPF: HKLM-x32 {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.100

FireFox:
========
FF ProfilePath: C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default
FF NewTab: hxxp://www.delta-search.com/?affID=119776&babs ... 71BCCCA5EB
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Search The Web (phpnuke)
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=061613
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=061613&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.10 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Jan Henke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jan Henke\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jan Henke\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jan Henke\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\searchplugins\phpnuke.xml
FF SearchPlugin: C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\searchplugins\search-web.xml
FF SearchPlugin: C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\searchplugins\Search.xml
FF SearchPlugin: C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Babylon - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\ffxtlbr@babylon.com [2012-01-07]
FF Extension: Funmoods.com - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\ffxtlbr@funmoods.com [2012-07-31]
FF Extension: softonic.com - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\ffxtlbra@softonic.com [2012-06-23]
FF Extension: BrouwsEe2save - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\oeiem.b59@aa-fr.com [2013-04-22]
FF Extension: EbookBrroowse - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\ooy_uahqo@oockmuuernaq.net [2013-04-22]
FF Extension: BrotherSoft Extreme3 - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\{62d40876-df18-411f-9d34-a9dd7a197bc5} [2012-08-25]
FF Extension: Seznam lištička - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-04-22]
FF Extension: BS Player ControlBar - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2014-02-07]
FF Extension: No Name - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\OneClickDownload@OneClickDownload.com.xpi [2013-02-28]
FF Extension: No Name - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\torntv2@torntv.com.xpi [2013-03-24]
FF Extension: No Name - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-01]
FF Extension: No Name - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-02-28]
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{19bc7a5f-d8c6-c479-8ce2-b851f1a1be53} [2013-02-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-02-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-30]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-01-16]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-30]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.7.644
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.7.644 [2014-06-23]

Chrome:
=======
CHR Extension: (Funmoods Chat) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2014-07-02]
CHR Extension: (BrotherSoft Extreme3) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol [2014-07-02]
CHR Extension: (PhpNuke Chrome Toolbar) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cngompmodgafkkffefbfbghhciijojjh [2014-07-02]
CHR Extension: (No Name) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp [2014-07-02]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-05-18]
CHR Extension: (Skype Click to Call) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-23]
CHR Extension: (Peněženka Google) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-12-03]
CHR Extension: (OneClickDownload) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco [2012-06-16]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\JANHEN~1\AppData\Local\funmoods.crx [2012-07-31]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\JANHEN~1\AppData\Local\funmoods-speeddial.crx [2012-07-31]
CHR HKCU\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\JANHEN~1\AppData\Local\funmoods.crx [2012-07-31]
CHR HKCU\...\Chrome\Extension: [bhnjjbcnbmjmhgpliahlamecmbejpaol] - C:\Users\Jan Henke\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [2012-07-24]
CHR HKCU\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\JANHEN~1\AppData\Local\funmoods-speeddial.crx [2012-07-31]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\JANHEN~1\AppData\Local\funmoods.crx [2012-07-31]
CHR HKLM-x32\...\Chrome\Extension: [bhnjjbcnbmjmhgpliahlamecmbejpaol] - C:\Users\Jan Henke\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [2012-07-24]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\JANHEN~1\AppData\Local\funmoods-speeddial.crx [2012-07-31]
CHR HKLM-x32\...\Chrome\Extension: [cngompmodgafkkffefbfbghhciijojjh] - C:\Program Files (x86)\phpnuke\phpnuke\1.8.16.4\phpnuke.crx [2013-03-01]
CHR HKLM-x32\...\Chrome\Extension: [godimpbmfohihoaikgfknnnmlncabkkp] - C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp\coc.crx [2014-06-29]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-01-31]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2013-01-31]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2013-01-31]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx [2012-06-05]
CHR StartMenuInternet: Google Chrome - C:\Users\Jan Henke\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-01-29] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2252600 2014-06-19] (AVG)
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1813528 2014-06-23] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-23] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-01] (DT Soft Ltd)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-05-27] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-03 12:38 - 2014-07-03 12:39 - 00034002 _____ () C:\Users\Jan Henke\Desktop\FRST.txt
2014-07-03 12:37 - 2014-07-03 12:38 - 00000000 ____D () C:\FRST
2014-07-03 12:21 - 2014-07-03 12:21 - 02083840 _____ (Farbar) C:\Users\Jan Henke\Desktop\FRST64.exe
2014-07-03 09:44 - 2014-07-03 09:44 - 00000074 _____ () C:\Users\Jan Henke\Desktop\VIRY.CZ • Zobrazit téma - Návod na vytvoření logu z FRST (FRSTLauncher).url
2014-07-03 09:43 - 2014-07-03 09:43 - 00112640 _____ (forum.viry.cz) C:\Users\Jan Henke\Desktop\FRSTLauncher.exe
2014-07-03 09:33 - 2014-07-03 09:37 - 02083840 _____ (Farbar) C:\Users\Jan Henke\Downloads\FRST64.exe
2014-07-03 00:56 - 2014-07-03 00:56 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-07-02 21:53 - 2014-07-02 21:53 - 00003694 _____ () C:\Windows\System32\Tasks\Program k provádění aktualizací online Adobe
2014-07-02 21:01 - 2014-06-19 07:28 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-07-02 21:01 - 2014-06-19 07:28 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-07-02 21:01 - 2014-06-19 07:28 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2014-07-02 21:00 - 2014-07-02 21:00 - 00002229 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00002217 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00002203 _____ () C:\Users\Public\Desktop\AVG údržba 1 kliknutím.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-07-02 20:59 - 2014-07-02 20:59 - 00000000 ____D () C:\Users\Jan Henke\AppData\Local\AVG
2014-07-02 20:50 - 2014-07-02 20:51 - 77105064 _____ (AVG) C:\Users\Jan Henke\Downloads\avg_tuh_stf_all_2014_489_24c28.exe
2014-07-02 17:47 - 2014-07-02 17:47 - 00000000 ___HD () C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
2014-07-02 15:13 - 2014-07-02 15:13 - 106280164 _____ () C:\Users\Jan Henke\Desktop\KB částečně spečené.zip
2014-06-28 18:41 - 2014-06-28 18:43 - 00000000 ____D () C:\Users\Jan Henke\Desktop\fb
2014-06-25 19:07 - 2014-06-25 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD Recovery Toolbox Free
2014-06-25 19:07 - 2014-06-25 19:07 - 00000000 ____D () C:\Program Files (x86)\CD Recovery Toolbox Free
2014-06-25 08:06 - 2014-06-25 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2014-06-25 08:06 - 2014-06-25 08:06 - 00000000 ____D () C:\Program Files (x86)\Smart Projects
2014-06-25 07:52 - 2014-06-25 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
2014-06-25 07:52 - 2014-06-25 07:52 - 00000000 ____D () C:\Program Files (x86)\Roadkil.Net
2014-06-25 07:47 - 2014-06-25 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bad CD DVD Reader
2014-06-25 07:47 - 2014-06-25 07:47 - 00000000 ____D () C:\Program Files (x86)\Bad CD DVD Reader
2014-06-20 12:47 - 2014-06-20 12:47 - 10167547 _____ () C:\Users\Jan Henke\Desktop\Bueno1.zip
2014-06-20 12:44 - 2014-07-02 15:13 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Bueno
2014-06-20 12:40 - 2014-06-20 12:41 - 08712045 _____ () C:\Users\Jan Henke\Desktop\Bueno.zip
2014-06-11 01:37 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 01:37 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 01:37 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 01:37 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 01:37 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 01:37 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 01:37 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 01:37 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 01:37 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 01:37 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 01:37 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 01:37 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 01:37 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 01:37 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 01:37 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 01:37 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 01:37 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 01:37 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 01:37 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 01:37 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 01:37 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 01:37 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 01:37 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 01:37 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 01:37 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 01:37 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 01:37 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 01:37 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 01:37 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 01:37 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 01:37 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 01:37 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 01:37 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 01:37 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 01:37 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 01:37 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 01:37 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 01:37 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 01:37 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 01:37 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 01:37 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 01:37 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 01:37 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 01:37 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 01:37 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 01:37 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 01:37 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 01:37 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 01:37 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 01:37 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 01:37 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 01:37 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 01:36 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 01:36 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 01:36 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 01:36 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 01:35 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 01:35 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 01:35 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 01:35 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 01:35 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 01:35 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 01:35 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 01:35 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 01:29 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 01:29 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 20:09 - 2014-06-07 20:09 - 00000000 ____D () C:\Users\Jan Henke\AppData\Local\3DVIA
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\ProgramData\3DVIA
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\Program Files (x86)\Virtools
2014-06-06 19:36 - 2014-06-06 19:36 - 00002107 _____ () C:\Users\Public\Desktop\StuffIt Expander 2011.lnk
2014-06-04 04:03 - 2014-06-04 04:03 - 00001221 _____ () C:\Users\Jan Henke\Desktop\TreeSize Free.lnk
2014-06-04 04:03 - 2014-06-04 04:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-06-04 04:03 - 2014-06-04 04:03 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-06-04 00:55 - 2014-06-04 00:55 - 00000000 __SHD () C:\Users\Jan Henke\AppData\Local\EmieUserList
2014-06-04 00:55 - 2014-06-04 00:55 - 00000000 __SHD () C:\Users\Jan Henke\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

