Prosím o kontrolu logu

[capricorn]

Dobrý den, prosím o kontrolu logu, na obouch účtech (admin a Jolanta) vyskakují obtěžující reklamy a chod počítače je pomalý.
Soubor Addition.txt je přilož. Děkuji.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by admin (administrator) on TOSH on 19-03-2015 16:17:09
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: admin & Jolanta)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Apache Software Foundation) C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Apache Software Foundation) C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(Společnost TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Toshiba) C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [458456 2014-12-19] (ZONER software)
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swellsearch.info/?pid= ... Z&unqvl=84
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swellsearch.info/?pid= ... Z&unqvl=84
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1& ... Z&unqvl=84
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1& ... Z&unqvl=84
SearchScopes: HKU\S-1-5-21-1227389623-1569507831-367013762-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1& ... Z&unqvl=84
SearchScopes: HKU\S-1-5-21-1227389623-1569507831-367013762-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1227389623-1569507831-367013762-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKU\S-1-5-21-1227389623-1569507831-367013762-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1& ... Z&unqvl=84
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Media View -> {023abed6-f14f-478c-896b-2e1809f411c0} -> C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1631\ie\MediaViewV1alpha1631.dll [2014-02-26] ()
BHO-x32: Media Player -> {23d32d52-488f-4d26-bac3-4a3d4bac55bc} -> C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha836\ie\MediaPlayerV1alpha836.dll [2014-01-28] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-04] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.swellsearch.info/?pid=20495&r=2015/03/15&hid=14933359633434041772&lg=EN&cc=CZ&unqvl=84&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: about:home
FF Keyword.URL: hxxp://websearch.swellsearch.info/?pid=20495&r=2015/03/15&hid=14933359633434041772&lg=EN&cc=CZ&unqvl=84&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-09] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1227389623-1569507831-367013762-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-09] (Pando Networks)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default\user.js [2014-01-25]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default\searchplugins\WebSearch.xml [2015-03-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2014-07-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-07]
FF HKLM-x32\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha1000.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha1000\ff
FF Extension: Webexp Enhanced - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha1000\ff [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha836.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha836\ff
FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha836\ff [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha1631.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1631\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1631\ff [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha2251.net] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2251\ff
FF Extension: Trust Media Viewer - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2251\ff [2014-06-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN11459&gct=hp&d ... 77-366&t=4
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN11459&gct=hp&d ... 77-366&t=4"
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSearchURL: Default -> http://dts.search.ask.com/sr?src=crb&gc ... earchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKU\S-1-5-21-1227389623-1569507831-367013762-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\admin\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [Not Found]
CHR HKU\S-1-5-21-1227389623-1569507831-367013762-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\admin\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dalfcbhipgfmolconhplcpaibcddppgo] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1631\ch\MediaViewV1alpha1631.crx [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [dkggegkmpdgjmfojfmpbfamammcpoaco] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha1000\ch\WebexpEnhancedV1alpha1000.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [hidjnkeodmholilgafgdlgmgggbhnigl] - C:\Users\admin\AppData\Roaming\SimilarSites\similarsites.crx [2012-03-28]
CHR HKLM-x32\...\Chrome\Extension: [micdhnoichbddicjlgbpdaddjpaeocbh] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2251\ch\TrustMediaViewerV1alpha2251.crx [2014-06-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 1f68291f; c:\Program Files (x86)\SystemReset\SystemReset.dll [1590272 2015-03-15] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-06] (AVG Technologies CZ, s.r.o.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4553768 2012-01-05] (INCA Internet Co., Ltd.) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 wampapache; c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe [21504 2011-09-26] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [6562432 2009-03-16] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [280544 2015-02-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2004-12-31] (INCA Internet Co., Ltd.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-08] (Duplex Secure Ltd.)
R1 tnetfilter2; C:\Windows\System32\drivers\tnetfilter2.sys [60096 2014-01-17] (NetFilterSDK.com)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
U3 aege9q5g; C:\Windows\System32\Drivers\aege9q5g.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 16:17 - 2015-03-19 16:18 - 00027193 _____ () C:\Users\admin\Desktop\FRST.txt
2015-03-19 16:15 - 2015-03-19 16:15 - 02095616 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-03-16 17:36 - 2015-03-18 19:08 - 00000000 ____D () C:\Users\Jolanta\AppData\Local\Avg2015
2015-03-16 17:36 - 2015-03-16 17:36 - 00000000 ____D () C:\Users\Jolanta\AppData\Roaming\AVG2015
2015-03-16 17:15 - 2015-03-16 17:15 - 00000984 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-16 17:15 - 2015-03-16 17:15 - 00000000 ____D () C:\Users\admin\AppData\Roaming\TuneUp Software
2015-03-16 17:15 - 2015-03-16 17:15 - 00000000 ____D () C:\Users\admin\AppData\Roaming\AVG2015
2015-03-16 17:15 - 2015-03-16 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-16 17:14 - 2015-03-16 17:23 - 00000000 ____D () C:\ProgramData\AVG2015
2015-03-16 17:14 - 2015-03-16 17:14 - 00000000 ___HD () C:\$AVG
2015-03-16 17:14 - 2015-03-16 17:14 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-03-16 17:10 - 2015-03-19 15:38 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-16 17:10 - 2015-03-16 17:53 - 00000000 ____D () C:\Users\admin\AppData\Local\Avg2015
2015-03-16 17:10 - 2015-03-16 17:10 - 00000000 ____D () C:\Users\admin\AppData\Local\MFAData
2015-03-16 17:09 - 2015-03-16 17:10 - 04579184 _____ (AVG Technologies) C:\Users\admin\Downloads\avg_free_stb_eu_2015_5315.exe
2015-03-15 16:33 - 2015-03-15 16:33 - 00000000 ____D () C:\dddd
2015-03-15 15:33 - 2015-03-15 15:33 - 04210920 _____ (Piriform Ltd) C:\Users\admin\Downloads\rcsetup151.exe
2015-03-15 15:33 - 2015-03-15 15:33 - 00733320 _____ () C:\Users\admin\Downloads\recuva-lista-centrumcz.exe
2015-03-15 15:33 - 2015-03-15 15:33 - 00384529 _____ () C:\Users\admin\Downloads\Lista_centrum.exe
2015-03-15 15:30 - 2015-03-15 15:30 - 01622024 _____ (Undelete & Unerase, Inc. ) C:\Users\admin\Downloads\recover_files_setup.exe
2015-03-15 15:23 - 2015-03-15 15:23 - 01535656 _____ () C:\Users\admin\Downloads\pen-drive-data-recovery-demo.exe
2015-03-15 15:23 - 2010-07-01 03:32 - 00067312 _____ (Just Great Software) C:\Windows\UnDeployV.exe
2015-03-15 14:51 - 2015-03-16 17:23 - 00000000 ____D () C:\Program Files (x86)\UnIDeaLsa
2015-03-15 14:50 - 2015-03-15 14:50 - 00000000 ____D () C:\ProgramData\omhepakokjlefminneepjbdngokahpbo
2015-03-15 14:40 - 2015-03-16 17:23 - 00000000 ____D () C:\Program Files (x86)\UniDeaalsaa
2015-03-15 14:40 - 2015-03-15 14:40 - 00000000 ____D () C:\ProgramData\acnlpljafmpjgcgmdaoklmplpmkplldf
2015-03-15 14:39 - 2015-03-16 17:23 - 00000000 ____D () C:\ProgramData\{01399c33-f608-5712-0139-99c33f6070cf}
2015-03-15 14:36 - 2015-03-16 17:23 - 00000000 ____D () C:\Program Files (x86)\UNiDealesi
2015-03-15 14:35 - 2015-03-16 18:17 - 00000000 ____D () C:\ProgramData\{e486f5b2-cf50-ae3d-e486-6f5b2cf5d6cb}
2015-03-15 14:35 - 2015-03-16 17:22 - 00000000 ____D () C:\Program Files (x86)\UniDealsse
2015-03-15 14:35 - 2015-03-15 14:35 - 00000000 ____D () C:\ProgramData\pdmcoclkmaghdoahnaaenoklnkbdmclp
2015-03-15 14:35 - 2015-03-15 14:35 - 00000000 ____D () C:\ProgramData\nigdekmlnijneaknkjomekkpogfcjpgh
2015-03-15 14:34 - 2015-03-16 18:17 - 00000000 ____D () C:\ProgramData\{b80447a7-88ce-5322-b804-447a788c1e9e}
2015-03-15 14:00 - 2015-03-16 17:22 - 00000000 ____D () C:\Program Files (x86)\UUniDeealsi
2015-03-15 13:59 - 2015-03-15 13:59 - 00000000 ____D () C:\ProgramData\obmlebbgofccekdiffomhjcpkikkklif
2015-03-15 13:58 - 2015-03-16 17:23 - 00000000 ____D () C:\Program Files (x86)\UniDEaalse
2015-03-15 13:58 - 2015-03-15 13:58 - 00000000 ____D () C:\ProgramData\fffagfimplohloagjhoeeblbefdehkpp
2015-03-15 13:54 - 2015-03-16 18:17 - 00000000 ____D () C:\ProgramData\{a7295994-8ff5-d17a-a729-959948ff6652}
2015-03-15 13:54 - 2015-03-16 18:13 - 00000000 ____D () C:\Program Files (x86)\UnniDiealsi
2015-03-15 13:54 - 2015-03-15 13:54 - 00000000 ____D () C:\ProgramData\mfpchphdpdfpekakhggbikpeohcmllcb
2015-03-15 13:37 - 2015-03-15 13:37 - 16389931 _____ () C:\Users\admin\Downloads\Mashup_Root_Tool.exe
2015-03-15 13:32 - 2015-03-16 17:22 - 00000000 ____D () C:\Program Files (x86)\UniiDEalse
2015-03-15 13:32 - 2015-03-15 13:32 - 00000000 ____D () C:\ProgramData\ijimmjkkfpiledmiehgmlmmegeogkpdi
2015-03-15 13:31 - 2015-03-16 18:16 - 00000000 ____D () C:\ProgramData\{8755a5cf-4ca9-2e9f-8755-5a5cf4ca973d}
2015-03-15 13:25 - 2015-03-15 13:25 - 00000000 ____D () C:\Users\admin\AppData\Roaming\EZDownloader
2015-03-15 13:23 - 2015-03-15 13:23 - 00000000 ____D () C:\ProgramData\bllokbilhidbkeemimbgnmccknhamaln
2015-03-15 13:23 - 2015-03-15 13:23 - 00000000 ____D () C:\Program Files (x86)\UnIDeaals
2015-03-15 13:22 - 2015-03-16 18:17 - 00000000 ____D () C:\ProgramData\{d670d233-aa3d-c700-d670-0d233aa348ce}
2015-03-15 13:21 - 2015-03-15 13:23 - 00000000 ____D () C:\Program Files (x86)\SystemReset
2015-03-15 13:20 - 2015-03-16 18:17 - 00000000 ____D () C:\ProgramData\{cf558ec5-2efc-3fdf-cf55-58ec52ef3b14}
2015-03-15 13:20 - 2015-03-16 18:13 - 00000000 ____D () C:\Program Files (x86)\UniDealsai
2015-03-15 13:20 - 2015-03-15 13:20 - 00000000 ____D () C:\ProgramData\kigpfhejeifjmabhmopofnamaenobijm
2015-03-15 13:16 - 2015-03-15 13:16 - 11131385 _____ () C:\Users\admin\Downloads\LG-Mobile-Driver_v3.13.2.zip
2015-03-15 13:06 - 2015-03-16 17:22 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-03-15 13:06 - 2015-03-15 13:06 - 00000000 ____D () C:\Program Files (x86)\TabCarousel
2015-03-15 13:05 - 2015-03-16 18:13 - 00000000 ____D () C:\Program Files (x86)\UniaDealS o
2015-03-15 13:05 - 2015-03-16 17:22 - 00000000 ____D () C:\Program Files (x86)\UniDeals
2015-03-15 13:05 - 2015-03-15 13:05 - 00000000 ____D () C:\ProgramData\eapknnfomhhooegfbhdmdjnggpblnoel
2015-03-15 13:05 - 2015-03-15 13:05 - 00000000 ____D () C:\ProgramData\12240822605795872955
2015-03-15 13:04 - 2015-03-16 18:17 - 00000000 ____D () C:\ProgramData\{b69da357-1217-60ea-b69d-da3571218d5c}
2015-03-13 09:06 - 2015-03-13 09:06 - 06208736 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-07 00:10 - 2015-03-07 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 19:11 - 2015-03-06 20:35 - 1504952356 _____ () C:\Users\admin\Downloads\Maso-a-krev-HD-(Munk)-_-Flesh+Blood-(0).mp4
2015-03-06 16:42 - 2015-03-06 16:42 - 03087877 _____ () C:\Users\admin\Downloads\Podzim_Ĺživota.ppsx
2015-03-05 22:15 - 2015-03-05 22:15 - 00000000 ____D () C:\Users\Jolanta\AppData\Local\{9BD5DAA9-F249-4E88-85FF-67152952DED7}
2015-02-26 13:45 - 2015-02-26 13:45 - 00000000 ____D () C:\ProgramData\Riot Games
2015-02-25 17:37 - 2015-02-25 17:37 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2015-02-24 16:46 - 2015-02-24 16:46 - 00280544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-02-23 14:21 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-23 14:21 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-23 14:21 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-23 14:21 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-23 14:21 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-23 14:21 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-23 14:21 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-23 14:21 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-23 14:21 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-23 14:21 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-23 14:21 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-23 14:21 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-23 14:21 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-23 14:21 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-23 14:21 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-23 14:21 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-23 14:21 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-23 14:21 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-23 14:20 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-23 14:20 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-23 14:20 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-23 14:20 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-23 14:20 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-23 14:20 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-23 14:20 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-23 14:20 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-23 14:20 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-23 14:20 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-23 14:20 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-23 14:20 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-23 14:20 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-23 14:20 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-23 14:20 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-23 14:20 - 2015-01-12 03:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-23 14:20 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-23 14:20 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-23 14:20 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-23 14:20 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-23 14:20 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-23 14:20 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-23 14:20 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-23 14:20 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-23 14:20 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-23 14:20 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-23 14:20 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-23 14:20 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-23 14:20 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-23 14:20 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-23 14:20 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-23 14:20 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-23 14:20 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-23 14:20 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-23 14:20 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-23 14:20 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-23 14:20 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-23 14:20 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-23 14:20 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-23 14:20 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-23 14:20 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-23 14:20 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-23 14:20 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-23 14:20 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-23 14:20 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-23 14:20 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-23 14:20 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-23 14:20 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-23 14:20 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-23 14:20 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-23 14:20 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-23 14:20 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-23 14:20 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-23 14:20 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-23 14:20 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-23 14:20 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-23 14:19 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-23 14:19 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-23 14:19 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-23 14:19 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-23 14:19 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-23 14:19 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-23 14:19 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-23 14:19 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-23 14:18 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-23 14:18 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-23 14:18 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-23 14:18 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-23 14:18 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-23 14:18 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-23 14:18 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-23 14:18 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-23 14:18 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-23 14:18 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-23 14:18 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-23 14:18 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-23 14:18 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-23 14:18 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-23 14:18 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-23 14:17 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-23 14:17 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-23 14:17 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-23 14:17 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-23 14:17 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-23 14:17 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-23 14:17 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-23 14:09 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 16:17 - 2013-12-19 13:30 - 00000000 ____D () C:\FRST
2015-03-19 16:11 - 2012-06-01 17:06 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 16:06 - 2015-02-04 18:57 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2015-03-19 16:06 - 2013-02-26 07:01 - 00000000 ____D () C:\Users\admin\AppData\Roaming\uTorrent
2015-03-19 16:00 - 2012-08-22 23:32 - 00000000 ____D () C:\Users\Jolanta\AppData\Roaming\uTorrent
2015-03-19 16:00 - 2012-02-06 18:10 - 01189241 ____N () C:\Windows\WindowsUpdate.log
2015-03-19 16:00 - 2011-08-03 12:39 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 15:53 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-19 15:53 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 15:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 11:32 - 2014-02-10 20:28 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 00:58 - 2012-12-08 09:53 - 00000274 _____ () C:\Users\admin\Documents\ax_files.xml
2015-03-18 23:55 - 2012-02-19 22:44 - 00000000 ____D () C:\Users\Jolanta\AppData\Roaming\Skype
2015-03-18 15:12 - 2009-07-14 06:08 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-16 18:20 - 2014-01-24 17:14 - 00000000 ____D () C:\Users\admin\AppData\Local\genienext
2015-03-16 17:27 - 2014-01-24 17:14 - 00000000 ____D () C:\Users\admin\AppData\Roaming\newnext.me
2015-03-16 17:26 - 2011-08-03 12:40 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-16 17:26 - 2011-08-03 12:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-16 17:07 - 2012-03-13 08:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\TeamViewer
2015-03-14 07:34 - 2011-08-03 12:39 - 00002388 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-13 09:10 - 2014-04-23 18:21 - 00000000 ____D () C:\Users\admin\AppData\Roaming\FileZilla
2015-03-08 07:32 - 2012-05-20 12:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 22:18 - 2009-07-14 06:13 - 01586172 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 13:34 - 2011-02-14 09:37 - 00669570 _____ () C:\Windows\system32\perfh005.dat
2015-03-05 13:34 - 2011-02-14 09:37 - 00141938 _____ () C:\Windows\system32\perfc005.dat
2015-03-01 10:38 - 2015-02-02 17:16 - 00000000 ____D () C:\Users\admin\AppData\Local\Zoner
2015-02-24 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-24 09:48 - 2009-07-14 05:45 - 00280184 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-24 09:46 - 2015-01-18 13:40 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-24 09:46 - 2014-05-07 06:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-23 14:46 - 2013-08-04 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-23 14:24 - 2012-03-03 15:10 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2013-09-15 10:30 - 2013-12-19 09:40 - 0000074 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2013-12-19 11:29 - 2013-12-19 11:29 - 0003584 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 15:59

