Prosím o kontrolu logu

Zpráva

refllex · #1 Příspěvek od **refllex** » 24 kvě 2014 06:53

Dobrý den, prosím o kontrolo logu z důvodu "zasekávání systému"....

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2014
Ran by Refllex (administrator) on REFLLEX-PC on 24-05-2014 07:46:28
Running from C:\Users\Refllex\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Promethean Technologies Group Ltd) C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe
(Informer Technologies, Inc.) C:\Program Files (x86)\Software Informer\softinfo.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Electronic Arts) C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
(ICQ, LLC.) C:\Program Files (x86)\ICQ7.0\ICQ.exe
(Edimax Technology Co., Ltd) C:\Program Files (x86)\Edimax\Common\RaUI.exe
(Xfire Inc.) C:\Program Files (x86)\Xfire\Xfire.exe
() C:\Users\Refllex\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
() C:\Users\Refllex\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
() C:\Program Files (x86)\Winamp\winampa.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(AOL LLC.) C:\Program Files (x86)\Winamp Toolbar\winampTbServer.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Refllex\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [ActivControl] => C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe [1238312 2010-06-10] (Promethean Technologies Group Ltd)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [37888 2009-07-01] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [facemoods] => C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe [323584 2010-10-26] (facemoods.com)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2014-01-22] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [Google Update] => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-02-17] (Google Inc.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [Software Informer] => C:\Program Files (x86)\Software Informer\softinfo.exe [2011205 2009-11-25] (Informer Technologies, Inc.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [fsm] => [X]
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3342336 2009-09-03] (Electronic Arts)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-23] (Google Inc.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [ICQ] => C:\Program Files (x86)\ICQ7.0\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Refllex\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Refllex\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {0ff7d854-acc2-11df-a833-4061864cf0f8} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {44ca898c-1bc8-11df-8c2c-4061864cf0f8} - G:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {cdc8aeb6-337e-11df-8fbd-4061864cf0f8} - H:\autorun.exe
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {cdc8aeb8-337e-11df-8fbd-4061864cf0f8} - I:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co., Ltd)
Startup: C:\Users\Refllex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
ShortcutTarget: Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hal3000.cz
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://www.icq.com/search/results.php?q ... &ch_id=osd
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM-x32 - Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
URLSearchHook: HKLM-x32 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/sli ... 0winampie7
SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb174/?se ... UKKYK&i=26
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=bf&s={searchTerms}&f=4
SearchScopes: HKCU - {320DE45A-351C-4947-B7B4-0829C5B0EFD9} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13014
SearchScopes: HKCU - {51E4AC5A-10B4-44C7-B37C-74EF0B15AAC3} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13014
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q ... &ch_id=osd
SearchScopes: HKCU - {822D5955-94C6-4AE6-AFDA-DAA253A9B59B} URL = http://search.seznam.cz/?q={searchTerms ... arch_13014
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKCU - {BEFD4675-9766-48A8-B12A-6E3105B53FF4} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13014
SearchScopes: HKCU - {BF25F6E5-A911-4EE3-B14F-E887A6016ACA} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13014
SearchScopes: HKCU - {CFBCA617-8D4A-4F6D-B84C-DC409DD76750} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb174/?se ... UKKYK&i=26
SearchScopes: HKCU - {E2B0C3B3-A89F-4266-B426-39AB9A518A18} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13014
SearchScopes: HKCU - {E4360764-82D3-469F-92FA-014A0D5F1DD8} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13014
SearchScopes: HKCU - {F10AEB12-B093-47AE-A90F-FA17CDD40DE2} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13014
SearchScopes: HKCU - {FBE159E1-3697-4AB9-961C-E49DD142FE17} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13014
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll No File
BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll No File
BHO-x32: CescrtHlpr Object - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll (facemoods.com BHO)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO-x32: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default
FF user.js: detected! => C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\user.js
FF NewTab: hxxp://mystart.incredibar.com/mb174?a=6R8CzUKKYK&loc=FF_NT
FF DefaultSearchEngine: ICQ Search
FF SelectedSearchEngine: ICQ Search
FF Homepage: hxxp://mystart.incredibar.com/mb174?a=6R8CzUKKYK&i=26
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Refllex\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Refllex\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Refllex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\daemon-search.xml
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\winamp-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Facemoods - C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\Extensions\ffxtlbr@Facemoods.com [2011-02-12]
FF Extension: incredibar.com - C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\Extensions\ffxtlbr@incredibar.com [2012-08-19]
FF Extension: Ask Toolbar - C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\Extensions\toolbar@ask.com [2012-04-01]
FF Extension: Winamp Toolbar - C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2013-04-08]
FF Extension: ICQ Toolbar - C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013-04-07]
FF Extension: Seznam lištička - C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-05-23]
FF Extension: BS Player Toolbar - C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2010-04-08]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-09-30]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/?clid=13014
CHR StartupUrls: "hxxp://mystart.incredibar.com/mb174?a=6R8CzUKKYK&i=26"
CHR DefaultSearchKeyword: mystart.incredibar.com/mb174
CHR DefaultSearchProvider: MyStart Search
CHR DefaultSearchURL: http://mystart.incredibar.com/mb174/?lo ... UKKYK&i=26
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Refllex\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Refllex\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Refllex\AppData\Local\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Seznam Lištička - Email) - C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-03-14]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-03-14]
CHR Extension: (YouTube) - C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Vyhledávání Google) - C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Foxtab Speed Dial (Release Candidate)) - C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif [2011-02-12]
CHR Extension: (Peněženka Google) - C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-03-14]
CHR Extension: (Gmail) - C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoods.crx [2010-11-24]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2010-11-24]
CHR StartMenuInternet: Google Chrome - C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2014-01-22] (AVAST Software)
S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [246520 2010-01-03] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2010-03-20] ()

==================== Drivers (Whitelisted) ====================

R3 ActivHidSerMini; C:\Windows\System32\DRIVERS\activhidsermini.sys [86104 2010-05-26] (Promethean Technologies Ltd)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2014-01-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2014-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2014-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2014-01-22] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2014-01-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2014-01-22] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2014-01-22] ()
R3 prmvmouse; C:\Windows\System32\DRIVERS\activmouse.sys [8152 2010-05-26] (Promethean Technologies Ltd)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-02-17] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [42896 2010-06-03] (Oracle Corporation)
U3 asr10pj8; C:\Windows\System32\Drivers\asr10pj8.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-24 07:46 - 2014-05-24 07:46 - 00029696 _____ () C:\Users\Refllex\AppData\Local\MSGBOX.EXE
2014-05-24 07:42 - 2014-05-24 07:46 - 00030401 _____ () C:\Users\Refllex\Desktop\FRST.txt
2014-05-24 07:41 - 2014-05-24 07:46 - 00015327 _____ () C:\Users\Refllex\Desktop\LM.bat
2014-05-24 07:41 - 2014-05-24 07:46 - 00000000 ____D () C:\FRST
2014-05-24 07:40 - 2014-05-24 07:40 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Desktop\FRSTLauncher.exe
2014-05-24 07:39 - 2014-05-24 07:39 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 666137.crdownload
2014-05-24 07:38 - 2014-05-24 07:38 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 820090.crdownload
2014-05-24 07:32 - 2014-05-24 07:32 - 02067456 _____ (Farbar) C:\Users\Refllex\Desktop\FRST64.exe
2014-05-23 18:28 - 2014-05-23 18:28 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-23 18:24 - 2014-01-22 15:52 - 00189936 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-23 18:23 - 2014-05-23 18:46 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-23 18:23 - 2014-01-22 15:52 - 00065336 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-23 14:20 - 2014-05-23 15:26 - 1083044165 _____ () C:\Users\Refllex\Downloads\Amazing_Teen_Ivana_Fukalot_Getting_Hot_Massive_Fuck.wmv
2014-05-23 14:14 - 2014-05-23 14:18 - 58374610 _____ () C:\Users\Refllex\Downloads\ivana_fukalot_fpd.flv
2014-05-21 17:29 - 2014-05-21 18:07 - 688413139 _____ () C:\Users\Refllex\Downloads\XXX-POR--Euro-Teen-Erotica-Anjelica-Calling-All-The-Shots-Xxx__Porno-mlada-teens-sexy-sex-blondynka-krasna-.avi
2014-05-19 18:50 - 2014-05-19 19:42 - 465469440 _____ () C:\Users\Refllex\Downloads\hra-o-trůny-S04E07-cz.tit.avi
2014-05-18 13:28 - 2014-05-18 13:28 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Ascaron Entertainment
2014-05-18 13:27 - 2014-05-18 13:27 - 00001244 _____ () C:\Users\Refllex\Desktop\Port Royale 2.lnk
2014-05-18 13:27 - 2014-05-18 13:27 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment
2014-05-18 13:27 - 2014-05-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment
2014-05-18 13:26 - 2014-05-18 13:26 - 00000000 ____D () C:\Users\Refllex\Documents\Ascaron Entertainment
2014-05-18 13:26 - 2014-05-18 13:26 - 00000000 ____D () C:\Program Files (x86)\Ascaron Entertainment
2014-05-18 13:06 - 2014-05-18 13:21 - 00000000 ____D () C:\Users\Refllex\Desktop\PR2
2014-05-15 07:05 - 2014-05-15 07:05 - 462240827 _____ () C:\Windows\MEMORY.DMP
2014-05-15 07:05 - 2014-05-15 07:05 - 00275320 _____ () C:\Windows\Minidump\051514-30312-01.dmp
2014-05-13 17:00 - 2014-05-13 19:27 - 1318469849 _____ () C:\Users\Refllex\Downloads\Hra-o-trůny-S04E06-[720pHDTVx264]---CZ-titulky.mkv
2014-05-12 18:34 - 2014-05-12 18:34 - 00057632 _____ () C:\Users\Refllex\Downloads\game.of.thrones.s04e03.720p.hdtv.x264-killers.srt
2014-05-11 19:09 - 2014-05-11 19:49 - 368902900 _____ () C:\Users\Refllex\Downloads\mlada-16-let-Niky,yung,xxx,sex,porno,domaci,mlada,amaterka,oral,novinka,cz,za-prachy.avi
2014-05-09 22:15 - 2014-05-09 22:15 - 00017094 _____ () C:\Users\Refllex\Downloads\školní nevýhody.odp
2014-05-09 22:14 - 2014-05-09 22:14 - 05177828 _____ () C:\Users\Refllex\Downloads\Problémy.pptx
2014-05-08 20:21 - 2014-05-08 23:34 - 3447003508 _____ () C:\Users\Refllex\Downloads\G.I.-Joe-2-Odveta--2013-Akcny--CZ-Dabing,AMD.rar
2014-05-06 23:07 - 2014-05-06 23:48 - 731028003 _____ () C:\Users\Refllex\Downloads\PublicPickUps.com---E81-Violetta-Pink---One-in-the-Pink-[480p].wmv
2014-05-06 17:34 - 2014-05-06 17:34 - 00000000 ____D () C:\Users\Refllex\AppData\Local\DOSBox
2014-05-06 17:32 - 2014-05-06 17:32 - 00001616 _____ () C:\Users\Public\Desktop\Spellcross.lnk
2014-05-06 17:32 - 2014-05-06 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spellcross
2014-05-06 17:25 - 2014-05-09 08:51 - 00000000 ____D () C:\Users\Refllex\Desktop\Spellcros
2014-05-05 16:38 - 2014-05-05 17:12 - 548495360 _____ () C:\Users\Refllex\Downloads\Woodman---Lucka---(hardcore).avi
2014-05-05 16:01 - 2014-05-05 16:32 - 551884050 _____ () C:\Users\Refllex\Downloads\XXX-PORNO--Jak-mi-Lucka-byla-nevěrná-natočeno-skrytou-kamerou!!!---v-Praze-HD-2013-CZECH-TEEN-PORN-DVDRIP-HD-SEX-XXX-PORNO-CESKY-MOBILE-EXCLUSIVE-BIG-BEST.avi
2014-05-05 15:57 - 2014-05-05 16:01 - 36574263 _____ () C:\Users\Refllex\Downloads\Rychle-prachy-2014-(4).flv
2014-05-01 19:56 - 2014-05-01 20:31 - 624386048 _____ () C:\Users\Refllex\Downloads\Profesionálové-(2.)-(The-Professionals,-1977,-dabing-TV-Nova).mpg
2014-05-01 19:36 - 2014-05-01 19:36 - 00011232 _____ () C:\Users\Refllex\Downloads\Nový objekt - List aplikace Microsoft Office Excel.xlsx
2014-05-01 19:32 - 2014-05-01 19:32 - 05237226 _____ () C:\Users\Refllex\Downloads\školní nevýhody 2..pptx
2014-05-01 18:52 - 2014-05-01 19:27 - 627449856 _____ () C:\Users\Refllex\Downloads\Profesionálové-(7.)-(The-Professionals,-1977,-dabing-TV-Nova).mpg
2014-04-28 18:48 - 2014-04-28 18:48 - 00397312 _____ () C:\Users\Refllex\Downloads\VY_32_INOVACE_MAT_NO_1_05 (1).ppt
2014-04-28 18:45 - 2014-04-28 18:45 - 00397312 _____ () C:\Users\Refllex\Downloads\VY_32_INOVACE_MAT_NO_1_05.ppt
2014-04-28 18:45 - 2014-04-28 18:45 - 00356864 _____ () C:\Users\Refllex\Downloads\VY_32_INOVACE_MAT_NO_1_02.ppt
2014-04-26 21:44 - 2014-04-27 00:59 - 1740995868 _____ () C:\Users\Refllex\Downloads\Gravitace-cz-(720p,-XVID,-stereo).avi