2014-07-03 12:39 - 2014-07-03 12:38 - 00034002 _____ () C:\Users\Jan Henke\Desktop\FRST.txt
2014-07-03 12:38 - 2014-07-03 12:37 - 00000000 ____D () C:\FRST
2014-07-03 12:21 - 2014-07-03 12:21 - 02083840 _____ (Farbar) C:\Users\Jan Henke\Desktop\FRST64.exe
2014-07-03 12:12 - 2013-02-25 18:56 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 12:10 - 2011-04-28 08:05 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 12:08 - 2011-05-18 11:12 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000UA.job
2014-07-03 11:08 - 2012-12-15 00:52 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000UA.job
2014-07-03 11:08 - 2011-05-18 11:11 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000Core.job
2014-07-03 10:25 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 10:25 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 10:22 - 2011-03-31 08:08 - 01801094 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 10:18 - 2013-08-30 09:38 - 01575936 ___SH () C:\Users\Jan Henke\Desktop\Thumbs.db
2014-07-03 10:17 - 2011-04-28 08:05 - 00000954 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 10:17 - 2010-11-21 05:47 - 00357420 _____ () C:\Windows\PFRO.log
2014-07-03 10:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 10:17 - 2009-07-14 06:51 - 00108424 _____ () C:\Windows\setupact.log
2014-07-03 09:44 - 2014-07-03 09:44 - 00000074 _____ () C:\Users\Jan Henke\Desktop\VIRY.CZ • Zobrazit téma - Návod na vytvoření logu z FRST (FRSTLauncher).url
2014-07-03 09:43 - 2014-07-03 09:43 - 00112640 _____ (forum.viry.cz) C:\Users\Jan Henke\Desktop\FRSTLauncher.exe
2014-07-03 09:37 - 2014-07-03 09:33 - 02083840 _____ (Farbar) C:\Users\Jan Henke\Downloads\FRST64.exe
2014-07-03 08:25 - 2012-07-12 02:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-03 00:56 - 2014-07-03 00:56 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-07-03 00:15 - 2011-03-31 03:50 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Foto movie
2014-07-03 00:14 - 2011-12-29 15:23 - 00000000 ____D () C:\Users\Jan Henke\Desktop\práce
2014-07-02 22:11 - 2012-06-23 04:46 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-02 21:53 - 2014-07-02 21:53 - 00003694 _____ () C:\Windows\System32\Tasks\Program k provádění aktualizací online Adobe
2014-07-02 21:42 - 2013-12-09 21:52 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-02 21:40 - 2013-09-05 20:23 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Nové filmy z Netu
2014-07-02 21:40 - 2011-03-31 03:52 - 00000000 ___RD () C:\Users\Jan Henke\Desktop\hry
2014-07-02 21:22 - 2011-07-06 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carom3D
2014-07-02 21:00 - 2014-07-02 21:00 - 00002229 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00002217 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00002203 _____ () C:\Users\Public\Desktop\AVG údržba 1 kliknutím.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-07-02 20:59 - 2014-07-02 20:59 - 00000000 ____D () C:\Users\Jan Henke\AppData\Local\AVG
2014-07-02 20:59 - 2012-07-12 02:16 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-02 20:51 - 2014-07-02 20:50 - 77105064 _____ (AVG) C:\Users\Jan Henke\Downloads\avg_tuh_stf_all_2014_489_24c28.exe
2014-07-02 20:08 - 2012-12-15 00:52 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000Core.job
2014-07-02 17:47 - 2014-07-02 17:47 - 00000000 ___HD () C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
2014-07-02 15:13 - 2014-07-02 15:13 - 106280164 _____ () C:\Users\Jan Henke\Desktop\KB částečně spečené.zip
2014-07-02 15:13 - 2014-06-20 12:44 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Bueno
2014-06-28 18:43 - 2014-06-28 18:41 - 00000000 ____D () C:\Users\Jan Henke\Desktop\fb
2014-06-28 18:42 - 2014-06-01 10:22 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Grevin
2014-06-26 12:43 - 2014-04-10 17:13 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Druchema
2014-06-26 01:58 - 2014-05-06 01:38 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Aktuální
2014-06-26 01:13 - 2011-04-07 07:29 - 00000000 ___RD () C:\Users\Jan Henke\Desktop\media
2014-06-25 23:55 - 2012-08-04 19:04 - 00000000 ___RD () C:\Users\Jan Henke\Desktop\Křesťanské dialogy
2014-06-25 23:53 - 2011-03-31 04:07 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Kapsa
2014-06-25 19:07 - 2014-06-25 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD Recovery Toolbox Free
2014-06-25 19:07 - 2014-06-25 19:07 - 00000000 ____D () C:\Program Files (x86)\CD Recovery Toolbox Free
2014-06-25 08:06 - 2014-06-25 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2014-06-25 08:06 - 2014-06-25 08:06 - 00000000 ____D () C:\Program Files (x86)\Smart Projects
2014-06-25 07:52 - 2014-06-25 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
2014-06-25 07:52 - 2014-06-25 07:52 - 00000000 ____D () C:\Program Files (x86)\Roadkil.Net
2014-06-25 07:47 - 2014-06-25 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bad CD DVD Reader
2014-06-25 07:47 - 2014-06-25 07:47 - 00000000 ____D () C:\Program Files (x86)\Bad CD DVD Reader
2014-06-23 03:22 - 2014-04-29 19:27 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-23 03:21 - 2013-01-20 19:33 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-06-23 03:20 - 2013-01-20 19:34 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-06-22 00:15 - 2011-04-01 08:09 - 00007303 _____ () C:\Users\Jan Henke\AppData\Roaming\mainhst.zgh
2014-06-21 01:05 - 2011-04-28 08:05 - 00003954 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 01:05 - 2011-04-28 08:05 - 00003702 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 12:47 - 2014-06-20 12:47 - 10167547 _____ () C:\Users\Jan Henke\Desktop\Bueno1.zip
2014-06-20 12:41 - 2014-06-20 12:40 - 08712045 _____ () C:\Users\Jan Henke\Desktop\Bueno.zip
2014-06-19 09:14 - 2014-04-01 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-19 07:28 - 2014-07-02 21:01 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-06-19 07:28 - 2014-07-02 21:01 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-06-19 07:28 - 2014-07-02 21:01 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2014-06-18 11:03 - 2011-05-18 11:12 - 00003956 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000UA
2014-06-18 11:03 - 2011-05-18 11:11 - 00003560 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000Core
2014-06-18 06:55 - 2014-01-27 07:44 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Jobs
2014-06-11 04:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:09 - 2013-07-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 03:02 - 2011-04-06 08:45 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-11 01:29 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 01:29 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 20:09 - 2014-06-07 20:09 - 00000000 ____D () C:\Users\Jan Henke\AppData\Local\3DVIA
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\ProgramData\3DVIA
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\Program Files (x86)\Virtools
2014-06-06 19:36 - 2014-06-06 19:36 - 00002107 _____ () C:\Users\Public\Desktop\StuffIt Expander 2011.lnk
2014-06-06 19:36 - 2011-09-15 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
2014-06-06 19:36 - 2011-09-15 19:53 - 00000000 ____D () C:\Program Files (x86)\Smith Micro
2014-06-04 04:03 - 2014-06-04 04:03 - 00001221 _____ () C:\Users\Jan Henke\Desktop\TreeSize Free.lnk
2014-06-04 04:03 - 2014-06-04 04:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-06-04 04:03 - 2014-06-04 04:03 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-06-04 04:03 - 2012-08-04 15:37 - 00000000 ____D () C:\Users\Jan Henke\AppData\Roaming\JAM Software
2014-06-04 01:05 - 2011-03-31 18:16 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-04 01:04 - 2011-03-31 01:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-04 00:55 - 2014-06-04 00:55 - 00000000 __SHD () C:\Users\Jan Henke\AppData\Local\EmieUserList
2014-06-04 00:55 - 2014-06-04 00:55 - 00000000 __SHD () C:\Users\Jan Henke\AppData\Local\EmieSiteList
2014-06-04 00:55 - 2012-08-19 07:10 - 00000000 ____D () C:\Users\Jan Henke\AppData\Local\Conduit
2014-06-03 23:43 - 2013-08-20 02:22 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Beata Nicola

Files to move or delete:
====================
C:\ProgramData\sysqcl1129139270.dat
C:\Users\Jan Henke\xobglu16.dll
C:\Users\Jan Henke\xobglu32.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000Core.job => C:\Users\Jan Henke\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000UA.job => C:\Users\Jan Henke\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000Core.job => C:\Users\Jan Henke\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000UA.job => C:\Users\Jan Henke\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:9485DACB
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Security Center ==================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jan Henke\Desktop" je 90356 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish
"C:\Program Files (x86)\Clownfish\Clownfish.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\Jan Henke\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\Jan Henke\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Detective
C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Users\Jan Henke\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
"C:\Users\Jan Henke\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Install PC Performer43349.exe
"C:\Users\JANHEN~1\AppData\Local\Temp\Install PC Performer43349.exe" /XML="C:\Users\JANHEN~1\AppData\Local\Temp\4165.tmp" /STP=0:2 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor
C:\Windows\PixArt\PAC7302\Monitor.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
"C:\Program Files (x86)\Steam\Steam.exe" -silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
"C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~2\MCAFEE~1\307523~1.318\SSSCHE~1.EXE

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **vyosek** » 03 črc 2014 16:15

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

JanHenke · #3 Příspěvek od **JanHenke** » 03 črc 2014 17:11

Moc, moc Vám děkuji. Udělám vše co píšete a znovu se ozvu.