==================== End Of Log ============================

[vyosek]

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[capricorn]

# AdwCleaner v4.112 - Logfile created 19/03/2015 at 19:03:09
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : admin - TOSH
# Running from : C:\Users\admin\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\torchcrashhandler
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Program Files (x86)\Desk 365
Folder Deleted : C:\Program Files (x86)\MediaPlayerV1
Folder Deleted : C:\Program Files (x86)\MediaViewerV1
Folder Deleted : C:\Program Files (x86)\MediaViewV1
Folder Deleted : C:\Program Files (x86)\MediaWatchV1
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\RichMediaViewV1
Folder Deleted : C:\Program Files (x86)\VideoPlayerV3
Folder Deleted : C:\Program Files (x86)\WebexpEnhancedV1
Folder Deleted : C:\Program Files (x86)\TrustMediaViewerV1
Folder Deleted : C:\Program Files (x86)\Dll-Files.com Fixer
Folder Deleted : C:\Program Files (x86)\TabCarousel
Folder Deleted : C:\Program Files (x86)\UniaDealS o
Folder Deleted : C:\Program Files (x86)\UnIDeaals
Folder Deleted : C:\Program Files (x86)\UniDeaalsaa
Folder Deleted : C:\Program Files (x86)\UniDEaalse
Folder Deleted : C:\Program Files (x86)\UNiDealesi
Folder Deleted : C:\Program Files (x86)\UniDeals
Folder Deleted : C:\Program Files (x86)\UnIDeaLsa
Folder Deleted : C:\Program Files (x86)\UniDealsai
Folder Deleted : C:\Program Files (x86)\UniDealsse
Folder Deleted : C:\Program Files (x86)\UniiDEalse
Folder Deleted : C:\Program Files (x86)\UnniDiealsi
Folder Deleted : C:\Program Files (x86)\UUniDeealsi
Folder Deleted : C:\Program Files (x86)\youtubeadblocker
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\admin\AppData\Local\genienext
Folder Deleted : C:\Users\admin\AppData\Local\Mobogenie
Folder Deleted : C:\Users\admin\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\admin\AppData\Local\SearchProtect
Folder Deleted : C:\Users\admin\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\admin\AppData\Roaming\Desk 365
Folder Deleted : C:\Users\admin\AppData\Roaming\eIntaller
Folder Deleted : C:\Users\admin\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\admin\AppData\Roaming\freegames4357
Folder Deleted : C:\Users\admin\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\admin\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\admin\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\admin\AppData\Roaming\speedtest4354
Folder Deleted : C:\Users\admin\AppData\Roaming\Systweak
Folder Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\admin\Documents\Mobogenie
Folder Deleted : C:\Users\Jolanta\AppData\Local\iLivid
Folder Deleted : C:\Users\Jolanta\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Jolanta\AppData\Local\torch
Folder Deleted : C:\Users\Jolanta\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jolanta\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Jolanta\AppData\Roaming\Desk 365
Folder Deleted : C:\Users\Jolanta\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Jolanta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Deleted : C:\ProgramData\acnlpljafmpjgcgmdaoklmplpmkplldf
Folder Deleted : C:\ProgramData\bllokbilhidbkeemimbgnmccknhamaln
Folder Deleted : C:\ProgramData\eapknnfomhhooegfbhdmdjnggpblnoel
Folder Deleted : C:\ProgramData\fffagfimplohloagjhoeeblbefdehkpp
Folder Deleted : C:\ProgramData\ijimmjkkfpiledmiehgmlmmegeogkpdi
Folder Deleted : C:\ProgramData\kigpfhejeifjmabhmopofnamaenobijm
Folder Deleted : C:\ProgramData\mfpchphdpdfpekakhggbikpeohcmllcb
Folder Deleted : C:\ProgramData\nigdekmlnijneaknkjomekkpogfcjpgh
Folder Deleted : C:\ProgramData\obmlebbgofccekdiffomhjcpkikkklif
Folder Deleted : C:\ProgramData\omhepakokjlefminneepjbdngokahpbo
Folder Deleted : C:\ProgramData\pdmcoclkmaghdoahnaaenoklnkbdmclp
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\SysWOW64\installd.exe
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\admin\daemonprocess.txt
File Deleted : C:\Users\Jolanta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
File Deleted : C:\Users\Jolanta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Deleted : C:\Users\Jolanta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
File Deleted : C:\Users\Jolanta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Jolanta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
File Deleted : C:\Users\Jolanta\Desktop\Facebook.lnk
File Deleted : C:\Users\Jolanta\Desktop\iLivid.lnk
File Deleted : C:\Users\Jolanta\Desktop\Torch.lnk
File Deleted : C:\Users\Jolanta\Desktop\Youtube.lnk
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Jolanta\AppData\Roaming\Mozilla\Firefox\Profiles\l4if3s1s.default\searchplugins\Ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Classes\AmiBs.Installer
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{1f68291f}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3288691
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{807DF5E0-4EF7-48A8-A405-239F3E29FFA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\dll-files.com
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\BetterSurf
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\MediaPlayerV1
Key Deleted : HKLM\SOFTWARE\qone8Software
Key Deleted : HKLM\SOFTWARE\SafetyNut
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SimilarSites
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\TrustMediaViewerV1
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Webexp Enhanced
Key Deleted : HKLM\SOFTWARE\WebexpEnhancedV1
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Better-Surf
Key Deleted : HKLM\SOFTWARE\dll-files.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v36.0.1 (x86 cs)