==================== One Month Modified Files and Folders =======

2014-05-24 07:46 - 2014-05-24 07:46 - 00029696 _____ () C:\Users\Refllex\AppData\Local\MSGBOX.EXE
2014-05-24 07:46 - 2014-05-24 07:42 - 00030401 _____ () C:\Users\Refllex\Desktop\FRST.txt
2014-05-24 07:46 - 2014-05-24 07:41 - 00015327 _____ () C:\Users\Refllex\Desktop\LM.bat
2014-05-24 07:46 - 2014-05-24 07:41 - 00000000 ____D () C:\FRST
2014-05-24 07:40 - 2014-05-24 07:40 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Desktop\FRSTLauncher.exe
2014-05-24 07:39 - 2014-05-24 07:39 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 666137.crdownload
2014-05-24 07:38 - 2014-05-24 07:38 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 820090.crdownload
2014-05-24 07:34 - 2010-02-17 13:47 - 00000000 ____D () C:\Users\Refllex\AppData\Local\Google
2014-05-24 07:32 - 2014-05-24 07:32 - 02067456 _____ (Farbar) C:\Users\Refllex\Desktop\FRST64.exe
2014-05-24 07:23 - 2011-12-23 18:31 - 00000954 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-24 07:16 - 2009-07-14 06:45 - 00020128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-24 07:16 - 2009-07-14 06:45 - 00020128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-24 07:14 - 2014-03-14 19:54 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Seznam.cz
2014-05-24 07:13 - 2010-02-17 13:00 - 01615864 _____ () C:\Windows\WindowsUpdate.log
2014-05-24 07:10 - 2010-02-19 12:35 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Software Informer
2014-05-24 07:09 - 2011-12-23 18:31 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-24 07:09 - 2011-06-29 13:44 - 00067910 _____ () C:\Windows\setupact.log
2014-05-24 07:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 22:38 - 2010-02-17 13:53 - 00000970 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000UA.job
2014-05-23 18:46 - 2014-05-23 18:23 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-23 18:43 - 2010-02-17 13:08 - 00000000 ____D () C:\Users\Refllex
2014-05-23 18:41 - 2011-08-24 08:18 - 00091992 _____ () C:\Windows\PFRO.log
2014-05-23 18:28 - 2014-05-23 18:28 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-23 18:23 - 2010-05-16 18:18 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-23 15:26 - 2014-05-23 14:20 - 1083044165 _____ () C:\Users\Refllex\Downloads\Amazing_Teen_Ivana_Fukalot_Getting_Hot_Massive_Fuck.wmv
2014-05-23 14:18 - 2014-05-23 14:14 - 58374610 _____ () C:\Users\Refllex\Downloads\ivana_fukalot_fpd.flv
2014-05-21 18:07 - 2014-05-21 17:29 - 688413139 _____ () C:\Users\Refllex\Downloads\XXX-POR--Euro-Teen-Erotica-Anjelica-Calling-All-The-Shots-Xxx__Porno-mlada-teens-sexy-sex-blondynka-krasna-.avi
2014-05-21 07:48 - 2009-07-14 17:18 - 00639640 _____ () C:\Windows\system32\perfh005.dat
2014-05-21 07:48 - 2009-07-14 17:18 - 00128538 _____ () C:\Windows\system32\perfc005.dat
2014-05-21 07:48 - 2009-07-14 07:13 - 01483286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 19:42 - 2014-05-19 18:50 - 465469440 _____ () C:\Users\Refllex\Downloads\hra-o-trůny-S04E07-cz.tit.avi
2014-05-19 09:00 - 2010-02-17 13:53 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000Core.job
2014-05-18 13:28 - 2014-05-18 13:28 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Ascaron Entertainment
2014-05-18 13:27 - 2014-05-18 13:27 - 00001244 _____ () C:\Users\Refllex\Desktop\Port Royale 2.lnk
2014-05-18 13:27 - 2014-05-18 13:27 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment
2014-05-18 13:27 - 2014-05-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment
2014-05-18 13:27 - 2010-02-18 18:51 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-18 13:26 - 2014-05-18 13:26 - 00000000 ____D () C:\Users\Refllex\Documents\Ascaron Entertainment
2014-05-18 13:26 - 2014-05-18 13:26 - 00000000 ____D () C:\Program Files (x86)\Ascaron Entertainment
2014-05-18 13:21 - 2014-05-18 13:06 - 00000000 ____D () C:\Users\Refllex\Desktop\PR2
2014-05-17 16:25 - 2013-10-29 14:35 - 00000000 ____D () C:\Users\Refllex\Desktop\GMH-skola
2014-05-16 20:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-16 15:03 - 2010-02-17 13:54 - 00002388 _____ () C:\Users\Refllex\Desktop\Google Chrome.lnk
2014-05-15 07:05 - 2014-05-15 07:05 - 462240827 _____ () C:\Windows\MEMORY.DMP
2014-05-15 07:05 - 2014-05-15 07:05 - 00275320 _____ () C:\Windows\Minidump\051514-30312-01.dmp
2014-05-15 07:05 - 2013-08-21 19:16 - 00000000 ____D () C:\Windows\Minidump
2014-05-13 19:27 - 2014-05-13 17:00 - 1318469849 _____ () C:\Users\Refllex\Downloads\Hra-o-trůny-S04E06-[720pHDTVx264]---CZ-titulky.mkv
2014-05-12 18:34 - 2014-05-12 18:34 - 00057632 _____ () C:\Users\Refllex\Downloads\game.of.thrones.s04e03.720p.hdtv.x264-killers.srt
2014-05-11 19:49 - 2014-05-11 19:09 - 368902900 _____ () C:\Users\Refllex\Downloads\mlada-16-let-Niky,yung,xxx,sex,porno,domaci,mlada,amaterka,oral,novinka,cz,za-prachy.avi
2014-05-09 22:15 - 2014-05-09 22:15 - 00017094 _____ () C:\Users\Refllex\Downloads\školní nevýhody.odp
2014-05-09 22:14 - 2014-05-09 22:14 - 05177828 _____ () C:\Users\Refllex\Downloads\Problémy.pptx
2014-05-09 08:51 - 2014-05-06 17:25 - 00000000 ____D () C:\Users\Refllex\Desktop\Spellcros
2014-05-08 23:34 - 2014-05-08 20:21 - 3447003508 _____ () C:\Users\Refllex\Downloads\G.I.-Joe-2-Odveta--2013-Akcny--CZ-Dabing,AMD.rar
2014-05-08 14:18 - 2011-12-23 18:31 - 00003950 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 14:18 - 2011-12-23 18:31 - 00003698 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 08:55 - 2010-02-17 13:53 - 00003944 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000UA
2014-05-08 08:55 - 2010-02-17 13:53 - 00003548 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000Core
2014-05-07 22:31 - 2010-04-08 21:54 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\BSplayer
2014-05-06 23:48 - 2014-05-06 23:07 - 731028003 _____ () C:\Users\Refllex\Downloads\PublicPickUps.com---E81-Violetta-Pink---One-in-the-Pink-[480p].wmv
2014-05-06 17:34 - 2014-05-06 17:34 - 00000000 ____D () C:\Users\Refllex\AppData\Local\DOSBox
2014-05-06 17:32 - 2014-05-06 17:32 - 00001616 _____ () C:\Users\Public\Desktop\Spellcross.lnk
2014-05-06 17:32 - 2014-05-06 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spellcross
2014-05-05 17:12 - 2014-05-05 16:38 - 548495360 _____ () C:\Users\Refllex\Downloads\Woodman---Lucka---(hardcore).avi
2014-05-05 16:32 - 2014-05-05 16:01 - 551884050 _____ () C:\Users\Refllex\Downloads\XXX-PORNO--Jak-mi-Lucka-byla-nevěrná-natočeno-skrytou-kamerou!!!---v-Praze-HD-2013-CZECH-TEEN-PORN-DVDRIP-HD-SEX-XXX-PORNO-CESKY-MOBILE-EXCLUSIVE-BIG-BEST.avi
2014-05-05 16:01 - 2014-05-05 15:57 - 36574263 _____ () C:\Users\Refllex\Downloads\Rychle-prachy-2014-(4).flv
2014-05-01 20:31 - 2014-05-01 19:56 - 624386048 _____ () C:\Users\Refllex\Downloads\Profesionálové-(2.)-(The-Professionals,-1977,-dabing-TV-Nova).mpg
2014-05-01 19:36 - 2014-05-01 19:36 - 00011232 _____ () C:\Users\Refllex\Downloads\Nový objekt - List aplikace Microsoft Office Excel.xlsx
2014-05-01 19:32 - 2014-05-01 19:32 - 05237226 _____ () C:\Users\Refllex\Downloads\školní nevýhody 2..pptx
2014-05-01 19:27 - 2014-05-01 18:52 - 627449856 _____ () C:\Users\Refllex\Downloads\Profesionálové-(7.)-(The-Professionals,-1977,-dabing-TV-Nova).mpg
2014-04-28 18:48 - 2014-04-28 18:48 - 00397312 _____ () C:\Users\Refllex\Downloads\VY_32_INOVACE_MAT_NO_1_05 (1).ppt
2014-04-28 18:45 - 2014-04-28 18:45 - 00397312 _____ () C:\Users\Refllex\Downloads\VY_32_INOVACE_MAT_NO_1_05.ppt
2014-04-28 18:45 - 2014-04-28 18:45 - 00356864 _____ () C:\Users\Refllex\Downloads\VY_32_INOVACE_MAT_NO_1_02.ppt
2014-04-27 00:59 - 2014-04-26 21:44 - 1740995868 _____ () C:\Users\Refllex\Downloads\Gravitace-cz-(720p,-XVID,-stereo).avi
2014-04-25 18:25 - 2009-07-14 07:08 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Refllex\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe
C:\Users\Refllex\AppData\Local\Temp\comver.dll
C:\Users\Refllex\AppData\Local\Temp\drm_dyndata_7380012.dll
C:\Users\Refllex\AppData\Local\Temp\EAD10E3.exe
C:\Users\Refllex\AppData\Local\Temp\EAD1121.exe
C:\Users\Refllex\AppData\Local\Temp\EAD1BFF.exe
C:\Users\Refllex\AppData\Local\Temp\EAD22F4.exe
C:\Users\Refllex\AppData\Local\Temp\EAD23FE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD53F7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7251.exe
C:\Users\Refllex\AppData\Local\Temp\EAD74F1.exe
C:\Users\Refllex\AppData\Local\Temp\EAD758D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD75FB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7658.exe
C:\Users\Refllex\AppData\Local\Temp\EAD76B6.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7714.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7724.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7752.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7762.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7772.exe
C:\Users\Refllex\AppData\Local\Temp\EAD77B0.exe
C:\Users\Refllex\AppData\Local\Temp\EAD77C0.exe
C:\Users\Refllex\AppData\Local\Temp\EAD785C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD786C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD788B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD788C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD78D9.exe
C:\Users\Refllex\AppData\Local\Temp\EAD78F8.exe
C:\Users\Refllex\AppData\Local\Temp\EAD78F9.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7918.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7946.exe
C:\Users\Refllex\AppData\Local\Temp\EAD79D3.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7A02.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7A21.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7A22.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7A31.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7A50.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7A60.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7A9E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7AAE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7ADD.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7ADE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7AEC.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7AED.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7AFC.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7B0C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7B1B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7B2B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7B5A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7B5B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7B5C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7B69.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7BB7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7BC7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7BE6.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7BE7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7BE8.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7BF6.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7C06.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7C25.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7C26.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7C27.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7C34.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7C63.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7C92.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7CA2.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7CB1.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7CC1.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7CC2.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7D0F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7D10.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7D20.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7D3E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7D6D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7D7D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7D7E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7D9C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7D9D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7DAB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7DCB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7DDA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7E09.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7E28.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7E29.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7E2A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7F03.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7F06.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7F22.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7F32.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7F42.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7F51.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7F71.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7FAF.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7FBF.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7FCE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD7FDE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD801C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD804B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD806B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD808A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD80D8.exe
C:\Users\Refllex\AppData\Local\Temp\EAD80E8.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8116.exe
C:\Users\Refllex\AppData\Local\Temp\EAD81D2.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8210.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8220.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8230.exe
C:\Users\Refllex\AppData\Local\Temp\EAD823F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8240.exe
C:\Users\Refllex\AppData\Local\Temp\EAD826E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD827E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD828D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD82AD.exe
C:\Users\Refllex\AppData\Local\Temp\EAD82AE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD82BC.exe
C:\Users\Refllex\AppData\Local\Temp\EAD82CC.exe
C:\Users\Refllex\AppData\Local\Temp\EAD82EB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD82EC.exe
C:\Users\Refllex\AppData\Local\Temp\EAD82ED.exe
C:\Users\Refllex\AppData\Local\Temp\EAD82FB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8378.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8387.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8397.exe
C:\Users\Refllex\AppData\Local\Temp\EAD83A7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD83E5.exe
C:\Users\Refllex\AppData\Local\Temp\EAD83F5.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8404.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8414.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8433.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8443.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8444.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8462.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8472.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8481.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8491.exe
C:\Users\Refllex\AppData\Local\Temp\EAD84A1.exe
C:\Users\Refllex\AppData\Local\Temp\EAD84C0.exe
C:\Users\Refllex\AppData\Local\Temp\EAD84EF.exe
C:\Users\Refllex\AppData\Local\Temp\EAD84FE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD84FF.exe
C:\Users\Refllex\AppData\Local\Temp\EAD850E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD850F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD851E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD852D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD853D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD854D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD854E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD855C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD855D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD856C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD858B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD858C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD858D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD859B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD859C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD859D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD85AA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD85AB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD85BA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD85CA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD85D9.exe
C:\Users\Refllex\AppData\Local\Temp\EAD85E9.exe
C:\Users\Refllex\AppData\Local\Temp\EAD85EA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD85F8.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8637.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8638.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8647.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8648.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8656.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8657.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8666.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8667.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8675.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8676.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8685.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8686.exe
C:\Users\Refllex\AppData\Local\Temp\EAD86A4.exe
C:\Users\Refllex\AppData\Local\Temp\EAD86A5.exe
C:\Users\Refllex\AppData\Local\Temp\EAD86B4.exe
C:\Users\Refllex\AppData\Local\Temp\EAD86B5.exe
C:\Users\Refllex\AppData\Local\Temp\EAD86C4.exe
C:\Users\Refllex\AppData\Local\Temp\EAD86E3.exe
C:\Users\Refllex\AppData\Local\Temp\EAD86E4.exe
C:\Users\Refllex\AppData\Local\Temp\EAD86F2.exe
C:\Users\Refllex\AppData\Local\Temp\EAD86F3.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8712.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8721.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8741.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8750.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8751.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8760.exe
C:\Users\Refllex\AppData\Local\Temp\EAD876F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD877F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD878F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD879E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD879F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD87CD.exe
C:\Users\Refllex\AppData\Local\Temp\EAD87DD.exe
C:\Users\Refllex\AppData\Local\Temp\EAD87DE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD87DF.exe
