yessearches

[rita33]

dobry den, pomuzete mi prosim?

# AdwCleaner v5.101 - Logfile created 12/03/2016 at 11:35:26
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : jirka - JIRKA-PC
# Running from : C:\Users\jirka\AppData\Local\Temp\nsi981C.tmp\setupadwcleaner_5.101.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\jirka\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\YourGSearchFinder_br

***** [ Files ] *****

[-] File Deleted : C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yessearches.xml
[-] File Deleted : C:\Windows\system32\drivers\swdumon.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc

***** [ Web browsers ] *****

[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "yessearches");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename.US", "data:text/plain,browser.search.defaultenginename.US=yessearches");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "44.0");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=782a31eb");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", true);
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true);
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016031211");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true);
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1457777810471");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"cs\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supp[...]
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false);
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false);
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true);
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false);
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "hxxp://www.yessearches.com/chrome.php?uid=0E0B ... ttoolbar&q[...]
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", true);
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\jirka\\\\AppData\\\\[...]
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "yourGSearchfinder@GSearch.com");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "yourGSearchfinder@GSearch.com");
[-] [C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://www.yessearches.com/chrome.php?uid=0E0B ... toolbar&q=");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [10193 bytes] - [12/03/2016 10:42:11]
C:\Program Files\AdwCleaner\AdwCleaner[C2].txt - [7614 bytes] - [12/03/2016 11:05:07]
C:\Program Files\AdwCleaner\AdwCleaner[C3].txt - [7787 bytes] - [12/03/2016 11:12:21]
C:\Program Files\AdwCleaner\AdwCleaner[C4].txt - [7433 bytes] - [12/03/2016 11:35:26]
C:\Program Files\AdwCleaner\AdwCleaner[S1].txt - [9644 bytes] - [12/03/2016 10:40:02]
C:\Program Files\AdwCleaner\AdwCleaner[S2].txt - [7228 bytes] - [12/03/2016 11:04:09]
C:\Program Files\AdwCleaner\AdwCleaner[S3].txt - [7401 bytes] - [12/03/2016 11:11:08]
C:\Program Files\AdwCleaner\AdwCleaner[S4].txt - [7575 bytes] - [12/03/2016 11:34:36]

########## EOF - C:\Program Files\AdwCleaner\AdwCleaner[C4].txt - [7868 bytes] ##########

[Rudy]

Zdravím!

Otevřte poznámkový blok a zkopírujte do něj:

Start
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1966211022-1112906515-959141442-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-02] (Google Inc.)
C:\Program Files\Google\Google Toolbar
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-02] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
C:\Users\jirka\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[rita33]

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by jirka (2016-03-12 15:15:04) Run:1
Running from C:\Users\jirka\Desktop
Loaded Profiles: jirka (Available Profiles: jirka)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1966211022-1112906515-959141442-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-02] (Google Inc.)
C:\Program Files\Google\Google Toolbar
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-02] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
C:\Users\jirka\AppData\Local\Temp
End
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully.
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully.
HKU\S-1-5-21-1966211022-1112906515-959141442-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Program Files\Google\Google Toolbar => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully.
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\grooveLocalGWS" => key removed successfully.
"HKCR\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully.
c2cautoupdatesvc => Service stopped successfully.
c2cautoupdatesvc => service removed successfully.
c2cpnrsvc => Service stopped successfully.
c2cpnrsvc => service removed successfully.

"C:\Users\jirka\AppData\Local\Temp" folder move:

Could not move "C:\Users\jirka\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-12 15:16:44)

C:\Users\jirka\AppData\Local\Temp => moved successfully

==== End of Fixlog 15:16:44 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[rita33]

rychlejsi, furt ale vyskakuje lista hledani yourgsearchfinder a seznam nelze pouzit, furt dela ze neco nacita

[Rudy]

Udělejte ještě tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[rita33]

po spusteni obou a restartu firefox avast nasel yesserchs a odstranil doplnek z firefoxu.
vse ted bezi ok


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by jirka on ne 13.03.2016 at 9:02:34,64.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jirka\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13.3.2016 9:05:09 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\jirka\AppData\Roaming\Launcher deleted successfully
C:\Users\jirka\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 deleted successfully
C:\Users\jirka\AppData\Local\F727A298-4DB4-456A-AC54-A93EA5F8554D deleted successfully
C:\Users\jirka\AppData\Local\Ubisoft Game Launcher deleted successfully
C:\Users\jirka\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1966211022-1112906515-959141442-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1966211022-1112906515-959141442-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1966211022-1112906515-959141442-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_USERS\S-1-5-21-1966211022-1112906515-959141442-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js:
user_pref("browser.startup.homepage", "https://www.seznam.cz/|about:preferences");
user_pref("browser.search.defaultenginename", "yessearches");
user_pref("browser.search.defaultenginename.US", "data:text/plain,browser.search.defaultenginename.US=yessearches");
user_pref("keyword.URL", "http://www.yessearches.com/chrome.php?u ... toolbar&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js:
user_pref("browser.startup.homepage", "https://www.seznam.cz/|about:preferences");
user_pref("browser.newtab.url", "http://www.yessearches.com/?ts=AHEpBnQr ... ode=ffseng");
user_pref("browser.search.defaultenginename.US", "data:text/plain,browser.search.defaultenginename.US=yessearches");
user_pref("browser.search.selectedEngine", "yessearches");
user_pref("keyword.URL", "http://www.yessearches.com/chrome.php?u ... toolbar&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\jbzdgtoe.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.seznam.cz/");

Added to C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\jbzdgtoe.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1

user.js not found
---- Lines WebSearch removed from prefs.js ----
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
---- Lines mindspark removed from prefs.js ----
user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "44.0");
user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,
user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986");
user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=782a31eb");
user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR");
user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016031211");
user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1457779164857");
user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986");
user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"cs\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"p
user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en");
user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar");
user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "http://www.yessearches.com/chrome.php?u ... 8&ptid=cos&
user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", false);
user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"file
user_pref("extensions.toolbar.mindspark.hp.enabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "yourGSearchfinder@GSearch.com");
user_pref("extensions.toolbar.mindspark.lastInstalled", "yourGSearchfinder@GSearch.com");
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
---- FireFox user.js and prefs.js backups ----

prefs_13.03.2016_0914_.backup

ProfilePath: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F

user.js not found
---- Lines WebSearch removed from prefs.js ----
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
---- Lines mindspark removed from prefs.js ----
user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "44.0");
user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,
user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986");
user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=782a31ea");
user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR");
user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016031210");
user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1457773769155");
user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986");
user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"cs\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"p
user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en");
user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar");
user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "http://www.yessearches.com/chrome.php?u ... 8&ptid=cos&
user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", true);
user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"file
user_pref("extensions.toolbar.mindspark.hp.enabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "yourGSearchfinder@GSearch.com");
user_pref("extensions.toolbar.mindspark.lastInstalled", "yourGSearchfinder@GSearch.com");
---- Lines searchengine removed from prefs.js ----
user_pref("browser.search.searchengine.hp", "http://www.yessearches.com/?ts=AHEpBnQr ... 8&ptid=cos&
user_pref("browser.search.searchengine.sp", "http://www.yessearches.com/chrome.php?m ... ..&uid=0E0
user_pref("browser.search.searchengine.url", "http://www.yessearches.com/chrome.php?m ... k..&uid=0E
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
---- FireFox user.js and prefs.js backups ----

prefs_13.03.2016_0914_.backup

ProfilePath: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\jbzdgtoe.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_13.03.2016_0914_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition deleted
C:\Program Files\Warner Bros. Interactive Entertainment deleted
C:\Users\jirka\AppData\Roaming\dlg deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Public\Documents\dmp deleted
C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yessearches.xml deleted
C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\YourGSearchFinder_br deleted
C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\yessearches.xml deleted
C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\YourGSearchFinder_br deleted
"C:\Users\jirka\AppData\Local\SlimWare Utilities Inc\SlimDrivers\settings.db" not deleted
"C:\Users\jirka\AppData\Local\SlimWare Utilities Inc\SlimDrivers\supdates.db" not deleted
"C:\Users\jirka\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2016-03-12 16-51-51 0.log" not deleted
"C:\Users\jirka\AppData\Local\SlimWare Utilities Inc" not deleted
"C:\Users\jirka\AppData\Local\SlimWare Utilities Inc\SlimDrivers" not deleted
"C:\Users\jirka\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs" not deleted

==== Orphaned Tasks deleted from Registry ======================

avast Emergency Update deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\jbzdgtoe.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [01.03.2016 21:24]

==== Firefox Extensions ======================

ProfilePath: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
- GsearchFinder - %ProfilePath%\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi

ProfilePath: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
- GsearchFinder - %ProfilePath%\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
999A833D87C8CD918B5EE8C3F8149D2B - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat
AF8A94BCB98C299C49B28CC12EBC0ED2 - C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll - Google Update
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
9EA6FA4806BB45185FE743D534CEE9E6 - C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U73
843AE18C93C6DFD214AB7EAF338B4D6F - C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.730.2
F627791AB91E01A9829A8D9B6E024D52 - C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll - Shockwave Flash
BC8412E4D13DA9007A2E36C271117D03 - C:\Windows\Downloaded Program Files\npPLANETCamV.dll - PLANETCBCamV

Profilepath: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
999A833D87C8CD918B5EE8C3F8149D2B - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat
AF8A94BCB98C299C49B28CC12EBC0ED2 - C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll - Google Update
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
9EA6FA4806BB45185FE743D534CEE9E6 - C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U73
843AE18C93C6DFD214AB7EAF338B4D6F - C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.730.2
F627791AB91E01A9829A8D9B6E024D52 - C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll - Shockwave Flash
BC8412E4D13DA9007A2E36C271117D03 - C:\Windows\Downloaded Program Files\npPLANETCamV.dll - PLANETCBCamV

Profilepath: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\jbzdgtoe.default
999A833D87C8CD918B5EE8C3F8149D2B - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat
AF8A94BCB98C299C49B28CC12EBC0ED2 - C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll - Google Update
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
9EA6FA4806BB45185FE743D534CEE9E6 - C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U73
843AE18C93C6DFD214AB7EAF338B4D6F - C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.730.2
F627791AB91E01A9829A8D9B6E024D52 - C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll - Shockwave Flash
BC8412E4D13DA9007A2E36C271117D03 - C:\Windows\Downloaded Program Files\npPLANETCamV.dll - PLANETCBCamV


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[01.03.2016 21:21]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... urceid=ie7
HKCU\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... XB_csCZ682

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Users\jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\jirka\AppData\Local\Mozilla\Firefox\Profiles\41A66E7E5EE1\cache2 emptied successfully
C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=50 folders=20 6221798711 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\jirka\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\jirka\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\jirka\AppData\Local\SlimWare Utilities Inc\SlimDrivers\settings.db" not deleted
"C:\Users\jirka\AppData\Local\SlimWare Utilities Inc\SlimDrivers\supdates.db" not found
"C:\Users\jirka\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2016-03-12 16-51-51 0.log" not found
"C:\Users\jirka\AppData\Local\SlimWare Utilities Inc" not deleted

==== EOF on ne 13.03.2016 at 9:21:35,26 ======================




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x86
Ran by jirka (Administrator) on ne 13.03.2016 at 9:23:56,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 15

Successfully deleted: C:\Users\jirka\AppData\Local\slimware utilities inc (Folder)
Successfully deleted: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi (File)
Successfully deleted: C:\Users\jirka\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi (File)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Windows\System32\drivers\swdumon.sys (File)
Successfully deleted: C:\Windows\System32\Tasks\SlimDrivers Startup (Task)
Successfully deleted: C:\Windows\Tasks\SlimDrivers Startup.job (Task)
Successfully deleted: C:\Users\jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OE4QXP7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BES1WVLC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7BFBWWP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0A9HGRO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OE4QXP7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BES1WVLC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7BFBWWP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0A9HGRO (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 13.03.2016 at 9:25:22,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Rudy]

Změnilo se něco nyní?

[rita33]

jj, psal jsem
po spusteni obou a restartu firefox avast nasel yesserchs a odstranil doplnek z firefoxu.
vse ted bezi ok

[Rudy]

Tak to jsem rád.

[rita33]

rudy diky, posilam aspon pade na ucet .....

[Rudy]

Za příspěvek děkujeme a vy nemáte zač!