[mpli5si0.default\prefs.js] - Line Deleted : user_pref("CT3288691.smartbar.homepage", "true");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3288691&octid=CT3288691&SearchSource=61&CUI=UN21002299948775325&UM=2&UP=SP897E8004-786D-43B7-8CA9-9E4E917A78E3");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "DivX Browser Bar Customized Web Search");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.swellsearch.info/?pid=20495&r=2015/03/15&hid=14933359633434041772&lg=EN&cc=CZ&unqvl=84&l=1&q=");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Ask.com,DivX Browser Bar Customized Web Search,DuckDuckGo,Funmoods");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.8Jid1RLhfpMjtpMB.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn4rHrHqjU7rHr9rHnEqdw6qHs\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.CJCaVI6wyKOFNkhm.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn4rHrHqjU7rHr9rHnEqdw6qHs\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.ETMcgeEOoGThk7c0.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn4rHrHqjU7rHr9rHnEqdw6qHs\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.U80T6LJhKNUbtY5v.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn4rHrHqjU7rHr9rHnEqdw6qHs\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.XlQG67znLg75t635.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn4rHrHqjU7rHr9rHnEqdw6qHs\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "143c5058fa108d826ba0ce6824a71660");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.fM2kAgk82vz9EI5l.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn4rHrHqjU7rHr9rHnEqdw6qHs\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.fM2kAgk82vz9EI5l.url", "hxxp://getjpijs.info/sync2/?q=hfZ9oe4MhyhHhdUMCyVUojsEqdU8tMqLDe49CNU0n8OMCMlNhd9FqjaHrjkFrTsGqjkMBzqUojw8rdrFqjwGrTnHqih7hfs0pihPBMn0qdY8qTY9rTwFrdY7rjwF[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.aflt", "as1212y");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.cntry", "CZ");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hdrMd5", "47B54078CDB1107BEE53434F447996ED");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpg", true);
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=as1212y&ir=as1212y&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzz0ByEtAyC0CyB0D0FyBtN0D0Tzu0CtAyEtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=545667831[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.id", "E0CA948B436C7DF7");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlDay", "15682");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlRef", "as1212y");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.229:40:36");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newTab", true);
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=as1212y&ir=as1212y&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzz0ByEtAyC0CyB0D0FyBtN0D0Tzu0CtAyEtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=5456678[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.sg", "none");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=as1212y&ir=as1212y&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzz0ByEtAyC0CyB0D0FyBtN0D0Tzu0CtAyEtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=54566[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.229:40:36");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.229:40:36");
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.kAlWw2WofIuKcnEK.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn4rHrHqjU7rHr9rHnEqdw6qHs\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.m3JCFPZqq6Hy7K4a.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn4rHrHqjU7rHr9rHnEqdw6qHs\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.oJbBknJ4NEikqhjm.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn4rHrHqjU7rHr9rHnEqdw6qHs\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.ouHn3fhf5QGdiI36.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn4rHrHqjU7rHr9rHnEqdw6qHs\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.rNjgw48syBmUcNZm.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn4rHrHqjU7rHr9rHnEqdw6qHs\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("extensions.uZa0kT3oYM2wEI1N.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn4rHrHqjU7rHr9rHnEqdw6qHs\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[mpli5si0.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.swellsearch.info/?pid=20495&r=2015/03/15&hid=14933359633434041772&lg=EN&cc=CZ&unqvl=84&l=1&q=");
[l4if3s1s.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[l4if3s1s.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[l4if3s1s.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[l4if3s1s.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
[l4if3s1s.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?o=APN11459&gct=hp&d ... 34-366&t=4");
[l4if3s1s.default\prefs.js] - Line Deleted : user_pref("extensions.8Jid1RLhfpMjtpMB.url", "hxxp://supercept.org/sync2/?q=hfZ9oe4MhyhHhdUMCyVUojsEqdU8tMqLDe49CNU0n8OMCMlNhd9FqjaHrjkFrHr8rdkMBzqUojw8rdrFqTa5rjr9rSh7hfs0pihPBMn0qHC4qHwFrTw9pdrEpjn8[...]
[l4if3s1s.default\prefs.js] - Line Deleted : user_pref("extensions.XlQG67znLg75t635.url", "hxxp://toolkitjob.in/sync2/?q=hfZ9oe4MhyhHhdUMCyVUojsEqdU8tMqLDe49CNU0n8OMCMlNhd9FqjaHrjkFrHkEqdwMBzqUojw8rdrFqTa5rjr9rSh7hfs0pihPBMn0qHC4qHwFrTw9pdrEpjn8[...]
[l4if3s1s.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
[l4if3s1s.default\prefs.js] - Line Deleted : user_pref("extensions.ouHn3fhf5QGdiI36.url", "hxxp://veterand.net/sync2/?q=hfZ9oe4MhyhHhdUMCyVUojsEqdU8tMqLDe49CNU0n8OMCMlNhd9FqjaHrjkFrTk5rdCMBzqUojw8rdrFqTa5rjr9rSh7hfs0pihPBMn0qHC4qHwFrTw9pdrEpjn8q[...]
[l4if3s1s.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=209&systemid=488&v=a12834-366&apn_dtid=TCH001&apn_ptnrs=AG1&apn_uid=6394119906984342&o=APN11459&q=");

-\\ Google Chrome v41.0.2272.89

[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=209&systemid=488&v=a13277-366&apn_uid=6394119906984342&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=209&systemid=488&v=a13277-366&apn_uid=6394119906984342&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=20495&r=2015/03/15&hid=14933359633434041772&lg=EN&cc=CZ&unqvl=84
[C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=209&systemid=488&v=a12834-366&apn_uid=6394119906984342&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
[C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=209&systemid=488&v=a12834-366&apn_uid=6394119906984342&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}

*************************

AdwCleaner[R0].txt - [26012 bytes] - [19/03/2015 19:00:01]
AdwCleaner[S0].txt - [27222 bytes] - [19/03/2015 19:03:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27282 bytes] ##########

[capricorn]