C:\Users\Refllex\AppData\Local\Temp\EAD87EC.exe
C:\Users\Refllex\AppData\Local\Temp\EAD87FC.exe
C:\Users\Refllex\AppData\Local\Temp\EAD87FD.exe
C:\Users\Refllex\AppData\Local\Temp\EAD880C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD880D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD880E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD881B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD882B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD882C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD882D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD883B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD884A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD885A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8869.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8879.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8889.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8898.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8899.exe
C:\Users\Refllex\AppData\Local\Temp\EAD88B8.exe
C:\Users\Refllex\AppData\Local\Temp\EAD88C7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD88F6.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8906.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8915.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8925.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8935.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8936.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8963.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8973.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8992.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8993.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8994.exe
C:\Users\Refllex\AppData\Local\Temp\EAD89A2.exe
C:\Users\Refllex\AppData\Local\Temp\EAD89A3.exe
C:\Users\Refllex\AppData\Local\Temp\EAD89D1.exe
C:\Users\Refllex\AppData\Local\Temp\EAD89E0.exe
C:\Users\Refllex\AppData\Local\Temp\EAD89F0.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A0F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A10.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A1F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A2F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A3E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A3F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A40.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A4E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A6D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A6E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A7D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A7E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A7F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A9C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8A9D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8AAC.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8AAD.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8AAE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8AAF.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8ABB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8ABC.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8ADA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8ADB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8AEA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8AEB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8AFA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8AFB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B19.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B1A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B29.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B2A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B38.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B48.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B67.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B68.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B69.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B6A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B77.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B78.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B79.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B7A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B96.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8B97.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8BA6.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8BA7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8BB5.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8BC5.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8BE4.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8BE5.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8BF4.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8BF5.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8BF6.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8BF7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C23.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C42.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C43.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C44.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C51.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C52.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C61.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C62.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C63.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C71.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C72.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C80.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C90.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C91.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C92.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8C93.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8CAF.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8CB0.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8CBF.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8CC0.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8CC1.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8CCE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8CDE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8CEE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8CFD.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8CFE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8D0D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8D1D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8D2C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8D3C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8D4B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8D5B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8D6B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8D7A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8D9A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8DA9.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8DAA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8DAB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8DB9.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8DC8.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8DE8.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8DE9.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8DF7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8DF8.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8DF9.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E07.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E08.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E09.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E17.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E26.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E45.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E55.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E56.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E57.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E58.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E65.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E66.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E74.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E84.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E85.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E94.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E95.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E96.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8E97.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8EA3.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8EB3.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8EC2.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8EF1.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8EF2.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F01.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F20.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F30.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F31.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F32.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F33.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F3F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F40.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F41.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F4F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F5F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F7E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F7F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F80.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F8E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8F8F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8FAD.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8FBC.exe
C:\Users\Refllex\AppData\Local\Temp\EAD8FCC.exe
C:\Users\Refllex\AppData\Local\Temp\EAD900B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD900C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD900D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD901A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD901B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD902A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9039.exe
C:\Users\Refllex\AppData\Local\Temp\EAD903A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9049.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9059.exe
C:\Users\Refllex\AppData\Local\Temp\EAD905A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD905B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9068.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9069.exe
C:\Users\Refllex\AppData\Local\Temp\EAD906A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9078.exe
C:\Users\Refllex\AppData\Local\Temp\EAD90A7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD90A8.exe
C:\Users\Refllex\AppData\Local\Temp\EAD90B6.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9124.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9133.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9143.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9162.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9172.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9182.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9183.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9184.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9185.exe
C:\Users\Refllex\AppData\Local\Temp\EAD91B0.exe
C:\Users\Refllex\AppData\Local\Temp\EAD91D0.exe
C:\Users\Refllex\AppData\Local\Temp\EAD91DF.exe
C:\Users\Refllex\AppData\Local\Temp\EAD91EF.exe
C:\Users\Refllex\AppData\Local\Temp\EAD91FF.exe
C:\Users\Refllex\AppData\Local\Temp\EAD920E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD920F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD921E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD921F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD922D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD923D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD925C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD926C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD928B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD928C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD92AA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD92AB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD92BA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD92BB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD92CA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD92CB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD92CC.exe
C:\Users\Refllex\AppData\Local\Temp\EAD92E9.exe
C:\Users\Refllex\AppData\Local\Temp\EAD92EA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD92F9.exe
C:\Users\Refllex\AppData\Local\Temp\EAD92FA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9337.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9347.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9348.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9366.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9376.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9385.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9395.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9396.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9397.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9398.exe
C:\Users\Refllex\AppData\Local\Temp\EAD93B4.exe
C:\Users\Refllex\AppData\Local\Temp\EAD93C4.exe
C:\Users\Refllex\AppData\Local\Temp\EAD93D3.exe
C:\Users\Refllex\AppData\Local\Temp\EAD93D4.exe
C:\Users\Refllex\AppData\Local\Temp\EAD93E3.exe
C:\Users\Refllex\AppData\Local\Temp\EAD93F3.exe
C:\Users\Refllex\AppData\Local\Temp\EAD93F4.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9402.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9403.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9412.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9421.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9422.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9423.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9424.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9425.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9426.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9431.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9441.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9450.exe
C:\Users\Refllex\AppData\Local\Temp\EAD947F.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9480.exe
C:\Users\Refllex\AppData\Local\Temp\EAD94DD.exe
C:\Users\Refllex\AppData\Local\Temp\EAD94EE.exe
C:\Users\Refllex\AppData\Local\Temp\EAD953B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD954A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD954B.exe
C:\Users\Refllex\AppData\Local\Temp\EAD955A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD956A.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9589.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9598.exe
C:\Users\Refllex\AppData\Local\Temp\EAD95C7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD95D7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD95E7.exe
C:\Users\Refllex\AppData\Local\Temp\EAD95E8.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9606.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9644.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9654.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9673.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9692.exe
C:\Users\Refllex\AppData\Local\Temp\EAD96E1.exe
C:\Users\Refllex\AppData\Local\Temp\EAD974E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD975E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD976D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD977D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD977E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD978C.exe
C:\Users\Refllex\AppData\Local\Temp\EAD97CB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD97EA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD97FA.exe
C:\Users\Refllex\AppData\Local\Temp\EAD97FB.exe
C:\Users\Refllex\AppData\Local\Temp\EAD98B5.exe
C:\Users\Refllex\AppData\Local\Temp\EAD98C5.exe
C:\Users\Refllex\AppData\Local\Temp\EAD98C6.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9913.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9980.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9990.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9A1D.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9AA9.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9AD8.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9AD9.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9B84.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9B94.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9BA3.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9C30.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9C40.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9C8E.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9CBD.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9DD6.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9E14.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9E62.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9E72.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9F48.exe
C:\Users\Refllex\AppData\Local\Temp\EAD9FF9.exe
C:\Users\Refllex\AppData\Local\Temp\EADA037.exe
C:\Users\Refllex\AppData\Local\Temp\EADA0B4.exe
C:\Users\Refllex\AppData\Local\Temp\EADA0D3.exe
C:\Users\Refllex\AppData\Local\Temp\EADA141.exe
C:\Users\Refllex\AppData\Local\Temp\EADA19F.exe
C:\Users\Refllex\AppData\Local\Temp\EADA1BE.exe
C:\Users\Refllex\AppData\Local\Temp\EADA1CD.exe
C:\Users\Refllex\AppData\Local\Temp\EADA25A.exe
C:\Users\Refllex\AppData\Local\Temp\EADA325.exe
C:\Users\Refllex\AppData\Local\Temp\EADA335.exe
C:\Users\Refllex\AppData\Local\Temp\EADA383.exe
C:\Users\Refllex\AppData\Local\Temp\EADA3A2.exe
C:\Users\Refllex\AppData\Local\Temp\EADA46D.exe
C:\Users\Refllex\AppData\Local\Temp\EADA48D.exe
C:\Users\Refllex\AppData\Local\Temp\EADA4DB.exe
C:\Users\Refllex\AppData\Local\Temp\EADA596.exe
C:\Users\Refllex\AppData\Local\Temp\EADA5B5.exe
C:\Users\Refllex\AppData\Local\Temp\EADA652.exe
C:\Users\Refllex\AppData\Local\Temp\EADA7D8.exe
C:\Users\Refllex\AppData\Local\Temp\EADA7F8.exe
C:\Users\Refllex\AppData\Local\Temp\EADA836.exe
C:\Users\Refllex\AppData\Local\Temp\EADA865.exe
C:\Users\Refllex\AppData\Local\Temp\EADA8A3.exe
C:\Users\Refllex\AppData\Local\Temp\EADA8D2.exe
C:\Users\Refllex\AppData\Local\Temp\EADA8D3.exe
C:\Users\Refllex\AppData\Local\Temp\EADA920.exe
C:\Users\Refllex\AppData\Local\Temp\EADA940.exe