JanHenke · #4 Příspěvek od **JanHenke** » 03 črc 2014 18:00

Posílám podle Vašeho doporučení obsah obou dokumentů:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jan Henke on źt 03.07.2014 at 18:24:28,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-182835841-275435485-1171101328-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\f
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoods.dskbnd
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoods.dskbnd.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoods.funmoodshlpr
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoods.funmoodshlpr.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoodsapp.appcore
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoodsapp.appcore.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-182835841-275435485-1171101328-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softonic.dskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softonic.dskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softonic.softonichlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softonic.softonichlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softonicapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softonicapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\srv.softonicsrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\srv.softonicsrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodssetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodssetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_ggl_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_ggl_1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\optimizer pro_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c3f3165c-74d3-6fdb-3274-14fda8698cfa}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_sony-vegas-video_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_sony-vegas-video_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_the-elder-scrolls-iv-oblivion_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_the-elder-scrolls-iv-oblivion_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_sony-vegas-video_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_sony-vegas-video_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_the-elder-scrolls-iv-oblivion_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_the-elder-scrolls-iv-oblivion_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{073F7763-71D9-1CA4-CAC5-5C45E7714888}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1C8DB5B0-A64F-43EC-B58C-A0F4EB1A3205}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9997E497-394A-4DB7-817E-FF62F25D9057}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F8D55197-BDA6-47DF-9753-B3A80D35C2BB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{073F7763-71D9-1CA4-CAC5-5C45E7714888}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

~~~ Files

Successfully deleted: [File] "C:\Users\Jan Henke\appdata\local\funmoods-speeddial.crx"
Successfully deleted: [File] "C:\Users\Jan Henke\appdata\local\funmoods.crx"
Successfully deleted: [File] "C:\Users\Jan Henke\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Jan Henke\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Jan Henke\appdata\local\google\chrome\user data\default\local storage\http_storage.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\softsafe"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Jan Henke\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Jan Henke\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Jan Henke\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Jan Henke\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Jan Henke\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\Jan Henke\AppData\Roaming\yourfiledownloader"
Successfully deleted: [Folder] "C:\Users\Jan Henke\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Jan Henke\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Jan Henke\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Jan Henke\appdata\locallow\softonic"
Successfully deleted: [Folder] "C:\Program Files (x86)\chatzum toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\registry mechanic"
Successfully deleted: [Folder] "C:\Program Files (x86)\simplespeedy"
Successfully deleted: [Folder] "C:\Program Files (x86)\softonic"
Successfully deleted: [Folder] "C:\Program Files (x86)\torntv.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\yourfiledownloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\Jan Henke\appdata\local\{0DA8DA55-A33A-4143-A16D-3564140156FC}
Successfully deleted: [Empty Folder] C:\Users\Jan Henke\appdata\local\{5F36EE8D-01C1-4796-93A7-02CD3C7F80DF}
Successfully deleted: [Empty Folder] C:\Users\Jan Henke\appdata\local\{74637911-418C-4904-8522-8974DFFF1D03}
Successfully deleted: [Empty Folder] C:\Users\Jan Henke\appdata\local\{AE8F2964-FA46-4623-BE96-26AE839F54A3}

~~~ FireFox

Successfully deleted: [File] C:\user.js
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\user.js
Successfully deleted: [File] C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\extensions\torntv2@torntv.com.xpi
Successfully deleted: [File] C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\searchplugins\search.xml
Successfully deleted: [File] C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\searchplugins\softonic.xml
Successfully deleted: [File] C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\searchplugins\websearch.xml
Successfully deleted: [Folder] C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\smartbar
Successfully deleted: [Folder] C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Folder] C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\extensions\ffxtlbr@funmoods.com
Successfully deleted: [Folder] C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\extensions\ffxtlbra@softonic.com
Successfully deleted the following from C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\prefs.js