Zoek.exe v5.0.0.0 Updated 18-March-2015
Tool run by admin on čt 19.03.2015 at 19:09:36,13.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\admin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19.3.2015 19:12:29 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Datamngr deleted successfully
C:\Users\admin\AppData\Roaming\TP deleted successfully
C:\Users\Jolanta\AppData\Roaming\Google deleted successfully
C:\Users\Jolanta\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\admin\AppData\Local\cache deleted successfully
C:\Users\admin\AppData\Local\CrashDumps deleted successfully
C:\Users\admin\AppData\Local\CRE deleted successfully
C:\Users\Jolanta\AppData\Local\{037833E5-1343-4EFF-A083-2C9AE8EDABF8} deleted successfully
C:\Users\Jolanta\AppData\Local\{0392C8D9-01F4-4C5E-B26F-7F2769B87BBE} deleted successfully
C:\Users\Jolanta\AppData\Local\{046BB51E-B9FB-4C26-B4CA-D393685DB390} deleted successfully
C:\Users\Jolanta\AppData\Local\{047B5A47-5D3F-4544-ACB0-307A36360D58} deleted successfully
C:\Users\Jolanta\AppData\Local\{0683040A-A8CF-4569-B3FE-0089C8152BA5} deleted successfully
C:\Users\Jolanta\AppData\Local\{0813DFAE-5ACF-4498-A8A9-8235A90E98D0} deleted successfully
C:\Users\Jolanta\AppData\Local\{0848B01D-F6F5-4202-AA8E-87645B96A7C3} deleted successfully
C:\Users\Jolanta\AppData\Local\{0A7F6CFF-F332-4175-A3B2-6E2CDDD381E3} deleted successfully
C:\Users\Jolanta\AppData\Local\{0C8C592A-4A0B-4531-8BB8-6D68733FB2AB} deleted successfully
C:\Users\Jolanta\AppData\Local\{0D9BF86B-E98D-4EBB-9543-597B0C604D08} deleted successfully
C:\Users\Jolanta\AppData\Local\{0DD7644A-D5D4-4E69-91B2-3DAC0E368622} deleted successfully
C:\Users\Jolanta\AppData\Local\{0DFE9214-FA3B-4DB1-8A7C-FE14B940DAE8} deleted successfully
C:\Users\Jolanta\AppData\Local\{14898EDA-453C-48AA-A802-60F53731DEA0} deleted successfully
C:\Users\Jolanta\AppData\Local\{17144E7F-7EED-4A1E-9009-5A48501E99C6} deleted successfully
C:\Users\Jolanta\AppData\Local\{1837ADF7-1CF6-4A63-97EA-3810871A7CB4} deleted successfully
C:\Users\Jolanta\AppData\Local\{1A0B18A8-D35B-491C-BAC2-EF3E9AD5A581} deleted successfully
C:\Users\Jolanta\AppData\Local\{1A4655DB-5E0E-404D-8C7F-9668C6CD593D} deleted successfully
C:\Users\Jolanta\AppData\Local\{1A8974B3-D0AB-46D3-9D53-754AEAC53E99} deleted successfully
C:\Users\Jolanta\AppData\Local\{1AADEEC4-B357-479C-8FE9-906B81AA4E70} deleted successfully
C:\Users\Jolanta\AppData\Local\{1F3FF521-6DFF-4733-AD9F-FE7A242EBCD8} deleted successfully
C:\Users\Jolanta\AppData\Local\{2190CDB7-8493-4DF0-A0D5-6054257C8E94} deleted successfully
C:\Users\Jolanta\AppData\Local\{2289D915-59E2-4BEE-905E-7A84CB2A4DE0} deleted successfully
C:\Users\Jolanta\AppData\Local\{236E3576-91E9-480F-9119-D4C08812BF57} deleted successfully
C:\Users\Jolanta\AppData\Local\{2A26F911-7B79-450F-8AC9-FE37CDC44C6C} deleted successfully
C:\Users\Jolanta\AppData\Local\{2C094DDC-83D7-4009-A8D5-EF304B99DAE6} deleted successfully
C:\Users\Jolanta\AppData\Local\{2DB4AE52-072C-4A94-9393-3040453590BE} deleted successfully
C:\Users\Jolanta\AppData\Local\{2E4FB98A-5E50-4B08-8132-6A14D040F80F} deleted successfully
C:\Users\Jolanta\AppData\Local\{2E91FAB3-DB3A-46F0-81FF-DC762D1AA895} deleted successfully
C:\Users\Jolanta\AppData\Local\{2EB5A876-8F57-4B13-AD6E-DE0E913CC270} deleted successfully
C:\Users\Jolanta\AppData\Local\{2EC61C9E-FC78-4D01-B8B7-9F034556F0AB} deleted successfully
C:\Users\Jolanta\AppData\Local\{2FADC0B0-898B-444B-A924-8F8805CDE1F5} deleted successfully
C:\Users\Jolanta\AppData\Local\{32BE6299-68DD-418B-99C9-69D15F4B2DA3} deleted successfully
C:\Users\Jolanta\AppData\Local\{33822928-3768-496C-B001-72958026BDE9} deleted successfully
C:\Users\Jolanta\AppData\Local\{3390E8A5-9DE4-4D61-866E-40378065FA7A} deleted successfully
C:\Users\Jolanta\AppData\Local\{34915B27-CD95-4750-8940-72B52CA9B88F} deleted successfully
C:\Users\Jolanta\AppData\Local\{353E9D59-11A6-4F7A-B295-442FAB0C5B97} deleted successfully
C:\Users\Jolanta\AppData\Local\{36DD6EEA-7B6F-47E8-8BDA-B67266235505} deleted successfully
C:\Users\Jolanta\AppData\Local\{38716AA3-28CE-453D-A4A9-EEFC314FE619} deleted successfully
C:\Users\Jolanta\AppData\Local\{3ACB60BF-37C7-4BF8-8589-98EA95902940} deleted successfully
C:\Users\Jolanta\AppData\Local\{3BEA95F9-4F54-4627-A8E0-3E646C50D776} deleted successfully
C:\Users\Jolanta\AppData\Local\{3D56815E-B94D-483A-9F7F-EC72ECC2C533} deleted successfully
C:\Users\Jolanta\AppData\Local\{40AF43E4-655A-4C89-B6B4-5214E4C42CE2} deleted successfully
C:\Users\Jolanta\AppData\Local\{422AB645-68BF-4FD7-84A7-7AD9920C3CCD} deleted successfully
C:\Users\Jolanta\AppData\Local\{4456588D-BCFC-4249-A61B-A8A482938597} deleted successfully
C:\Users\Jolanta\AppData\Local\{499226C8-02F4-435F-A0FB-6D8A0AF5C658} deleted successfully
C:\Users\Jolanta\AppData\Local\{4A53BCB9-CE55-47DC-9688-BF2CD72C9612} deleted successfully
C:\Users\Jolanta\AppData\Local\{4B539E53-1074-46DB-9C44-1ABB7D300D82} deleted successfully
C:\Users\Jolanta\AppData\Local\{4C9D0824-F9C3-4E9A-A29A-D1A4F811935F} deleted successfully
C:\Users\Jolanta\AppData\Local\{4D035718-CCA5-46FE-A34A-4AB79A2E043C} deleted successfully
C:\Users\Jolanta\AppData\Local\{4E9DCBEB-98EF-472F-88CE-3F782EF325D6} deleted successfully
C:\Users\Jolanta\AppData\Local\{4F3B2B57-9C55-4456-A5F5-74B46CE9753F} deleted successfully
C:\Users\Jolanta\AppData\Local\{4FE13373-F5AB-4778-A6B5-817BF7D32C59} deleted successfully
C:\Users\Jolanta\AppData\Local\{526DFA8E-48A5-4505-A263-246C9242AD65} deleted successfully
C:\Users\Jolanta\AppData\Local\{53887C91-D814-4D88-9448-59AC7AE9B9D7} deleted successfully
C:\Users\Jolanta\AppData\Local\{55719F07-E137-4728-B445-197D3893AF16} deleted successfully
C:\Users\Jolanta\AppData\Local\{58B217E2-BD64-44A0-AE2C-D3E548A7828B} deleted successfully
C:\Users\Jolanta\AppData\Local\{59E62D9B-D6BE-49E6-AA09-E355A3FBB692} deleted successfully
C:\Users\Jolanta\AppData\Local\{5A9487E9-577D-4056-9D28-BEE262510EE7} deleted successfully
C:\Users\Jolanta\AppData\Local\{5AA9E5FF-4122-451B-BD55-46DB341124F8} deleted successfully
C:\Users\Jolanta\AppData\Local\{5B485AEA-05BA-4DBF-973A-7062CC829A65} deleted successfully
C:\Users\Jolanta\AppData\Local\{5DF67959-BFFE-4CAA-B603-5F53BB8C8F89} deleted successfully
C:\Users\Jolanta\AppData\Local\{61F4CC75-49F0-4D9E-871D-2F6A3F0F3D1D} deleted successfully
C:\Users\Jolanta\AppData\Local\{62D8BEF6-EA03-405C-8FB5-1D244F9E30D4} deleted successfully
C:\Users\Jolanta\AppData\Local\{6387100C-6743-4A98-89F2-57FDE9B20DDF} deleted successfully
C:\Users\Jolanta\AppData\Local\{640FE3C5-3A67-429A-8AA6-351173F97EEC} deleted successfully
C:\Users\Jolanta\AppData\Local\{65A22DF1-6B25-42A4-991B-942FC0CCE3E2} deleted successfully
C:\Users\Jolanta\AppData\Local\{6752014E-59B5-4470-A886-2EBC7804CF7F} deleted successfully
C:\Users\Jolanta\AppData\Local\{68EC1730-2705-43D1-935D-C8F5D4969C3D} deleted successfully
C:\Users\Jolanta\AppData\Local\{6C59A04E-D684-41B6-8559-920312974E92} deleted successfully
C:\Users\Jolanta\AppData\Local\{6D732803-1D63-4CB7-B039-FBDEF970C6F6} deleted successfully
C:\Users\Jolanta\AppData\Local\{6F315BDA-CCFF-4011-B9A8-2B0CFA24399D} deleted successfully
C:\Users\Jolanta\AppData\Local\{7053F48E-8E66-4EC7-8087-21008D2426E7} deleted successfully
C:\Users\Jolanta\AppData\Local\{74103512-FDEE-4421-B726-98BCEA5E9F9E} deleted successfully
C:\Users\Jolanta\AppData\Local\{7542FEE6-5B5D-4730-87BC-41608DBEAA56} deleted successfully
C:\Users\Jolanta\AppData\Local\{75AAA81E-3C09-4874-B98C-38C95189A9EC} deleted successfully
C:\Users\Jolanta\AppData\Local\{75DFFDF7-AD41-4565-A5F7-FA3989137550} deleted successfully
C:\Users\Jolanta\AppData\Local\{76C63421-80EE-4089-9A23-4E41FBE18F69} deleted successfully
C:\Users\Jolanta\AppData\Local\{77B12666-8200-44BB-9C26-4505AB861C65} deleted successfully
C:\Users\Jolanta\AppData\Local\{784F900A-89E3-45A2-A243-3D4789EA3E4E} deleted successfully
C:\Users\Jolanta\AppData\Local\{7A89066A-C298-4924-AEF0-5BDF7894D8D6} deleted successfully
C:\Users\Jolanta\AppData\Local\{7ABC7FC1-31F1-4595-AC14-8B29A305E828} deleted successfully
C:\Users\Jolanta\AppData\Local\{7B3375A5-E6F6-4FD9-AA6B-9B2E593CA270} deleted successfully
C:\Users\Jolanta\AppData\Local\{7B4AFB60-CC51-4E90-8B77-B9DBC38EAC47} deleted successfully
C:\Users\Jolanta\AppData\Local\{7CF40CD0-B99D-4F65-A65D-93DDDB74B892} deleted successfully
C:\Users\Jolanta\AppData\Local\{7D45A787-7E90-4428-95F4-8B407322F630} deleted successfully
C:\Users\Jolanta\AppData\Local\{7ECC9639-62DF-47CE-98FA-35CE06AA05F6} deleted successfully
C:\Users\Jolanta\AppData\Local\{8110C649-4567-46C2-8B18-7025C0B9475A} deleted successfully
C:\Users\Jolanta\AppData\Local\{81737BB5-F80D-4D81-9F09-7ECF21D942A8} deleted successfully
C:\Users\Jolanta\AppData\Local\{81970441-32AB-49C3-AD50-CF2FBFE30C4C} deleted successfully
C:\Users\Jolanta\AppData\Local\{84250257-B5FB-4C67-9C9B-52BDDEAD9E84} deleted successfully
C:\Users\Jolanta\AppData\Local\{849D726B-5606-4C69-B690-E5893E6BB554} deleted successfully
C:\Users\Jolanta\AppData\Local\{8719D966-C39F-4E96-A143-CFCFB9E65820} deleted successfully
C:\Users\Jolanta\AppData\Local\{87B97A43-D3F8-49D8-9D41-5B5B0F966C1F} deleted successfully
C:\Users\Jolanta\AppData\Local\{88B95ED7-1562-4355-9143-F087299230A0} deleted successfully
C:\Users\Jolanta\AppData\Local\{88D52F22-8627-4358-8796-E4E3B11F9540} deleted successfully
C:\Users\Jolanta\AppData\Local\{89A1B48F-4125-40C6-9A2D-BF631EFA13A9} deleted successfully
C:\Users\Jolanta\AppData\Local\{89EF6C9C-6CEC-4078-9B43-A7FEDC76CAFC} deleted successfully
C:\Users\Jolanta\AppData\Local\{8ACF6184-0F45-4CE7-9131-96DC07AC0945} deleted successfully
C:\Users\Jolanta\AppData\Local\{8AD03F99-5ADC-495E-8E4D-1CB098AA22A2} deleted successfully
C:\Users\Jolanta\AppData\Local\{8AF99BDA-CC19-4EEE-9E0C-EE50C4F9A06B} deleted successfully
C:\Users\Jolanta\AppData\Local\{8B16A528-FF46-4751-9735-D521A1FAF562} deleted successfully
C:\Users\Jolanta\AppData\Local\{8B66E9E9-9194-4E23-8C87-1A256CBDFD58} deleted successfully
C:\Users\Jolanta\AppData\Local\{8C6594FF-20E9-4F54-89E0-0BD06B180538} deleted successfully
C:\Users\Jolanta\AppData\Local\{8D25FF97-3151-47C0-8A60-A3D4F57E0C0E} deleted successfully
C:\Users\Jolanta\AppData\Local\{8F22F16A-BE08-4961-AEEA-D53E3722ACC6} deleted successfully
C:\Users\Jolanta\AppData\Local\{9108AB95-A718-4234-A736-46C83E077E9F} deleted successfully
C:\Users\Jolanta\AppData\Local\{913C03EF-D0D5-46CF-87C7-9832B954AC76} deleted successfully
C:\Users\Jolanta\AppData\Local\{9197197B-4EB0-4818-8103-DE42900382E1} deleted successfully
C:\Users\Jolanta\AppData\Local\{9287C8A1-B194-4068-9698-798A42D47DCF} deleted successfully
C:\Users\Jolanta\AppData\Local\{929EE5B6-209E-4040-B6CD-BC7A01E6F673} deleted successfully
C:\Users\Jolanta\AppData\Local\{93E6A3D8-E60F-4DF5-B5B4-94B36B08F32E} deleted successfully