C:\Users\Refllex\AppData\Local\Temp\EADA98E.exe
C:\Users\Refllex\AppData\Local\Temp\EADA9BD.exe
C:\Users\Refllex\AppData\Local\Temp\EADAA3A.exe
C:\Users\Refllex\AppData\Local\Temp\EADAA3B.exe
C:\Users\Refllex\AppData\Local\Temp\EADAA69.exe
C:\Users\Refllex\AppData\Local\Temp\EADAA78.exe
C:\Users\Refllex\AppData\Local\Temp\EADAAB7.exe
C:\Users\Refllex\AppData\Local\Temp\EADAAC6.exe
C:\Users\Refllex\AppData\Local\Temp\EADAAF5.exe
C:\Users\Refllex\AppData\Local\Temp\EADAB34.exe
C:\Users\Refllex\AppData\Local\Temp\EADAB63.exe
C:\Users\Refllex\AppData\Local\Temp\EADAB91.exe
C:\Users\Refllex\AppData\Local\Temp\EADABE0.exe
C:\Users\Refllex\AppData\Local\Temp\EADAC1E.exe
C:\Users\Refllex\AppData\Local\Temp\EADAC1F.exe
C:\Users\Refllex\AppData\Local\Temp\EADAC6C.exe
C:\Users\Refllex\AppData\Local\Temp\EADACDA.exe
C:\Users\Refllex\AppData\Local\Temp\EADACDB.exe
C:\Users\Refllex\AppData\Local\Temp\EADACE9.exe
C:\Users\Refllex\AppData\Local\Temp\EADACF9.exe
C:\Users\Refllex\AppData\Local\Temp\EADAD18.exe
C:\Users\Refllex\AppData\Local\Temp\EADAD47.exe
C:\Users\Refllex\AppData\Local\Temp\EADAD66.exe
C:\Users\Refllex\AppData\Local\Temp\EADAD95.exe
C:\Users\Refllex\AppData\Local\Temp\EADAD96.exe
C:\Users\Refllex\AppData\Local\Temp\EADADA5.exe
C:\Users\Refllex\AppData\Local\Temp\EADADC4.exe
C:\Users\Refllex\AppData\Local\Temp\EADADD4.exe
C:\Users\Refllex\AppData\Local\Temp\EADADD5.exe
C:\Users\Refllex\AppData\Local\Temp\EADAE12.exe
C:\Users\Refllex\AppData\Local\Temp\EADAE31.exe
C:\Users\Refllex\AppData\Local\Temp\EADAE32.exe
C:\Users\Refllex\AppData\Local\Temp\EADAE41.exe
C:\Users\Refllex\AppData\Local\Temp\EADAE70.exe
C:\Users\Refllex\AppData\Local\Temp\EADAE8F.exe
C:\Users\Refllex\AppData\Local\Temp\EADAEAE.exe
C:\Users\Refllex\AppData\Local\Temp\EADAEBE.exe
C:\Users\Refllex\AppData\Local\Temp\EADAECE.exe
C:\Users\Refllex\AppData\Local\Temp\EADAEDD.exe
C:\Users\Refllex\AppData\Local\Temp\EADAEDE.exe
C:\Users\Refllex\AppData\Local\Temp\EADAEED.exe
C:\Users\Refllex\AppData\Local\Temp\EADAEFC.exe
C:\Users\Refllex\AppData\Local\Temp\EADAF1C.exe
C:\Users\Refllex\AppData\Local\Temp\EADAF2B.exe
C:\Users\Refllex\AppData\Local\Temp\EADAF2C.exe
C:\Users\Refllex\AppData\Local\Temp\EADAF3B.exe
C:\Users\Refllex\AppData\Local\Temp\EADAF5A.exe
C:\Users\Refllex\AppData\Local\Temp\EADAF6A.exe
C:\Users\Refllex\AppData\Local\Temp\EADAF79.exe
C:\Users\Refllex\AppData\Local\Temp\EADAF7A.exe
C:\Users\Refllex\AppData\Local\Temp\EADAFA8.exe
C:\Users\Refllex\AppData\Local\Temp\EADAFB8.exe
C:\Users\Refllex\AppData\Local\Temp\EADAFD7.exe
C:\Users\Refllex\AppData\Local\Temp\EADAFE7.exe
C:\Users\Refllex\AppData\Local\Temp\EADB006.exe
C:\Users\Refllex\AppData\Local\Temp\EADB007.exe
C:\Users\Refllex\AppData\Local\Temp\EADB016.exe
C:\Users\Refllex\AppData\Local\Temp\EADB025.exe
C:\Users\Refllex\AppData\Local\Temp\EADB045.exe
C:\Users\Refllex\AppData\Local\Temp\EADB054.exe
C:\Users\Refllex\AppData\Local\Temp\EADB064.exe
C:\Users\Refllex\AppData\Local\Temp\EADB065.exe
C:\Users\Refllex\AppData\Local\Temp\EADB073.exe
C:\Users\Refllex\AppData\Local\Temp\EADB083.exe
C:\Users\Refllex\AppData\Local\Temp\EADB0A2.exe
C:\Users\Refllex\AppData\Local\Temp\EADB0B2.exe
C:\Users\Refllex\AppData\Local\Temp\EADB0C2.exe
C:\Users\Refllex\AppData\Local\Temp\EADB0E1.exe
C:\Users\Refllex\AppData\Local\Temp\EADB0F0.exe
C:\Users\Refllex\AppData\Local\Temp\EADB110.exe
C:\Users\Refllex\AppData\Local\Temp\EADB13F.exe
C:\Users\Refllex\AppData\Local\Temp\EADB14E.exe
C:\Users\Refllex\AppData\Local\Temp\EADB15E.exe
C:\Users\Refllex\AppData\Local\Temp\EADB15F.exe
C:\Users\Refllex\AppData\Local\Temp\EADB16D.exe
C:\Users\Refllex\AppData\Local\Temp\EADB16E.exe
C:\Users\Refllex\AppData\Local\Temp\EADB17D.exe
C:\Users\Refllex\AppData\Local\Temp\EADB17E.exe
C:\Users\Refllex\AppData\Local\Temp\EADB18D.exe
C:\Users\Refllex\AppData\Local\Temp\EADB18E.exe
C:\Users\Refllex\AppData\Local\Temp\EADB18F.exe
C:\Users\Refllex\AppData\Local\Temp\EADB1CB.exe
C:\Users\Refllex\AppData\Local\Temp\EADB1DB.exe
C:\Users\Refllex\AppData\Local\Temp\EADB1EA.exe
C:\Users\Refllex\AppData\Local\Temp\EADB1EB.exe
C:\Users\Refllex\AppData\Local\Temp\EADB1EC.exe
C:\Users\Refllex\AppData\Local\Temp\EADB1FA.exe
C:\Users\Refllex\AppData\Local\Temp\EADB20A.exe
C:\Users\Refllex\AppData\Local\Temp\EADB219.exe
C:\Users\Refllex\AppData\Local\Temp\EADB229.exe
C:\Users\Refllex\AppData\Local\Temp\EADB248.exe
C:\Users\Refllex\AppData\Local\Temp\EADB258.exe
C:\Users\Refllex\AppData\Local\Temp\EADB259.exe
C:\Users\Refllex\AppData\Local\Temp\EADB25A.exe
C:\Users\Refllex\AppData\Local\Temp\EADB267.exe
C:\Users\Refllex\AppData\Local\Temp\EADB268.exe
C:\Users\Refllex\AppData\Local\Temp\EADB277.exe
C:\Users\Refllex\AppData\Local\Temp\EADB2A6.exe
C:\Users\Refllex\AppData\Local\Temp\EADB2A7.exe
C:\Users\Refllex\AppData\Local\Temp\EADB2B6.exe
C:\Users\Refllex\AppData\Local\Temp\EADB2C5.exe
C:\Users\Refllex\AppData\Local\Temp\EADB2E4.exe
C:\Users\Refllex\AppData\Local\Temp\EADB2E5.exe
C:\Users\Refllex\AppData\Local\Temp\EADB2F4.exe
C:\Users\Refllex\AppData\Local\Temp\EADB2F5.exe
C:\Users\Refllex\AppData\Local\Temp\EADB323.exe
C:\Users\Refllex\AppData\Local\Temp\EADB342.exe
C:\Users\Refllex\AppData\Local\Temp\EADB352.exe
C:\Users\Refllex\AppData\Local\Temp\EADB353.exe
C:\Users\Refllex\AppData\Local\Temp\EADB361.exe
C:\Users\Refllex\AppData\Local\Temp\EADB362.exe
C:\Users\Refllex\AppData\Local\Temp\EADB371.exe
C:\Users\Refllex\AppData\Local\Temp\EADB381.exe
C:\Users\Refllex\AppData\Local\Temp\EADB390.exe
C:\Users\Refllex\AppData\Local\Temp\EADB391.exe
C:\Users\Refllex\AppData\Local\Temp\EADB3A0.exe
C:\Users\Refllex\AppData\Local\Temp\EADB3BF.exe
C:\Users\Refllex\AppData\Local\Temp\EADB3DE.exe
C:\Users\Refllex\AppData\Local\Temp\EADB3DF.exe
C:\Users\Refllex\AppData\Local\Temp\EADB3FE.exe
C:\Users\Refllex\AppData\Local\Temp\EADB41D.exe
C:\Users\Refllex\AppData\Local\Temp\EADB41E.exe
C:\Users\Refllex\AppData\Local\Temp\EADB41F.exe
C:\Users\Refllex\AppData\Local\Temp\EADB43C.exe
C:\Users\Refllex\AppData\Local\Temp\EADB44C.exe
C:\Users\Refllex\AppData\Local\Temp\EADB45B.exe
C:\Users\Refllex\AppData\Local\Temp\EADB45C.exe
C:\Users\Refllex\AppData\Local\Temp\EADB46B.exe
C:\Users\Refllex\AppData\Local\Temp\EADB47B.exe
C:\Users\Refllex\AppData\Local\Temp\EADB49A.exe
C:\Users\Refllex\AppData\Local\Temp\EADB49B.exe
C:\Users\Refllex\AppData\Local\Temp\EADB4AA.exe
C:\Users\Refllex\AppData\Local\Temp\EADB4AB.exe
C:\Users\Refllex\AppData\Local\Temp\EADB4D8.exe
C:\Users\Refllex\AppData\Local\Temp\EADB4D9.exe
C:\Users\Refllex\AppData\Local\Temp\EADB4F8.exe
C:\Users\Refllex\AppData\Local\Temp\EADB507.exe
C:\Users\Refllex\AppData\Local\Temp\EADB517.exe
C:\Users\Refllex\AppData\Local\Temp\EADB536.exe
C:\Users\Refllex\AppData\Local\Temp\EADB555.exe
C:\Users\Refllex\AppData\Local\Temp\EADB565.exe
C:\Users\Refllex\AppData\Local\Temp\EADB5A4.exe
C:\Users\Refllex\AppData\Local\Temp\EADB5B3.exe
C:\Users\Refllex\AppData\Local\Temp\EADB5B4.exe
C:\Users\Refllex\AppData\Local\Temp\EADB5B5.exe
C:\Users\Refllex\AppData\Local\Temp\EADB5D2.exe
C:\Users\Refllex\AppData\Local\Temp\EADB5F2.exe
C:\Users\Refllex\AppData\Local\Temp\EADB601.exe
C:\Users\Refllex\AppData\Local\Temp\EADB602.exe
C:\Users\Refllex\AppData\Local\Temp\EADB621.exe
C:\Users\Refllex\AppData\Local\Temp\EADB630.exe
C:\Users\Refllex\AppData\Local\Temp\EADB66F.exe
C:\Users\Refllex\AppData\Local\Temp\EADB67E.exe
C:\Users\Refllex\AppData\Local\Temp\EADB69E.exe
C:\Users\Refllex\AppData\Local\Temp\EADB69F.exe
C:\Users\Refllex\AppData\Local\Temp\EADB6AD.exe
C:\Users\Refllex\AppData\Local\Temp\EADB6BD.exe
C:\Users\Refllex\AppData\Local\Temp\EADB6FB.exe
C:\Users\Refllex\AppData\Local\Temp\EADB71B.exe
C:\Users\Refllex\AppData\Local\Temp\EADB73A.exe
C:\Users\Refllex\AppData\Local\Temp\EADB788.exe
C:\Users\Refllex\AppData\Local\Temp\EADB798.exe
C:\Users\Refllex\AppData\Local\Temp\EADB7D6.exe
C:\Users\Refllex\AppData\Local\Temp\EADB805.exe
C:\Users\Refllex\AppData\Local\Temp\EADB806.exe
C:\Users\Refllex\AppData\Local\Temp\EADB863.exe
C:\Users\Refllex\AppData\Local\Temp\EADB8B1.exe
C:\Users\Refllex\AppData\Local\Temp\EADB90F.exe
C:\Users\Refllex\AppData\Local\Temp\EADB94D.exe
C:\Users\Refllex\AppData\Local\Temp\EADB99B.exe
C:\Users\Refllex\AppData\Local\Temp\EADB9DA.exe
C:\Users\Refllex\AppData\Local\Temp\EADBA28.exe
C:\Users\Refllex\AppData\Local\Temp\EADBA57.exe
C:\Users\Refllex\AppData\Local\Temp\EADBAD4.exe
C:\Users\Refllex\AppData\Local\Temp\EADBB22.exe
C:\Users\Refllex\AppData\Local\Temp\EADBB70.exe
C:\Users\Refllex\AppData\Local\Temp\EADBBCE.exe
C:\Users\Refllex\AppData\Local\Temp\EADBBFD.exe
C:\Users\Refllex\AppData\Local\Temp\EADBC3B.exe
C:\Users\Refllex\AppData\Local\Temp\EADBCB8.exe
C:\Users\Refllex\AppData\Local\Temp\EADBCE7.exe
C:\Users\Refllex\AppData\Local\Temp\EADBCF7.exe
C:\Users\Refllex\AppData\Local\Temp\EADBD25.exe
C:\Users\Refllex\AppData\Local\Temp\EADBD93.exe
C:\Users\Refllex\AppData\Local\Temp\EADBE5E.exe
C:\Users\Refllex\AppData\Local\Temp\EADBE6E.exe
C:\Users\Refllex\AppData\Local\Temp\EADBF39.exe
C:\Users\Refllex\AppData\Local\Temp\EADBF58.exe
C:\Users\Refllex\AppData\Local\Temp\EADBFC5.exe
C:\Users\Refllex\AppData\Local\Temp\EADC14C.exe
C:\Users\Refllex\AppData\Local\Temp\EADC15C.exe
C:\Users\Refllex\AppData\Local\Temp\EADC275.exe
C:\Users\Refllex\AppData\Local\Temp\EADC3BD.exe
C:\Users\Refllex\AppData\Local\Temp\EADC459.exe
C:\Users\Refllex\AppData\Local\Temp\EADC544.exe
C:\Users\Refllex\AppData\Local\Temp\EADC63E.exe
C:\Users\Refllex\AppData\Local\Temp\EADC69B.exe
C:\Users\Refllex\AppData\Local\Temp\EADC93B.exe
C:\Users\Refllex\AppData\Local\Temp\EADCC97.exe
C:\Users\Refllex\AppData\Local\Temp\EADCD04.exe
C:\Users\Refllex\AppData\Local\Temp\EADCD62.exe
C:\Users\Refllex\AppData\Local\Temp\EADD0FC.exe
C:\Users\Refllex\AppData\Local\Temp\EADD2F6.exe
C:\Users\Refllex\AppData\Local\Temp\EADD541.exe
C:\Users\Refllex\AppData\Local\Temp\EADD726.exe
C:\Users\Refllex\AppData\Local\Temp\EADD727.exe
C:\Users\Refllex\AppData\Local\Temp\EADD735.exe
C:\Users\Refllex\AppData\Local\Temp\EADD82F.exe
C:\Users\Refllex\AppData\Local\Temp\EADDD31.exe
C:\Users\Refllex\AppData\Local\Temp\EADE714.exe
C:\Users\Refllex\AppData\Local\Temp\EADEDCB.exe
C:\Users\Refllex\AppData\Local\Temp\EADF3F5.exe
C:\Users\Refllex\AppData\Local\Temp\EADFADA.exe
C:\Users\Refllex\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Refllex\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Refllex\AppData\Local\Temp\installerdll100109.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll100125.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll100390.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll100421.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll100468.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll100515.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll100625.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll101000.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll101093.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll101515.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll101656.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll101765.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll102078.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll102234.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll102296.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll102703.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll102859.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll102937.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll103000.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll103546.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll103593.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll103750.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll104609.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll104843.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll105125.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll105562.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll105640.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll105703.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll106031.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll106109.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll106125.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll106265.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll106328.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll107468.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll107875.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll107890.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll110453.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll113171.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll113500.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll113531.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll115687.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll117078.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll123812.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll128406.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll131468.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll143640.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll75890.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll79640.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll80937.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll81859.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll82062.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll83843.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll84281.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll85187.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll86203.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll87781.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll88437.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll88578.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll89437.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll90765.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll91062.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll91140.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll91156.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll91359.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll91593.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll91875.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92078.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92187.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92250.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92453.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92484.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92500.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92546.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92625.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92671.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92734.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92750.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92843.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92953.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll92984.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll93000.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll93062.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll93078.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll93125.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll93171.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll93218.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll93250.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll93343.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll93500.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll93515.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll93750.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll93921.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll94140.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll94203.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll94265.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll94406.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll94484.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll94562.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll94703.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll94734.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll94984.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll95078.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll95125.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll95156.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll95203.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll95234.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll95296.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll95609.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll95625.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll95656.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll95906.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll95968.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll96265.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll96500.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll96546.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll96578.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll96671.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll96703.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll97140.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll97171.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll97218.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll97328.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll97343.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll97359.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll97812.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll98015.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll98546.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll98718.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll98953.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll99390.dll
C:\Users\Refllex\AppData\Local\Temp\installerdll99796.dll
C:\Users\Refllex\AppData\Local\Temp\listicka.exe
C:\Users\Refllex\AppData\Local\Temp\MyBabylonTB_google_20120807.exe
C:\Users\Refllex\AppData\Local\Temp\Setup.exe
C:\Users\Refllex\AppData\Local\Temp\Shockwave_Installer_Slim.exe
C:\Users\Refllex\AppData\Local\Temp\SIntf16.dll
C:\Users\Refllex\AppData\Local\Temp\SIntf32.dll
C:\Users\Refllex\AppData\Local\Temp\SIntfNT.dll
C:\Users\Refllex\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Refllex\AppData\Local\Temp\vlc-2.0.2-win32.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-20 16:52