user_pref("CT1750559.FF19Solved", "true");
user_pref("CT1750559.UserID", "UN38353721418376150");
user_pref("CT1750559.fullUserID", "UN38353721418376150.IN.20140207192037");
user_pref("CT1750559.installDate", "07/02/2014 19:20:40");
user_pref("CT1750559.installSessionId", "c9b0489b-8c05-4f0f-9ed3-3609d5c893fb");
user_pref("CT1750559.installSp", "FALSE");
user_pref("CT1750559.installerVersion", "1.8.1.4");
user_pref("CT1750559.searchRevert", "false");
user_pref("CT1750559.searchUninstallUserMode", "1");
user_pref("CT1750559.searchUserMode", "1");
user_pref("CT1750559.toolbarInstallDate", "07-02-2014 19:20:37");
user_pref("CT1750559.versionFromInstaller", "10.23.0.722");
user_pref("CT1750559.xpeMode", "1");
user_pref("CT3205709.1000082.isPlayDisplay", "true");
user_pref("CT3205709.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
user_pref("CT3205709.CBOpenMAMSettings", "0");
user_pref("CT3205709.CT3205709ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%2244757%22%2C%22title%22%3A%22Vy%u010Dist%u011Bte%20sv%E9%20PC%20%28zdarma%29%20%u221A%22%2C%22adtext1%
user_pref("CT3205709.CT3205709current_term", "");
user_pref("CT3205709.CT3205709sdate", "20");
user_pref("CT3205709.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3205709.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3205709.FirstTime", "true");
user_pref("CT3205709.FirstTimeFF3", "true");
user_pref("CT3205709.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB16&ctid=CT3205709&SearchSource=2&q=");
user_pref("CT3205709.UserID", "UN41891101800365915");
user_pref("CT3205709.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3205709.autoDisableScopes", 14);
user_pref("CT3205709.browser.search.defaultthis.engineName", true);
user_pref("CT3205709.cbcountry_001", "CZ");
user_pref("CT3205709.cbfirsttime", "Mon Aug 20 2012 17:24:02 GMT+0200");
user_pref("CT3205709.defaultSearch", "true");
user_pref("CT3205709.embeddedsData", "[{\"appId\":\"129780988072000786\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3205709.enableAlerts", "always");
user_pref("CT3205709.enableSearchFromAddressBar", "true");
user_pref("CT3205709.firstTimeDialogOpened", "true");
user_pref("CT3205709.fixPageNotFoundError", "true");
user_pref("CT3205709.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3205709.fixUrls", true);
user_pref("CT3205709.installId", "brothersoft_exterme_3_dm.exe");
user_pref("CT3205709.installType", "ConduitNSISIntegration");
user_pref("CT3205709.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3205709.isNewTabEnabled", true);
user_pref("CT3205709.isPerformedSmartBarTransition", "true");
user_pref("CT3205709.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3205709.keyword", true);
user_pref("CT3205709.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.facebook.com%2Fphoto.php%3Fv%3D544750395535387%26set%3Dvb.100000012943860%26type%3D2%26
user_pref("CT3205709.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3205709.openThankYouPage", "false");
user_pref("CT3205709.openUninstallPage", "true");
user_pref("CT3205709.search.searchAppId", "129780988072000786");
user_pref("CT3205709.search.searchCount", "0");
user_pref("CT3205709.searchInNewTabEnabledInHidden", "true");
user_pref("CT3205709.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3205709.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3205709.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3205709.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3205709\"}");
user_pref("CT3205709.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BrotherSoftExtreme3.OurToolbar.com//xpi\"}");
user_pref("CT3205709.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BrotherSoft Extreme3\"}");
user_pref("CT3205709.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3205709.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3205709.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345476223240");
user_pref("CT3205709.serviceLayer_services_appTracking_lastUpdate", "1345476232203");
user_pref("CT3205709.serviceLayer_services_appsMetadata_lastUpdate", "1345476223047");
user_pref("CT3205709.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345476227162");
user_pref("CT3205709.serviceLayer_services_login_10.10.20.500_lastUpdate", "1345705130402");
user_pref("CT3205709.serviceLayer_services_login_10.10.27.6_lastUpdate", "1358616811881");
user_pref("CT3205709.serviceLayer_services_optimizer_lastUpdate", "1345476227219");
user_pref("CT3205709.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345476227753");
user_pref("CT3205709.serviceLayer_services_searchAPI_lastUpdate", "1345476222313");
user_pref("CT3205709.serviceLayer_services_serviceMap_lastUpdate", "1358616778086");
user_pref("CT3205709.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345476227139");
user_pref("CT3205709.serviceLayer_services_toolbarSettings_lastUpdate", "1358616778681");
user_pref("CT3205709.serviceLayer_services_translation_lastUpdate", "1358616778204");
user_pref("CT3205709.settingsINI", true);
user_pref("CT3205709.shouldFirstTimeDialog", "false");
user_pref("CT3205709.smartbar.CTID", "CT3205709");
user_pref("CT3205709.smartbar.Uninstall", "0");
user_pref("CT3205709.smartbar.homepage", true);
user_pref("CT3205709.smartbar.toolbarName", "BrotherSoft Extreme3 ");
user_pref("CT3205709.startPage", "userChanged");
user_pref("CT3205709.toolbarBornServerTime", "20-8-2012");
user_pref("CT3205709.toolbarCurrentServerTime", "19-1-2013");
user_pref("CT3205709.url_history0001", "hxxp://www.facebook.com/events/488915754480509 ... 509/#:::cl
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://utils.chatzum.com/?url=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3205709");
user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119776&babs ... 71BCCCA5EB");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "hxxp://websearch.simplespeedy.info/?l=1&q=");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("extensions.516016985eb66.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=108921");
user_pref("extensions.BabylonToolbar.bbDpng", 28);
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "44acdcf00000000000007071bccca5eb");
user_pref("extensions.BabylonToolbar.instlDay", "15345");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=108921&babsrc=adbartrp&mntrId=44acdcf00000000000007071bccca5eb&q=");
user_pref("extensions.BabylonToolbar.lastDP", 28);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1723:17:23");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "18.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 100567200);
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "azb");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1723:17:23");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108921");
user_pref("extensions.BabylonToolbar_i.hardId", "44acdcf00000000000007071bccca5eb");
user_pref("extensions.BabylonToolbar_i.id", "44acdcf00000000000007071bccca5eb");
user_pref("extensions.BabylonToolbar_i.instlDay", "15345");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1723:17:23");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.Softonic.admin", false);
user_pref("extensions.Softonic.aflt", "SD");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic.cntry", "CZ");
user_pref("extensions.Softonic.cv", "cv5");
user_pref("extensions.Softonic.dfltLng", "");
user_pref("extensions.Softonic.dfltSrch", true);
user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
user_pref("extensions.Softonic.dspOld", "Search the web (Babylon)");
user_pref("extensions.Softonic.envrmnt", "production");
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.hdrMd5", "50F9C8F165DCA2DC18DC034BBEC037B2");
user_pref("extensions.Softonic.hmpg", true);
user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=13&cc=");
user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=13&cc=");
user_pref("extensions.Softonic.hpOld", "hxxp://search.chatzum.com/");
user_pref("extensions.Softonic.id", "44acdcf00000000000007071bccca5eb");
user_pref("extensions.Softonic.instlDay", "15514");
user_pref("extensions.Softonic.instlRef", "MON00006");
user_pref("extensions.Softonic.isdcmntcmplt", false);
user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=2&cc=&q=");
user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.33:33:22");
user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
user_pref("extensions.Softonic.newTab", true);
user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=15&cc=");
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.radiomystations", "[{\"id\":\"1069\",\"name\":\"ORS Romántica en espańol\",\"url\":\"hxxp://www.orsradio.com/oldies56k.asx\",\"streamType\":\"mp
user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
user_pref("extensions.Softonic.sg", "az");
user_pref("extensions.Softonic.smplGrp", "none");
user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
user_pref("extensions.Softonic.tlbrId", "base");
user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.vrsn", "1.5.24.3");
user_pref("extensions.Softonic.vrsnTs", "1.5.24.33:33:22");
user_pref("extensions.Softonic.vrsni", "1.5.24.3");
user_pref("extensions.Softonic_i.dnsErr", true);
user_pref("extensions.Softonic_i.hmpg", true);
user_pref("extensions.Softonic_i.newTab", true);
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.33:33:22");
user_pref("extensions.funmoods.aflt", "stonicrow");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.cntry", "CZ");
user_pref("extensions.funmoods.cv", "cv5");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "91E67FFA62C6ADF7BF68DDCAEE0F8A4F");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=stonicrow&chnl=stonicrow&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0C0FzztB0E0E0D0C0FtDtN0D0Tzu0CtBtCtAtN1L2Xzu
user_pref("extensions.funmoods.id", "7A7905CF82EEDCF0");
user_pref("extensions.funmoods.instlDay", "15552");
user_pref("extensions.funmoods.instlRef", "stonicrow");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:36:33");
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=stonicrow&chnl=stonicrow&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0C0FzztB0E0E0D0C0FtDtN0D0Tzu0CtBtCtAtN1L2X
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.smplGrp", "none");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=stonicrow&chnl=stonicrow&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0C0FzztB0E0E0D0C0FtDtN0D0Tzu0CtBtCtAtN1L
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:36:33");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:36:33");
user_pref("extensions.phpnuke.hmpgUrl", "hxxp://search.phpnuke.org/?lang=en&cid=457c4dfc");
user_pref("extensions.phpnuke.hpOld0", "hxxp://websearch.simplespeedy.info/");
user_pref("extensions.phpnuke.kw_url", "hxxp://search.phpnuke.org/?lang=en&cid=457c4dfc&q=");
user_pref("extensions.phpnuke.newTabUrl", "hxxp://search.phpnuke.org/?lang=en&cid=457c4dfc");
user_pref("smartbar.machineId", "5D4V140SZ4M1MH5CFYVBGSQ55I28XK8ZCT/1IV/S4F69VGN6NFZHGPSB/TVIBK/7FHCEKPGJOBWIYJTU+MKDBQ");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEnginectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\Jan Henke\AppData\Roaming\mozilla\firefox\profiles\3laanudl.default\minidumps [4 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Jan Henke\appdata\local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Successfully deleted: [Folder] C:\Users\Jan Henke\appdata\local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 03.07.2014 at 18:34:02,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.214 - Report created 03/07/2014 at 18:45:47
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jan Henke - JANHENKE-PC
# Running from : C:\Users\Jan Henke\Desktop\adwcleaner_3.214.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.7

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\BrouwsEe2save
Folder Deleted : C:\ProgramData\EbookBrroowse
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrouwsEe2save
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbookBrroowse
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\BrowseToSave
Folder Deleted : C:\Program Files (x86)\ExpressFiles
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Jan Henke\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Jan Henke\AppData\Local\Conduit
Folder Deleted : C:\Users\JANHEN~1\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\JANHEN~1\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\JANHEN~1\AppData\Local\Temp\CT3205709
Folder Deleted : C:\Users\JANHEN~1\AppData\Local\Temp\CT1750559
Folder Deleted : C:\Users\Jan Henke\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Jan Henke\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Jan Henke\Documents\Updater
Folder Deleted : C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\CT3205709
Folder Deleted : C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\CT1750559
Folder Deleted : C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\oeiem.b59@aa-fr.com
Folder Deleted : C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\ooy_uahqo@oockmuuernaq.net
Folder Deleted : C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\{62d40876-df18-411f-9d34-a9dd7a197bc5}
Folder Deleted : C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
Folder Deleted : C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol
File Deleted : C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\OneClickDownload@OneClickDownload.com.xpi
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\searchplugins\bingp.xml
File Deleted : C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\searchplugins\search-web.xml
File Deleted : C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dnpmlnedpdikbgdghljdepnljfpkhccn_0.localstorage
File Deleted : C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_continuetosave.info_0.localstorage-journal
File Deleted : C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_images.search.conduit.com_0.localstorage
File Deleted : C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_images.search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage
File Deleted : C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage-journal
File Deleted : C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
File Deleted : C:\Windows\System32\Tasks\YourFile DownloaderUpdate
File Deleted : C:\Windows\System32\Tasks\YourFile Update

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\5f28f8ae06fba41
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_ccfde35c
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\ChatZum Toolbar
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\ChatZum Toolbar
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]

-\\ Mozilla Firefox v19.0 (cs)

[ File : C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\prefs.js ]

Line Deleted : user_pref("CT3205709.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3205709.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3205709.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3205709.embeddedsData", "[{\"appId\":\"129780988072000786\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3205709.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3205709.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3205709.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.facebook.com%2Fphoto.php%3Fv%3D544750395535387%26set%3Dvb.100000012943860%26type%3D2%26theater\",\"EB_MAIN_FRAME[...]
Line Deleted : user_pref("CT3205709.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3205709.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3205709.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3205709.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3205709.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3205709\"}");
Line Deleted : user_pref("CT3205709.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BrotherSoftExtreme3.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3205709.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BrotherSoft Extreme3\"}");
Line Deleted : user_pref("CT3205709.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3205709.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("browser.search.order.1", "Search The Web (phpnuke)");
Line Deleted : user_pref("extensions.Softonic.radiomystations", "[{\"id\":\"1069\",\"name\":\"ORS Romántica en espańol\",\"url\":\"hxxp://www.orsradio.com/oldies56k.asx\",\"stre ... 213\",\"na[...]
Line Deleted : user_pref("extensions.phpnuke.srchPrvdr", "Search The Web (phpnuke)");