C:\Users\Jolanta\AppData\Local\{93F26A4E-773D-4D15-BCC9-93FDC85871D3} deleted successfully
C:\Users\Jolanta\AppData\Local\{95383DE9-2B27-40E5-BBF4-5BBC6ABF5755} deleted successfully
C:\Users\Jolanta\AppData\Local\{990802C8-3172-4910-9898-7BFDFF5815E6} deleted successfully
C:\Users\Jolanta\AppData\Local\{998B89A6-F79F-410F-B664-98FAD3B76811} deleted successfully
C:\Users\Jolanta\AppData\Local\{9BD5DAA9-F249-4E88-85FF-67152952DED7} deleted successfully
C:\Users\Jolanta\AppData\Local\{9DBE6A95-9ADD-4D74-A16A-C46B74B63A27} deleted successfully
C:\Users\Jolanta\AppData\Local\{A08CEA19-B925-4577-8C14-71D758602F9E} deleted successfully
C:\Users\Jolanta\AppData\Local\{A1769103-8503-47FB-AFB6-16E1221C0C25} deleted successfully
C:\Users\Jolanta\AppData\Local\{A1ECC211-7F24-4133-8E3E-6BD935271876} deleted successfully
C:\Users\Jolanta\AppData\Local\{A6211EE2-F91B-4A45-B4F7-AB092C429678} deleted successfully
C:\Users\Jolanta\AppData\Local\{A684D272-AE92-4BA0-A7A9-2799403C7951} deleted successfully
C:\Users\Jolanta\AppData\Local\{ADFA4780-EC87-438A-952B-782C684BDE3A} deleted successfully
C:\Users\Jolanta\AppData\Local\{AE6A6BD9-EDD8-48C1-A3D5-949173A28055} deleted successfully
C:\Users\Jolanta\AppData\Local\{AEA3E7D0-75DC-4A2A-AC40-2796DF955CEC} deleted successfully
C:\Users\Jolanta\AppData\Local\{AECB6720-8395-4230-814C-4D26CE932ECD} deleted successfully
C:\Users\Jolanta\AppData\Local\{AF171490-51B9-4721-9D87-3A7E4A95DAF0} deleted successfully
C:\Users\Jolanta\AppData\Local\{B03DD913-0E68-4728-99E4-9408FC97FF6F} deleted successfully
C:\Users\Jolanta\AppData\Local\{B3B31D52-6A5F-46CC-9DDA-2CB1BAEB750F} deleted successfully
C:\Users\Jolanta\AppData\Local\{B4ABE968-F4B3-4016-82D7-3E002A185364} deleted successfully
C:\Users\Jolanta\AppData\Local\{B5DCF0C4-43AE-4637-8EAB-8DA4A3E64F44} deleted successfully
C:\Users\Jolanta\AppData\Local\{B5E848CA-CE08-4763-A822-3F378D113A1A} deleted successfully
C:\Users\Jolanta\AppData\Local\{B7A54F17-ECDA-4C7A-A209-EA8DCF5FDB03} deleted successfully
C:\Users\Jolanta\AppData\Local\{B8A56D63-6BEE-482C-ACB6-3A8BA9177870} deleted successfully
C:\Users\Jolanta\AppData\Local\{B979BE09-933E-4BC4-BD28-D6A3AE2BF090} deleted successfully
C:\Users\Jolanta\AppData\Local\{B9D5319B-954B-4784-8D55-B4981ACEC38A} deleted successfully
C:\Users\Jolanta\AppData\Local\{BB8D3846-028A-402A-B66A-DA3FADE5AD08} deleted successfully
C:\Users\Jolanta\AppData\Local\{BE8ACF7E-8C84-40BE-9123-60B66C17FA6A} deleted successfully
C:\Users\Jolanta\AppData\Local\{C21D90C5-B362-4A23-85C0-586C262A79E2} deleted successfully
C:\Users\Jolanta\AppData\Local\{C23449B8-C4D7-41ED-ABE2-BCF8578E5CE3} deleted successfully
C:\Users\Jolanta\AppData\Local\{C265E981-135D-4F71-9826-BF66FCF1D51C} deleted successfully
C:\Users\Jolanta\AppData\Local\{C298FCEA-F70B-4E29-A4E8-9EC9CC4D8463} deleted successfully
C:\Users\Jolanta\AppData\Local\{C310B42A-8922-4F31-B51C-399E33625661} deleted successfully
C:\Users\Jolanta\AppData\Local\{C4DD421B-BF7B-4F5B-B962-E74DA6745B7D} deleted successfully
C:\Users\Jolanta\AppData\Local\{C64ADF1E-6DA4-400E-9BA5-7A05D667F643} deleted successfully
C:\Users\Jolanta\AppData\Local\{C72E8931-423A-48F7-9312-90C2829DC5EF} deleted successfully
C:\Users\Jolanta\AppData\Local\{C86075BF-F176-4E2D-8EC4-BBC9AEE5D223} deleted successfully
C:\Users\Jolanta\AppData\Local\{C9B05EDE-5EE5-4711-B365-7ED0725BAAB1} deleted successfully
C:\Users\Jolanta\AppData\Local\{CBFC743B-D95D-4691-BB53-4A38526ECF2A} deleted successfully
C:\Users\Jolanta\AppData\Local\{D10BAA3D-85BB-4F47-8359-1FB2F2334F38} deleted successfully
C:\Users\Jolanta\AppData\Local\{D1FF8B8C-4DD8-45DC-B7C8-9A241BF9CD53} deleted successfully
C:\Users\Jolanta\AppData\Local\{D36A0A99-00A5-409A-80A5-16102D6D92C9} deleted successfully
C:\Users\Jolanta\AppData\Local\{D3D09EE1-F2A6-4AC2-8850-F646BD01CF3D} deleted successfully
C:\Users\Jolanta\AppData\Local\{D3F2BACD-F545-4FB7-8F88-F8E5CD1431A7} deleted successfully
C:\Users\Jolanta\AppData\Local\{D4F654C2-8DA3-4DCA-8D07-6FB8751BE7DC} deleted successfully
C:\Users\Jolanta\AppData\Local\{D584A31F-998B-4A44-BD2E-722D4317B0FF} deleted successfully
C:\Users\Jolanta\AppData\Local\{D7CB4138-75C7-493D-A29A-FB13D11C7C6C} deleted successfully
C:\Users\Jolanta\AppData\Local\{D9E3EA22-11D3-4F45-948F-A8A831A5A004} deleted successfully
C:\Users\Jolanta\AppData\Local\{DAF6426A-804C-40C9-9AA0-602FFF805DBD} deleted successfully
C:\Users\Jolanta\AppData\Local\{DCC34E65-5E4E-4725-B921-3FC0343C9860} deleted successfully
C:\Users\Jolanta\AppData\Local\{E08A701F-2B43-468E-820A-A4CD750336CB} deleted successfully
C:\Users\Jolanta\AppData\Local\{E102A185-F8AC-4D3C-BC25-13B26451D4EB} deleted successfully
C:\Users\Jolanta\AppData\Local\{E1165624-FFBE-496E-A7C9-CBB2BEEFE56C} deleted successfully
C:\Users\Jolanta\AppData\Local\{E18D1D47-9EA2-4677-94B9-47BCBA497FB5} deleted successfully
C:\Users\Jolanta\AppData\Local\{E19B1D12-19CA-4917-99AD-B6BCBCE5F1C4} deleted successfully
C:\Users\Jolanta\AppData\Local\{E2DA63BB-3A89-49A0-99F6-19E643E298E9} deleted successfully
C:\Users\Jolanta\AppData\Local\{E3BA62BF-2494-4B47-BD8F-BB47B9B79840} deleted successfully
C:\Users\Jolanta\AppData\Local\{E43D9466-5FA1-4CF5-B01A-C2F14597D689} deleted successfully
C:\Users\Jolanta\AppData\Local\{E6B0619E-A2E4-4D23-9218-F1C75BE7F795} deleted successfully
C:\Users\Jolanta\AppData\Local\{E7114F56-E667-472B-97EA-BF1C269FDA7A} deleted successfully
C:\Users\Jolanta\AppData\Local\{E9A25043-7EDE-4CE0-B53E-906C9AF940E0} deleted successfully
C:\Users\Jolanta\AppData\Local\{EA6B4725-1DAB-45B8-BE8A-5D2333B9FB4E} deleted successfully
C:\Users\Jolanta\AppData\Local\{EA8FD23A-0A21-44B6-9274-0D88D2AC7221} deleted successfully
C:\Users\Jolanta\AppData\Local\{EB96C14A-4F40-4CB8-9532-837B936A5941} deleted successfully
C:\Users\Jolanta\AppData\Local\{ECB02E2B-8690-4DC6-8ED9-C6C5BE0C981D} deleted successfully
C:\Users\Jolanta\AppData\Local\{EED0B4BE-27FF-4875-952F-357E0AF4827B} deleted successfully
C:\Users\Jolanta\AppData\Local\{EF9D4415-FA58-4E68-9535-21B1487E8331} deleted successfully
C:\Users\Jolanta\AppData\Local\{F0E6BB12-639E-405D-A577-511DD6379577} deleted successfully
C:\Users\Jolanta\AppData\Local\{F18C6B62-B45D-4E54-9FBE-863D8F2A69F0} deleted successfully
C:\Users\Jolanta\AppData\Local\{F1C086CB-4539-41FA-AABA-88EAAA36D05B} deleted successfully
C:\Users\Jolanta\AppData\Local\{F1C5FB66-809C-4AD6-8BA0-66869D70D729} deleted successfully
C:\Users\Jolanta\AppData\Local\{F3C3E70D-ED29-4451-B991-354E03BA73FB} deleted successfully
C:\Users\Jolanta\AppData\Local\{F5968E80-348B-49DA-B0AE-CD0491BCE052} deleted successfully
C:\Users\Jolanta\AppData\Local\{F669BC1B-FA7D-4E0B-9B9A-3E33A5F41E3F} deleted successfully
C:\Users\Jolanta\AppData\Local\{F7B68C1F-CEDF-4516-A8E7-EC2B04ADA379} deleted successfully
C:\Users\Jolanta\AppData\Local\{F8CE6BB3-A9F3-4033-B1DD-FAB503A0222B} deleted successfully
C:\Users\Jolanta\AppData\Local\{FA3487BD-9191-4867-AF44-89C2C5A16B7A} deleted successfully
C:\Users\Jolanta\AppData\Local\{FCFD48B4-2E79-4F4B-853C-92C6591115C3} deleted successfully
C:\Users\Jolanta\AppData\Local\{FD2AB981-5509-48B2-A77A-49E3B641A7D2} deleted successfully
C:\Users\Jolanta\AppData\Local\{FDC2F592-D377-41C3-9FC0-C0650C6563A1} deleted successfully
C:\Users\Jolanta\AppData\Local\{FFC4B52F-739A-4289-A7A4-C18DF59C8052} deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{846b34e6-9c2c-4e84-aced-65fe99de505b} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{846b34e6-9c2c-4e84-aced-65fe99de505b} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23d32d52-488f-4d26-bac3-4a3d4bac55bc} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23d32d52-488f-4d26-bac3-4a3d4bac55bc} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{023abed6-f14f-478c-896b-2e1809f411c0} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{023abed6-f14f-478c-896b-2e1809f411c0} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e754ad87-f1d0-4463-ae50-8f67c9fe4124} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e754ad87-f1d0-4463-ae50-8f67c9fe4124} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{197197A7-86AF-4D6D-8759-943020CB9BEA} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D027456-1FC-4736-8B4D-64E4828C1970} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20446E77-F886-4765-8036-B588D7931F24} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{213F1D6B-2AEB-4E48-A120-FBFF92E0AFBE} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AE17BFF-C4BF-410F-AAA4-E03A25F3445A} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{504F4B3D-9EC4-43CA-8CAB-2BAF3CF92F6} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54852EE4-43C9-4BE5-AEAD-26C5A896A68} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57FBC280-A009-4589-A5E7-3813BE356870} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{930379D-C4CE-458E-A679-46FEB0789C4} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C70295C9-2D9-43B3-9198-11F24C8A4E85} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF7C740B-98B8-4C03-826D-95AB9EC03660} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD9AA5A2-961B-40DF-B278-B7A568347884} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{846b34e6-9c2c-4e84-aced-65fe99de505b} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{23d32d52-488f-4d26-bac3-4a3d4bac55bc} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23d32d52-488f-4d26-bac3-4a3d4bac55bc} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{023abed6-f14f-478c-896b-2e1809f411c0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{023abed6-f14f-478c-896b-2e1809f411c0} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{846b34e6-9c2c-4e84-aced-65fe99de505b} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{23d32d52-488f-4d26-bac3-4a3d4bac55bc} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{023abed6-f14f-478c-896b-2e1809f411c0} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{2977C29A-6723-4436-90BB-F7C5FDEF88A1} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{cb10bc40-e524-4ac9-8d55-ebb9430a78a6} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{37832f3b-1823-4fc8-837d-b4c39b6c0e46} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{e754ad87-f1d0-4463-ae50-8f67c9fe4124} deleted successfully
HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\12x3q4@3244516.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@WebexpEnhancedV1alpha1000.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaPlayerV1alpha836.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaViewV1alpha1631.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@TrustMediaViewerV1alpha2251.net deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\1f68291f deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\1f68291f deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Jolanta\AppData\Roaming\Mozilla\Firefox\Profiles\l4if3s1s.default\prefs.js:

Added to C:\Users\Jolanta\AppData\Roaming\Mozilla\Firefox\Profiles\l4if3s1s.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default

user.js not found
---- Lines CT3288691 removed from prefs.js ----
user_pref("CT3288691.browser.search.defaultthis.engineName", "true");
user_pref("CT3288691.FF19Solved", "true");
user_pref("CT3288691.fullUserID", "UN21002299948775325.IN.20131201141351");
user_pref("CT3288691.installDate", "01/12/2013 14:13:53");
user_pref("CT3288691.installerVersion", "1.8.1.4");
user_pref("CT3288691.installSessionId", "{CDF5C18C-62FB-433D-80FA-A41B4C2F7101}");
user_pref("CT3288691.installSp", "true");
user_pref("CT3288691.keyword", "true");
user_pref("CT3288691.originalHomepage", "http://www.google.cz");
user_pref("CT3288691.originalSearchAddressUrl", "");
user_pref("CT3288691.originalSearchEngine", "Heur?");
user_pref("CT3288691.originalSearchEngineName", "Heur?");
user_pref("CT3288691.searchRevert", "true");
user_pref("CT3288691.searchUninstallUserMode", "2");
user_pref("CT3288691.searchUserMode", "2");
user_pref("CT3288691.toolbarInstallDate", "01-12-2013 14:13:51");
user_pref("CT3288691.UserID", "UN21002299948775325");
user_pref("CT3288691.versionFromInstaller", "10.22.5.10");
user_pref("CT3288691.xpeMode", "0");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- Lines extensions.8Jid1RLhfpMjtpMB removed from prefs.js ----
user_pref("extensions.8Jid1RLhfpMjtpMB.epoch", "1426608297");
user_pref("extensions.8Jid1RLhfpMjtpMB.url", "http://syncs-jpi.info/sync2/?q=hfZ9oe4M ... 8rdkMBzqUo
---- Lines extensions.CJCaVI6wyKOFNkhm removed from prefs.js ----
user_pref("extensions.CJCaVI6wyKOFNkhm.epoch", "1426608168");
user_pref("extensions.CJCaVI6wyKOFNkhm.url", "http://bloggertimein.info/sync2/?q=hfZ9 ... FrTa8rdkMB
---- Lines extensions.ETMcgeEOoGThk7c0 removed from prefs.js ----
user_pref("extensions.ETMcgeEOoGThk7c0.epoch", "1426608165");
user_pref("extensions.ETMcgeEOoGThk7c0.url", "http://downloadnicesuperguru.in/sync2/? ... jaHrjkFrHr
---- Lines extensions.U80T6LJhKNUbtY5v removed from prefs.js ----
user_pref("extensions.U80T6LJhKNUbtY5v.epoch", "1426608297");
user_pref("extensions.U80T6LJhKNUbtY5v.url", "http://transferbox.info/sync2/?q=hfZ9oe ... Tk4qdaMBzq
---- Lines extensions.XlQG67znLg75t635 removed from prefs.js ----
user_pref("extensions.XlQG67znLg75t635.epoch", "1426608296");
user_pref("extensions.XlQG67znLg75t635.url", "http://superie.org/sync2/?q=hfZ9oe4Mhyh ... wMBzqUojw8
---- Lines extensions.fM2kAgk82vz9EI5l removed from prefs.js ----
user_pref("extensions.fM2kAgk82vz9EI5l.epoch", "1426608164");
---- Lines extensions.kAlWw2WofIuKcnEK removed from prefs.js ----
user_pref("extensions.kAlWw2WofIuKcnEK.epoch", "1426608168");
user_pref("extensions.kAlWw2WofIuKcnEK.url", "http://fasten-tech.com/sync2/?q=hfZ9oe4 ... sErHgMBzqU
---- Lines extensions.m3JCFPZqq6Hy7K4a removed from prefs.js ----
user_pref("extensions.m3JCFPZqq6Hy7K4a.epoch", "1426608167");
user_pref("extensions.m3JCFPZqq6Hy7K4a.url", "http://liveprosoftwaregreat.in/sync2/?q ... aHrjkFrHnE
---- Lines extensions.oJbBknJ4NEikqhjm removed from prefs.js ----
user_pref("extensions.oJbBknJ4NEikqhjm.epoch", "1426608166");
user_pref("extensions.oJbBknJ4NEikqhjm.url", "http://techwebbjobnew.info/sync2/?q=hfZ ... gErShIC7n0
---- Lines extensions.ouHn3fhf5QGdiI36 removed from prefs.js ----
user_pref("extensions.ouHn3fhf5QGdiI36.epoch", "1426608298");
user_pref("extensions.ouHn3fhf5QGdiI36.url", "http://toolkitcomp.in/sync2/?q=hfZ9oe4M ... 5rdCMBzqUo
---- Lines extensions.rNjgw48syBmUcNZm removed from prefs.js ----
user_pref("extensions.rNjgw48syBmUcNZm.epoch", "1426608164");
user_pref("extensions.rNjgw48syBmUcNZm.url", "http://secure-school.net/sync2/?q=hfZ9o ... rTk9rjCMBz
---- Lines extensions.uZa0kT3oYM2wEI1N removed from prefs.js ----
user_pref("extensions.uZa0kT3oYM2wEI1N.epoch", "1426608167");
user_pref("extensions.uZa0kT3oYM2wEI1N.url", "http://onlinediir.com/sync2/?q=hfZ9oe4M ... GrdYMBzqUo
---- FireFox user.js and prefs.js backups ----

prefs_19.03.2015_2003_.backup

ProfilePath: C:\Users\Jolanta\AppData\Roaming\Mozilla\Firefox\Profiles\l4if3s1s.default

user.js not found
---- Lines extensions.8Jid1RLhfpMjtpMB removed from prefs.js ----
user_pref("extensions.8Jid1RLhfpMjtpMB.epoch", "1426762885");
---- Lines extensions.CJCaVI6wyKOFNkhm removed from prefs.js ----
user_pref("extensions.CJCaVI6wyKOFNkhm.epoch", "1426762882");
user_pref("extensions.CJCaVI6wyKOFNkhm.url", "http://jobfirstnet.info/sync2/?q=hfZ9oe ... Ta8rdkMBzq
---- Lines extensions.ETMcgeEOoGThk7c0 removed from prefs.js ----
user_pref("extensions.ETMcgeEOoGThk7c0.epoch", "1426762887");
user_pref("extensions.ETMcgeEOoGThk7c0.url", "http://toolkitfun.info/sync2/?q=hfZ9oe4 ... r8qdsMBzqU
---- Lines extensions.U80T6LJhKNUbtY5v removed from prefs.js ----
user_pref("extensions.U80T6LJhKNUbtY5v.epoch", "1426762884");
user_pref("extensions.U80T6LJhKNUbtY5v.url", "http://filebestproffiguru.net/sync2/?q= ... HrjkFrTk4q
---- Lines extensions.XlQG67znLg75t635 removed from prefs.js ----
user_pref("extensions.XlQG67znLg75t635.epoch", "1426762886");
---- Lines extensions.fM2kAgk82vz9EI5l removed from prefs.js ----
user_pref("extensions.fM2kAgk82vz9EI5l.epoch", "1426762881");
user_pref("extensions.fM2kAgk82vz9EI5l.url", "http://veterances.net/sync2/?q=hfZ9oe4M ... GqjkMBzqUo
---- Lines extensions.kAlWw2WofIuKcnEK removed from prefs.js ----
user_pref("extensions.kAlWw2WofIuKcnEK.epoch", "1426762888");
user_pref("extensions.kAlWw2WofIuKcnEK.url", "http://shareuuk.com/sync2/?q=hfZ9oe4Mhy ... HgMBzqUojw
---- Lines extensions.m3JCFPZqq6Hy7K4a removed from prefs.js ----
user_pref("extensions.m3JCFPZqq6Hy7K4a.epoch", "1426762883");
user_pref("extensions.m3JCFPZqq6Hy7K4a.url", "http://toolkitfun.info/sync2/?q=hfZ9oe4 ... nErHaMBzqU
---- Lines extensions.oJbBknJ4NEikqhjm removed from prefs.js ----
user_pref("extensions.oJbBknJ4NEikqhjm.epoch", "1426762881");
user_pref("extensions.oJbBknJ4NEikqhjm.url", "http://jpiserver.info/sync2/?q=hfZ9ofV9 ... IC7n0rjkEr
---- Lines extensions.ouHn3fhf5QGdiI36 removed from prefs.js ----
user_pref("extensions.ouHn3fhf5QGdiI36.epoch", "1426762884");
---- Lines extensions.rNjgw48syBmUcNZm removed from prefs.js ----
user_pref("extensions.rNjgw48syBmUcNZm.epoch", "1426762888");
user_pref("extensions.rNjgw48syBmUcNZm.url", "http://veterant.info/sync2/?q=hfZ9oe4Mh ... rjCMBzqUoj
---- Lines extensions.uZa0kT3oYM2wEI1N removed from prefs.js ----
user_pref("extensions.uZa0kT3oYM2wEI1N.epoch", "1426762886");
user_pref("extensions.uZa0kT3oYM2wEI1N.url", "http://storagemagic.eu/sync2/?q=hfZ9oe4 ... rGrdYMBzqU
---- Lines ext@WebexpEnhancedV1alpha1000.net removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-global\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\
---- FireFox user.js and prefs.js backups ----

prefs_19.03.2015_2003_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\ffdshow deleted
C:\PROGRA~2\SystemReset deleted
C:\Windows\syswow64\appdata deleted
C:\PROGRA~3\{01399c33-f608-5712-0139-99c33f6070cf} deleted
C:\PROGRA~3\{8755a5cf-4ca9-2e9f-8755-5a5cf4ca973d} deleted
C:\PROGRA~3\{a7295994-8ff5-d17a-a729-959948ff6652} deleted
C:\PROGRA~3\{b69da357-1217-60ea-b69d-da3571218d5c} deleted
C:\PROGRA~3\{b80447a7-88ce-5322-b804-447a788c1e9e} deleted
C:\PROGRA~3\{cf558ec5-2efc-3fdf-cf55-58ec52ef3b14} deleted
C:\PROGRA~3\{d670d233-aa3d-c700-d670-0d233aa348ce} deleted
C:\PROGRA~3\{e486f5b2-cf50-ae3d-e486-6f5b2cf5d6cb} deleted
C:\PROGRA~3\12240822605795872955 deleted
C:\Users\Jolanta\AppData\LocalLow\DivX_Browser_Bar deleted
C:\Users\admin\.android deleted
C:\PROGRA~2\COMMON~1\Config\uninstinethnfd.exe deleted
C:\PROGRA~2\DivX_Browser_Bar deleted
C:\PROGRA~2\COMMON~1\Config deleted
C:\awh888.tmp deleted
C:\awh9221.tmp deleted
C:\Users\admin\AppData\Roaming\WB.CFG deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted
C:\windows\SysNative\Tasks\BackgroundContainer Startup Task deleted
C:\Users\admin\Downloads\iMeshSetup-r1680-w-bf.exe deleted
C:\Users\admin\AppData\LocalLow\DataMngr deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default\CT3288691 deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Jolanta\AppData\Roaming\Mozilla\Firefox\Profiles\l4if3s1s.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 41.0.2272.89 (Up to date, latest Stable version: 41.0.2272.89)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dalfcbhipgfmolconhplcpaibcddppgo - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1631\ch\MediaViewV1alpha1631.crx[]
dkggegkmpdgjmfojfmpbfamammcpoaco - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha1000\ch\WebexpEnhancedV1alpha1000.crx[]
micdhnoichbddicjlgbpdaddjpaeocbh - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2251\ch\TrustMediaViewerV1alpha2251.crx[]


==== Chromium Fix ======================

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage deleted successfully
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dalfcbhipgfmolconhplcpaibcddppgo deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dkggegkmpdgjmfojfmpbfamammcpoaco deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\micdhnoichbddicjlgbpdaddjpaeocbh deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Jolanta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jolanta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\mpli5si0.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=56 folders=37 20938708 bytes)

==== Empty Temp Folders ======================

C:\Users\admin\AppData\Local\temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Jolanta\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\admin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on čt 19.03.2015 at 20:32:16,43 ======================

[vyosek]

Hooodne tam toho bylo

Poprosim o novy log z FRST

[capricorn]

No o to se zasloužila moje draha polovička. Prosil bych potom číslo účtu, abych se finančně mohl odškodnit. a od mojí drahé polovičky si to vyberu jinak.

Addition přiložen.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by admin (administrator) on TOSH on 19-03-2015 21:20:00
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: admin & Jolanta)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Apache Software Foundation) C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Apache Software Foundation) C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Toshiba) C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Společnost TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [458456 2014-12-19] (ZONER software)
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1227389623-1569507831-367013762-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-04] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpli5si0.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-09] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1227389623-1569507831-367013762-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-09] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-07]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-06] (AVG Technologies CZ, s.r.o.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4553768 2012-01-05] (INCA Internet Co., Ltd.) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 wampapache; c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe [21504 2011-09-26] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [6562432 2009-03-16] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [280544 2015-02-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2004-12-31] (INCA Internet Co., Ltd.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-08] (Duplex Secure Ltd.)
R1 tnetfilter2; C:\Windows\System32\drivers\tnetfilter2.sys [60096 2014-01-17] (NetFilterSDK.com)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
U3 ajwtghw0; C:\Windows\System32\Drivers\ajwtghw0.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 20:31 - 2015-03-19 20:31 - 00000332 _____ () C:\Windows\PFRO.log
2015-03-19 20:26 - 2015-03-19 19:09 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-03-19 19:11 - 2015-03-19 20:32 - 00044844 _____ () C:\zoek-results.log
2015-03-19 19:09 - 2015-03-19 20:15 - 00000000 ____D () C:\zoek_backup
2015-03-19 19:08 - 2015-03-19 19:08 - 01305600 _____ () C:\Users\admin\Desktop\zoek.exe
2015-03-19 19:05 - 2015-03-19 20:31 - 00000112 _____ () C:\Windows\setupact.log
2015-03-19 19:05 - 2015-03-19 19:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-19 18:58 - 2015-03-19 19:04 - 00000000 ____D () C:\AdwCleaner
2015-03-19 18:57 - 2015-03-19 18:57 - 02171392 _____ () C:\Users\admin\Desktop\adwcleaner_4.112.exe
2015-03-19 16:21 - 2015-03-19 16:21 - 00009177 _____ () C:\Users\admin\Desktop\Addition.rar
2015-03-19 16:18 - 2015-03-19 16:19 - 00028042 _____ () C:\Users\admin\Desktop\Addition.txt
2015-03-19 16:17 - 2015-03-19 21:21 - 00019753 _____ () C:\Users\admin\Desktop\FRST.txt
2015-03-19 16:15 - 2015-03-19 16:15 - 02095616 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-03-16 17:36 - 2015-03-18 19:08 - 00000000 ____D () C:\Users\Jolanta\AppData\Local\Avg2015
2015-03-16 17:36 - 2015-03-16 17:36 - 00000000 ____D () C:\Users\Jolanta\AppData\Roaming\AVG2015
2015-03-16 17:15 - 2015-03-16 17:15 - 00000984 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-16 17:15 - 2015-03-16 17:15 - 00000000 ____D () C:\Users\admin\AppData\Roaming\TuneUp Software
2015-03-16 17:15 - 2015-03-16 17:15 - 00000000 ____D () C:\Users\admin\AppData\Roaming\AVG2015
2015-03-16 17:15 - 2015-03-16 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-16 17:14 - 2015-03-16 17:23 - 00000000 ____D () C:\ProgramData\AVG2015
2015-03-16 17:14 - 2015-03-16 17:14 - 00000000 ___HD () C:\$AVG
2015-03-16 17:14 - 2015-03-16 17:14 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-03-16 17:10 - 2015-03-19 15:38 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-16 17:10 - 2015-03-16 17:53 - 00000000 ____D () C:\Users\admin\AppData\Local\Avg2015
2015-03-16 17:10 - 2015-03-16 17:10 - 00000000 ____D () C:\Users\admin\AppData\Local\MFAData
2015-03-16 17:09 - 2015-03-16 17:10 - 04579184 _____ (AVG Technologies) C:\Users\admin\Downloads\avg_free_stb_eu_2015_5315.exe
2015-03-15 16:33 - 2015-03-15 16:33 - 00000000 ____D () C:\dddd
2015-03-15 15:33 - 2015-03-15 15:33 - 04210920 _____ (Piriform Ltd) C:\Users\admin\Downloads\rcsetup151.exe
2015-03-15 15:33 - 2015-03-15 15:33 - 00733320 _____ () C:\Users\admin\Downloads\recuva-lista-centrumcz.exe
2015-03-15 15:33 - 2015-03-15 15:33 - 00384529 _____ () C:\Users\admin\Downloads\Lista_centrum.exe
2015-03-15 15:30 - 2015-03-15 15:30 - 01622024 _____ (Undelete & Unerase, Inc. ) C:\Users\admin\Downloads\recover_files_setup.exe
2015-03-15 15:23 - 2015-03-15 15:23 - 01535656 _____ () C:\Users\admin\Downloads\pen-drive-data-recovery-demo.exe
2015-03-15 15:23 - 2010-07-01 03:32 - 00067312 _____ (Just Great Software) C:\Windows\UnDeployV.exe
2015-03-15 13:37 - 2015-03-15 13:37 - 16389931 _____ () C:\Users\admin\Downloads\Mashup_Root_Tool.exe
2015-03-15 13:16 - 2015-03-15 13:16 - 11131385 _____ () C:\Users\admin\Downloads\LG-Mobile-Driver_v3.13.2.zip
2015-03-13 09:06 - 2015-03-13 09:06 - 06208736 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-07 00:10 - 2015-03-07 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 19:11 - 2015-03-06 20:35 - 1504952356 _____ () C:\Users\admin\Downloads\Maso-a-krev-HD-(Munk)-_-Flesh+Blood-(0).mp4
2015-03-06 16:42 - 2015-03-06 16:42 - 03087877 _____ () C:\Users\admin\Downloads\Podzim_Ĺživota.ppsx
2015-02-26 13:45 - 2015-02-26 13:45 - 00000000 ____D () C:\ProgramData\Riot Games
2015-02-25 17:37 - 2015-02-25 17:37 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2015-02-24 16:46 - 2015-02-24 16:46 - 00280544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-02-23 14:21 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-23 14:21 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-23 14:21 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-23 14:21 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-23 14:21 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-23 14:21 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-23 14:21 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-23 14:21 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-23 14:21 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-23 14:21 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-23 14:21 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-23 14:21 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-23 14:21 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-23 14:21 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-23 14:21 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-23 14:21 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-23 14:21 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-23 14:21 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-23 14:20 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-23 14:20 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-23 14:20 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-23 14:20 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-23 14:20 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-23 14:20 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-23 14:20 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-23 14:20 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-23 14:20 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-23 14:20 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-23 14:20 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-23 14:20 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-23 14:20 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-23 14:20 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-23 14:20 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-23 14:20 - 2015-01-12 03:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-23 14:20 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-23 14:20 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-23 14:20 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-23 14:20 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-23 14:20 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-23 14:20 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-23 14:20 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-23 14:20 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-23 14:20 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-23 14:20 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-23 14:20 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-23 14:20 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-23 14:20 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-23 14:20 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-23 14:20 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-23 14:20 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-23 14:20 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-23 14:20 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-23 14:20 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-23 14:20 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-23 14:20 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-23 14:20 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-23 14:20 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-23 14:20 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-23 14:20 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-23 14:20 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-23 14:20 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-23 14:20 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-23 14:20 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-23 14:20 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-23 14:20 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-23 14:20 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-23 14:20 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-23 14:20 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-23 14:20 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-23 14:20 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-23 14:20 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-23 14:20 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-23 14:20 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-23 14:20 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-23 14:19 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-23 14:19 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-23 14:19 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-23 14:19 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-23 14:19 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-23 14:19 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-23 14:19 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-23 14:19 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-23 14:19 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-23 14:19 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-23 14:18 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-23 14:18 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-23 14:18 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-23 14:18 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-23 14:18 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-23 14:18 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-23 14:18 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-23 14:18 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-23 14:18 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-23 14:18 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-23 14:18 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-23 14:18 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-23 14:18 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-23 14:18 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-23 14:18 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-23 14:17 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-23 14:17 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-23 14:17 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-23 14:17 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-23 14:17 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-23 14:17 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-23 14:17 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-23 14:09 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 21:20 - 2013-12-19 13:30 - 00000000 ____D () C:\FRST
2015-03-19 21:11 - 2012-06-01 17:06 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 20:39 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-19 20:39 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 20:36 - 2012-02-06 18:10 - 01203046 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 20:32 - 2014-02-10 20:28 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 20:32 - 2014-01-30 06:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-19 20:31 - 2011-08-03 12:39 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 20:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 20:07 - 2012-02-06 18:46 - 00000000 ____D () C:\Users\admin
2015-03-19 20:07 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-19 20:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-03-19 19:03 - 2012-05-20 12:50 - 00001068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-19 19:03 - 2012-05-20 12:50 - 00001056 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-19 19:03 - 2012-02-06 18:47 - 00000976 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-19 19:03 - 2011-08-03 12:39 - 00001293 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-19 19:03 - 2011-08-03 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-19 16:06 - 2013-02-26 07:01 - 00000000 ____D () C:\Users\admin\AppData\Roaming\uTorrent
2015-03-19 16:00 - 2012-08-22 23:32 - 00000000 ____D () C:\Users\Jolanta\AppData\Roaming\uTorrent
2015-03-19 00:58 - 2012-12-08 09:53 - 00000274 _____ () C:\Users\admin\Documents\ax_files.xml
2015-03-18 23:55 - 2012-02-19 22:44 - 00000000 ____D () C:\Users\Jolanta\AppData\Roaming\Skype
2015-03-18 15:12 - 2009-07-14 06:08 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-16 17:26 - 2011-08-03 12:40 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-16 17:26 - 2011-08-03 12:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-16 17:07 - 2012-03-13 08:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\TeamViewer
2015-03-13 09:10 - 2014-04-23 18:21 - 00000000 ____D () C:\Users\admin\AppData\Roaming\FileZilla
2015-03-08 07:32 - 2012-05-20 12:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 22:18 - 2009-07-14 06:13 - 01586172 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 13:34 - 2011-02-14 09:37 - 00669570 _____ () C:\Windows\system32\perfh005.dat
2015-03-05 13:34 - 2011-02-14 09:37 - 00141938 _____ () C:\Windows\system32\perfc005.dat
2015-03-01 10:38 - 2015-02-02 17:16 - 00000000 ____D () C:\Users\admin\AppData\Local\Zoner
2015-02-24 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-24 09:48 - 2009-07-14 05:45 - 00280184 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-24 09:46 - 2015-01-18 13:40 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-24 09:46 - 2014-05-07 06:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-23 14:46 - 2013-08-04 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-23 14:24 - 2012-03-03 15:10 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2013-12-19 11:29 - 2013-12-19 11:29 - 0003584 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 15:59

==================== End Of Log ============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
  HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2013-04-04] (Adobe Systems Incorporated)
  HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
  HKLM\...\Policies\Explorer: [NoControlPanel] 0
  HKU\S-1-5-21-1227389623-1569507831-367013762-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
  HKU\S-1-5-21-1227389623-1569507831-367013762-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
  HKU\S-1-5-21-1227389623-1569507831-367013762-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [458456 2014-12-19] (ZONER software)
  HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
  
  HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  HKU\S-1-5-21-1227389623-1569507831-367013762-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
  HKU\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  
  FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-07]
  FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-07]
  FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
  
  U3 ajwtghw0; C:\Windows\System32\Drivers\ajwtghw0.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
  S3 catchme; \??\C:\ComboFix\catchme.sys [X]
  S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
  S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
  
  2015-03-19 20:31 - 2015-03-19 20:31 - 00000332 _____ () C:\Windows\PFRO.log
  2015-03-19 20:26 - 2015-03-19 19:09 - 00024064 _____ () C:\Windows\zoek-delete.exe
  2015-03-19 19:11 - 2015-03-19 20:32 - 00044844 _____ () C:\zoek-results.log
  2015-03-19 19:09 - 2015-03-19 20:15 - 00000000 ____D () C:\zoek_backup
  2015-03-19 19:08 - 2015-03-19 19:08 - 01305600 _____ () C:\Users\admin\Desktop\zoek.exe
  2015-03-19 19:05 - 2015-03-19 20:31 - 00000112 _____ () C:\Windows\setupact.log
  2015-03-19 19:05 - 2015-03-19 19:05 - 00000000 _____ () C:\Windows\setuperr.log
  2015-03-19 18:58 - 2015-03-19 19:04 - 00000000 ____D () C:\AdwCleaner
  2015-03-19 18:57 - 2015-03-19 18:57 - 02171392 _____ () C:\Users\admin\Desktop\adwcleaner_4.112.exe
  2015-03-19 16:21 - 2015-03-19 16:21 - 00009177 _____ () C:\Users\admin\Desktop\Addition.rar
  2015-03-19 16:18 - 2015-03-19 16:19 - 00028042 _____ () C:\Users\admin\Desktop\Addition.txt
  2015-03-19 16:17 - 2015-03-19 21:21 - 00019753 _____ () C:\Users\admin\Desktop\FRST.txt
  2015-03-19 16:15 - 2015-03-19 16:15 - 02095616 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
  2015-03-16 17:09 - 2015-03-16 17:10 - 04579184 _____ (AVG Technologies) C:\Users\admin\Downloads\avg_free_stb_eu_2015_5315.exe
  2015-03-15 15:33 - 2015-03-15 15:33 - 04210920 _____ (Piriform Ltd) C:\Users\admin\Downloads\rcsetup151.exe
  2015-03-15 15:33 - 2015-03-15 15:33 - 00733320 _____ () C:\Users\admin\Downloads\recuva-lista-centrumcz.exe
  2015-03-15 15:33 - 2015-03-15 15:33 - 00384529 _____ () C:\Users\admin\Downloads\Lista_centrum.exe
  
  Task: {76411790-ECB0-4947-9D48-C7ED8CE2005B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
  Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  
  HKU\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Classes\.exe:  =>  <===== ATTENTION!
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[capricorn]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by admin at 2015-03-19 22:44:58 Run:2
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: admin & Jolanta)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [458456 2014-12-19] (ZONER software)
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-07]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

U3 ajwtghw0; C:\Windows\System32\Drivers\ajwtghw0.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

2015-03-19 20:31 - 2015-03-19 20:31 - 00000332 _____ () C:\Windows\PFRO.log
2015-03-19 20:26 - 2015-03-19 19:09 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-03-19 19:11 - 2015-03-19 20:32 - 00044844 _____ () C:\zoek-results.log
2015-03-19 19:09 - 2015-03-19 20:15 - 00000000 ____D () C:\zoek_backup
2015-03-19 19:08 - 2015-03-19 19:08 - 01305600 _____ () C:\Users\admin\Desktop\zoek.exe
2015-03-19 19:05 - 2015-03-19 20:31 - 00000112 _____ () C:\Windows\setupact.log
2015-03-19 19:05 - 2015-03-19 19:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-19 18:58 - 2015-03-19 19:04 - 00000000 ____D () C:\AdwCleaner
2015-03-19 18:57 - 2015-03-19 18:57 - 02171392 _____ () C:\Users\admin\Desktop\adwcleaner_4.112.exe
2015-03-19 16:21 - 2015-03-19 16:21 - 00009177 _____ () C:\Users\admin\Desktop\Addition.rar
2015-03-19 16:18 - 2015-03-19 16:19 - 00028042 _____ () C:\Users\admin\Desktop\Addition.txt
2015-03-19 16:17 - 2015-03-19 21:21 - 00019753 _____ () C:\Users\admin\Desktop\FRST.txt
2015-03-19 16:15 - 2015-03-19 16:15 - 02095616 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-03-16 17:09 - 2015-03-16 17:10 - 04579184 _____ (AVG Technologies) C:\Users\admin\Downloads\avg_free_stb_eu_2015_5315.exe
2015-03-15 15:33 - 2015-03-15 15:33 - 04210920 _____ (Piriform Ltd) C:\Users\admin\Downloads\rcsetup151.exe
2015-03-15 15:33 - 2015-03-15 15:33 - 00733320 _____ () C:\Users\admin\Downloads\recuva-lista-centrumcz.exe
2015-03-15 15:33 - 2015-03-15 15:33 - 00384529 _____ () C:\Users\admin\Downloads\Lista_centrum.exe

Task: {76411790-ECB0-4947-9D48-C7ED8CE2005B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

HKU\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Classes\.exe: => <===== ATTENTION!

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount => value deleted successfully.
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\TOPI.EXE => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1227389623-1569507831-367013762-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value deleted successfully.
ajwtghw0 => Service deleted successfully.
catchme => Service deleted successfully.
EagleX64 => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\admin\Desktop\zoek.exe => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\admin\Desktop\adwcleaner_4.112.exe => Moved successfully.
C:\Users\admin\Desktop\Addition.rar => Moved successfully.
C:\Users\admin\Desktop\Addition.txt => Moved successfully.
C:\Users\admin\Desktop\FRST.txt => Moved successfully.
C:\Users\admin\Desktop\FRST64.exe => Moved successfully.
C:\Users\admin\Downloads\avg_free_stb_eu_2015_5315.exe => Moved successfully.
C:\Users\admin\Downloads\rcsetup151.exe => Moved successfully.
C:\Users\admin\Downloads\recuva-lista-centrumcz.exe => Moved successfully.
C:\Users\admin\Downloads\Lista_centrum.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{76411790-ECB0-4947-9D48-C7ED8CE2005B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76411790-ECB0-4947-9D48-C7ED8CE2005B}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"HKU\S-1-5-21-1227389623-1569507831-367013762-1000\Software\Classes\.exe" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 122.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:46:24 ====

[vyosek]

Jak se chova PC???