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows) (Fixed) (Total:465.32 GB) (Free:28.36 GB) NTFS

Available physical RAM: 2032.65 MB
Total physical RAM: 4095.24 MB
Percentage of memory in use: 50%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 63627029)
Partition 1: (Active) - (Size=456 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000Core.job => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000UA.job => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

#2 Příspěvek od **vyosek** » 24 kvě 2014 21:35

Zdravim

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

refllex · #3 Příspěvek od **refllex** » 24 kvě 2014 22:54

Dobrý večer (noc, ale zní to divně jako pozdrav a ne loučení)
Zde přidávám log po restartu....děkuji za pomoc...

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Refllex on so 24.05.2014 at 23:04:15,54.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Refllex\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

24.5.2014 23:10:14 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICQ Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ICQ Service deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\prefs.js:
user_pref("browser.startup.homepage", "http://mystart.incredibar.com/mb174?a=6R8CzUKKYK&i=26");
user_pref("browser.search.defaulturl", "http://search.winamp.com/search/search? ... 013&query=");
user_pref("browser.newtab.url", "http://mystart.incredibar.com/mb174?a=6 ... &loc=FF_NT");
user_pref("browser.search.defaultenginename", "ICQ Search");
user_pref("browser.search.selectedEngine", "ICQ Search");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default

---- Lines incredibar removed from prefs.js ----
user_pref("extensions.incredibar.actvtyRptTime", "1346992183894");
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.afterInstallRpt", "sent");
user_pref("extensions.incredibar.cntry", "CZ");
user_pref("extensions.incredibar.dfltLng", "EN");
user_pref("extensions.incredibar.dfltlng", "EN");
user_pref("extensions.incredibar.dfltsrch", "false");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.did", "10671");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "7C51ED3E718B476247FC04D7CD3032C8");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.hrdid", "a85e48fb000000000000001f1f6f560a");
user_pref("extensions.incredibar.id", "a85e48fb000000000000001f1f6f560a");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlday", "15571");
user_pref("extensions.incredibar.instlDay", "15571");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.instlref", "");
user_pref("extensions.incredibar.isdcmntcmplt", "false");
user_pref("extensions.incredibar.isDcmntCmplt", false);
user_pref("extensions.incredibar.keywordurl", "");
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1420:45:48");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newtab", "false");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.newtaburl", "");
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "77777208");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrid", "Incredibar");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplgrp", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.srch", "");
user_pref("extensions.incredibar.srchprvdr", "");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrid", "base");
user_pref("extensions.incredibar.tlbrsrchurl", "http://mystart.Incredibar.com/?a=6R8CzU ... 26&search=");
user_pref("extensions.incredibar.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8CzU ... 26&search=");
user_pref("extensions.incredibar.upn2", "6R8CzUKKYK");
user_pref("extensions.incredibar.upn2n", "92824909102650270");
user_pref("extensions.incredibar.vrsn", "1.5.11.14");
user_pref("extensions.incredibar.vrsni", "1.5.11.14");
user_pref("extensions.incredibar.vrsnts", "1.5.11.1420:45:48");
user_pref("extensions.incredibar.vrsnTs", "1.5.11.1420:45:48");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10671");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "a85e48fb000000000000001f1f6f560a");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15571");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "77777208");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8CzU ... 26&search=");
user_pref("extensions.incredibar_i.upn2", "6R8CzUKKYK");
user_pref("extensions.incredibar_i.upn2n", "92824909102650270");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1420:45:48");
---- Lines incredibar modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\Alwil So
user_pref("extensions.enabledItems", "wrc@avast.com:7.0.1426,ffxtlbr@Facemoods.com:1.2.1,{800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1,ffxtlbr@incred
---- Lines incredibar removed from user.js ----

user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8CzU ... 26&search=");
user_pref("extensions.incredibar_i.id", "a85e48fb000000000000001f1f6f560a");
user_pref("extensions.incredibar_i.instlDay", "15571");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1420:45:48");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.upn2", "6R8CzUKKYK");
user_pref("extensions.incredibar_i.upn2n", "92824909102650270");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.did", "10671");
user_pref("extensions.incredibar_i.ppd", "77777208");

---- Lines WebSearch removed from prefs.js ----
user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.asktb.default-channel-url-mask", "http://eu.ask.com/web?qsrc={qsrc}&o={o} ... ry}&dm=all");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WR
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
---- Lines ask.com modified from prefs.js ----

user_pref("extensions.enabledAddons", "ffxtlbr%40Facemoods.com:1.2.1,%7B0b38152b-1b20-484d-a11f-5e04a9b0661f%7D:5.6.20.9397,%7B800b5000-a755-47e1-992b
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\Alwil So
user_pref("extensions.enabledItems", "wrc@avast.com:7.0.1426,ffxtlbr@Facemoods.com:1.2.1,{800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1,ffxtlbr@disabl
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.cbid", "EW");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.crumb", "2012.04.01+03.04.35-toolbar004iad-CZ-UHJhZ3VlLEN6ZWNoIFJlcHVibGlj");
user_pref("extensions.asktb.dtid", "YYYYYYYYCZ");
user_pref("extensions.asktb.ff19-config-first-run", "true");
user_pref("extensions.asktb.first-restart-after-config-update", true);
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "34F14C14-4372-4A26-A70B-5D1693A9F5DA");
user_pref("extensions.asktb.if", "su");
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1400864191507");
user_pref("extensions.asktb.locale", "en_EU");
user_pref("extensions.asktb.location", "Prague,Czech Republic");
user_pref("extensions.asktb.nero.userName", "");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.o", "101913");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "21");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "17.3.2013 8:40:35");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.15.25.100013");
user_pref("extensions.asktb.version", "5.15.25.44892");
---- Lines Search-Results removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline url(\"IMAGE\") right no
---- FireFox user.js and prefs.js backups ----

user_24.05.2014_2322_.backup
prefs_24.05.2014_2322_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\GUM5608.tmp deleted
C:\PROGRA~2\Winamp Toolbar deleted
C:\PROGRA~2\ICQ6Toolbar deleted
C:\PROGRA~2\facemoods.com deleted
C:\PROGRA~2\BS_Player deleted
C:\PROGRA~2\Conduit deleted
C:\PROGRA~3\ICQ deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Premium deleted
C:\Users\Refllex\AppData\Local\AskToolbar deleted
C:\Users\Refllex\Downloads\BflixInstaller.exe deleted
C:\Users\Refllex\AppData\LocalLow\BS_Player deleted
C:\Users\Refllex\AppData\LocalLow\AskToolbar deleted
C:\Users\Refllex\AppData\LocalLow\facemoods.com deleted
C:\Users\Refllex\AppData\LocalLow\Incredibar.com deleted
C:\windows\SysNative\TASKS\Scheduled Update for Ask Toolbar deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-1.xml deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-2.xml deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-3.xml deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-4.xml deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-5.xml deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-6.xml deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin-7.xml deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\icqplugin.xml deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\aol-search.xml deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\daemon-search.xml deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\MyStart Search.xml deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\winamp-search.xml deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\ICQToolbarData deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\winampToolbarData deleted
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
C:\PROGRA~2\Mozilla Firefox\searchplugins\fcmdSrch.xml deleted
C:\Users\Refllex\Downloads\DownloadSetup (1).exe deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\extensions\ffxtlbr@incredibar.com deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\extensions\toolbar@ask.com deleted
"C:\Users\Refllex\AppData\Roaming\.NANotifyHere" deleted
"C:\PROGRA~2\Ask.com\Updater\Updater.exe" deleted
"C:\PROGRA~2\Ask.com" deleted
"C:\PROGRA~2\Ask.com\Updater" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [23.05.2014 18:21]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default
- Facemoods - %ProfilePath%\extensions\ffxtlbr@Facemoods.com
- Winamp Toolbar - %ProfilePath%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
- ICQ Toolbar - %ProfilePath%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- BS Player Toolbar - %ProfilePath%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default
785105A23650755A8F7A72405EB0D923 - C:\Users\Refllex\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
65C1D9F74004E775F9A8598476ABE5EE - C:\Users\Refllex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43
9F8210675BD2ACC283959BB33F0307DF - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
F8EFDCFC440A420D6C1ECD245AB20207 - C:\Windows\SysWoW64\Macromed\Flash\NPSWF32.dll - Shockwave Flash
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Deleted Firefox Extensions ======================

C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\extensions\ffxtlbr@Facemoods.com deleted
C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\Web Assistant\source.crx[]
ihflimipbcaljfnojhhknppphnnciiif - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoods.crx[]
jifflliplgeajjdhmkcfnngfpgbjonjg - C:\Program Files (x86)\Perion\NewTab\newTab.crx[]

Seznam LiĹˇtiÄŤka - Email - Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam LiĹˇtiÄŤka - SlovnĂk - Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
Foxtab Speed Dial - Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Seznam LiĹˇtiÄŤka - RychlĂˇ volba - Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak

==== Chrome Fix ======================

C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage deleted successfully
C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage-journal deleted successfully
C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage deleted successfully
C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage-journal deleted successfully
C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully
C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage deleted successfully
C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
"Default_Page_URL"="http://www.hal3000.cz"
"ICQ Search"="http://www.icq.com/search/results.php?q ... &ch_id=osd"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://start.facemoods.com/?a=bf&s={searchTerms}&f=4"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://start.facemoods.com/?a=bf&s={searchTerms}&f=4"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{320DE45A-351C-4947-B7B4-0829C5B0EFD9} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_13014"
{51E4AC5A-10B4-44C7-B37C-74EF0B15AAC3} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13014"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{822D5955-94C6-4AE6-AFDA-DAA253A9B59B} Seznam Url="http://search.seznam.cz/?q={searchTerms ... arch_13014"
{BEFD4675-9766-48A8-B12A-6E3105B53FF4} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q= ... arch_13014"
{BF25F6E5-A911-4EE3-B14F-E887A6016ACA} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_13014"
{CFBCA617-8D4A-4F6D-B84C-DC409DD76750} WebHledani Url="http://www.webhledani.cz/results.aspx?i ... earchTerms}"
{E2B0C3B3-A89F-4266-B426-39AB9A518A18} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchT ... arch_13014"
{E4360764-82D3-469F-92FA-014A0D5F1DD8} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_13014"
{F10AEB12-B093-47AE-A90F-FA17CDD40DE2} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&so ... arch_13014"
{FBE159E1-3697-4AB9-961C-E49DD142FE17} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... arch_13014"

==== Reset Google Chrome ======================

C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486b-A045-B233BD0DA8FC} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486b-A045-B233BD0DA8FC} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1A48A935-F5EF-4747-9A11-2F7C65BB2D90} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B92F06E8-B272-0A51-9622-125161B562F9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Refllex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Refllex\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Refllex\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Refllex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Refllex\AppData\Local\Mozilla\Firefox\Profiles\f04nvj0t.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1213 folders=165 35313817 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Refllex\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Refllex\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Refllex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Refllex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5SXMW35D\media.global.goalunited.net" not found
"C:\Users\Refllex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5SXMW35D\media.novinky.cz" not found

==== EOF on so 24.05.2014 at 23:44:32,48 ======================

#4 Příspěvek od **vyosek** » 25 kvě 2014 08:03

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

refllex · #5 Příspěvek od **refllex** » 25 kvě 2014 08:41

Dobré ráno...zde posílám "první"(JRT) log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Refllex on ne 25.05.2014 at 9:30:13,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\software informer
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\icq service.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\winamptbserver.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.escrtsrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.escrtsrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.dskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.dskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.facemoodshlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.facemoodshlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.xtrnl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.xtrnl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoodsapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoodsapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoodssrv_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoodssrv_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_installer_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_installer_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\winamp toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{822D5955-94C6-4AE6-AFDA-DAA253A9B59B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\winamp toolbar"
Successfully deleted: [Folder] "C:\Users\Refllex\AppData\Roaming\software informer"
Successfully deleted: [Folder] "\save"
Successfully deleted: [Folder] "C:\Program Files (x86)\software informer"

~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted the following from C:\Users\Refllex\AppData\Roaming\mozilla\firefox\profiles\f04nvj0t.default\prefs.js

user_pref("aol_toolbar.surf.date", "2");
user_pref("aol_toolbar.surf.lastDate", "23");
user_pref("aol_toolbar.surf.lastMonth", "4");
user_pref("aol_toolbar.surf.lastYear", "2014");
user_pref("aol_toolbar.surf.month", "2");
user_pref("aol_toolbar.surf.prevMonth", "1");
user_pref("aol_toolbar.surf.total", "954");
user_pref("aol_toolbar.surf.week", "2");
user_pref("aol_toolbar.surf.year", "2");
user_pref("extensions.facemoods.aflt", "_#bf");
user_pref("extensions.facemoods.firstRun", false);
user_pref("extensions.facemoods.lastActv", "23");
user_pref("winamp_toolbar.default.search.url", "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=DDE6DECDCE12ED6B23D5228E
user_pref("winamp_toolbar.search.searchtype", "web");

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 25.05.2014 at 9:39:48,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

refllex · #6 Příspěvek od **refllex** » 25 kvě 2014 08:52

A zde vkládám druhý log (po "skenování a čištění")....

# AdwCleaner v3.210 - Report created 25/05/2014 at 09:46:08
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Refllex - REFLLEX-PC
# Running from : C:\Users\Refllex\Desktop\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Refllex\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{929801A8-4AEF-4D12-BE31-D85BF666452B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player
Key Deleted : HKLM\Software\facemoods.com
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\BS_Player
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16722

-\\ Mozilla Firefox v20.0.1 (cs)

[ File : C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\prefs.js ]

Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40Facemoods.com:1.2.1,%7B0b38152b-1b20-484d-a11f-5e04a9b0661f%7D:5.6.20.9397,%7B800b5000-a755-47e1-992b-48a1c1357f07%7D:2.0.1.6,toolbar%40disabled:3.15.2[...]
Line Deleted : user_pref("extensions.enabledItems", "wrc@avast.com:7.0.1426,ffxtlbr@Facemoods.com:1.2.1,{800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1,ffxtlbr@disabled.com:1.5.0,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA[...]
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.engineVerified", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1400864190);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Deleted : user_pref("icqtoolbar.history", "klavesnice%20hp%20nx%207300||rozebr%C3%A1n%C3%AD%20plastu%20hp%20notebook||rozebr%C3%A1n%C3%AD%20plastu%20hp||rozebirani%20plastu%20hp");
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.installTime", "1365349303");
Line Deleted : user_pref("icqtoolbar.itbsitescount", 0);
Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "20.0.1");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "126640724312664072431266768295357");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1400878326);
Line Deleted : user_pref("icqtoolbar.version", "2.0.1.6");
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Deleted : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;aim_go_away_default_btn;wa_aol_bg_5r;;shoutcast_30026;mobile/android_33522;post_to_twitter_46693;faceb[...]
Line Deleted : user_pref("winamp_toolbar.cookie.homepage", "");
Line Deleted : user_pref("winamp_toolbar.cookie.search", "");
Line Deleted : user_pref("winamp_toolbar.curtain.congrats", "none");
Line Deleted : user_pref("winamp_toolbar.default.homepage.check", false);
Line Deleted : user_pref("winamp_toolbar.default.search.check", true);
Line Deleted : user_pref("winamp_toolbar.default.search.label", "AOL Search");
Line Deleted : user_pref("winamp_toolbar.firsttime.showwindow", false);
Line Deleted : user_pref("winamp_toolbar.guid", "{DDE6DECD-CE12-ED6B-23D5-228E64752DB3}");
Line Deleted : user_pref("winamp_toolbar.homepageprotection.enabled", false);
Line Deleted : user_pref("winamp_toolbar.install.distroid", "");
Line Deleted : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.20.9397");
Line Deleted : user_pref("winamp_toolbar.install.lid", "");
Line Deleted : user_pref("winamp_toolbar.install.mtmhp", "");
Line Deleted : user_pref("winamp_toolbar.install.ncid", "");
Line Deleted : user_pref("winamp_toolbar.metrics.activestampdate", "23");
Line Deleted : user_pref("winamp_toolbar.metrics.activestampmonth", "4");
Line Deleted : user_pref("winamp_toolbar.metrics.activestampyear", "2014");
Line Deleted : user_pref("winamp_toolbar.metrics.log", false);
Line Deleted : user_pref("winamp_toolbar.metrics.originalDate", "17");
Line Deleted : user_pref("winamp_toolbar.metrics.originalHours", "17");
Line Deleted : user_pref("winamp_toolbar.metrics.originalMinutes", "9");
Line Deleted : user_pref("winamp_toolbar.metrics.originalMonth", "2");
Line Deleted : user_pref("winamp_toolbar.metrics.originalSeconds", "3");
Line Deleted : user_pref("winamp_toolbar.metrics.originalYear", "2010");
Line Deleted : user_pref("winamp_toolbar.relatednews.enabled", false);
Line Deleted : user_pref("winamp_toolbar.remote..xml", "1400864189159");
Line Deleted : user_pref("winamp_toolbar.remote.publish.xml", "1400864189159");
Line Deleted : user_pref("winamp_toolbar.search.button", true);
Line Deleted : user_pref("winamp_toolbar.search.cid", "13-04-2013");
Line Deleted : user_pref("winamp_toolbar.search.instd", "DDE6DECDCE12ED6B23D5228E64752DB3");
Line Deleted : user_pref("winamp_toolbar.search.oid", "17-02-2010");
Line Deleted : user_pref("winamp_toolbar.search.placement", "left");
Line Deleted : user_pref("winamp_toolbar.search.populateoncomplete", false);
Line Deleted : user_pref("winamp_toolbar.search.savehistory", false);
Line Deleted : user_pref("winamp_toolbar.search.source", "tb50ffwinamp");
Line Deleted : user_pref("winamp_toolbar.searchprotection.enabled", false);
Line Deleted : user_pref("winamp_toolbar.skin.custom", true);
Line Deleted : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Line Deleted : user_pref("winamp_toolbar.upgrade.showwindow", false);
Line Deleted : user_pref("winamp_toolbar.weather.degc", "20");
Line Deleted : user_pref("winamp_toolbar.weather.degf", "68");
Line Deleted : user_pref("winamp_toolbar.weather.image", "chrome://winamptoolbar/skin/weather/26.png");
Line Deleted : user_pref("winamp_toolbar.weather.locationid", "USNY0996");
Line Deleted : user_pref("winamp_toolbar.weather.metric", true);
Line Deleted : user_pref("winamp_toolbar.weather.tooltip", "New York , NY : Cloudy");
Line Deleted : user_pref("winamp_toolbar.weather.update", "1400864189160");
Line Deleted : user_pref("winamp_toolbar.winamp.appversion", "1");
Line Deleted : user_pref("winamp_toolbar.winamp.artist", "");
Line Deleted : user_pref("winamp_toolbar.winamp.button.focus", true);
Line Deleted : user_pref("winamp_toolbar.winamp.button.forward", true);
Line Deleted : user_pref("winamp_toolbar.winamp.button.open", true);
Line Deleted : user_pref("winamp_toolbar.winamp.button.pause", true);
Line Deleted : user_pref("winamp_toolbar.winamp.button.play", true);
Line Deleted : user_pref("winamp_toolbar.winamp.button.rewind", true);
Line Deleted : user_pref("winamp_toolbar.winamp.button.stop", false);
Line Deleted : user_pref("winamp_toolbar.winamp.button.volume", true);
Line Deleted : user_pref("winamp_toolbar.winamp.ticker.show", true);
Line Deleted : user_pref("winamp_toolbar.winamp.title", "-999999");
Line Deleted : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Line Deleted : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Line Deleted : user_pref("winamp_toolbar.winamp.volume", "16");

-\\ Google Chrome v

[ File : C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [16329 octets] - [25/05/2014 09:44:43]
AdwCleaner[S0].txt - [16412 octets] - [25/05/2014 09:46:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16473 octets] ##########

#7 Příspěvek od **vyosek** » 25 kvě 2014 10:01

Dejte novy log z FRST

refllex · #8 Příspěvek od **refllex** » 25 kvě 2014 10:24

Nový log z FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014
Ran by Refllex (administrator) on REFLLEX-PC on 25-05-2014 11:23:29
Running from C:\Users\Refllex\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Promethean Technologies Group Ltd) C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(ICQ, LLC.) C:\Program Files (x86)\ICQ7.0\ICQ.exe
() C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
(Edimax Technology Co., Ltd) C:\Program Files (x86)\Edimax\Common\RaUI.exe
(Xfire Inc.) C:\Program Files (x86)\Xfire\Xfire.exe
() C:\Users\Refllex\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Refllex\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
() C:\Program Files (x86)\Winamp\winampa.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil9f.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [ActivControl] => C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe [1238312 2010-06-10] (Promethean Technologies Group Ltd)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [37888 2009-07-01] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2014-01-22] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [Google Update] => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-02-17] (Google Inc.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [fsm] => [X]
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3342336 2009-09-03] (Electronic Arts)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-23] (Google Inc.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [ICQ] => C:\Program Files (x86)\ICQ7.0\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Refllex\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Refllex\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {0ff7d854-acc2-11df-a833-4061864cf0f8} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {44ca898c-1bc8-11df-8c2c-4061864cf0f8} - G:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {cdc8aeb6-337e-11df-8fbd-4061864cf0f8} - H:\autorun.exe
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {cdc8aeb8-337e-11df-8fbd-4061864cf0f8} - I:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co., Ltd)
Startup: C:\Users\Refllex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
ShortcutTarget: Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {320DE45A-351C-4947-B7B4-0829C5B0EFD9} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13014
SearchScopes: HKCU - {51E4AC5A-10B4-44C7-B37C-74EF0B15AAC3} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13014
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... SA_csCZ463
SearchScopes: HKCU - {BEFD4675-9766-48A8-B12A-6E3105B53FF4} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13014
SearchScopes: HKCU - {BF25F6E5-A911-4EE3-B14F-E887A6016ACA} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13014
SearchScopes: HKCU - {CFBCA617-8D4A-4F6D-B84C-DC409DD76750} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKCU - {E2B0C3B3-A89F-4266-B426-39AB9A518A18} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13014
SearchScopes: HKCU - {E4360764-82D3-469F-92FA-014A0D5F1DD8} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13014
SearchScopes: HKCU - {F10AEB12-B093-47AE-A90F-FA17CDD40DE2} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13014
SearchScopes: HKCU - {FBE159E1-3697-4AB9-961C-E49DD142FE17} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13014
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Refllex\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Refllex\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Refllex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Seznam lištička - C:\Users\Refllex\AppData\Roaming\Mozilla\Firefox\Profiles\f04nvj0t.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-05-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-09-30]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage:
CHR Extension: (Dokumenty Google) - C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-24]
CHR Extension: (Peněženka Google) - C:\Users\Refllex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-24]
CHR StartMenuInternet: Google Chrome - C:\Users\Refllex\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2014-01-22] (AVAST Software)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2010-03-20] ()

==================== Drivers (Whitelisted) ====================

R3 ActivHidSerMini; C:\Windows\System32\DRIVERS\activhidsermini.sys [86104 2010-05-26] (Promethean Technologies Ltd)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2014-01-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2014-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2014-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2014-01-22] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2014-01-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2014-01-22] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2014-01-22] ()
R3 prmvmouse; C:\Windows\System32\DRIVERS\activmouse.sys [8152 2010-05-26] (Promethean Technologies Ltd)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-02-17] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [42896 2010-06-03] (Oracle Corporation)
U3 anpyjtns; C:\Windows\System32\Drivers\anpyjtns.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-25 11:22 - 2014-05-25 11:23 - 00018247 _____ () C:\Users\Refllex\Desktop\FRST.txt
2014-05-25 11:21 - 2014-05-25 11:21 - 00015327 _____ () C:\Users\Refllex\Desktop\LM.bat
2014-05-25 11:20 - 2014-05-25 11:20 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Desktop\FRSTLauncher.exe
2014-05-25 11:19 - 2014-05-25 11:19 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 743587.crdownload
2014-05-25 11:15 - 2014-05-25 11:15 - 00000000 ____D () C:\Users\Refllex\Desktop\FRST-OlderVersion
2014-05-25 09:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-25 09:44 - 2014-05-25 09:46 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:42 - 2014-05-25 09:42 - 01326389 _____ () C:\Users\Refllex\Desktop\adwcleaner_3.210.exe
2014-05-25 09:39 - 2014-05-25 09:39 - 00010435 _____ () C:\Users\Refllex\Desktop\JRT.txt
2014-05-25 09:27 - 2014-05-25 09:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:26 - 01016261 _____ (Thisisu) C:\Users\Refllex\Desktop\JRT.exe
2014-05-24 23:31 - 2014-05-24 23:01 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-24 23:08 - 2014-05-24 23:44 - 00037860 _____ () C:\zoek-results.log
2014-05-24 23:01 - 2014-05-24 23:26 - 00000000 ____D () C:\zoek_backup
2014-05-24 23:00 - 2014-05-24 23:00 - 01285120 _____ () C:\Users\Refllex\Desktop\zoek.exe
2014-05-24 07:52 - 2014-05-24 07:52 - 00008733 _____ () C:\Users\Refllex\Downloads\Addition.rar
2014-05-24 07:51 - 2014-05-24 07:51 - 00008733 _____ () C:\Users\Refllex\Desktop\Addition.rar
2014-05-24 07:41 - 2014-05-25 11:23 - 00000000 ____D () C:\FRST
2014-05-24 07:39 - 2014-05-24 07:39 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 666137.crdownload
2014-05-24 07:38 - 2014-05-24 07:38 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 820090.crdownload
2014-05-24 07:32 - 2014-05-25 11:15 - 02066432 _____ (Farbar) C:\Users\Refllex\Desktop\FRST64.exe
2014-05-23 18:28 - 2014-05-23 18:28 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-23 18:24 - 2014-01-22 15:52 - 00189936 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-23 18:23 - 2014-05-25 09:49 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-23 18:23 - 2014-01-22 15:52 - 00065336 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-23 14:20 - 2014-05-23 15:26 - 1083044165 _____ () C:\Users\Refllex\Downloads\Amazing_Teen_Ivana_Fukalot_Getting_Hot_Massive_Fuck.wmv
2014-05-23 14:14 - 2014-05-23 14:18 - 58374610 _____ () C:\Users\Refllex\Downloads\ivana_fukalot_fpd.flv
2014-05-21 17:29 - 2014-05-21 18:07 - 688413139 _____ () C:\Users\Refllex\Downloads\XXX-POR--Euro-Teen-Erotica-Anjelica-Calling-All-The-Shots-Xxx__Porno-mlada-teens-sexy-sex-blondynka-krasna-.avi
2014-05-19 18:50 - 2014-05-19 19:42 - 465469440 _____ () C:\Users\Refllex\Downloads\hra-o-trůny-S04E07-cz.tit.avi
2014-05-18 13:28 - 2014-05-18 13:28 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Ascaron Entertainment
2014-05-18 13:27 - 2014-05-18 13:27 - 00001244 _____ () C:\Users\Refllex\Desktop\Port Royale 2.lnk
2014-05-18 13:27 - 2014-05-18 13:27 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment
2014-05-18 13:27 - 2014-05-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment
2014-05-18 13:26 - 2014-05-18 13:26 - 00000000 ____D () C:\Users\Refllex\Documents\Ascaron Entertainment
2014-05-18 13:26 - 2014-05-18 13:26 - 00000000 ____D () C:\Program Files (x86)\Ascaron Entertainment
2014-05-18 13:06 - 2014-05-18 13:21 - 00000000 ____D () C:\Users\Refllex\Desktop\PR2
2014-05-15 07:05 - 2014-05-15 07:05 - 462240827 _____ () C:\Windows\MEMORY.DMP
2014-05-15 07:05 - 2014-05-15 07:05 - 00275320 _____ () C:\Windows\Minidump\051514-30312-01.dmp
2014-05-13 17:00 - 2014-05-13 19:27 - 1318469849 _____ () C:\Users\Refllex\Downloads\Hra-o-trůny-S04E06-[720pHDTVx264]---CZ-titulky.mkv
2014-05-12 18:34 - 2014-05-12 18:34 - 00057632 _____ () C:\Users\Refllex\Downloads\game.of.thrones.s04e03.720p.hdtv.x264-killers.srt
2014-05-11 19:09 - 2014-05-11 19:49 - 368902900 _____ () C:\Users\Refllex\Downloads\mlada-16-let-Niky,yung,xxx,sex,porno,domaci,mlada,amaterka,oral,novinka,cz,za-prachy.avi
2014-05-09 22:15 - 2014-05-09 22:15 - 00017094 _____ () C:\Users\Refllex\Downloads\školní nevýhody.odp
2014-05-09 22:14 - 2014-05-09 22:14 - 05177828 _____ () C:\Users\Refllex\Downloads\Problémy.pptx
2014-05-08 20:21 - 2014-05-08 23:34 - 3447003508 _____ () C:\Users\Refllex\Downloads\G.I.-Joe-2-Odveta--2013-Akcny--CZ-Dabing,AMD.rar
2014-05-06 23:07 - 2014-05-06 23:48 - 731028003 _____ () C:\Users\Refllex\Downloads\PublicPickUps.com---E81-Violetta-Pink---One-in-the-Pink-[480p].wmv
2014-05-06 17:34 - 2014-05-06 17:34 - 00000000 ____D () C:\Users\Refllex\AppData\Local\DOSBox
2014-05-06 17:32 - 2014-05-06 17:32 - 00001616 _____ () C:\Users\Public\Desktop\Spellcross.lnk
2014-05-06 17:32 - 2014-05-06 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spellcross
2014-05-06 17:25 - 2014-05-09 08:51 - 00000000 ____D () C:\Users\Refllex\Desktop\Spellcros
2014-05-05 16:38 - 2014-05-05 17:12 - 548495360 _____ () C:\Users\Refllex\Downloads\Woodman---Lucka---(hardcore).avi
2014-05-05 16:01 - 2014-05-05 16:32 - 551884050 _____ () C:\Users\Refllex\Downloads\XXX-PORNO--Jak-mi-Lucka-byla-nevěrná-natočeno-skrytou-kamerou!!!---v-Praze-HD-2013-CZECH-TEEN-PORN-DVDRIP-HD-SEX-XXX-PORNO-CESKY-MOBILE-EXCLUSIVE-BIG-BEST.avi
2014-05-05 15:57 - 2014-05-05 16:01 - 36574263 _____ () C:\Users\Refllex\Downloads\Rychle-prachy-2014-(4).flv
2014-05-01 19:56 - 2014-05-01 20:31 - 624386048 _____ () C:\Users\Refllex\Downloads\Profesionálové-(2.)-(The-Professionals,-1977,-dabing-TV-Nova).mpg
2014-05-01 19:36 - 2014-05-01 19:36 - 00011232 _____ () C:\Users\Refllex\Downloads\Nový objekt - List aplikace Microsoft Office Excel.xlsx
2014-05-01 19:32 - 2014-05-01 19:32 - 05237226 _____ () C:\Users\Refllex\Downloads\školní nevýhody 2..pptx
2014-05-01 18:52 - 2014-05-01 19:27 - 627449856 _____ () C:\Users\Refllex\Downloads\Profesionálové-(7.)-(The-Professionals,-1977,-dabing-TV-Nova).mpg
2014-04-28 18:48 - 2014-04-28 18:48 - 00397312 _____ () C:\Users\Refllex\Downloads\VY_32_INOVACE_MAT_NO_1_05 (1).ppt
2014-04-28 18:45 - 2014-04-28 18:45 - 00397312 _____ () C:\Users\Refllex\Downloads\VY_32_INOVACE_MAT_NO_1_05.ppt
2014-04-28 18:45 - 2014-04-28 18:45 - 00356864 _____ () C:\Users\Refllex\Downloads\VY_32_INOVACE_MAT_NO_1_02.ppt
2014-04-26 21:44 - 2014-04-27 00:59 - 1740995868 _____ () C:\Users\Refllex\Downloads\Gravitace-cz-(720p,-XVID,-stereo).avi