-\\ Google Chrome v

[ File : C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://eu.wowarmory.com/search.xml?searchQuery={searchTerms}&searchType=all
Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?q={searchTerms}&category=web&a=stonicrow&f=2&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0C0FzztB0E0E0D0C0FtDtN0D0Tzu0CtBtCtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1767227705&start=1
Deleted [Search Provider] : hxxp://nakup.itesco.cz/cs-CZ/Search/List?searchQuery={searchTerms}&x=27&y=12
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={7EC5587E-0F9B-44A8-8E0E-4453BDE05238}&mid=95362f72fdcd47d0ae6aa138fa284c18-00411a548cb2ec2a2dab1d02ddd305b832f9c5f2&lang=cs&ds=AVG&pr=pr&d=2013-06-25 09:02:37&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
Deleted [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deleted [Extension] : bhnjjbcnbmjmhgpliahlamecmbejpaol
Deleted [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deleted [Extension] : pmlghpafmmnmmkjdhacccolfgnkiboco

*************************

AdwCleaner[R0].txt - [19905 octets] - [03/07/2014 18:40:18]
AdwCleaner[S0].txt - [19807 octets] - [03/07/2014 18:45:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19868 octets] ##########

Co bude následovat?

#5 Příspěvek od **vyosek** » 03 črc 2014 19:45

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

JanHenke · #6 Příspěvek od **JanHenke** » 03 črc 2014 19:48

Díky, hned provedu!

#7 Příspěvek od **vyosek** » 03 črc 2014 19:52

JanHenke · #8 Příspěvek od **JanHenke** » 03 črc 2014 20:39

Tak je to tady:

Zoek.exe v5.0.0.0 Updated 30-06-2014
Tool run by Jan Henke on źt 03.07.2014 at 20:56:53,87.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jan Henke\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3.7.2014 21:04:04 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\JANHEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=061613");
user_pref("browser.search.defaultenginename", "Bing ");
user_pref("browser.search.selectedEngine", "Bing ");
user_pref("keyword.URL", "http://www.bing.com/search?FORM=UP21DF& ... =061613&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\JANHEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\JANHEN~1\AppData\Roaming\Thunderbird\Profiles\uzge9hlq.default\prefs.js:

Added to C:\Users\JANHEN~1\AppData\Roaming\Thunderbird\Profiles\uzge9hlq.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\JANHEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default

user.js not found
---- Lines phpnuke removed from prefs.js ----
user_pref("extensions.phpnuke.autoRvrt", "false");
user_pref("extensions.phpnuke.dfltSrch", true);
user_pref("extensions.phpnuke.dnsErr", true);
user_pref("extensions.phpnuke.hmpg", true);
user_pref("extensions.phpnuke.newTab", true);
user_pref("extensions.phpnuke.rvrt", "true");
---- Lines Torntv removed from prefs.js ----
user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.2.3\",\"type\":\"extension\",\"descriptor\":\
---- Lines OneClickDownload removed from prefs.js ----
user_pref("extensions.OneClickDownload.filter", "1");
user_pref("extensions.OneClickDownload.lastUpdate", "{\"hours\":17,\"min\":23}");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- Lines extensions.516016985eb66 removed from prefs.js ----
user_pref("extensions.516016985eb66.epoch", "1366695272");
user_pref("extensions.516016985eb66.url", "http://getitjpi.info/sync/?ext=btos&pid ... 442545&ssd
---- Lines extensions.516016d74c8bf removed from prefs.js ----
user_pref("extensions.516016d74c8bf.epoch", "1366695272");
user_pref("extensions.516016d74c8bf.scode", "(function(){try{if(-1==window.self.location.hostname.indexOf('mail.'))for(i=0;5>i;i++)window.setTimeout(f
user_pref("extensions.516016d74c8bf.url", "http://syncs-jpi.info/sync/?ext=2eeb01& ... =299442545&
---- FireFox user.js and prefs.js backups ----

prefs_03.07.2014_2118_.backup

ProfilePath: C:\Users\JANHEN~1\AppData\Roaming\Thunderbird\Profiles\uzge9hlq.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_03.07.2014_2118_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted
C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\pref.js deleted
C:\PROGRA~2\phpnuke deleted
C:\Users\Jan Henke\xobglu16.dll deleted
C:\Users\Jan Henke\xobglu32.dll deleted
C:\PROGRA~3\sysqcl1129139270.dat deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Jan Henke\AppData\Local\CRE deleted
C:\Users\Jan Henke\Searches deleted
C:\Users\Jan Henke\Downloads\bs_Google_SketchUp.exe deleted
C:\Users\Jan Henke\AppData\LocalLow\phpnuke deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\JANHEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\jetpack deleted
C:\Users\Jan Henke\AppData\Roaming\12683.exe deleted
C:\Users\Jan Henke\AppData\Roaming\30714.exe deleted
"C:\Users\JANHEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\searchplugins\phpnuke.xml" deleted
"C:\Users\Jan Henke\AppData\Roaming\phpnuke\sqlite3.dll" deleted
"C:\Users\Jan Henke\AppData\Roaming\Sony" deleted
"C:\Users\Jan Henke\AppData\Roaming\phpnuke" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [24.10.2012 14:15]

==== Firefox Extensions ======================

ProfilePath: C:\Users\JANHEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default
- RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- DivX Plus Web Player HTML5 lt;videogt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
- Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- z - %AppDir%\extensions\{19bc7a5f-d8c6-c479-8ce2-b851f1a1be53}
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default
555E65306A5D3A5978BE74E1DD62CDD9 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Jan Henke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
AB87C54CA19675880B0CAE65B8AF140C - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.70.11
D0621E248FE23302CB379AA664CA17ED - C:\ProgramData\id Software\QuakeLive\npquakezero.dll - QUAKE LIVE
F475DAA3CF6D19DA49BE7BAC0A966DB3 - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
D493C8FC0D0FD015BB9765658D77346E - C:\Users\Jan Henke\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cngompmodgafkkffefbfbghhciijojjh - C:\Program Files (x86)\phpnuke\phpnuke\1.8.16.4\phpnuke.crx[]
godimpbmfohihoaikgfknnnmlncabkkp - C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp\coc.crx[29.06.2014 15:54]
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[24.10.2012 14:15]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[31.01.2013 11:40]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12.12.2011 15:13]

PhpNuke Chrome Toolbar - Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cngompmodgafkkffefbfbghhciijojjh
Re§im ECHO je vypnut. - Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp
RealPlayer HTML5Video Downloader Extension - Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Skype Click to Call - Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chrome Fix ======================

C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage-journal deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.babylon.com_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.babylon.com_0.localstorage-journal deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage-journal deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dvdsubedit.en.softonic.com_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hamachi.en.softonic.com_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_sony-vegas-video.en.softonic.com_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.fotosearch.com_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.fotosearch.com_0.localstorage-journal deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.picsearch.com_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.picsearch.com_0.localstorage-journal deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.zabasearch.com_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.zabasearch.com_0.localstorage-journal deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zoom.fotosearch.com_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zoom.fotosearch.com_0.localstorage-journal deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cngompmodgafkkffefbfbghhciijojjh deleted successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Backup.Old.Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Backup.Old.Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{04BD9B3B-0FCA-4F52-AFB5-615465E576A4} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... kSearch_12"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{35B09B3F-67F8-426F-B89A-9B13C5746576} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r= ... kSearch_12"
{5376BFEF-0788-4AA4-96BC-69611D068A2D} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerm ... kSearch_12"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{876B1846-74F4-43FC-ABAB-ABB1D1FC652E} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q= ... kSearch_12"
{97B4E9EF-CAA8-4C7C-B206-64DA46560E47} Bing Url="http://www.bing.com/search?FORM=UP21DF& ... -SearchBox"
{BB7952CF-6A4F-4BD2-92FA-FC39BE23A684} Firmy.cz Url="http://www.firmy.cz/phr/{searchTerms}?s ... kSearch_12"
{EBE46BFC-8AF7-4CF1-AF0B-C3F80CCF41C9} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerm ... kSearch_12"