==================== One Month Modified Files and Folders =======

2014-05-25 11:23 - 2014-05-25 11:22 - 00018247 _____ () C:\Users\Refllex\Desktop\FRST.txt
2014-05-25 11:23 - 2014-05-24 07:41 - 00000000 ____D () C:\FRST
2014-05-25 11:23 - 2011-12-23 18:31 - 00000954 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-25 11:21 - 2014-05-25 11:21 - 00015327 _____ () C:\Users\Refllex\Desktop\LM.bat
2014-05-25 11:20 - 2014-05-25 11:20 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Desktop\FRSTLauncher.exe
2014-05-25 11:19 - 2014-05-25 11:19 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 743587.crdownload
2014-05-25 11:15 - 2014-05-25 11:15 - 00000000 ____D () C:\Users\Refllex\Desktop\FRST-OlderVersion
2014-05-25 11:15 - 2014-05-24 07:32 - 02066432 _____ (Farbar) C:\Users\Refllex\Desktop\FRST64.exe
2014-05-25 11:00 - 2010-02-17 13:53 - 00000970 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000UA.job
2014-05-25 09:56 - 2009-07-14 06:45 - 00020128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 09:56 - 2009-07-14 06:45 - 00020128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 09:53 - 2010-02-17 13:00 - 01751629 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 09:52 - 2014-03-14 19:54 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Seznam.cz
2014-05-25 09:49 - 2014-05-23 18:23 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-25 09:47 - 2011-12-23 18:31 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-25 09:47 - 2011-08-24 08:18 - 00093014 _____ () C:\Windows\PFRO.log
2014-05-25 09:47 - 2011-06-29 13:44 - 00068134 _____ () C:\Windows\setupact.log
2014-05-25 09:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 09:46 - 2014-05-25 09:44 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:42 - 2014-05-25 09:42 - 01326389 _____ () C:\Users\Refllex\Desktop\adwcleaner_3.210.exe
2014-05-25 09:39 - 2014-05-25 09:39 - 00010435 _____ () C:\Users\Refllex\Desktop\JRT.txt
2014-05-25 09:27 - 2014-05-25 09:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:26 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Refllex\Desktop\JRT.exe
2014-05-25 09:00 - 2010-02-17 13:53 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000Core.job
2014-05-24 23:44 - 2014-05-24 23:08 - 00037860 _____ () C:\zoek-results.log
2014-05-24 23:26 - 2014-05-24 23:01 - 00000000 ____D () C:\zoek_backup
2014-05-24 23:01 - 2014-05-24 23:31 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-24 23:00 - 2014-05-24 23:00 - 01285120 _____ () C:\Users\Refllex\Desktop\zoek.exe
2014-05-24 07:52 - 2014-05-24 07:52 - 00008733 _____ () C:\Users\Refllex\Downloads\Addition.rar
2014-05-24 07:51 - 2014-05-24 07:51 - 00008733 _____ () C:\Users\Refllex\Desktop\Addition.rar
2014-05-24 07:39 - 2014-05-24 07:39 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 666137.crdownload
2014-05-24 07:38 - 2014-05-24 07:38 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 820090.crdownload
2014-05-24 07:34 - 2010-02-17 13:47 - 00000000 ____D () C:\Users\Refllex\AppData\Local\Google
2014-05-23 18:43 - 2010-02-17 13:08 - 00000000 ____D () C:\Users\Refllex
2014-05-23 18:28 - 2014-05-23 18:28 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-23 18:23 - 2010-05-16 18:18 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-23 15:26 - 2014-05-23 14:20 - 1083044165 _____ () C:\Users\Refllex\Downloads\Amazing_Teen_Ivana_Fukalot_Getting_Hot_Massive_Fuck.wmv
2014-05-23 14:18 - 2014-05-23 14:14 - 58374610 _____ () C:\Users\Refllex\Downloads\ivana_fukalot_fpd.flv
2014-05-21 18:07 - 2014-05-21 17:29 - 688413139 _____ () C:\Users\Refllex\Downloads\XXX-POR--Euro-Teen-Erotica-Anjelica-Calling-All-The-Shots-Xxx__Porno-mlada-teens-sexy-sex-blondynka-krasna-.avi
2014-05-21 07:48 - 2009-07-14 17:18 - 00639640 _____ () C:\Windows\system32\perfh005.dat
2014-05-21 07:48 - 2009-07-14 17:18 - 00128538 _____ () C:\Windows\system32\perfc005.dat
2014-05-21 07:48 - 2009-07-14 07:13 - 01483286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 19:42 - 2014-05-19 18:50 - 465469440 _____ () C:\Users\Refllex\Downloads\hra-o-trůny-S04E07-cz.tit.avi
2014-05-18 13:28 - 2014-05-18 13:28 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Ascaron Entertainment
2014-05-18 13:27 - 2014-05-18 13:27 - 00001244 _____ () C:\Users\Refllex\Desktop\Port Royale 2.lnk
2014-05-18 13:27 - 2014-05-18 13:27 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment
2014-05-18 13:27 - 2014-05-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment
2014-05-18 13:27 - 2010-02-18 18:51 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-18 13:26 - 2014-05-18 13:26 - 00000000 ____D () C:\Users\Refllex\Documents\Ascaron Entertainment
2014-05-18 13:26 - 2014-05-18 13:26 - 00000000 ____D () C:\Program Files (x86)\Ascaron Entertainment
2014-05-18 13:21 - 2014-05-18 13:06 - 00000000 ____D () C:\Users\Refllex\Desktop\PR2
2014-05-17 16:25 - 2013-10-29 14:35 - 00000000 ____D () C:\Users\Refllex\Desktop\GMH-skola
2014-05-16 20:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-16 15:03 - 2010-02-17 13:54 - 00002388 _____ () C:\Users\Refllex\Desktop\Google Chrome.lnk
2014-05-15 07:05 - 2014-05-15 07:05 - 462240827 _____ () C:\Windows\MEMORY.DMP
2014-05-15 07:05 - 2014-05-15 07:05 - 00275320 _____ () C:\Windows\Minidump\051514-30312-01.dmp
2014-05-15 07:05 - 2013-08-21 19:16 - 00000000 ____D () C:\Windows\Minidump
2014-05-13 19:27 - 2014-05-13 17:00 - 1318469849 _____ () C:\Users\Refllex\Downloads\Hra-o-trůny-S04E06-[720pHDTVx264]---CZ-titulky.mkv
2014-05-12 18:34 - 2014-05-12 18:34 - 00057632 _____ () C:\Users\Refllex\Downloads\game.of.thrones.s04e03.720p.hdtv.x264-killers.srt
2014-05-11 19:49 - 2014-05-11 19:09 - 368902900 _____ () C:\Users\Refllex\Downloads\mlada-16-let-Niky,yung,xxx,sex,porno,domaci,mlada,amaterka,oral,novinka,cz,za-prachy.avi
2014-05-09 22:15 - 2014-05-09 22:15 - 00017094 _____ () C:\Users\Refllex\Downloads\školní nevýhody.odp
2014-05-09 22:14 - 2014-05-09 22:14 - 05177828 _____ () C:\Users\Refllex\Downloads\Problémy.pptx
2014-05-09 08:51 - 2014-05-06 17:25 - 00000000 ____D () C:\Users\Refllex\Desktop\Spellcros
2014-05-08 23:34 - 2014-05-08 20:21 - 3447003508 _____ () C:\Users\Refllex\Downloads\G.I.-Joe-2-Odveta--2013-Akcny--CZ-Dabing,AMD.rar
2014-05-08 14:18 - 2011-12-23 18:31 - 00003950 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 14:18 - 2011-12-23 18:31 - 00003698 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 08:55 - 2010-02-17 13:53 - 00003944 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000UA
2014-05-08 08:55 - 2010-02-17 13:53 - 00003548 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000Core
2014-05-07 22:31 - 2010-04-08 21:54 - 00000000 ____D () C:\Users\Refllex\AppData\Roaming\BSplayer
2014-05-06 23:48 - 2014-05-06 23:07 - 731028003 _____ () C:\Users\Refllex\Downloads\PublicPickUps.com---E81-Violetta-Pink---One-in-the-Pink-[480p].wmv
2014-05-06 17:34 - 2014-05-06 17:34 - 00000000 ____D () C:\Users\Refllex\AppData\Local\DOSBox
2014-05-06 17:32 - 2014-05-06 17:32 - 00001616 _____ () C:\Users\Public\Desktop\Spellcross.lnk
2014-05-06 17:32 - 2014-05-06 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spellcross
2014-05-05 17:12 - 2014-05-05 16:38 - 548495360 _____ () C:\Users\Refllex\Downloads\Woodman---Lucka---(hardcore).avi
2014-05-05 16:32 - 2014-05-05 16:01 - 551884050 _____ () C:\Users\Refllex\Downloads\XXX-PORNO--Jak-mi-Lucka-byla-nevěrná-natočeno-skrytou-kamerou!!!---v-Praze-HD-2013-CZECH-TEEN-PORN-DVDRIP-HD-SEX-XXX-PORNO-CESKY-MOBILE-EXCLUSIVE-BIG-BEST.avi
2014-05-05 16:01 - 2014-05-05 15:57 - 36574263 _____ () C:\Users\Refllex\Downloads\Rychle-prachy-2014-(4).flv
2014-05-01 20:31 - 2014-05-01 19:56 - 624386048 _____ () C:\Users\Refllex\Downloads\Profesionálové-(2.)-(The-Professionals,-1977,-dabing-TV-Nova).mpg
2014-05-01 19:36 - 2014-05-01 19:36 - 00011232 _____ () C:\Users\Refllex\Downloads\Nový objekt - List aplikace Microsoft Office Excel.xlsx
2014-05-01 19:32 - 2014-05-01 19:32 - 05237226 _____ () C:\Users\Refllex\Downloads\školní nevýhody 2..pptx
2014-05-01 19:27 - 2014-05-01 18:52 - 627449856 _____ () C:\Users\Refllex\Downloads\Profesionálové-(7.)-(The-Professionals,-1977,-dabing-TV-Nova).mpg
2014-04-28 18:48 - 2014-04-28 18:48 - 00397312 _____ () C:\Users\Refllex\Downloads\VY_32_INOVACE_MAT_NO_1_05 (1).ppt
2014-04-28 18:45 - 2014-04-28 18:45 - 00397312 _____ () C:\Users\Refllex\Downloads\VY_32_INOVACE_MAT_NO_1_05.ppt
2014-04-28 18:45 - 2014-04-28 18:45 - 00356864 _____ () C:\Users\Refllex\Downloads\VY_32_INOVACE_MAT_NO_1_02.ppt
2014-04-27 00:59 - 2014-04-26 21:44 - 1740995868 _____ () C:\Users\Refllex\Downloads\Gravitace-cz-(720p,-XVID,-stereo).avi
2014-04-25 18:25 - 2009-07-14 07:08 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Refllex\AppData\Local\Temp\EAD94C5.exe
C:\Users\Refllex\AppData\Local\Temp\EADE668.exe
C:\Users\Refllex\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-20 16:52

==================== End Of Log ============================

#9 Příspěvek od **vyosek** » 25 kvě 2014 10:42

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [37888 2009-07-01] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [Google Update] => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-02-17] (Google Inc.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [fsm] => [X]
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3342336 2009-09-03] (Electronic Arts)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-23] (Google Inc.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [ICQ] => C:\Program Files (x86)\ICQ7.0\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Refllex\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Refllex\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {0ff7d854-acc2-11df-a833-4061864cf0f8} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {44ca898c-1bc8-11df-8c2c-4061864cf0f8} - G:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {cdc8aeb6-337e-11df-8fbd-4061864cf0f8} - H:\autorun.exe
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {cdc8aeb8-337e-11df-8fbd-4061864cf0f8} - I:\autorun.exe

URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}

2014-05-25 11:22 - 2014-05-25 11:23 - 00018247 _____ () C:\Users\Refllex\Desktop\FRST.txt
2014-05-25 11:21 - 2014-05-25 11:21 - 00015327 _____ () C:\Users\Refllex\Desktop\LM.bat
2014-05-25 11:20 - 2014-05-25 11:20 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Desktop\FRSTLauncher.exe
2014-05-25 11:19 - 2014-05-25 11:19 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 743587.crdownload
2014-05-25 11:15 - 2014-05-25 11:15 - 00000000 ____D () C:\Users\Refllex\Desktop\FRST-OlderVersion
2014-05-25 09:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-25 09:44 - 2014-05-25 09:46 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:42 - 2014-05-25 09:42 - 01326389 _____ () C:\Users\Refllex\Desktop\adwcleaner_3.210.exe
2014-05-25 09:39 - 2014-05-25 09:39 - 00010435 _____ () C:\Users\Refllex\Desktop\JRT.txt
2014-05-25 09:27 - 2014-05-25 09:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:26 - 01016261 _____ (Thisisu) C:\Users\Refllex\Desktop\JRT.exe
2014-05-24 23:31 - 2014-05-24 23:01 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-24 23:08 - 2014-05-24 23:44 - 00037860 _____ () C:\zoek-results.log
2014-05-24 23:01 - 2014-05-24 23:26 - 00000000 ____D () C:\zoek_backup
2014-05-24 23:00 - 2014-05-24 23:00 - 01285120 _____ () C:\Users\Refllex\Desktop\zoek.exe
2014-05-24 07:52 - 2014-05-24 07:52 - 00008733 _____ () C:\Users\Refllex\Downloads\Addition.rar
2014-05-24 07:51 - 2014-05-24 07:51 - 00008733 _____ () C:\Users\Refllex\Desktop\Addition.rar
2014-05-24 07:39 - 2014-05-24 07:39 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 666137.crdownload
2014-05-24 07:38 - 2014-05-24 07:38 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 820090.crdownload
C:\Users\Refllex\AppData\Local\Temp\EAD94C5.exe
C:\Users\Refllex\AppData\Local\Temp\EADE668.exe
C:\Users\Refllex\AppData\Local\Temp\Quarantine.exe

Task: {A7DE46E2-5F74-4BB2-B38F-844A9E5A368E} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-25] () <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000Core.job => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000UA.job => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe

Hosts:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

refllex · #10 Příspěvek od **refllex** » 25 kvě 2014 10:59

fixlog ještě před restartem, když tak dodám i ten po restartu....