==== Reset Google Chrome ======================

C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-182835841-275435485-1171101328-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B206A1E-933F-4A50-9E60-5167598BDB03} deleted successfully
HKEY_USERS\S-1-5-21-182835841-275435485-1171101328-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B206A1E-933F-4A50-9E60-5167598BDB03} deleted successfully
HKEY_USERS\S-1-5-21-182835841-275435485-1171101328-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{890CA547-B66C-48BF-9663-DBE0BFDC7D0C} deleted successfully
HKEY_USERS\S-1-5-21-182835841-275435485-1171101328-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{890CA547-B66C-48BF-9663-DBE0BFDC7D0C} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B206A1E-933F-4A50-9E60-5167598BDB03} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{890CA547-B66C-48BF-9663-DBE0BFDC7D0C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{890CA547-B66C-48BF-9663-DBE0BFDC7D0C} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7B206A1E-933F-4A50-9E60-5167598BDB03} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6034548E-3260-0449-CE46-056FA6763C7F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{648F6A04-1AF8-F27F-297E-19B701AC2E23} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cngompmodgafkkffefbfbghhciijojjh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Install PC Performer43349.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jan Henke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jan Henke\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jan Henke\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jan Henke\AppData\Local\Mozilla\Firefox\Profiles\3laanudl.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=119 folders=28 81373814 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jan Henke\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\JANHEN~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on źt 03.07.2014 at 21:33:27,75 ======================

#9 Příspěvek od **vyosek** » 04 črc 2014 06:15

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

JanHenke · #10 Příspěvek od **JanHenke** » 04 črc 2014 08:34

Addition.zip: (16.74 KiB) Staženo 73 x

Přeji Vám krásný dobrý den. A děkuji za vzornou péči a za rychlé reakce.
Následuje obsah FRST.txt a v příloze zabalený soubor Addition.
Doufám jen, že jsem nic nepopletl.
__________________________________

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Jan Henke (administrator) on JANHENKE-PC on 04-07-2014 09:05:20
Running from C:\Users\Jan Henke\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\Pixart\Pac7302\Monitor.exe
() C:\Program Files (x86)\Seznam.cz\bin\postak.exe
(PC Drivers Headquarters) C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(forum.viry.cz) C:\Users\Jan Henke\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2010-07-20] (Realtek Semiconductor)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\Run: [Seznam Postak] => C:\Program Files (x86)\Seznam.cz\bin\postak.exe [491040 2012-01-10] ()
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\Run: [Driver Detective] => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [3847064 2013-05-01] (PC Drivers Headquarters)
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\MountPoints2: F - F:\SETUP.EXE
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\MountPoints2: {007428dd-dadc-11e1-b3bb-7071bccca5eb} - L:\SETUP.EXE
BootExecute: autocheck autochk /r \??\G:autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=113012
҅
羭佁耀҅
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f ... 1767227705
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f ... 1767227705
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - Backup.Old.DefaultScope {3738B3E1-0F04-4C45-BF2A-FD0EDC535C71}
SearchScopes: HKCU - 8AE443394DF243BB910312C3B4D2C581 URL = http://search.phpnuke.org/?lang=en&cid= ... earchTerms}
SearchScopes: HKCU - {04BD9B3B-0FCA-4F52-AFB5-615465E576A4} URL = http://www.mapy.cz/?query={searchTerms} ... kSearch_12
SearchScopes: HKCU - {35B09B3F-67F8-426F-B89A-9B13C5746576} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... kSearch_12
SearchScopes: HKCU - {5376BFEF-0788-4AA4-96BC-69611D068A2D} URL = http://slovnik.seznam.cz/?q={searchTerm ... kSearch_12
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {876B1846-74F4-43FC-ABAB-ABB1D1FC652E} URL = http://encyklopedie.seznam.cz/search?q= ... kSearch_12
SearchScopes: HKCU - {BB7952CF-6A4F-4BD2-92FA-FC39BE23A684} URL = http://www.firmy.cz/phr/{searchTerms}?s ... kSearch_12
SearchScopes: HKCU - {EBE46BFC-8AF7-4CF1-AF0B-C3F80CCF41C9} URL = http://slovnik.seznam.cz/?q={searchTerm ... kSearch_12
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\bin\core.4.dll ()
Toolbar: HKLM-x32 - Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files (x86)\Seznam.cz\toolbar\toolbar.dll ()
DPF: HKLM {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Len ... etect2.cab
DPF: HKLM-x32 {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.100

FireFox:
========
FF ProfilePath: C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.10 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Jan Henke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jan Henke\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jan Henke\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jan Henke\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Seznam lištička - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-04-22]
FF Extension: Adblock Plus - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-01]
FF Extension: Greasemonkey - C:\Users\Jan Henke\AppData\Roaming\Mozilla\Firefox\Profiles\3laanudl.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-02-28]
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{19bc7a5f-d8c6-c479-8ce2-b851f1a1be53} [2013-02-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-02-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-30]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-01-16]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-30]

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-03]
CHR Extension: (Disk Google) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-03]
CHR Extension: (YouTube) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-03]
CHR Extension: (Vyhledávání Google) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-03]
CHR Extension: (No Name) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp [2014-07-02]
CHR Extension: (Skype Click to Call) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-23]
CHR Extension: (Peněženka Google) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-12-03]
CHR Extension: (Gmail) - C:\Users\Jan Henke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-03]
CHR HKLM-x32\...\Chrome\Extension: [godimpbmfohihoaikgfknnnmlncabkkp] - C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp\coc.crx [2014-06-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-01-31]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR StartMenuInternet: Google Chrome - C:\Users\Jan Henke\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-01-29] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2252600 2014-06-19] (AVG)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-23] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-01] (DT Soft Ltd)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-05-27] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-04 09:05 - 2014-07-04 09:06 - 00023316 _____ () C:\Users\Jan Henke\Desktop\FRST.txt
2014-07-04 08:55 - 2014-07-04 08:58 - 00000000 ____D () C:\Users\Jan Henke\Desktop\na viry
2014-07-03 21:27 - 2014-07-03 20:56 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-03 21:03 - 2014-07-03 21:33 - 00021362 _____ () C:\zoek-results.log
2014-07-03 20:56 - 2014-07-03 21:22 - 00000000 ____D () C:\zoek_backup
2014-07-03 18:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-03 18:40 - 2014-07-03 18:46 - 00000000 ____D () C:\AdwCleaner
2014-07-03 18:24 - 2014-07-03 18:24 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 18:18 - 2014-07-03 18:21 - 00000000 ____D () C:\Users\Jan Henke\Desktop\first
2014-07-03 12:37 - 2014-07-04 09:05 - 00000000 ____D () C:\FRST
2014-07-03 12:21 - 2014-07-03 12:21 - 02083840 _____ (Farbar) C:\Users\Jan Henke\Desktop\FRST64.exe
2014-07-03 09:44 - 2014-07-03 09:44 - 00000074 _____ () C:\Users\Jan Henke\Desktop\VIRY.CZ • Zobrazit téma - Návod na vytvoření logu z FRST (FRSTLauncher).url
2014-07-03 09:43 - 2014-07-03 09:43 - 00112640 _____ (forum.viry.cz) C:\Users\Jan Henke\Desktop\FRSTLauncher.exe
2014-07-03 09:33 - 2014-07-03 09:37 - 02083840 _____ (Farbar) C:\Users\Jan Henke\Downloads\FRST64.exe
2014-07-03 00:56 - 2014-07-03 00:56 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-07-02 21:53 - 2014-07-02 21:53 - 00003694 _____ () C:\Windows\System32\Tasks\Program k provádění aktualizací online Adobe
2014-07-02 21:01 - 2014-06-19 07:28 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-07-02 21:01 - 2014-06-19 07:28 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-07-02 21:01 - 2014-06-19 07:28 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2014-07-02 21:00 - 2014-07-02 21:00 - 00002229 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00002217 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00002203 _____ () C:\Users\Public\Desktop\AVG údržba 1 kliknutím.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-07-02 20:59 - 2014-07-02 20:59 - 00000000 ____D () C:\Users\Jan Henke\AppData\Local\AVG
2014-07-02 20:50 - 2014-07-02 20:51 - 77105064 _____ (AVG) C:\Users\Jan Henke\Downloads\avg_tuh_stf_all_2014_489_24c28.exe
2014-07-02 17:47 - 2014-07-02 17:47 - 00000000 ___HD () C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
2014-07-02 15:13 - 2014-07-02 15:13 - 106280164 _____ () C:\Users\Jan Henke\Desktop\KB částečně spečené.zip
2014-06-28 18:41 - 2014-06-28 18:43 - 00000000 ____D () C:\Users\Jan Henke\Desktop\fb
2014-06-25 19:07 - 2014-06-25 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD Recovery Toolbox Free
2014-06-25 19:07 - 2014-06-25 19:07 - 00000000 ____D () C:\Program Files (x86)\CD Recovery Toolbox Free
2014-06-25 08:06 - 2014-06-25 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2014-06-25 08:06 - 2014-06-25 08:06 - 00000000 ____D () C:\Program Files (x86)\Smart Projects
2014-06-25 07:52 - 2014-06-25 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
2014-06-25 07:52 - 2014-06-25 07:52 - 00000000 ____D () C:\Program Files (x86)\Roadkil.Net
2014-06-25 07:47 - 2014-06-25 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bad CD DVD Reader
2014-06-25 07:47 - 2014-06-25 07:47 - 00000000 ____D () C:\Program Files (x86)\Bad CD DVD Reader
2014-06-20 12:47 - 2014-06-20 12:47 - 10167547 _____ () C:\Users\Jan Henke\Desktop\Bueno1.zip
2014-06-20 12:44 - 2014-07-02 15:13 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Bueno
2014-06-20 12:40 - 2014-06-20 12:41 - 08712045 _____ () C:\Users\Jan Henke\Desktop\Bueno.zip
2014-06-11 01:37 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 01:37 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 01:37 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 01:37 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 01:37 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 01:37 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 01:37 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 01:37 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 01:37 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 01:37 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 01:37 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 01:37 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 01:37 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 01:37 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 01:37 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 01:37 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 01:37 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 01:37 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 01:37 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 01:37 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 01:37 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 01:37 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 01:37 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 01:37 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 01:37 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 01:37 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 01:37 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 01:37 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 01:37 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 01:37 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 01:37 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 01:37 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 01:37 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 01:37 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 01:37 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 01:37 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 01:37 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 01:37 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 01:37 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 01:37 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 01:37 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 01:37 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 01:37 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 01:37 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 01:37 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 01:37 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 01:37 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 01:37 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 01:37 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 01:37 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 01:37 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 01:37 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 01:36 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 01:36 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 01:36 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 01:36 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 01:35 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 01:35 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 01:35 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 01:35 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 01:35 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 01:35 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 01:35 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 01:35 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 01:29 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 01:29 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 20:09 - 2014-06-07 20:09 - 00000000 ____D () C:\Users\Jan Henke\AppData\Local\3DVIA
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\ProgramData\3DVIA
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\Program Files (x86)\Virtools
2014-06-06 19:36 - 2014-06-06 19:36 - 00002107 _____ () C:\Users\Public\Desktop\StuffIt Expander 2011.lnk
2014-06-04 04:03 - 2014-06-04 04:03 - 00001221 _____ () C:\Users\Jan Henke\Desktop\TreeSize Free.lnk
2014-06-04 04:03 - 2014-06-04 04:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-06-04 04:03 - 2014-06-04 04:03 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-06-04 00:55 - 2014-06-04 00:55 - 00000000 __SHD () C:\Users\Jan Henke\AppData\Local\EmieUserList
2014-06-04 00:55 - 2014-06-04 00:55 - 00000000 __SHD () C:\Users\Jan Henke\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

2014-07-04 09:06 - 2014-07-04 09:05 - 00023316 _____ () C:\Users\Jan Henke\Desktop\FRST.txt
2014-07-04 09:05 - 2014-07-03 12:37 - 00000000 ____D () C:\FRST
2014-07-04 08:58 - 2014-07-04 08:55 - 00000000 ____D () C:\Users\Jan Henke\Desktop\na viry
2014-07-04 08:12 - 2013-02-25 18:56 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 08:10 - 2011-04-28 08:05 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-04 08:08 - 2012-12-15 00:52 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000UA.job
2014-07-04 08:08 - 2011-05-18 11:12 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000UA.job
2014-07-04 03:00 - 2011-03-31 08:08 - 01827563 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 01:10 - 2011-04-28 08:05 - 00000954 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 00:38 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 00:38 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 21:33 - 2014-07-03 21:03 - 00021362 _____ () C:\zoek-results.log
2014-07-03 21:30 - 2010-11-21 05:47 - 00358064 _____ () C:\Windows\PFRO.log
2014-07-03 21:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 21:30 - 2009-07-14 06:51 - 00108536 _____ () C:\Windows\setupact.log
2014-07-03 21:22 - 2014-07-03 20:56 - 00000000 ____D () C:\zoek_backup
2014-07-03 21:19 - 2011-03-31 01:22 - 00000000 ____D () C:\Users\Jan Henke
2014-07-03 20:56 - 2014-07-03 21:27 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-03 20:08 - 2012-12-15 00:52 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000Core.job
2014-07-03 18:55 - 2012-07-12 02:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-03 18:46 - 2014-07-03 18:40 - 00000000 ____D () C:\AdwCleaner
2014-07-03 18:24 - 2014-07-03 18:24 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 18:21 - 2014-07-03 18:18 - 00000000 ____D () C:\Users\Jan Henke\Desktop\first
2014-07-03 12:21 - 2014-07-03 12:21 - 02083840 _____ (Farbar) C:\Users\Jan Henke\Desktop\FRST64.exe
2014-07-03 11:08 - 2011-05-18 11:11 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000Core.job
2014-07-03 10:18 - 2013-08-30 09:38 - 01575936 ___SH () C:\Users\Jan Henke\Desktop\Thumbs.db
2014-07-03 09:44 - 2014-07-03 09:44 - 00000074 _____ () C:\Users\Jan Henke\Desktop\VIRY.CZ • Zobrazit téma - Návod na vytvoření logu z FRST (FRSTLauncher).url
2014-07-03 09:43 - 2014-07-03 09:43 - 00112640 _____ (forum.viry.cz) C:\Users\Jan Henke\Desktop\FRSTLauncher.exe
2014-07-03 09:37 - 2014-07-03 09:33 - 02083840 _____ (Farbar) C:\Users\Jan Henke\Downloads\FRST64.exe
2014-07-03 00:56 - 2014-07-03 00:56 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-07-03 00:15 - 2011-03-31 03:50 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Foto movie
2014-07-03 00:14 - 2011-12-29 15:23 - 00000000 ____D () C:\Users\Jan Henke\Desktop\práce
2014-07-02 22:11 - 2012-06-23 04:46 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-02 21:53 - 2014-07-02 21:53 - 00003694 _____ () C:\Windows\System32\Tasks\Program k provádění aktualizací online Adobe
2014-07-02 21:40 - 2013-09-05 20:23 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Nové filmy z Netu
2014-07-02 21:40 - 2011-03-31 03:52 - 00000000 ___RD () C:\Users\Jan Henke\Desktop\hry
2014-07-02 21:22 - 2011-07-06 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carom3D
2014-07-02 21:00 - 2014-07-02 21:00 - 00002229 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00002217 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00002203 _____ () C:\Users\Public\Desktop\AVG údržba 1 kliknutím.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-07-02 20:59 - 2014-07-02 20:59 - 00000000 ____D () C:\Users\Jan Henke\AppData\Local\AVG
2014-07-02 20:59 - 2012-07-12 02:16 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-02 20:51 - 2014-07-02 20:50 - 77105064 _____ (AVG) C:\Users\Jan Henke\Downloads\avg_tuh_stf_all_2014_489_24c28.exe
2014-07-02 17:47 - 2014-07-02 17:47 - 00000000 ___HD () C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
2014-07-02 15:13 - 2014-07-02 15:13 - 106280164 _____ () C:\Users\Jan Henke\Desktop\KB částečně spečené.zip
2014-07-02 15:13 - 2014-06-20 12:44 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Bueno
2014-06-28 18:43 - 2014-06-28 18:41 - 00000000 ____D () C:\Users\Jan Henke\Desktop\fb
2014-06-28 18:42 - 2014-06-01 10:22 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Grevin
2014-06-26 12:43 - 2014-04-10 17:13 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Druchema
2014-06-26 01:58 - 2014-05-06 01:38 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Aktuální
2014-06-26 01:13 - 2011-04-07 07:29 - 00000000 ___RD () C:\Users\Jan Henke\Desktop\media
2014-06-25 23:55 - 2012-08-04 19:04 - 00000000 ___RD () C:\Users\Jan Henke\Desktop\Křesťanské dialogy
2014-06-25 23:53 - 2011-03-31 04:07 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Kapsa
2014-06-25 19:07 - 2014-06-25 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD Recovery Toolbox Free
2014-06-25 19:07 - 2014-06-25 19:07 - 00000000 ____D () C:\Program Files (x86)\CD Recovery Toolbox Free
2014-06-25 08:06 - 2014-06-25 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2014-06-25 08:06 - 2014-06-25 08:06 - 00000000 ____D () C:\Program Files (x86)\Smart Projects
2014-06-25 07:52 - 2014-06-25 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
2014-06-25 07:52 - 2014-06-25 07:52 - 00000000 ____D () C:\Program Files (x86)\Roadkil.Net
2014-06-25 07:47 - 2014-06-25 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bad CD DVD Reader
2014-06-25 07:47 - 2014-06-25 07:47 - 00000000 ____D () C:\Program Files (x86)\Bad CD DVD Reader
2014-06-23 03:20 - 2013-01-20 19:34 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-06-22 00:15 - 2011-04-01 08:09 - 00007303 _____ () C:\Users\Jan Henke\AppData\Roaming\mainhst.zgh
2014-06-21 01:05 - 2011-04-28 08:05 - 00003954 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 01:05 - 2011-04-28 08:05 - 00003702 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 12:47 - 2014-06-20 12:47 - 10167547 _____ () C:\Users\Jan Henke\Desktop\Bueno1.zip
2014-06-20 12:41 - 2014-06-20 12:40 - 08712045 _____ () C:\Users\Jan Henke\Desktop\Bueno.zip
2014-06-19 09:14 - 2014-04-01 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-19 07:28 - 2014-07-02 21:01 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-06-19 07:28 - 2014-07-02 21:01 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-06-19 07:28 - 2014-07-02 21:01 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2014-06-18 11:03 - 2011-05-18 11:12 - 00003956 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000UA
2014-06-18 11:03 - 2011-05-18 11:11 - 00003560 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000Core
2014-06-18 06:55 - 2014-01-27 07:44 - 00000000 ____D () C:\Users\Jan Henke\Desktop\Jobs
2014-06-11 04:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:09 - 2013-07-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 03:02 - 2011-04-06 08:45 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-11 01:29 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 01:29 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 20:09 - 2014-06-07 20:09 - 00000000 ____D () C:\Users\Jan Henke\AppData\Local\3DVIA
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\ProgramData\3DVIA
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\Program Files (x86)\Virtools
2014-06-06 19:36 - 2014-06-06 19:36 - 00002107 _____ () C:\Users\Public\Desktop\StuffIt Expander 2011.lnk
2014-06-06 19:36 - 2011-09-15 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
2014-06-06 19:36 - 2011-09-15 19:53 - 00000000 ____D () C:\Program Files (x86)\Smith Micro
2014-06-04 04:03 - 2014-06-04 04:03 - 00001221 _____ () C:\Users\Jan Henke\Desktop\TreeSize Free.lnk
2014-06-04 04:03 - 2014-06-04 04:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-06-04 04:03 - 2014-06-04 04:03 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-06-04 04:03 - 2012-08-04 15:37 - 00000000 ____D () C:\Users\Jan Henke\AppData\Roaming\JAM Software
2014-06-04 01:05 - 2011-03-31 18:16 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-04 01:04 - 2011-03-31 01:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-04 00:55 - 2014-06-04 00:55 - 00000000 __SHD () C:\Users\Jan Henke\AppData\Local\EmieUserList
2014-06-04 00:55 - 2014-06-04 00:55 - 00000000 __SHD () C:\Users\Jan Henke\AppData\Local\EmieSiteList

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:297.99 GB) (Free:28.98 GB) NTFS
Drive g: () (Fixed) (Total:698.64 GB) (Free:13.06 GB) NTFS

Available physical RAM: 1283.77 MB
Total physical RAM: 2043.58 MB
Percentage of memory in use: 37%

==================== MBR and Partition Table ==================

TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000Core.job => C:\Users\Jan Henke\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000UA.job => C:\Users\Jan Henke\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000Core.job => C:\Users\Jan Henke\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000UA.job => C:\Users\Jan Henke\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:9485DACB
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Security Center ==================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jan Henke\Desktop" je 90360 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish
"C:\Program Files (x86)\Clownfish\Clownfish.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\Jan Henke\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\Jan Henke\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Detective
C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Users\Jan Henke\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
"C:\Users\Jan Henke\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor
C:\Windows\PixArt\PAC7302\Monitor.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
"C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~2\MCAFEE~1\307523~1.318\SSSCHE~1.EXE

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#11 Příspěvek od **vyosek** » 04 črc 2014 12:21

Pekne patecni odpoledne

Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce

Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

JanHenke · #12 Příspěvek od **JanHenke** » 04 črc 2014 12:51

Zdravím Vás a děkuji.
Vaše služby na mě udělaly veliký dojem a velmi rád Vás budu doporučovat všude, kde to jen půjde.

Na AVG rozhodně netrvám. Skutečnost je taková, že když mi naposledy vypršela působnost něčeho jiného, sáhl jsem po prvním bezplatně dosažitelném produktu. Placený produkt si v posledním období nemohu dopřát. Pokud mi doporučíte schopnější nástroj ochrany před viry, velmi vděčně se zařídím podle Vaší rady. Myslím, že jsem už psal, že jsem v oblasti IT negramotný a rada odborníka je požehnáním, jehož je třeba si vážit.

Spybot - Search & Destroy odinstaluji hned.

Rád bych se zeptal, zda je podle Vás ten virus již "mrtev"

, nebo bude třeba podniknout nějaké další kroky?
S vděčností JH.

#13 Příspěvek od **vyosek** » 04 črc 2014 13:03

Jeste budeme docistovat, jen jsem se ptal na AVG, abych jej pripadne zahrnul tez do cisteni. Za doporuceni naseho fora velmi dekuji

Avg je spise parodie na antivir

Odinstalujte Avg a pak pouzijte jeste http://download.avg.com/filedir/util/su ... 4_4116.exe

Nainstalujte Avast Free http://www.avast.com/get/gWR5mo92

A ja jdu psat opravny skript, najdete jej pak v dalsi odpovedi

JanHenke · #14 Příspěvek od **JanHenke** » 04 črc 2014 13:07

Super, super. Mám tedy zatím, co dělat. Těším se na zprávu.

#15 Příspěvek od **vyosek** » 04 črc 2014 13:09

Takze zde je slibeny opravny skript a navod na jeho aplikovani

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\Run: [Seznam Postak] => C:\Program Files (x86)\Seznam.cz\bin\postak.exe [491040 2012-01-10] ()
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\Run: [Driver Detective] => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [3847064 2013-05-01] (PC Drivers Headquarters)
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\MountPoints2: F - F:\SETUP.EXE
HKU\S-1-5-21-182835841-275435485-1171101328-1000\...\MountPoints2: {007428dd-dadc-11e1-b3bb-7071bccca5eb} - L:\SETUP.EXE

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=113012
҅
羭佁耀҅
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=stonicrow&chnl=stonicrow&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0C0FzztB0E0E0D0C0FtDtN0D0Tzu0CtBtCtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1767227705
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=stonicrow&chnl=stonicrow&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0C0FzztB0E0E0D0C0FtDtN0D0Tzu0CtBtCtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1767227705
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - Backup.Old.DefaultScope {3738B3E1-0F04-4C45-BF2A-FD0EDC535C71}
SearchScopes: HKCU - 8AE443394DF243BB910312C3B4D2C581 URL = http://search.phpnuke.org/?lang=en&cid=457c4dfc&q={searchTerms}
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x3
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\bin\core.4.dll ()
Toolbar: HKLM-x32 - Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files (x86)\Seznam.cz\toolbar\toolbar.dll ()
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-02-28]

CHR HKLM-x32\...\Chrome\Extension: [godimpbmfohihoaikgfknnnmlncabkkp] - C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp\coc.crx [2014-06-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-01-31]

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2252600 2014-06-19] (AVG)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-05-27] (TuneUp Software)

C:\Program Files (x86)\AVG
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Program Files (x86)\McAfee Security Scan
2014-07-03 21:27 - 2014-07-03 20:56 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-03 21:03 - 2014-07-03 21:33 - 00021362 _____ () C:\zoek-results.log
2014-07-03 20:56 - 2014-07-03 21:22 - 00000000 ____D () C:\zoek_backup
2014-07-03 18:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-03 18:40 - 2014-07-03 18:46 - 00000000 ____D () C:\AdwCleaner
2014-07-03 18:24 - 2014-07-03 18:24 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 09:43 - 2014-07-03 09:43 - 00112640 _____ (forum.viry.cz) C:\Users\Jan Henke\Desktop\FRSTLauncher.exe
2014-07-03 09:33 - 2014-07-03 09:37 - 02083840 _____ (Farbar) C:\Users\Jan Henke\Downloads\FRST64.exe
2014-07-03 00:56 - 2014-07-03 00:56 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-07-02 21:01 - 2014-06-19 07:28 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-07-02 21:01 - 2014-06-19 07:28 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-07-02 21:01 - 2014-06-19 07:28 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2014-07-02 21:00 - 2014-07-02 21:00 - 00002229 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00002217 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00002203 _____ () C:\Users\Public\Desktop\AVG údržba 1 kliknutím.lnk
2014-07-02 21:00 - 2014-07-02 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-07-02 20:59 - 2014-07-02 20:59 - 00000000 ____D () C:\Users\Jan Henke\AppData\Local\AVG
2014-07-02 20:50 - 2014-07-02 20:51 - 77105064 _____ (AVG) C:\Users\Jan Henke\Downloads\avg_tuh_stf_all_2014_489_24c28.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000Core.job => C:\Users\Jan Henke\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000UA.job => C:\Users\Jan Henke\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000Core.job => C:\Users\Jan Henke\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182835841-275435485-1171101328-1000UA.job => C:\Users\Jan Henke\AppData\Local\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\TEMP:9485DACB
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Detective" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f

Hosts:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

VIRY.CZ

Vir sdílení FB (odkaz na stránku tvářící se jako youtube)

Vir sdílení FB (odkaz na stránku tvářící se jako youtube)

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube

Re: Vir sdílení FB (odkaz na stránku tvářící se jako youtube