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014
Ran by Refllex at 2014-05-25 11:58:27 Run:1
Running from C:\Users\Refllex\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [37888 2009-07-01] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [Google Update] => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-02-17] (Google Inc.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [fsm] => [X]
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3342336 2009-09-03] (Electronic Arts)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-23] (Google Inc.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [ICQ] => C:\Program Files (x86)\ICQ7.0\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Refllex\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Refllex\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {0ff7d854-acc2-11df-a833-4061864cf0f8} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {44ca898c-1bc8-11df-8c2c-4061864cf0f8} - G:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {cdc8aeb6-337e-11df-8fbd-4061864cf0f8} - H:\autorun.exe
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {cdc8aeb8-337e-11df-8fbd-4061864cf0f8} - I:\autorun.exe

URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}

2014-05-25 11:22 - 2014-05-25 11:23 - 00018247 _____ () C:\Users\Refllex\Desktop\FRST.txt
2014-05-25 11:21 - 2014-05-25 11:21 - 00015327 _____ () C:\Users\Refllex\Desktop\LM.bat
2014-05-25 11:20 - 2014-05-25 11:20 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Desktop\FRSTLauncher.exe
2014-05-25 11:19 - 2014-05-25 11:19 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 743587.crdownload
2014-05-25 11:15 - 2014-05-25 11:15 - 00000000 ____D () C:\Users\Refllex\Desktop\FRST-OlderVersion
2014-05-25 09:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-25 09:44 - 2014-05-25 09:46 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:42 - 2014-05-25 09:42 - 01326389 _____ () C:\Users\Refllex\Desktop\adwcleaner_3.210.exe
2014-05-25 09:39 - 2014-05-25 09:39 - 00010435 _____ () C:\Users\Refllex\Desktop\JRT.txt
2014-05-25 09:27 - 2014-05-25 09:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:26 - 01016261 _____ (Thisisu) C:\Users\Refllex\Desktop\JRT.exe
2014-05-24 23:31 - 2014-05-24 23:01 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-24 23:08 - 2014-05-24 23:44 - 00037860 _____ () C:\zoek-results.log
2014-05-24 23:01 - 2014-05-24 23:26 - 00000000 ____D () C:\zoek_backup
2014-05-24 23:00 - 2014-05-24 23:00 - 01285120 _____ () C:\Users\Refllex\Desktop\zoek.exe
2014-05-24 07:52 - 2014-05-24 07:52 - 00008733 _____ () C:\Users\Refllex\Downloads\Addition.rar
2014-05-24 07:51 - 2014-05-24 07:51 - 00008733 _____ () C:\Users\Refllex\Desktop\Addition.rar
2014-05-24 07:39 - 2014-05-24 07:39 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 666137.crdownload
2014-05-24 07:38 - 2014-05-24 07:38 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 820090.crdownload
C:\Users\Refllex\AppData\Local\Temp\EAD94C5.exe
C:\Users\Refllex\AppData\Local\Temp\EADE668.exe
C:\Users\Refllex\AppData\Local\Temp\Quarantine.exe

Task: {A7DE46E2-5F74-4BB2-B38F-844A9E5A368E} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-25] () <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000Core.job => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000UA.job => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe

Hosts:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WinampAgent => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fsm => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ff7d854-acc2-11df-a833-4061864cf0f8} => Key deleted successfully.
HKCR\CLSID\{0ff7d854-acc2-11df-a833-4061864cf0f8} => Key not found.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ca898c-1bc8-11df-8c2c-4061864cf0f8} => Key deleted successfully.
HKCR\CLSID\{44ca898c-1bc8-11df-8c2c-4061864cf0f8} => Key not found.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdc8aeb6-337e-11df-8fbd-4061864cf0f8} => Key deleted successfully.
HKCR\CLSID\{cdc8aeb6-337e-11df-8fbd-4061864cf0f8} => Key not found.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdc8aeb8-337e-11df-8fbd-4061864cf0f8} => Key deleted successfully.
HKCR\CLSID\{cdc8aeb8-337e-11df-8fbd-4061864cf0f8} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
C:\Users\Refllex\Desktop\FRST.txt => Moved successfully.
C:\Users\Refllex\Desktop\LM.bat => Moved successfully.
C:\Users\Refllex\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Refllex\Downloads\Nepotvrzeno 743587.crdownload => Moved successfully.
C:\Users\Refllex\Desktop\FRST-OlderVersion => Moved successfully.
C:\Windows\SysWOW64\sqlite3.dll => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Refllex\Desktop\adwcleaner_3.210.exe => Moved successfully.
C:\Users\Refllex\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Refllex\Desktop\JRT.exe => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Refllex\Desktop\zoek.exe => Moved successfully.
C:\Users\Refllex\Downloads\Addition.rar => Moved successfully.
C:\Users\Refllex\Desktop\Addition.rar => Moved successfully.
C:\Users\Refllex\Downloads\Nepotvrzeno 666137.crdownload => Moved successfully.
C:\Users\Refllex\Downloads\Nepotvrzeno 820090.crdownload => Moved successfully.
C:\Users\Refllex\AppData\Local\Temp\EAD94C5.exe => Moved successfully.
C:\Users\Refllex\AppData\Local\Temp\EADE668.exe => Moved successfully.
C:\Users\Refllex\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7DE46E2-5F74-4BB2-B38F-844A9E5A368E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7DE46E2-5F74-4BB2-B38F-844A9E5A368E} => Key deleted successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000UA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

#11 Příspěvek od **vyosek** » 25 kvě 2014 11:01

Staci tento log

Restart a napiste jak se chova PC

refllex · #12 Příspěvek od **refllex** » 25 kvě 2014 11:08

Log po restartu.....Pc ještě odzkouším (internet explorer atd. i když používám více google chrome)
Děkuji

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014
Ran by Refllex at 2014-05-25 11:58:27 Run:1
Running from C:\Users\Refllex\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [37888 2009-07-01] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [Google Update] => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-02-17] (Google Inc.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [fsm] => [X]
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3342336 2009-09-03] (Electronic Arts)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-23] (Google Inc.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [ICQ] => C:\Program Files (x86)\ICQ7.0\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Refllex\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Refllex\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {0ff7d854-acc2-11df-a833-4061864cf0f8} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {44ca898c-1bc8-11df-8c2c-4061864cf0f8} - G:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {cdc8aeb6-337e-11df-8fbd-4061864cf0f8} - H:\autorun.exe
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\...\MountPoints2: {cdc8aeb8-337e-11df-8fbd-4061864cf0f8} - I:\autorun.exe

URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}

2014-05-25 11:22 - 2014-05-25 11:23 - 00018247 _____ () C:\Users\Refllex\Desktop\FRST.txt
2014-05-25 11:21 - 2014-05-25 11:21 - 00015327 _____ () C:\Users\Refllex\Desktop\LM.bat
2014-05-25 11:20 - 2014-05-25 11:20 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Desktop\FRSTLauncher.exe
2014-05-25 11:19 - 2014-05-25 11:19 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 743587.crdownload
2014-05-25 11:15 - 2014-05-25 11:15 - 00000000 ____D () C:\Users\Refllex\Desktop\FRST-OlderVersion
2014-05-25 09:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-25 09:44 - 2014-05-25 09:46 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:42 - 2014-05-25 09:42 - 01326389 _____ () C:\Users\Refllex\Desktop\adwcleaner_3.210.exe
2014-05-25 09:39 - 2014-05-25 09:39 - 00010435 _____ () C:\Users\Refllex\Desktop\JRT.txt
2014-05-25 09:27 - 2014-05-25 09:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:26 - 01016261 _____ (Thisisu) C:\Users\Refllex\Desktop\JRT.exe
2014-05-24 23:31 - 2014-05-24 23:01 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-24 23:08 - 2014-05-24 23:44 - 00037860 _____ () C:\zoek-results.log
2014-05-24 23:01 - 2014-05-24 23:26 - 00000000 ____D () C:\zoek_backup
2014-05-24 23:00 - 2014-05-24 23:00 - 01285120 _____ () C:\Users\Refllex\Desktop\zoek.exe
2014-05-24 07:52 - 2014-05-24 07:52 - 00008733 _____ () C:\Users\Refllex\Downloads\Addition.rar
2014-05-24 07:51 - 2014-05-24 07:51 - 00008733 _____ () C:\Users\Refllex\Desktop\Addition.rar
2014-05-24 07:39 - 2014-05-24 07:39 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 666137.crdownload
2014-05-24 07:38 - 2014-05-24 07:38 - 00112640 _____ (forum.viry.cz) C:\Users\Refllex\Downloads\Nepotvrzeno 820090.crdownload
C:\Users\Refllex\AppData\Local\Temp\EAD94C5.exe
C:\Users\Refllex\AppData\Local\Temp\EADE668.exe
C:\Users\Refllex\AppData\Local\Temp\Quarantine.exe

Task: {A7DE46E2-5F74-4BB2-B38F-844A9E5A368E} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-25] () <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000Core.job => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000UA.job => C:\Users\Refllex\AppData\Local\Google\Update\GoogleUpdate.exe

Hosts:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WinampAgent => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fsm => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ff7d854-acc2-11df-a833-4061864cf0f8} => Key deleted successfully.
HKCR\CLSID\{0ff7d854-acc2-11df-a833-4061864cf0f8} => Key not found.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ca898c-1bc8-11df-8c2c-4061864cf0f8} => Key deleted successfully.
HKCR\CLSID\{44ca898c-1bc8-11df-8c2c-4061864cf0f8} => Key not found.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdc8aeb6-337e-11df-8fbd-4061864cf0f8} => Key deleted successfully.
HKCR\CLSID\{cdc8aeb6-337e-11df-8fbd-4061864cf0f8} => Key not found.
HKU\S-1-5-21-3163534712-2333491354-1513409236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdc8aeb8-337e-11df-8fbd-4061864cf0f8} => Key deleted successfully.
HKCR\CLSID\{cdc8aeb8-337e-11df-8fbd-4061864cf0f8} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
C:\Users\Refllex\Desktop\FRST.txt => Moved successfully.
C:\Users\Refllex\Desktop\LM.bat => Moved successfully.
C:\Users\Refllex\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Refllex\Downloads\Nepotvrzeno 743587.crdownload => Moved successfully.
C:\Users\Refllex\Desktop\FRST-OlderVersion => Moved successfully.
C:\Windows\SysWOW64\sqlite3.dll => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Refllex\Desktop\adwcleaner_3.210.exe => Moved successfully.
C:\Users\Refllex\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Refllex\Desktop\JRT.exe => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Refllex\Desktop\zoek.exe => Moved successfully.
C:\Users\Refllex\Downloads\Addition.rar => Moved successfully.
C:\Users\Refllex\Desktop\Addition.rar => Moved successfully.
C:\Users\Refllex\Downloads\Nepotvrzeno 666137.crdownload => Moved successfully.
C:\Users\Refllex\Downloads\Nepotvrzeno 820090.crdownload => Moved successfully.
C:\Users\Refllex\AppData\Local\Temp\EAD94C5.exe => Moved successfully.
C:\Users\Refllex\AppData\Local\Temp\EADE668.exe => Moved successfully.
C:\Users\Refllex\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7DE46E2-5F74-4BB2-B38F-844A9E5A368E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7DE46E2-5F74-4BB2-B38F-844A9E5A368E} => Key deleted successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163534712-2333491354-1513409236-1000UA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

#13 Příspěvek od **vyosek** » 25 kvě 2014 11:09

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

refllex · #14 Příspěvek od **refllex** » 25 kvě 2014 11:12

Nechtěné aplikace, které se spouštěly při zapnutí počítače se už nespouští (icq, odkaz na jednu hru atd...)
Takže snad dobrý, jak na tom ten počítač byl před "opravou"?
Děkuji.
A jak dobrý je Avast jako antivirák?

#15 Příspěvek od **vyosek** » 25 kvě 2014 11:14

Pouzivate icq a tu hru POKAZDE a IHNED po startu?? Ja jsem je omezil z jednoho prosteho duvodu = nabeh systemu je rychlejsi a pokud potrebuju, tak si icq nebo hru zapnu...ale system mam nabehly a funkcni a muzu si vybrat co budu delat

Avast patri mezi TOP antiviry mezi bezplatnymi a urcite jej mohu jen doporucit

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu